Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

kpfleming

Active Member
Dec 28, 2021
392
205
43
Pelham NY USA
Why not have VLAN 1 untagged on the router (and other network devices)? That's a much more common configuration.

In any case, if the ICX won't let you remove untagged VLAN 1 from the uplink port, then just create a 'dummy' VLAN on the ICX that isn't ever used for anything, make it the untagged VLAN on that port, and make VLAN 1 tagged on that port.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,737
3,099
113
33
fohdeesha.com
My Management VLAN 1 is used to manage Server, switch and so on. And on this uplink port is sitting my opnsense router, which have to receive VLAN 1 tagged too, so i can reach everything on my management VLAN.

On my Cisco Switch there is no problem to do so. There it works as expected.

Still the question, how to do this on Brocade / Ruckus :-D
you can't tag the default/native vlan, for many reasons (half of them security related). fix your opnsense router (requiring vlan 1 tagged is broke) to operate on a different vlan, like vlan 10, then you can set this network up properly. for starters, on your cisco, if you have stuff on tagged vlan1, and it's being trunked while it's still the native vlan, your network is vulnerable to vlan hopping (google cisco vlan hopping with native vlan 1)
 
  • Like
Reactions: tubs-ffm

AndroidCat

Member
Mar 3, 2015
32
24
8
I managed to configure Oxidized to fetch ICX6610 config.
Oxidized SSH library has to be configured to accept older ciphers/kex protocols to be able to connect to the switch.
Ciphers have to be specified in the global section of Oxidized config file, they don't work in groups or models sections:

Code:
vars:
#add encryption and key exchange protocol
   ssh_encryption: "+3des-cbc"
   ssh_kex: "+diffie-hellman-group-exchange-sha1"
Then I have credentials in groups section (already defined groups in LibreNMS -> Oxidized plugin) and enable in models:
Code:
groups:
  default:
    username: localaccount
    password: supersecretpassword
  icx6610:
    username: xxx
    password: yyy
    
... other groups...
Code:
models:
  ironware:
   vars:
     enable: zzz
     remove_secret: false
 

danb35

Member
Nov 25, 2017
34
4
8
44
Thanks, @AndroidCat, I'll have to give that a try--I'd been having trouble myself. Are the credentials required even when you're using public-key authentication? And I'd expected the model would be fastiron, not ironware.

Edit: I see that the problem on my 6450 (firmware version 8.0.30u) is that it's using an output pager, even though oxidized tries to disable it with skip-page-display and terminal length 0. Since show version produces output more than one screen's worth of output, and Oxidized times out waiting for a prompt it's never going to see. Not sure what to do about that at this point, though.

Edit 2: Ah, I wasn't clear on the use of enable in the config fragment above, and had assumed it called for the enable password. Since I don't have one set, I didn't include this line. Adding that line with a dummy value made it work. Excellent!
 
Last edited:

thebwack

New Member
Jul 7, 2020
13
4
3
I got all four breakouts into the InstaPatch working using @fohdeesha wiring pic and diagram. Awesome! Now I'm playing with static LAG'ing them into 4 ports on an older unmanaged version of the Qnap-Qsw-1208-8c and I keep getting the non primary port states switched to Blocking. trying to decide if I should just get a 7250 or something like this:

https://www.amazon.com/MikroTik-12-...t=&hvlocphy=9027500&hvtargid=pla-814106935359

I need to get at least a few 10GB ports in addition to the trunk, and I need the switch to be near silent. I need the trunk bandwidth as this is a room fulll of video editors and creatives. When we come back from a shoot and dump TB's of footage it slows our editors down. all sharing one 10GB uplink for now.

Any thoughts on a quiet managed switch with 8+ 10GB ports that could handle this? RJ45 preferred. Or I'll eventually get the Qnap working here, we'll see.
 
  • Like
Reactions: fohdeesha

PANiCnz

New Member
Apr 22, 2022
15
3
3
Just picked up a 6450 but it didn't come with the mounting brackets, can anyone recommend some generic brackets off Amazon, eBay etc that will fit?
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
I got all four breakouts into the InstaPatch working using @fohdeesha wiring pic and diagram. Awesome! Now I'm playing with static LAG'ing them into 4 ports on an older unmanaged version of the Qnap-Qsw-1208-8c and I keep getting the non primary port states switched to Blocking. trying to decide if I should just get a 7250 or something like this:

https://www.amazon.com/MikroTik-12-...t=&hvlocphy=9027500&hvtargid=pla-814106935359

I need to get at least a few 10GB ports in addition to the trunk, and I need the switch to be near silent. I need the trunk bandwidth as this is a room fulll of video editors and creatives. When we come back from a shoot and dump TB's of footage it slows our editors down. all sharing one 10GB uplink for now.

Any thoughts on a quiet managed switch with 8+ 10GB ports that could handle this? RJ45 preferred. Or I'll eventually get the Qnap working here, we'll see.
I doubt you’ll get an unmanaged switch working. Static LAG still requires the other switch to be aware of what’s happening. Unless that Qnap is a smart or partially managed switch.

As far as footage offload, would this be multiple streams or single stream? The single stream speed over a LAG is the speed of a single interface.

Whats the disk system you’re ingesting to?
 

aido

New Member
Feb 23, 2017
9
0
1
45
Hi all, I finally got around to updating and licensing one of the ICX6610s today which I've had sat for two years in the garage - thanks @fohdeesha and all for the info.

Just a quick question regarding optimal fan location.

I've read the hardware installation guide and that seems to keep showing 1 PSU models and as you look at the switch standing from the back they show the power supply on the left side and fan installed on the right side.

I'm not 100% clear reading @fohdeesha's site which is ideal placement for low fan speeds.

Looking at pics some of you have them installed both on the left when looking from the back (ie both to the right looking from the front) and some are split so power supply to the left and fan to the right like the hardware installation guide.

I'm trying both but just wondered please.

Mine came with 2 PSUs and 1 fan unit, which is currently installed to the right as you look at it from the back and doesn't seem optimal judging by the wiki on @fohdeesha's page.

I've swapped it around for now, ie fans to the left as you look from the back and seeing how it goes.
 
Last edited:

thebwack

New Member
Jul 7, 2020
13
4
3
I doubt you’ll get an unmanaged switch working. Static LAG still requires the other switch to be aware of what’s happening. Unless that Qnap is a smart or partially managed switch.

As far as footage offload, would this be multiple streams or single stream? The single stream speed over a LAG is the speed of a single interface.

Whats the disk system you’re ingesting to?
While testing with the QNAP unmanaged at one point I did have 2 of the 4 streams forwarding and in LAG. Via a disk speed test I was seeing about 7-9GB read and write on two different computers, which is more than we've ever seen. Honestly if I can make that a stable uplink that would be plenty. I think I was doing something wrong with VLANs which triggered the blocking (maybe) and after a reboot it seemed to clear everything. I don't have a ton of free time to play and test with this, so I wanna give the QNAP another shot before going another route (cause I already have it, and its dead quiet)

I'm upgrading a few of parts of the chain here. We are currently on a 12bay QNAP TS1877X with Ironwolf SATA drives in Raid 6. I know it has been the biggest bottleneck but it has served us well. We can have 3-4 editors working on 4k timelines and it all keeps up. But always as soon as we start dumping footage from our dump station it just crawls, which I know is totally to be expected. I also have thought about just having ingest happen in the server room but I'd really like to avoid that.

I just built a Truenas box with 16 SAS 12Gb/s drives in 8 Mirrored pair vdevs from 2 SAS cards. 40GB uplink from that box to the Brocade and then the breakout 40GB trunk 100ft through a conduit to the editing room. When plugging straight into the brocade in the server room with a few computers for testing I'm seeing great improvements, reading and writing simultaneously 9-10GB peaks 8GB average per computer. I still think the drives are gonna bottleneck before the 40GB uplink but this is still a huge improvement. I plan on adding more mirrored vdev pairs in the future and maybe speed there will improve as our team grows.
 

MelnorMelvin

New Member
Apr 21, 2022
9
2
3
Anyone running v09.0.10 on their ICX7000 series with positive results? Specifically, I've tried it on an ICX7250-24P and ICX7150-C12P.

I've had the console stop responding twice now after the WebGUI dumped a python error to console (I didn't save it, didn't think of it, sorry). It's amazing to me that this can even happen. I almost thought it was because of the system SSH keys missing (with aaa auth login set), but then I realized that I had been using it shortly before and long after the upgrade to v09. Really weird that I could login to the WebGUI, but even the Web Console was failing. A power reset resolved it both times.

Also, it seems like the configuration items in the WebGUI are half-baked. Almost like it was only ever meant to be used for the default Dashboard page, and not for configuration changes.

I guess I'll probably roll back to v08.0.95. Just wondering if I'm actually missing out on anything worthwhile in v09.
 

kpfleming

Active Member
Dec 28, 2021
392
205
43
Pelham NY USA
A previous user in this thread straight had it failing to boot. 9.0.10 is alpha quality at best it seems.

Edit, and here it is, previous page: https://forums.servethehome.com/ind...erful-10gbe-40gbe-switching.21107/post-338714
I have been running 09.x pretty much since it was released on a 4-unit stack of 7150-C12P and it's been working quite well. The new Web GUI is definitely half-baked, the last time I tried to use it to edit some port settings it changed a bunch of unrelated settings to its own defaults even though they had not been displayed that way. For now I treat the Web UI as read-only, except I use to make configuration backups too since it gives nice names for the backup files.
 
  • Like
Reactions: MelnorMelvin

danb35

Member
Nov 25, 2017
34
4
8
44
I managed to configure Oxidized to fetch ICX6610 config.
Thanks for the pointers. I now have Oxidized set up, systemd unit running, picking up configs from both my 6610 and my 6450, sending them to my local Gitea server. Backups, backups, backups.

But it leaves me wondering something: is this backup something I can directly upload or import into the switch? Or does it just give me a reference for the device's configuration?
 

AndroidCat

Member
Mar 3, 2015
32
24
8
I thought it would be an easy answer as Oxidized is supposedly a backup tool. Guess restore isn't part of its functionality. Here's an r/networking thread that talks about it.

https://www.reddit.com/r/networking/comments/jsbf9v
I haven't tried myself, but looks the config Oxidized saves is ready to be pasted or tftp'd to a switch as-is.
I can see all relevant config there with a correct syntax and irrelevant parts (interrogation) all commented out with "!".
 
  • Like
Reactions: danb35

danb35

Member
Nov 25, 2017
34
4
8
44
Interesting. I haven't tried it either, and I'd have to look for the syntax to tftp it, but when you say "ready to be pasted", do you mean I could just paste the whole thing into a terminal window? Seems like a simple way to do it, but that hadn't occurred to me. Looks like I'd still need to set the admin password and SNMP community, probably upload the SSH public key, but that isn't much to handle manually.
 

ChrisBues

New Member
Jul 11, 2021
1
0
1
Ok, I have been struggling trying to get the management port to be enabled. Port is connected to my UDM pro. Either DHCP or manual address works, but the port state doesn't change:


GigEthernetmgmt1 is down, line protocol is down
Port down for 2 second(s)
Hardware is GigEthernet, address is 748e.f8de.9f66 (bia 748e.f8de.9f96)
Configured speed auto, actual unknown, configured duplex fdx, actual unknown
Configured mdi mode AUTO, actual unknown
Not a Member of any VLAN , port is untagged, port state is NONE
No port name
Internet address is 10.0.5.10/24, MTU 1500 bytes, encapsulation ethernet
300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
1948949 packets input, 566159765 bytes, 0 no buffer
Received 23063 broadcasts, 1925770 multicasts, 116 unicasts
0 input errors, 0 CRC, 0 frame, 0 ignored
0 runts, 0 giants
6 packets output, 384 bytes, 0 underruns
Transmitted 0 broadcasts, 0 multicasts, 6 unicasts
0 output errors, 0 collisions
 

AndroidCat

Member
Mar 3, 2015
32
24
8
Interesting. I haven't tried it either, and I'd have to look for the syntax to tftp it, but when you say "ready to be pasted", do you mean I could just paste the whole thing into a terminal window? Seems like a simple way to do it, but that hadn't occurred to me. Looks like I'd still need to set the admin password and SNMP community, probably upload the SSH public key, but that isn't much to handle manually.
Yes, I meant pasting to terminal (I've been doing that for Cisco switches in the past) or TFTP.
As you noted, some sensitive stuff would need to be recreated manually (passwords, keys).
Quite possibly the SSH key could also be copied back and forth with TFTP.
 
  • Like
Reactions: danb35

kate

New Member
May 19, 2022
6
7
3
I swapped the fans on my ICX7250-48P and it’s helped a ton with the noise. I used 3x Mechatronics MR4020X12B1-RSR and 1x Mechatronics M5210E12C-RSR blowing down on the ASIC heatsink (changed to blow down since this picture, which keeps the ASIC about 5°C cooler versus sucking up).

E6012894-D756-45F8-8BCC-CF7F058901E7.jpeg3E5051E3-D9E0-444B-8F09-6F621D5BB1DA.jpeg

My rack is built into a single shelf on a book shelf so it doesn’t have great ventilation. The 48P switch doesn’t even fit so it sticks out the front a few inches and is nearly flush with the back wall and generally looks a bit ridiculous. I have it exhausting out a hole I cut in the rear. I wish I could have found a 24P in my price range but this has been working great so far.

2548F69C-197F-4EA3-BB71-AFA1B39C3D6F.jpeg

Even with this relatively poor airflow, the temperatures have been reasonable. It’s been 90°F+ (32°C) here recently and the house isn’t air conditioned so the ambient temperature around the switch gets around 85°F (30°C) by late afternoon. The PSU temperature gets pretty close to the threshold for fan speed 2 but it’s never gone there yet. The ASIC usually hovers around 70°C.

25CDC57D-9503-49AD-9C74-97FCB5D046D2.jpeg
 

kimbo

New Member
Jun 15, 2022
6
0
1
Hi all,

I've recently got a Brocade ICX 6450-24 (no PoE), I'm just waiting for a console cable to arrive. Very excited! While the fan noise isn't too bad, it's louder than my family will want to put up with. I'll be using about half of the ethernet ports, and two or three of the 10gbE SFP+ ports. I've read mixed reports on whether that will be fine with the fan unplugged or not.

If I should keep a fan going, I'd like to replace it for a quieter one. Normally I'd consider Noctua, but from what I've read I'm guessing Sunon, Delta or Mechatronics would be better. Any recommendations on a specific model I can get in the UK? And which wires do I have to change?