It depends what you want to achieve. In my case I wanted to use the 10 GBit ports of my switch to route between LAN and DMZ. If I go via my firewall, I would create 1 GBit bottleneck. But ACLs where required in my case. Otherwise having a split in the two networks LAN and DMZ would be meaningless if unlimited routing will be possible.
Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
It sounds like you have the switch setup properly for the link to the AP. Now you need to do a similar configuration for the link between the switch and the router: the port(s) will need to have tagged VLANs 10 and 15 on them, and the router will need to have its own virtual interfaces so that it can accept traffic, provide addresses via DHCP (if you use it), etc.
Also, while you're still working on it, please consider using VLAN tags and subnet numbers that match, if you can. Otherwise you'll have to remember that VLAN tag 10 is subnet 5, and VLAN tag 15 is subnet 10. The network devices won't care, but future you could easily be confused by having '10' mean something different in those two cases.
Hard to follow the verbal description. Any sketch from your network would help.
I suggest to first skip LAG and get VLAN running. At the moment it is unclear if the issue is in the setup of VLAN or LAG or router.
Basically I am doing the same as you with R710, ICX 7150 and OPNsense. Separate WiFi SSID with separate VLANs: "Home" (1), "Guest" (20) and IoT" (30) . On ICX VLAN 1 untaged and VLAN 20 and 30 tagged. L2 set-up on ICX, means no VE assigned only to VLAN 1. Network defined on OPNsense.
Code:
vlan 1 name DEFAULT-VLAN by port
!
vlan 10 name DMZ by port
tagged ethe 1/2/1
untagged ethe 1/1/3 ethe 1/1/5 ethe 1/3/3 to 1/3/4
!
vlan 20 name IoT by port
tagged ethe 1/1/1 ethe 1/2/1
untagged ethe 1/1/11
!
vlan 30 name Guest by port
tagged ethe 1/1/1 ethe 1/2/1 ethe 1/3/3
untagged ethe 1/1/7 ethe 1/1/9
!
!
!
!
ip route 0.0.0.0/0 192.168.2.1
!
!
!
!
interface ethernet 1/1/1
port-name AP
!
interface ethernet 1/2/1
port-name OPNsense
!
!
!
!
interface ve 1
ip address 192.168.2.2 255.255.255.0
ipv6 address fd00:0:0:2::2/64Thank you for your reply and your advice on the subnets. I definitely agree the subnets should match the vlans and that is how I set it up. The 192.168.5.0 should have been typed 192.168.15.0. Too fast typing on my part.
Thank you for your help. I will try to remove the lag and see if that works because everything else is the same as your setup. For the network sketch my setup is pretty straight forward. It goes AP (r710)--> Switch (icx 7250) -->Router (OPNsense). AP is plugged into the switch through 1/1/37 and 1/1/39 (lag 1) and the router is plugged into the switch through 1/2/1. All ports are untagged on the default vlan with interface ve 1 and ip address 192.168.1.2. I did notice one difference between your config and mine. It is "ip route 0.0.0.0/0 192.168.2.1". Would you be able to provide some detail on what that does? I am wondering if that is what I am missing. Thank you.
192.168.2.1 is my OPNsense on LAN network. ICX is 192.168.2.2. This line is to tell the ICX the route to find the way to the firewall/router. Not needed in your network for other devices to find the way. You either have setup the default route manually on each device or each device get the default route by DHCP of OPNsense. The ICX need this line it that services running on ICX, like NTP, can find the way to the router.
Yeah, I'm content with my firewall being the bottleneck for those instances when I need to route between a trusted network and a non-trusted one. Those instances are relatively infrequent. Plus I'm building a tiny-mini firewall with 10gbe and a beefier CPU to replace my celeron J3160, so that bottleneck should be lessened as well. Mostly I was curious if things would get confused if the switch knows how to route to *some* local subnets but not others.
Not sure if this is much of a good deal, but I came across this listing on ebay for anyone looking for a ICX7450-48p for $400 OBO:
Honestly though the 7450 seems like such an odd switch to me. It's so much less capable than the 6610, but just as loud/power hungry. I mean, it doesn't even have as many 10gb SFP+ as the 7250! I guess if you really, really need a few 802.3bt ports for something?
Brocade (ICX725048P2X10G) 48 Port Ethernet Switch for sale online | eBay
Find many great new & used options and get the best deals for Brocade (ICX725048P2X10G) 48 Port Ethernet Switch at the best online prices at eBay! Free shipping for many products!
www.ebay.com
Honestly though the 7450 seems like such an odd switch to me. It's so much less capable than the 6610, but just as loud/power hungry. I mean, it doesn't even have as many 10gb SFP+ as the 7250! I guess if you really, really need a few 802.3bt ports for something?
yeah, there's a reason it's not in my main post, it has so many little hidden limitations, and fully loaded it can't even match the bandwidth on the 6610's rear ports alone, while running the same fans and PSUs. not to mention the 10gbe modules are at insane prices these days (like, $400 each or more), so the only way to really get a usable config is to buy one that already has a module like the one you linked. I've specd them for a couple clients who had very specific needs that the 8030 codetrain on the 6610 couldn't fill in colo like mss clamping in hardware to accommodate gre tunnels, etc, but for home use mehNot sure if this is much of a good deal, but I came across this listing on ebay for anyone looking for a ICX7450-48p for $400 OBO:
Brocade (ICX725048P2X10G) 48 Port Ethernet Switch for sale online | eBay
Find many great new & used options and get the best deals for Brocade (ICX725048P2X10G) 48 Port Ethernet Switch at the best online prices at eBay! Free shipping for many products!www.ebay.com
Honestly though the 7450 seems like such an odd switch to me. It's so much less capable than the 6610, but just as loud/power hungry. I mean, it doesn't even have as many 10gb SFP+ as the 7250! I guess if you really, really need a few 802.3bt ports for something?
7150-C12 have almost doubled in price... Have you Americans finally realised that power is not free? 
Does anyone have an ICX7150-12 for sale for a reasonable price?
Does anyone have an ICX7150-12 for sale for a reasonable price?
So 8.0.40+ or 9.0.10 codetrain don't offer much more that is worth upgrading ?
I think about IPv6, configuration archive and compare (like Junos) and much more I don't know...
Yeah, it’s absolutely nuts. I managed to pick one up 6mo ago for $200 - thought about buying another for stacking on the other side of house, but now the cheapest I can find is ~$375.
If you can get by without 10Gbe (and with the older 08.0.30 code train), an ICX6450-C12-PD might be the ticket
I hope you all don't mind a very basic question. Is there a difference performance-wise (or otherwise) between two switches stacked and a downstream switch connected to another? For example, if I have a 6450-24p as my primary switch and I put a 6450-C12 in another room, what is the difference between stacking that switch and just trunking my vlans to that switch and configuring it independently? Is it just ease of management or is it cleaner from a networking perspective to have two switches be a single stack?
Yes, I will import 4 ICX6450-C12
However, I have one place where I currently use a ICX6450-24P which I'd like to replace with the an ICX7150-C12 to save another 15W or so...
It provides a single management interface, it can provide redundant links (although there are other ways to do that too), not much else as far as I can tell.
I'm currently on a fan-modified Avaya 4548gt-pwr. 48 copper gbit (all poe), 4 sfp
Its a little long in the tooth and sucks more power than id like. I do heavily use POE, about 30 of the 48 ports are active POE.
Recommendations for which brocade to jump to as an upgrade? I could use 10gbit in about 4 places, so dont need too many 10gbit ports.
Its a little long in the tooth and sucks more power than id like. I do heavily use POE, about 30 of the 48 ports are active POE.
Recommendations for which brocade to jump to as an upgrade? I could use 10gbit in about 4 places, so dont need too many 10gbit ports.
ICX6450-48p. Same as your current one, but probably less power, so I'm not sure that's really an "upgrade"
I have 2 7250-24P switches and ultimately here's what I ended up doing fan/noise wise.
At stock the switches aren't that bad, but -anything- I could do to make the living room experience more pleasant was worth. Ended up trying a few different fans, and ended up using 2x SuperMicro FAN-0065L4 per switch, which I got on ebay (4 for $30 shipped), these are the Delta FFB0412SHN that might have been mentioned in this thread once.
I live in SE Texas, where the summers get pretty warm, I try to keep the AC at 74 during the day and 72 when the sun starts going down, so consider that to be my "ambient" temp. 23-25c basically. At stock the switches were anywhere between 55-60c, not really that low to justify the fan's noise. As stated, I swapped a bunch of fans but found that if the fans don't move enough air your temps will steadily creep up. I would not use anything under a fan that spins at 5000 RPM (after the 12V current to the fan is ramped down to I believe 4.6~V that is also stated somewhere in this thread?).
Admittedly, these are not that much quieter, but they're close enough in spec to current fans, and run anywhere between 1-1.5k RPM slower than stock (depending on your stock fan revision), that the pitch isn't as annoying and it's honestly quite a bit more tolerable. Temps were around 56-60C idle.
The last thing I did was I purchased some 60x10mm fans as suggested in this thread and strapped them to the ASIC of each with some self tapping screws. Just whatever I had laying around that were the same size. One thing I did that was different was, I had 2 diff 60mm fans since the Sunon wasn't in stock, those being the StarTech 60mm fan that's on amazon for 6.99, and a fan that is identified as model YY6010H12S. The differences between these two are the blade design and the max RPM (4000 vs 3500). To me it doesn't seem to make a difference, I just ordered what I could get quickly so I wasn't spending that much time on this.
Ended up tying those into fan 2 header with a splitter, re-arranged fan pins blah blah. Lastly, I also ended up adding a washer to each screw (I used two screws per fan, cross-wise) which I think made an interesting difference. With the 60mm fans I wasn't really seeing anything great in terms of performance; I gained about 1-2c off my idle which could just be margin of error. After adding the washer my idles dropped to 53-54. Not really sure what the washer is doing here besides maybe preventing the fan from actually trapping turbulent air as a result of being too close? Anyway, figured that was the 'secret sauce' for me, YMMV.
edit: one thing I forgot to add is, it is my opinion that the lack of ventilation on the side closest to the ASIC contributes to temps. I considered cutting a rectangle out and fitting mesh in some fashion but didn't want to spend time doing that at this point. If you really have the time and patience you can just drill in ventilation holes.
At stock the switches aren't that bad, but -anything- I could do to make the living room experience more pleasant was worth. Ended up trying a few different fans, and ended up using 2x SuperMicro FAN-0065L4 per switch, which I got on ebay (4 for $30 shipped), these are the Delta FFB0412SHN that might have been mentioned in this thread once.
I live in SE Texas, where the summers get pretty warm, I try to keep the AC at 74 during the day and 72 when the sun starts going down, so consider that to be my "ambient" temp. 23-25c basically. At stock the switches were anywhere between 55-60c, not really that low to justify the fan's noise. As stated, I swapped a bunch of fans but found that if the fans don't move enough air your temps will steadily creep up. I would not use anything under a fan that spins at 5000 RPM (after the 12V current to the fan is ramped down to I believe 4.6~V that is also stated somewhere in this thread?).
Admittedly, these are not that much quieter, but they're close enough in spec to current fans, and run anywhere between 1-1.5k RPM slower than stock (depending on your stock fan revision), that the pitch isn't as annoying and it's honestly quite a bit more tolerable. Temps were around 56-60C idle.
The last thing I did was I purchased some 60x10mm fans as suggested in this thread and strapped them to the ASIC of each with some self tapping screws. Just whatever I had laying around that were the same size. One thing I did that was different was, I had 2 diff 60mm fans since the Sunon wasn't in stock, those being the StarTech 60mm fan that's on amazon for 6.99, and a fan that is identified as model YY6010H12S. The differences between these two are the blade design and the max RPM (4000 vs 3500). To me it doesn't seem to make a difference, I just ordered what I could get quickly so I wasn't spending that much time on this.
Ended up tying those into fan 2 header with a splitter, re-arranged fan pins blah blah. Lastly, I also ended up adding a washer to each screw (I used two screws per fan, cross-wise) which I think made an interesting difference. With the 60mm fans I wasn't really seeing anything great in terms of performance; I gained about 1-2c off my idle which could just be margin of error. After adding the washer my idles dropped to 53-54. Not really sure what the washer is doing here besides maybe preventing the fan from actually trapping turbulent air as a result of being too close? Anyway, figured that was the 'secret sauce' for me, YMMV.
edit: one thing I forgot to add is, it is my opinion that the lack of ventilation on the side closest to the ASIC contributes to temps. I considered cutting a rectangle out and fitting mesh in some fashion but didn't want to spend time doing that at this point. If you really have the time and patience you can just drill in ventilation holes.
Last edited: