you need to go to an intermediate version boot and run first as there is a filesystem change that occurs. then you can go to later versions.
my recollection is like 8080 and SPZ10114
Last edited:
Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
my recollection is like 8080 and SPZ10114
Follow the link below to get to a version capable of upgrading to 8095
Commscope Technical Content Portal
SSH key access on the 6450 series - once more.
So i now have my ICX6450-48p fully flashed with latest, licenced, and set up. As usual i had issues getting SSH key access to work:
First i generated a 2048 bit RSA key with
But this method doesn't add the
To add that line, i had to add the -e (export) command to ssh-keygen. I ran ssh-keygen again:
this added the ---- BEGIN SSH2 PUBLIC KEY ---- and ---- END SSH2 PUBLIC KEY ---- to my public keyfile. After uploading that public key it finally worked.
Note i did try to manually add those lines to my public keyfile at first, which did NOT work. It just resulted in
So i wrote this for anyone that has the same issues. I didn't notice this being documented in @fohdeesha 's guide for the ICX6450 series.
So i now have my ICX6450-48p fully flashed with latest, licenced, and set up. As usual i had issues getting SSH key access to work:
First i generated a 2048 bit RSA key with
Code:
ssh-keygen -t rsa -b 2048---- BEGIN SSH2 PUBLIC KEY ---- line to the public keyfile. This produces an error when attempting to upload the public key via tftp:
Code:
icx6450(config)#ERROR: key# 1 must begin with ---- BEGIN SSH2 PUBLIC KEY ----
Code:
ssh-keygen -t rsa -b 2048 -e
Enter file in which the key is (/home/user/.ssh/id_rsa):Note i did try to manually add those lines to my public keyfile at first, which did NOT work. It just resulted in
Permission denied (publickey)So i wrote this for anyone that has the same issues. I didn't notice this being documented in @fohdeesha 's guide for the ICX6450 series.
Last edited:
it probably reverted to the secondary bootloader that was an older version during that first boot (when it failed) - this happened to one or two other people. spz10118.bin is the recommended bootloader for 8090mc and is what ruckus distributes for that version, so if that was the bootloader actually booting it should have loaded 8090mc without issues. These things like to fall back to the secondary bootloader sometimes when in the middle of a manual upgrade, need to add a couple commands to the guide to prevent it
I went and try to do it, but I found out that the ISP is giving me these with /30 /27 in a 301VLAN. 1/3/1 is my fiber from ISP. With the below VLAN setup I can use U1/M1 ports 11 and 12 to get my VOIP phone and TV channels running directly, then if I go to U1/M1 2,4,6,8,10 I can either get a DHCP IP from ISP and if I go with VLAN 301 on the same ports I can use the /30.I believe you are overthinking this a bit
.
.
.
That should be it: any device on the /27 subnet with a default gateway set to the ICX will then be able to send traffic to external destinations.
Now if I were to set VE on VLAN 301 with the ISP provided IP/gateway from /30, will I be able to get any device which will be set with /27 and default gateway to the ICX reach internet if connected to these ports? I just want to add the /30 in the 301 somehow to get rid of the pfsense doing the routing between /30 /27 I am using now.
Code:
PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree Off
Untagged Ports: (U1/M1) 11 12
Untagged Ports: (U1/M3) 2
Tagged Ports: None
Uplink Ports: None
DualMode Ports: (U1/M1) 2 4 6 8 10
DualMode Ports: (U1/M3) 1
Mac-Vlan Ports: None
Monitoring: Disabled
PORT-VLAN 400, Name CORE, Priority level0, Spanning tree Off
Untagged Ports: (U1/M3) 3 5 7
Tagged Ports: None
Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
Monitoring: Disabled
PORT-VLAN 301, Name ISP, Priority level0, Spanning tree Off
Untagged Ports: None
Tagged Ports: (U1/M1) 2 4 6 8 10
Tagged Ports: (U1/M3) 1
Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
Monitoring: Disabled
PORT-VLAN 1000, Name Lan, Priority level0, Spanning tree Off
Untagged Ports: (U1/M1) 25 26 27 28 29 30 31 32 33 34 35 36
Untagged Ports: (U1/M1) 37 38 39 40 41 42 43 44 45 46 47 48
Untagged Ports: (U1/M3) 4 6 8
Tagged Ports: None
Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
Monitoring: DisabledThanks for the thumbs up @fohdeesha , if only you would recognize the significance of my tape mod 
Really, anyone running their switch with less than 3 fans should remember to block the empty fan cutouts with a piece of tape, the results are pretty dramatic.
Anyways, for my fan mod on the 6450, i'm planning on trying the Arctic S4028-6K
they have 2 models, 6K and 15K, and they seem to be designed exactly for our purpose. Plus they are very affordable.
Really, anyone running their switch with less than 3 fans should remember to block the empty fan cutouts with a piece of tape, the results are pretty dramatic.Anyways, for my fan mod on the 6450, i'm planning on trying the Arctic S4028-6K
they have 2 models, 6K and 15K, and they seem to be designed exactly for our purpose. Plus they are very affordable.
Hi folks, I'm the proud owner of a straight-from-ebay ICX6450 and R500, and I can't power one from the other. The R500 does power up from another PoE switch, but doesn't power up off any port on the 6450. This is a 6450-24P according to the labeling, and I've upgraded the PoE firmware as per @fohdeesha's fantastic guide, set inline power on all the ports, but there's no power coming out of any of them.
One possibly peculiar thing is that although show inline power detail works, unlike other people's results from upthread mine doesn't show any values under cumulative statuses:
So, erm, what is the extremely obvious thing that I've forgotten to do?
One possibly peculiar thing is that although show inline power detail works, unlike other people's results from upthread mine doesn't show any values under cumulative statuses:
SSH@core#show inline power detail
Power Supply Data On stack 1:
++++++++++++++++++
Power Supply Data:
++++++++++++++++++
Power Supply #1:
Max Curr: 6.8 Amps
Voltage: 54.0 Volts
Capacity: 370 Watts
power supply 2 is not present
POE Details Info. On Stack 1 :
General PoE Data:
+++++++++++++++++
Firmware
Version
----------------
02.1.0 Build 004
Cumulative Port State Data:
+++++++++++++++++++++++++++
#Ports #Ports #Ports #Ports #Ports #Ports #Ports
Admin-On Admin-Off Oper-On Oper-Off Off-Denied Off-No-PD Off-Fault
-------------------------------------------------------------------------
Cumulative Port Power Data:
+++++++++++++++++++++++++++
#Ports #Ports #Ports Power Power
Pri: 1 Pri: 2 Pri: 3 Consumption Allocation
-----------------------------------------------
SSH@core#
Power Supply Data On stack 1:
++++++++++++++++++
Power Supply Data:
++++++++++++++++++
Power Supply #1:
Max Curr: 6.8 Amps
Voltage: 54.0 Volts
Capacity: 370 Watts
power supply 2 is not present
POE Details Info. On Stack 1 :
General PoE Data:
+++++++++++++++++
Firmware
Version
----------------
02.1.0 Build 004
Cumulative Port State Data:
+++++++++++++++++++++++++++
#Ports #Ports #Ports #Ports #Ports #Ports #Ports
Admin-On Admin-Off Oper-On Oper-Off Off-Denied Off-No-PD Off-Fault
-------------------------------------------------------------------------
Cumulative Port Power Data:
+++++++++++++++++++++++++++
#Ports #Ports #Ports Power Power
Pri: 1 Pri: 2 Pri: 3 Consumption Allocation
-----------------------------------------------
SSH@core#
So, erm, what is the extremely obvious thing that I've forgotten to do?
SSH@core#show ver
Copyright (c) 1996-2016 Brocade Communications Systems, Inc. All rights reserved.
UNIT 1: compiled on Apr 23 2020 at 10:57:06 labeled as ICX64R08030u
(9871112 bytes) from Primary ICX64R08030u.bin
SW: Version 08.0.30uT313
Boot-Monitor Image size = 512, Version:10.1.05T310 (kxz10105)
HW: Stackable ICX6450-24-HPOE
==========================================================================
UNIT 1: SL 1: ICX6450-24P POE 24-port Management Module
Serial #: 2ax5o2jk68e
License: ICX6450_PREM_ROUTER_SOFT_PACKAGE (LID: H4CKTH3PLN8)
P-ENGINE 0: type DEF0, rev 01
==========================================================================
UNIT 1: SL 2: ICX6450-SFP-Plus 4port 40G Module
==========================================================================
800 MHz ARM processor ARMv5TE, 400 MHz bus
65536 KB flash memory
512 MB DRAM
STACKID 1 system uptime is 32 minute(s) 47 second(s)
The system started at 22:01:02 Pacific Fri May 06 2022
The system : started=warm start reloaded=by "reload"
SSH@core#
Copyright (c) 1996-2016 Brocade Communications Systems, Inc. All rights reserved.
UNIT 1: compiled on Apr 23 2020 at 10:57:06 labeled as ICX64R08030u
(9871112 bytes) from Primary ICX64R08030u.bin
SW: Version 08.0.30uT313
Boot-Monitor Image size = 512, Version:10.1.05T310 (kxz10105)
HW: Stackable ICX6450-24-HPOE
==========================================================================
UNIT 1: SL 1: ICX6450-24P POE 24-port Management Module
Serial #: 2ax5o2jk68e
License: ICX6450_PREM_ROUTER_SOFT_PACKAGE (LID: H4CKTH3PLN8)
P-ENGINE 0: type DEF0, rev 01
==========================================================================
UNIT 1: SL 2: ICX6450-SFP-Plus 4port 40G Module
==========================================================================
800 MHz ARM processor ARMv5TE, 400 MHz bus
65536 KB flash memory
512 MB DRAM
STACKID 1 system uptime is 32 minute(s) 47 second(s)
The system started at 22:01:02 Pacific Fri May 06 2022
The system : started=warm start reloaded=by "reload"
SSH@core#
SSH@core#show inline power
Power Capacity: Total is 370000 mWatts. Current Free is 370000 mWatts.
Power Allocations: Requests Honored 0 times
Port Admin Oper ---Power(mWatts)--- PD Type PD Class Pri Fault/
State State Consumed Allocated Error
--------------------------------------------------------------------------
1/1/1 On Off 0 0 n/a n/a 3 n/a
1/1/2 On Off 0 0 n/a n/a 3 n/a
1/1/3 On Off 0 0 n/a n/a 3 n/a
1/1/4 On Off 0 0 n/a n/a 3 n/a
1/1/5 On Off 0 0 n/a n/a 3 n/a
1/1/6 On Off 0 0 n/a n/a 3 n/a
1/1/7 On Off 0 0 n/a n/a 3 n/a
1/1/8 On Off 0 0 n/a n/a 3 n/a
1/1/9 On Off 0 0 n/a n/a 3 n/a
1/1/10 On Off 0 0 n/a n/a 3 n/a
1/1/11 On Off 0 0 n/a n/a 3 n/a
1/1/12 On Off 0 0 n/a n/a 3 n/a
1/1/13 On Off 0 0 n/a n/a 3 n/a
1/1/14 On Off 0 0 n/a n/a 3 n/a
1/1/15 On Off 0 0 n/a n/a 3 n/a
1/1/16 On Off 0 0 n/a n/a 3 n/a
1/1/17 On Off 0 0 n/a n/a 3 n/a
1/1/18 On Off 0 0 n/a n/a 3 n/a
1/1/19 On Off 0 0 n/a n/a 3 n/a
1/1/20 On Off 0 0 n/a n/a 3 n/a
1/1/21 On Off 0 0 n/a n/a 3 n/a
1/1/22 On Off 0 0 n/a n/a 3 n/a
1/1/23 On Off 0 0 n/a n/a 3 n/a
1/1/24 On Off 0 0 n/a n/a 3 n/a
--------------------------------------------------------------------------
Total 0 0
SSH@core#
Power Capacity: Total is 370000 mWatts. Current Free is 370000 mWatts.
Power Allocations: Requests Honored 0 times
Port Admin Oper ---Power(mWatts)--- PD Type PD Class Pri Fault/
State State Consumed Allocated Error
--------------------------------------------------------------------------
1/1/1 On Off 0 0 n/a n/a 3 n/a
1/1/2 On Off 0 0 n/a n/a 3 n/a
1/1/3 On Off 0 0 n/a n/a 3 n/a
1/1/4 On Off 0 0 n/a n/a 3 n/a
1/1/5 On Off 0 0 n/a n/a 3 n/a
1/1/6 On Off 0 0 n/a n/a 3 n/a
1/1/7 On Off 0 0 n/a n/a 3 n/a
1/1/8 On Off 0 0 n/a n/a 3 n/a
1/1/9 On Off 0 0 n/a n/a 3 n/a
1/1/10 On Off 0 0 n/a n/a 3 n/a
1/1/11 On Off 0 0 n/a n/a 3 n/a
1/1/12 On Off 0 0 n/a n/a 3 n/a
1/1/13 On Off 0 0 n/a n/a 3 n/a
1/1/14 On Off 0 0 n/a n/a 3 n/a
1/1/15 On Off 0 0 n/a n/a 3 n/a
1/1/16 On Off 0 0 n/a n/a 3 n/a
1/1/17 On Off 0 0 n/a n/a 3 n/a
1/1/18 On Off 0 0 n/a n/a 3 n/a
1/1/19 On Off 0 0 n/a n/a 3 n/a
1/1/20 On Off 0 0 n/a n/a 3 n/a
1/1/21 On Off 0 0 n/a n/a 3 n/a
1/1/22 On Off 0 0 n/a n/a 3 n/a
1/1/23 On Off 0 0 n/a n/a 3 n/a
1/1/24 On Off 0 0 n/a n/a 3 n/a
--------------------------------------------------------------------------
Total 0 0
SSH@core#
Last edited:
This thread is just bonkers, truly insane levels of deep diving on display here by all - bravo!
Somewhat predictably I've now got an ICX6450-24P on its way from USA to UK, to join a Lenovo m720q/pfSense combo that STH also convinced me I desperately needed. You guys have a lot to answer for... I'm excited to start playing
Somewhat predictably I've now got an ICX6450-24P on its way from USA to UK, to join a Lenovo m720q/pfSense combo that STH also convinced me I desperately needed. You guys have a lot to answer for... I'm excited to start playing
It seems you don't have PoE (inline power) enabled on any port.
This is what a port on my 6450-24p looks like when inline power is enabled, note the value set in the column "PD Class"
Code:
Port Admin Oper ---Power(mWatts)--- PD Type PD Class Pri Fault/
State State Consumed Allocated Error
--------------------------------------------------------------------------
2/1/14 On On 5100 30000 802.3at Class 4 3 n/a
Code:
interface ethernet 2/1/14
port-name Ruckus R710
dual-mode 1
inline power power-by-class 4
This exact thread convinced me to go 10gig in my home lab. I got ICX6610-24P on eBay for next to nothing. Fully unlocked and upgraded, thanks to amazing Fohdeesha's guides.
It served well-running, mainly my hodge-podge all-flash vSan cluster and a few POE APs. This cluster recently unexpectantly crashed and burned. One of the remained loads on it was Pihole which is now happily running on a tiny S905X ARM board (somewhat similar to raspberry pi 3) - this is what I had at hand. Real RasPi boards are too expensive now.
I know all there is to know about VMWare virtualization, and I see near-zero interest in all my recent employers to explore VMWare's new offerings. One word has on everyone's (i.e., IT Management) lips, and it's the Cloud. Despite its "best" efforts, VMWare doesn't have a great cloud strategy or direction.
Alas, I recently decided in another direction - to simplify and consolidate my home lab/home stuff to a bare minimum to cut my electric bill and simply its management. Plus you don't need on-prem aging hardware to run a lab in the cloud
So yesterday, I powered off my ICX6610-24P for now until it's time to shine again may be needed.
For now, 1gig is all I need. APs consolidated, and a few moved to POE injectors.
The full circle is complete now.
p.s: Don't ask me to sell it, I promised I won't
It served well-running, mainly my hodge-podge all-flash vSan cluster and a few POE APs. This cluster recently unexpectantly crashed and burned. One of the remained loads on it was Pihole which is now happily running on a tiny S905X ARM board (somewhat similar to raspberry pi 3) - this is what I had at hand. Real RasPi boards are too expensive now.
I know all there is to know about VMWare virtualization, and I see near-zero interest in all my recent employers to explore VMWare's new offerings. One word has on everyone's (i.e., IT Management) lips, and it's the Cloud. Despite its "best" efforts, VMWare doesn't have a great cloud strategy or direction.
Alas, I recently decided in another direction - to simplify and consolidate my home lab/home stuff to a bare minimum to cut my electric bill and simply its management. Plus you don't need on-prem aging hardware to run a lab in the cloud
So yesterday, I powered off my ICX6610-24P for now until it's time to shine again may be needed.
For now, 1gig is all I need. APs consolidated, and a few moved to POE injectors.
The full circle is complete now.
p.s: Don't ask me to sell it, I promised I won't
Some middle aged men switch from the V8 gas-guzzler to a Toyota Prius and convince themselves they are being rational. They grow long hair and twist it into a man-bun every morning. But in the end, it doesn't work, because real men need raw power.Alas, I recently decided in another direction - to simplify and consolidate my home lab/home stuff to a bare minimum to cut my electric bill and simply its management. Plus you don't need on-prem aging hardware to run a lab in the cloud
I suggest you upgrade to a 800BHP V12 instead, you'll feel better
Living in the suburbs with a family of 4 - two cars tend to be a necessity. A few years ago, I got rid of my old 1999 Corolla and replaced it with 5.5 seconds 0-60 sedan. 2018 Honda Accord 2.0T EX-L more specifically. I call it my rational mid-life crisis car. I expect its replacement to be faster and likely a speedy BEV when the time comes.Some middle-aged men switch from the V8 gas-guzzler to a Toyota Prius and convince themselves they are being rational. They grow long hair and twist it into a man-bun every morning. But in the end, it doesn't work, because real men need raw power.
I suggest you upgrade to a 800BHP V12 instead, you'll feel better
I'll see in a few months, maybe by this fall; once my cooling bills go down, I might put the switch back to use. Who knows.
Last edited:
OK. I've been banging my head against this for a bunch of hours and I would love it if someone could just point out where I'm being dumb. I cannot for the life of me get my 7250 to route between VLANs. I'm running pfsense/opnsense (virtualized and switching between back and forth between the two while I get my opnsense install fully operational--for the purposes of this question, it doesn't matter which firewall I'm running). I have a bunch of VLANs--more than I need, but whatever. 3 of the VLANs are trusted, and I want to be able to route between them via the switch rather than going out to the firewall. The rest of the VLANs I want to go ahead and use the firewall to the extent there needs to be routing between them (rare), because I'm substantially more comfortable with filter rules than ACLs. At the bottom of this message is my current running config, and here is the output of 'sh ip route':
The three VLANs between which I want to route are 2, 10, and 1010. 2161 and 2162 are transit VLANs for WAN and LAN, respectively. When I set the gateway on any of the trusted VLANs for the firewall (X.X.X.1), everything works as expected. The firewall routes between VLANs according to my rules and I can get out to the internet. On the other hand, when I set the gateway on any of the trusted VLANs for the switch (X.X.X.254), I cannot reach one subnet from another. SSH/HTTPS are both inaccessible between local subnets. However, going out to the internet works, and for some reason I can ping between local subnets. This behavior is the same whether I'm running pfsense and opnsense, and even if I yank the LAN transit cable between the switch and the firewall.
At this point I'm ready to give up and just let the firewall handle all the routing, even thought it's not quite up to the task of linespeed routing. As an aside, how much CPU do you need to max iperf on 10gbe? Brief testing I can get ~7gbit with my i3-8100t.
Anyway, any suggestions would be awesome.
Thanks!
Code:
SSH@coreswitch(config)#sh ip route
Total number of IP routes: 6
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
STATIC Codes - v:Inter-VRF
Destination Gateway Port Cost Type Uptime
1 0.0.0.0/0 172.16.2.1 ve 2162 1/1 S 10h49m
2 10.10.10.0/24 DIRECT ve 1010 0/0 D 10h49m
3 172.16.1.0/24 DIRECT ve 2161 0/0 D 10h49m
4 172.16.2.0/24 DIRECT ve 2162 0/0 D 10h49m
5 192.168.0.0/24 DIRECT ve 2 0/0 D 10h49m
6 192.168.10.0/24 DIRECT ve 10 0/0 D 10h49mAt this point I'm ready to give up and just let the firewall handle all the routing, even thought it's not quite up to the task of linespeed routing. As an aside, how much CPU do you need to max iperf on 10gbe? Brief testing I can get ~7gbit with my i3-8100t.
Anyway, any suggestions would be awesome.
Thanks!
Code:
SSH@coreswitch>sh run
Current configuration:
!
ver 08.0.95fT213
!
stack unit 1
module 1 icx7250-24p-poe-port-management-module
module 2 icx7250-sfp-plus-8port-80g-module
!
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree
!
vlan 2 name infra by port
tagged ethe 1/2/2 to 1/2/4
untagged ethe 1/1/2 to 1/1/3 ethe 1/1/5 to 1/1/7 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24
router-interface ve 2
spanning-tree
!
vlan 10 name home by port
tagged ethe 1/1/2 ethe 1/1/7 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2 to 1/2/4
untagged ethe 1/1/4 ethe 1/1/8 to 1/1/9 ethe 1/1/11 ethe 1/1/14 ethe 1/1/16 ethe 1/2/5
router-interface ve 10
spanning-tree
!
vlan 11 name voip by port
tagged ethe 1/1/2 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2
untagged ethe 1/1/12 ethe 1/1/18
spanning-tree
!
vlan 12 name guest by port
tagged ethe 1/1/2 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2
spanning-tree
!
vlan 20 name kids by port
tagged ethe 1/1/2 ethe 1/1/5 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2
spanning-tree
!
vlan 30 name IOT by port
tagged ethe 1/1/2 ethe 1/1/7 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2 to 1/2/4
untagged ethe 1/1/13 ethe 1/1/17 ethe 1/1/19 ethe 1/1/22 to 1/1/23 ethe 1/2/7
spanning-tree
!
!
vlan 999 by port
tagged ethe 1/1/24 ethe 1/2/2
!
vlan 1010 name data by port
tagged ethe 1/1/2 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2
untagged ethe 1/2/3 to 1/2/4
router-interface ve 1010
spanning-tree
!
!
!
!
vlan 2161 name wansit_176_16_1 by port
untagged ethe 1/2/1
router-interface ve 2161
!
vlan 2162 name lansit_176_16_2 by port
untagged ethe 1/2/2
router-interface ve 2162
!
vlan 2222 name wan_vlan by port
tagged ethe 1/2/1
untagged ethe 1/1/1
spanning-tree
!
!
!
vlan 3333 name 5g_wan_vlan by port
tagged ethe 1/1/24 ethe 1/2/1
untagged ethe 1/1/10
spanning-tree
!
!
!
!
!
!
!
!
aaa authentication web-server default local
aaa authentication login default local
enable aaa console
hostname coreswitch
ip dhcp-client disable
ip dns server-address 192.168.0.1
ip route 0.0.0.0/0 172.16.2.1
!
no telnet server
username super password .....
!
!
!
!
clock summer-time
clock timezone gmt GMT-06
!
!
ntp
disable serve
server 192.168.0.1
server 10.10.10.1
!
!
no web-management http
web-management https
!
manager disable
!
!
manager port-list 987
!
!
!
!
!
!
!
!
!
interface management 1
ip address 10.10.2.254 255.255.255.0
!
interface ethernet 1/1/1
port-name cablemodem
!
interface ethernet 1/1/2
port-name firemox
!
interface ethernet 1/1/3
port-name prox-enp35
!
interface ethernet 1/1/4
port-name printer
!
interface ethernet 1/1/5
port-name minimox-eno1
!
interface ethernet 1/1/6
port-name piman
!
interface ethernet 1/1/7
port-name micromox1
!
interface ethernet 1/1/8
port-name IPMI1
!
interface ethernet 1/1/9
port-name note-nook
!
interface ethernet 1/1/12
port-name obi200
!
interface ethernet 1/1/15
port-name kitchen-no-poe
!
interface ethernet 1/1/17
port-name master-bed
!
interface ethernet 1/1/18
port-name security
!
interface ethernet 1/1/19
port-name garage
!
interface ethernet 1/1/20
port-name foyer
!
interface ethernet 1/1/21
port-name kitchen
!
interface ethernet 1/1/22
port-name garage-south-2
!
interface ethernet 1/1/23
port-name 2nd-bed
!
interface ethernet 1/1/24
port-name 4th-floor
!
interface ethernet 1/2/1
port-name WANuplink
!
interface ethernet 1/2/2
port-name LANuplink
!
interface ethernet 1/2/3
port-name mmx-10g
!
interface ethernet 1/2/4
port-name prox-10g
!
interface ethernet 1/2/5
port-name m1mini
!
interface ve 2
ip address 192.168.0.254 255.255.255.0
!
interface ve 10
ip address 192.168.10.254 255.255.255.0
!
interface ve 1010
ip address 10.10.10.254 255.255.255.0
!
interface ve 2161
ip address 172.16.1.254 255.255.255.0
!
interface ve 2162
ip address 172.16.2.254 255.255.255.0
!
!
!
!
!
!
!
!
!
!
ip ssh password-authentication no
ip ssh idle-time 0
ip ssh interactive-authentication no
!
!
!
!
!
endThe plot thickens! I powered up the switch again today with an H510 plugged into a port, just out of curiosity to see what would happen, and... it worked! I had PoE working happily to both the H510 and R600:
So then I restarted the switch again out of curiosity, and sure enough back to no PoE, with the same output from show inline power detail as previously (ie, no aggregate port counts showing up at all).
SSH@core#show inline power detail
Power Supply Data On stack 1:
++++++++++++++++++
Power Supply Data:
++++++++++++++++++
Power Supply #1:
Max Curr: 6.8 Amps
Voltage: 54.0 Volts
Capacity: 370 Watts
power supply 2 is not present
POE Details Info. On Stack 1 :
General PoE Data:
+++++++++++++++++
Firmware
Version
----------------
02.1.0 Build 004
Cumulative Port State Data:
+++++++++++++++++++++++++++
#Ports #Ports #Ports #Ports #Ports #Ports #Ports
Admin-On Admin-Off Oper-On Oper-Off Off-Denied Off-No-PD Off-Fault
-------------------------------------------------------------------------
24 0 2 22 0 22 0
Cumulative Port Power Data:
+++++++++++++++++++++++++++
#Ports #Ports #Ports Power Power
Pri: 1 Pri: 2 Pri: 3 Consumption Allocation
-----------------------------------------------
0 0 24 6.200 W 45.400 W
SSH@core#show inline power
Power Capacity: Total is 370000 mWatts. Current Free is 324600 mWatts.
Power Allocations: Requests Honored 25 times
Port Admin Oper ---Power(mWatts)--- PD Type PD Class Pri Fault/
State State Consumed Allocated Error
--------------------------------------------------------------------------
1/1/1 On Off 0 0 n/a n/a 3 n/a
1/1/2 On Off 0 0 n/a n/a 3 n/a
1/1/3 On Off 0 0 n/a n/a 3 n/a
1/1/4 On Off 0 0 n/a n/a 3 n/a
1/1/5 On Off 0 0 n/a n/a 3 n/a
1/1/6 On Off 0 0 n/a n/a 3 n/a
1/1/7 On Off 0 0 n/a n/a 3 n/a
1/1/8 On Off 0 0 n/a n/a 3 n/a
1/1/9 On Off 0 0 n/a n/a 3 n/a
1/1/10 On Off 0 0 n/a n/a 3 n/a
1/1/11 On Off 0 0 n/a n/a 3 n/a
1/1/12 On Off 0 0 n/a n/a 3 n/a
1/1/13 On On 4000 30000 802.3at Class 4 3 n/a
1/1/14 On Off 0 0 n/a n/a 3 n/a
1/1/15 On On 3600 15400 802.3af Class 3 3 n/a
1/1/16 On Off 0 0 n/a n/a 3 n/a
1/1/17 On Off 0 0 n/a n/a 3 n/a
1/1/18 On Off 0 0 n/a n/a 3 n/a
1/1/19 On Off 0 0 n/a n/a 3 n/a
1/1/20 On Off 0 0 n/a n/a 3 n/a
1/1/21 On Off 0 0 n/a n/a 3 n/a
1/1/22 On Off 0 0 n/a n/a 3 n/a
1/1/23 On Off 0 0 n/a n/a 3 n/a
1/1/24 On Off 0 0 n/a n/a 3 n/a
--------------------------------------------------------------------------
Total 7600 45400
Power Supply Data On stack 1:
++++++++++++++++++
Power Supply Data:
++++++++++++++++++
Power Supply #1:
Max Curr: 6.8 Amps
Voltage: 54.0 Volts
Capacity: 370 Watts
power supply 2 is not present
POE Details Info. On Stack 1 :
General PoE Data:
+++++++++++++++++
Firmware
Version
----------------
02.1.0 Build 004
Cumulative Port State Data:
+++++++++++++++++++++++++++
#Ports #Ports #Ports #Ports #Ports #Ports #Ports
Admin-On Admin-Off Oper-On Oper-Off Off-Denied Off-No-PD Off-Fault
-------------------------------------------------------------------------
24 0 2 22 0 22 0
Cumulative Port Power Data:
+++++++++++++++++++++++++++
#Ports #Ports #Ports Power Power
Pri: 1 Pri: 2 Pri: 3 Consumption Allocation
-----------------------------------------------
0 0 24 6.200 W 45.400 W
SSH@core#show inline power
Power Capacity: Total is 370000 mWatts. Current Free is 324600 mWatts.
Power Allocations: Requests Honored 25 times
Port Admin Oper ---Power(mWatts)--- PD Type PD Class Pri Fault/
State State Consumed Allocated Error
--------------------------------------------------------------------------
1/1/1 On Off 0 0 n/a n/a 3 n/a
1/1/2 On Off 0 0 n/a n/a 3 n/a
1/1/3 On Off 0 0 n/a n/a 3 n/a
1/1/4 On Off 0 0 n/a n/a 3 n/a
1/1/5 On Off 0 0 n/a n/a 3 n/a
1/1/6 On Off 0 0 n/a n/a 3 n/a
1/1/7 On Off 0 0 n/a n/a 3 n/a
1/1/8 On Off 0 0 n/a n/a 3 n/a
1/1/9 On Off 0 0 n/a n/a 3 n/a
1/1/10 On Off 0 0 n/a n/a 3 n/a
1/1/11 On Off 0 0 n/a n/a 3 n/a
1/1/12 On Off 0 0 n/a n/a 3 n/a
1/1/13 On On 4000 30000 802.3at Class 4 3 n/a
1/1/14 On Off 0 0 n/a n/a 3 n/a
1/1/15 On On 3600 15400 802.3af Class 3 3 n/a
1/1/16 On Off 0 0 n/a n/a 3 n/a
1/1/17 On Off 0 0 n/a n/a 3 n/a
1/1/18 On Off 0 0 n/a n/a 3 n/a
1/1/19 On Off 0 0 n/a n/a 3 n/a
1/1/20 On Off 0 0 n/a n/a 3 n/a
1/1/21 On Off 0 0 n/a n/a 3 n/a
1/1/22 On Off 0 0 n/a n/a 3 n/a
1/1/23 On Off 0 0 n/a n/a 3 n/a
1/1/24 On Off 0 0 n/a n/a 3 n/a
--------------------------------------------------------------------------
Total 7600 45400
So then I restarted the switch again out of curiosity, and sure enough back to no PoE, with the same output from show inline power detail as previously (ie, no aggregate port counts showing up at all).
So I think that's now eliminated as a possibility since PoE worked and then didn't work again with no change in config. If PoE only works from a cold start (ie thermally cold, not just power cycle), somehow, that's probably a hardware fault, right? Has anyone seen this before? Anything else I could check, or should this unit just go back to the seller?
interface ethernet 1/1/13
inline power
!
interface ethernet 1/1/14
inline power
!
inline power
!
interface ethernet 1/1/14
inline power
!
Oops, now that I have the serial console connected again I see endless:
And then it hard resets slot 1, and back to the beginning I'll try a firmware reflash and return it if that doesn't help.
Code:
PoE Error: Device 0 failed to start on PoE module.
PoE Error: Device 1 failed to start on PoE module.
It seems it is not an uncommon issue:Oops, now that I have the serial console connected again I see endless:
And then it hard resets slot 1, and back to the beginningCode:PoE Error: Device 0 failed to start on PoE module. PoE Error: Device 1 failed to start on PoE module.
ICX6610-48P - PoE Error: Device 0/1 failed to start on PoE module
Upon boot-up (cold or reload) the switch is failing to initialize the PoE module. Is there anything I can try to resolve this? ICX6610-48P Router>PoE Info: PoE module 1 of Unit 1 on ports 1/1/1 to 1/1/48 det ected. Initializing.... PoE Error: Device 0 failed to start on PoE...
Have a small issue with a 7450-24... (resolved, see Edit 3)
Got it the other day, went on wiping and rebuilding according to the getting started instructions.
Connected to console, flashed the 7450 image and uboot, everything looked good.
Rebooted and got errors that the image on primary was not valid and it was using the secondary one. It continued to boot and ended up in Router-OS.
Called it a day, powered everything down.
Wanted to restart again today, assuming there was an issue with image transfer, had not touched anything.
Now the problem is that I dont have access to the serial console any more, its simply not connecting ( as i mentioned i have not touched the cable, have verified it twice since, tripple checked the settings).
The biox still boots, into routeros , get s an dynamic ip too. But, i cant login, neither on putty nor on the admin Gui.
Tried resetting via the hardware switch in case its the old image and has old pw's stored, nothing.
Maybe i have not found the correct combination for user/pw?
Its weird though that the console access is gone? can that be disabled from the OS level ?
Edit
Telnet allowed access without password... so ssh was not configured to allow access.
Now to see why the console is not working
Have not found anything...
tried flashing via telnet (older version since i am on Version 08.0.30fT213
Looks good, but after reload it has booted secondary image , despite me forcing primary one with
boot system flash primary
Seems i somehow corrupted the primary flash with that first installation
I know the instructions say to erase secondary after flashing but i am worried that would kill the switch entirely (due to no console access) if primary partition really is corrupt
Edit2
Weird, there is no indication that primary is corrupt, but its not booting from it apparently...
Hm maybe my bootloader and flashed FW are not compatible... https://forums.servethehome.com/ind...erful-10gbe-40gbe-switching.21107/post-325929
Edit3
Ok, managed to get console access back (different box, no idea why the first stopped working all of a sudden), and the issue was that the jump from .30 to .90 was too large.
So it applied everything fine but ran into
From console i repeated the steps with 80e and matching spz which worked fine.
After that i was able to follow the regular instructions to update to the current release
Edit4 - found the problem with the com port, it was/is a vmware/Terminal services issue.
Got it the other day, went on wiping and rebuilding according to the getting started instructions.
Connected to console, flashed the 7450 image and uboot, everything looked good.
Rebooted and got errors that the image on primary was not valid and it was using the secondary one. It continued to boot and ended up in Router-OS.
Called it a day, powered everything down.
Wanted to restart again today, assuming there was an issue with image transfer, had not touched anything.
Now the problem is that I dont have access to the serial console any more, its simply not connecting ( as i mentioned i have not touched the cable, have verified it twice since, tripple checked the settings).
The biox still boots, into routeros , get s an dynamic ip too. But, i cant login, neither on putty nor on the admin Gui.
Tried resetting via the hardware switch in case its the old image and has old pw's stored, nothing.
Maybe i have not found the correct combination for user/pw?
Its weird though that the console access is gone? can that be disabled from the OS level ?
Edit
Telnet allowed access without password... so ssh was not configured to allow access.
Now to see why the console is not working
Have not found anything...
tried flashing via telnet (older version since i am on Version 08.0.30fT213
Code:
>show version
Copyright (c) 1996-2015 Brocade Communications Systems, Inc. All rights reserved.
UNIT 1: compiled on Jan 26 2016 at 22:35:15 labeled as SPR08030f
(31662276 bytes) from Secondary SPR08030f.bin
SW: Version 08.0.30fT213
Compressed Boot-Monitor Image size = 786944, Version:10.1.05T215 (spz10118)
HW: Stackable ICX7450-24
Internal USB: Serial #: 9900616032800318
Vendor: ATP Electronics, Total size = 1919 MB
Code:
telnet@ICX7450-24 Router#copy tftp flash 192.168.1.8 old/SPR08080e.bin primary
telnet@ICX7450-24 Router#Load to buffer (8192 bytes per dot)
...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
SYNCING IMAGE TO FLASH. DO NOT SWITCH OVER OR POWER DOWN THE UNIT(8192 bytes per dot)...
........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
TFTP to Flash Done.boot system flash primary
Seems i somehow corrupted the primary flash with that first installation
I know the instructions say to erase secondary after flashing but i am worried that would kill the switch entirely (due to no console access) if primary partition really is corrupt
Edit2
Weird, there is no indication that primary is corrupt, but its not booting from it apparently...
Code:
Type Size Name
----------------------
F 29826604 primary
F 31662276 secondary
F 289 startup-config.backup
F 808 $$ssh8rsahost.key
F 404 startup-config.txt
61490381 bytes 5 File(s) in FI root
1779957760 bytes free in FI root
1777860608 bytes free in /
telnet@ICX7450-24 Router>show flash
Stack unit 1:
Compressed Pri Code size = 29826604, Version:08.0.80eT213 (SPR08080e.bin)
Compressed Sec Code size = 31662276, Version:08.0.30fT213 (SPR08030f.bin)
Compressed Boot-Monitor Image size = 786944, Version:10.1.05T215
Code Flash Free Space = 1779957760Edit3
Ok, managed to get console access back (different box, no idea why the first stopped working all of a sudden), and the issue was that the jump from .30 to .90 was too large.
So it applied everything fine but ran into
Code:
Wrong Image Format for bootm command
ERROR: can't get kernel image!
could not boot from primary, no valid image; trying to boot from secondary
BOOTING image from SecondaryAfter that i was able to follow the regular instructions to update to the current release
Edit4 - found the problem with the com port, it was/is a vmware/Terminal services issue.
Last edited:
I just updated two of my ICX 7250 to 09010. One of them I can access the webui from a different subnet but the other one I can only access the webui from the same subnet. I have my switches and APs on a 172.x.x.x network and my user machines on a 10.x.x.x subnet. I have firewall rules to allow traffic to the infrastructure subnet from a list of admin IPs on the user subnet.
Is there a setting to allow/deny access to the switch admin from a different subnet?
Is there a setting to allow/deny access to the switch admin from a different subnet?
For info for other people who will be looking into this following combination of Hardware/Software work perfectly:
Network Card: Dell Mellanox ConnectX-3 CX354A (updated to 2.42.5000 and ports set to ETH)
Transceiver: Juniper 740-056705 QSFP+ 40GBASE-LX4
Optical Cable: Corning Fiber Optic Cable LC-LC SM DX 9/125 (Single Mode) 50 meters (cable polishing UPC)
Switch: Brocade IPX6610-48P - using 40GB "Stacking Port" 1/2/1
OS: Windows 10
Drivers: Default Windows Drivers for Mellanox (WinOF and WinOF-2 didn't want to install for some reason)
Biggest worry was about high power mode, as transceivers use 3.5W, which is supported only by ConnectX-3 Pro cards, so therefore have choose to use Single Mode Fiber cable /up to 2km with these transceivers/ rather than OM3 /up to 100m with these transceivers/.
Network Card: Dell Mellanox ConnectX-3 CX354A (updated to 2.42.5000 and ports set to ETH)
Transceiver: Juniper 740-056705 QSFP+ 40GBASE-LX4
Optical Cable: Corning Fiber Optic Cable LC-LC SM DX 9/125 (Single Mode) 50 meters (cable polishing UPC)
Switch: Brocade IPX6610-48P - using 40GB "Stacking Port" 1/2/1
OS: Windows 10
Drivers: Default Windows Drivers for Mellanox (WinOF and WinOF-2 didn't want to install for some reason)
Biggest worry was about high power mode, as transceivers use 3.5W, which is supported only by ConnectX-3 Pro cards, so therefore have choose to use Single Mode Fiber cable /up to 2km with these transceivers/ rather than OM3 /up to 100m with these transceivers/.