Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Hello everyone! Just joined the forum after a friendly geek neighbor clued me in about the ICX boxes and I bought some to rebuild my home LAN (no lab, I yeet to production).
I've got four 7150-C12Ps in a ring stack config; three in the basement of the house, one in the garage, connected via 10Gb SM BiDi links with direct burial cable. I've been mostly using the stack as a fancy layer 2 device since I put it in, but am now starting to move core routing over to it (replacing an EdgeRouter 4). I went with this configuration to provide hardware redundancy since both my wife and I are full-time WFH people, and this way I can have most of our network gear (APs, NAS, etc.) connected across two or more boxes using LAGs and won't lose any connectivity if one of the 7150s fails.
I'm running 09.0.10 firmware, i jumped to 09.0.00 right after it was released since I was having lots of really strange problems with IPv6 traffic on 08.0.95, and those went away with the 09 firmware. I haven't run into any bugs or other weird behavior with the 09 series yet (knock on wood).
Thanks to everyone who has shared their knowledge here and made it possible for us to use this awesome hardware in our home networks. I'm to start watching videos to learn how to setup access-lists on my VLANs, they are very different from VyOS
I've got four 7150-C12Ps in a ring stack config; three in the basement of the house, one in the garage, connected via 10Gb SM BiDi links with direct burial cable. I've been mostly using the stack as a fancy layer 2 device since I put it in, but am now starting to move core routing over to it (replacing an EdgeRouter 4). I went with this configuration to provide hardware redundancy since both my wife and I are full-time WFH people, and this way I can have most of our network gear (APs, NAS, etc.) connected across two or more boxes using LAGs and won't lose any connectivity if one of the 7150s fails.
I'm running 09.0.10 firmware, i jumped to 09.0.00 right after it was released since I was having lots of really strange problems with IPv6 traffic on 08.0.95, and those went away with the 09 firmware. I haven't run into any bugs or other weird behavior with the 09 series yet (knock on wood).
Thanks to everyone who has shared their knowledge here and made it possible for us to use this awesome hardware in our home networks. I'm to start watching videos to learn how to setup access-lists on my VLANs, they are very different from VyOS
You apply the ACL to the IN direction as that is the closest to the source. The snippet below should block VLAN 3 from everything except established, dns, dhcp, and the internet. It will allow hosts in the same vlan to communicate with each other.
Code:
interface ve 3
ip access-group "ISONET" in
ip address 192.168.3.254 255.255.255.0
ip helper-address 1 10.2.1.1
ip access-list extended "ISONET"
remark allow established connections
permit tcp 192.168.3.0 0.0.0.255 any established
remark allow DNS
permit tcp 192.168.3.0 0.0.0.255 any eq dns
permit udp 192.168.3.0 0.0.0.255 any eq dns
remark allow DHCP
permit udp 192.168.3.0 0.0.0.255 any eq bootps
permit udp 192.168.3.0 0.0.0.255 any eq bootpc
remark allow host to host in same vlan
permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255
remark deny access to rest of LAN
deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255
deny ip 192.168.3.0 0.0.0.255 172.16.0.0 0.15.255.255
deny ip 192.168.3.0 0.0.0.255 10.0.0.0 0.255.255.255
remark allow internet access
permit ip any anyI was speaking to an Engineer where I work and he thinks my issue is actually my fiber. the transceivers are SMF and all i have is multimode om2/3. I have some Single Mode fiber on order and will be here tomorrow. will do further investigation on the card if that doesn't pan out.
On the 6610 I had the same issue. It doesn't do anything with IP's and DHCP other than the management until you setup a VE for the vlan.
Code:
conf t
vlan 50
tagged e 1/1/2
router-interface ve 50
int ve 50
if you still havent gotten it to link up, try rebooting the switch now that the optic is inserted. sometimes they don't like new optics showing up in the stacking ports but a reboot typically makes the issue go away. also make sure youve done the relevant stuff here: FCX / ICX6610 - Fohdeesha Docs
Rebooted switch, Swapped Transceivers, verified that it's in NIC mode not IB mode.
Using SMF, Verified that all the stacking info is cleared. I have to be missing something...
Edit: Plugged 2 transceivers into the 2 40gb ports and looped them and the ports came up. Problem is at the NIC...
Last edited:
Any reason why this QSFP DAC wouldn't work, connecting 1/2/1 to a Mellanox cx354a card in an OpnSense box? Neither the switch nor the NIC think there's anything connected.
EDIT:
EDIT:
Code:
telnet@ICX6610-24P Router#show interfaces brief
Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name
1/1/1 Up Forward Full 1G None No 1 0 748e.f8e8.5d7a
1/1/2 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/3 Up Forward Full 1G None No 1 0 748e.f8e8.5d7a
1/1/4 Up Forward Full 1G None No 1 0 748e.f8e8.5d7a
1/1/5 Up Forward Full 1G None No 1 0 748e.f8e8.5d7a
1/1/6 Up Forward Full 1G None No 1 0 748e.f8e8.5d7a
1/1/7 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/8 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/9 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/10 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/11 Up Forward Full 1G None No 1 0 748e.f8e8.5d7a
1/1/12 Up Forward Full 100M None No 1 0 748e.f8e8.5d7a
1/1/13 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/14 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/15 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/16 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/17 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/18 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/19 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/20 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/21 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/22 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/23 Down None None None None No 1 0 748e.f8e8.5d7a
1/1/24 Down None None None None No 1 0 748e.f8e8.5d7a
1/2/1 Down None None None None No 1 0 748e.f8e8.5d7a
1/2/2 Down None None None None No 1 0 748e.f8e8.5d7a
1/2/3 Down None None None None No 1 0 748e.f8e8.5d7a
1/2/4 Down None None None None No 1 0 748e.f8e8.5d7a
1/2/5 Down None None None None No 1 0 748e.f8e8.5d7a
1/2/6 Down None None None None No 1 0 748e.f8e8.5d7a
1/2/7 Down None None None None No 1 0 748e.f8e8.5d7a
1/2/8 Down None None None None No 1 0 748e.f8e8.5d7a
1/2/9 Down None None None None No 1 0 748e.f8e8.5d7a
1/2/10 Down None None None None No 1 0 748e.f8e8.5d7a
1/3/1 Up Forward Full 10G None No 1 0 748e.f8e8.5d7a
1/3/2 Down None None None None No 1 0 748e.f8e8.5d7a
1/3/3 Down None None None None No 1 0 748e.f8e8.5d7a
1/3/4 Down None None None None No 1 0 748e.f8e8.5d7a
1/3/5 Down None None None None No 1 0 748e.f8e8.5d7a
1/3/6 Down None None None None No 1 0 748e.f8e8.5d7a
1/3/7 Down None None None None No 1 0 748e.f8e8.5d7a
1/3/8 Down None None None None No 1 0 748e.f8e8.5d7a
mgmt1 Down None None None None No None 0 748e.f8e8.5d7a
Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name
ve1 Up N/A N/A N/A None N/A N/A N/A 748e.f8e8.5d7aIt should work assuming Opnsense has the necessary Mellanox driver loaded. Intel or Chelsio NiCs are generally recommended for pfsense due to driver support, and I would assume opnsense is similar.
The 10GTek 40G QSFP to 4 x SFP+ breakout cable works on my ICX6610 connecting to an Intel X520-DA2 NIC on pfsense.
A Google search yielded a result from 2018 indicating that you need to modify a boot setting to load the mlx4en driver. This may no longer apply to the latest version of opnsense. Mellanox ConnectX-3 support
EDIT: Here are updated instructions which work from the GUI and will persist a reboot. Also, it appears this is still required in 2021. Mellanox ConnectX-2 and up
Pfsense only added the mlx4 and mlx5 drivers in release 2.4.5. Feature #7537: Include mellanox mlx4 and mlx5 ethernet driver - pfSense - pfSense bugtracker
Last edited:
Thanks for the reply. I had found that and added the commands, which worked just fine. The interfaces show up in OpnSense, just as disconnected.
I just tried connecting the cable in a loop from interface 1 to interface 2 on the mellanox nic, and it lit up just fine, so it seems like there's something on the switch side that's not recognizing or utilizing the cable.
EDIT2: Here's what the most relevant parts of my network setup look like, in case it's relevant (open to feedback here as well). Note that there wasn't a good 6610 equivalent in draw.io, so ignore the positional matchups. I added the interface ids for clarity.
EDIT:
Code:
telnet@ICX6610-24P Router#show interfaces ethernet 1/2/1
40GigabitEthernet1/2/1 is down, line protocol is down
Port down for 17 minute(s) 55 second(s)
Hardware is 40GigabitEthernet, address is 748e.f8e8.5d7a (bia 748e.f8e8.5d93)
Interface type is 40Gig Fiber
Configured speed 40Gbit, actual unknown, configured duplex fdx, actual unknown
Configured mdi mode AUTO, actual unknown
Member of L2 VLAN ID 1, port is untagged, port state is BLOCKING
BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
Link Error Dampening is Disabled
STP configured to ON, priority is level0, mac-learning is enabled
Openflow is Disabled, Openflow Hybrid mode is Disabled, Flow Control is enabled
Mirror disabled, Monitor disabled
Mac-notification is disabled
Not member of any active trunks
Not member of any configured trunks
No port name
MTU 1500 bytes, encapsulation ethernet
300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
607855000 packets input, 67135060808 bytes, 0 no buffer
Received 210154120 broadcasts, 394335559 multicasts, 3365321 unicasts
15 input errors, 1 CRC, 0 frame, 0 ignored
0 runts, 0 giants
601682076 packets output, 65644112862 bytes, 0 underruns
Transmitted 214559764 broadcasts, 386674611 multicasts, 447701 unicasts
0 output errors, 0 collisions
Relay Agent Information option: Disabled
Egress queues:
Queue counters Queued packets Dropped Packets
0 64811133 0
1 0 0
2 0 0
3 0 0
4 0 0
5 30 0
6 0 0
7 1 0
Last edited:
Did you follow this step from the ICX6610 instructions to remove any existing stacking config?Thanks for the reply. I had found that and added the commands, which worked just fine. The interfaces show up in OpnSense, just as disconnected.
I just tried connecting the cable in a loop from interface 1 to interface 2 on the mellanox nic, and it lit up just fine, so it seems like there's something on the switch side that's not recognizing or utilizing the cable.
EDIT2: Here's what the most relevant parts of my network setup look like, in case it's relevant (open to feedback here as well). Note that there wasn't a good 6610 equivalent in draw.io, so ignore the positional matchups. I added the interface ids for clarity.
EDIT:
Code:telnet@ICX6610-24P Router#show interfaces ethernet 1/2/1 40GigabitEthernet1/2/1 is down, line protocol is down Port down for 17 minute(s) 55 second(s) Hardware is 40GigabitEthernet, address is 748e.f8e8.5d7a (bia 748e.f8e8.5d93) Interface type is 40Gig Fiber Configured speed 40Gbit, actual unknown, configured duplex fdx, actual unknown Configured mdi mode AUTO, actual unknown Member of L2 VLAN ID 1, port is untagged, port state is BLOCKING BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled Link Error Dampening is Disabled STP configured to ON, priority is level0, mac-learning is enabled Openflow is Disabled, Openflow Hybrid mode is Disabled, Flow Control is enabled Mirror disabled, Monitor disabled Mac-notification is disabled Not member of any active trunks Not member of any configured trunks No port name MTU 1500 bytes, encapsulation ethernet 300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization 300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization 607855000 packets input, 67135060808 bytes, 0 no buffer Received 210154120 broadcasts, 394335559 multicasts, 3365321 unicasts 15 input errors, 1 CRC, 0 frame, 0 ignored 0 runts, 0 giants 601682076 packets output, 65644112862 bytes, 0 underruns Transmitted 214559764 broadcasts, 386674611 multicasts, 447701 unicasts 0 output errors, 0 collisions Relay Agent Information option: Disabled Egress queues: Queue counters Queued packets Dropped Packets 0 64811133 0 1 0 0 2 0 0 3 0 0 4 0 0 5 30 0 6 0 0 7 1 0
Code:
enable
conf t
stack unit 1
no stack-trunk 1/2/1 to 1/2/2
no stack-trunk 1/2/6 to 1/2/7
stack disable
exit
write mem
Last edited:
The interface statistics show about 130GB of traffic on 1/2/1. Did you have it connected previously using a different DAC or with fiber?Thanks for the reply. I had found that and added the commands, which worked just fine. The interfaces show up in OpnSense, just as disconnected.
I just tried connecting the cable in a loop from interface 1 to interface 2 on the mellanox nic, and it lit up just fine, so it seems like there's something on the switch side that's not recognizing or utilizing the cable.
EDIT2: Here's what the most relevant parts of my network setup look like, in case it's relevant (open to feedback here as well). Note that there wasn't a good 6610 equivalent in draw.io, so ignore the positional matchups. I added the interface ids for clarity.
EDIT:
Code:telnet@ICX6610-24P Router#show interfaces ethernet 1/2/1 40GigabitEthernet1/2/1 is down, line protocol is down Port down for 17 minute(s) 55 second(s) Hardware is 40GigabitEthernet, address is 748e.f8e8.5d7a (bia 748e.f8e8.5d93) Interface type is 40Gig Fiber Configured speed 40Gbit, actual unknown, configured duplex fdx, actual unknown Configured mdi mode AUTO, actual unknown Member of L2 VLAN ID 1, port is untagged, port state is BLOCKING BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled Link Error Dampening is Disabled STP configured to ON, priority is level0, mac-learning is enabled Openflow is Disabled, Openflow Hybrid mode is Disabled, Flow Control is enabled Mirror disabled, Monitor disabled Mac-notification is disabled Not member of any active trunks Not member of any configured trunks No port name MTU 1500 bytes, encapsulation ethernet 300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization 300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization 607855000 packets input, 67135060808 bytes, 0 no buffer Received 210154120 broadcasts, 394335559 multicasts, 3365321 unicasts 15 input errors, 1 CRC, 0 frame, 0 ignored 0 runts, 0 giants 601682076 packets output, 65644112862 bytes, 0 underruns Transmitted 214559764 broadcasts, 386674611 multicasts, 447701 unicasts 0 output errors, 0 collisions Relay Agent Information option: Disabled Egress queues: Queue counters Queued packets Dropped Packets 0 64811133 0 1 0 0 2 0 0 3 0 0 4 0 0 5 30 0 6 0 0 7 1 0
Hi guys,
i wish you a nice new years eve
So, i just found this awesome thread about those nice affordable switches and immediately started searching for some on ebay.
I've found some icx6450-48 switches, but in the product description they say the switches only have 2x10gbe sfp+, so i assume the other two are only 1gbe sfp ports.
Are there different versions of the icx6450 switch with either 4xsfp+/10gbe or 2xsfp+/10gbe and 2xsfp/1gbe?
i wish you a nice new years eve
So, i just found this awesome thread about those nice affordable switches and immediately started searching for some on ebay.
I've found some icx6450-48 switches, but in the product description they say the switches only have 2x10gbe sfp+, so i assume the other two are only 1gbe sfp ports.
Are there different versions of the icx6450 switch with either 4xsfp+/10gbe or 2xsfp+/10gbe and 2xsfp/1gbe?
I did indeed. Even re-enabled and re-disabled to be sure. show run snippet:
Code:
Current configuration:
!
ver 08.0.30uT7f3
!
stack unit 1
module 1 icx6610-24p-poe-port-management-module
module 2 icx6610-qsfp-10-port-160g-module
module 3 icx6610-8-port-10g-dual-mode-module
stack disable
stack mac 748e.f8e8.5d7aThat's one weird thing - the activity light for 1/2/1 is on solid whether I have this cable plugged into it or not, and that number keeps going up...
Yes but by way of magick you can get what you want.
Incantation:
Before you buy any switches please take a look at the first post in this thread. Please Read it then go back to the top.
Click on the first link in the first post of the thread. give that page a read.
Look to the left. There's a clicky called Brocade Setup. click there for the switch you seek.
At that bottom of that page there is a link that talks about licensing incantations and that should tell you all you need to know to create magick.
dang - 5 edits to get that right. clearly I started drinking too early.
Thanks for the hint! I will do it after finishing my Dominican cigar and Champagne
Wish you a nice New years eve!
Edit: Damn, i could kick my ass that i didnt find this earlier.... Going to setup a Dell R210ii as my Router and a 6450 as my home network setup. So i can get rid of my pfsense vm, run it bare metal and get my nas box and my main PC running on 10gbps
Last edited: