Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

tubs-ffm

Active Member
Sep 1, 2013
122
39
28
Looks like going back to recovery mode is the only way to go.
I cannot tell what went wrong. Maybe there was an easy way to fix it. Going via recovery mode and reinstall from scratch for me was the easiest way because I had the step-by-step manual on hand. Backup of latest config I also had. All is fixed again.

don't run alpha firmware lmao
... and never change a running system.
Maybe I follow both advises for the future.
 
  • Sad
Reactions: fohdeesha

Chow

New Member
Mar 15, 2022
11
0
1
I have a quedtion to the Icx 7250 Switch:

How can i set an uplink port on which are all vlans goes tagged to the other Switch (trunk port) inclusive vlan 1?

I dont know how i can setup this :-( vlan 1 at least is almost untagged :-(

Can anyone help me? What i am doing wrong? :D
 

kpfleming

Active Member
Dec 28, 2021
192
75
28
Pelham NY USA
I have a quedtion to the Icx 7250 Switch:

How can i set an uplink port on which are all vlans goes tagged to the other Switch (trunk port) inclusive vlan 1?

I dont know how i can setup this :-( vlan 1 at least is almost untagged :-(

Can anyone help me? What i am doing wrong? :D
Which software version are you using?

It should be possible to remove untagged VLAN 1 from that port and add tagged VLAN 1 (along with all the other VLANs).
 

Chow

New Member
Mar 15, 2022
11
0
1
This is my Software Version:

ICX7250-48 Router>show version

Copyright (c) Ruckus Networks, Inc. All rights reserved.
UNIT 1: compiled on Dec 16 2021 at 03:45:30 labeled as SPR08095f
(33554432 bytes) from Primary SPR08095f.bin (UFI)
SW: Version 08.0.95fT213
Compressed Primary Boot Code size = 786944, Version:10.1.21T215 (spz10121)
Compiled on Wed Aug 25 09:27:31 2021
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,555
2,749
113
31
fohdeesha.com
I have a quedtion to the Icx 7250 Switch:

How can i set an uplink port on which are all vlans goes tagged to the other Switch (trunk port) inclusive vlan 1?

I dont know how i can setup this :-( vlan 1 at least is almost untagged :-(

Can anyone help me? What i am doing wrong? :D
why do you want to carry tagged vlan 1? vlan 1 shouldn't be used at all really for security and many other reasons, set your main vlan to something else like 10, and carry it tagged across your trunk
 

Chow

New Member
Mar 15, 2022
11
0
1
My Management VLAN 1 is used to manage Server, switch and so on. And on this uplink port is sitting my opnsense router, which have to receive VLAN 1 tagged too, so i can reach everything on my management VLAN.

On my Cisco Switch there is no problem to do so. There it works as expected.

Still the question, how to do this on Brocade / Ruckus :-D
 

kpfleming

Active Member
Dec 28, 2021
192
75
28
Pelham NY USA
Why not have VLAN 1 untagged on the router (and other network devices)? That's a much more common configuration.

In any case, if the ICX won't let you remove untagged VLAN 1 from the uplink port, then just create a 'dummy' VLAN on the ICX that isn't ever used for anything, make it the untagged VLAN on that port, and make VLAN 1 tagged on that port.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,555
2,749
113
31
fohdeesha.com
My Management VLAN 1 is used to manage Server, switch and so on. And on this uplink port is sitting my opnsense router, which have to receive VLAN 1 tagged too, so i can reach everything on my management VLAN.

On my Cisco Switch there is no problem to do so. There it works as expected.

Still the question, how to do this on Brocade / Ruckus :-D
you can't tag the default/native vlan, for many reasons (half of them security related). fix your opnsense router (requiring vlan 1 tagged is broke) to operate on a different vlan, like vlan 10, then you can set this network up properly. for starters, on your cisco, if you have stuff on tagged vlan1, and it's being trunked while it's still the native vlan, your network is vulnerable to vlan hopping (google cisco vlan hopping with native vlan 1)
 
  • Like
Reactions: tubs-ffm

AndroidCat

New Member
Mar 3, 2015
21
15
3
I managed to configure Oxidized to fetch ICX6610 config.
Oxidized SSH library has to be configured to accept older ciphers/kex protocols to be able to connect to the switch.
Ciphers have to be specified in the global section of Oxidized config file, they don't work in groups or models sections:

Code:
vars:
#add encryption and key exchange protocol
   ssh_encryption: "+3des-cbc"
   ssh_kex: "+diffie-hellman-group-exchange-sha1"
Then I have credentials in groups section (already defined groups in LibreNMS -> Oxidized plugin) and enable in models:
Code:
groups:
  default:
    username: localaccount
    password: supersecretpassword
  icx6610:
    username: xxx
    password: yyy
    
... other groups...
Code:
models:
  ironware:
   vars:
     enable: zzz
     remove_secret: false
 

danb35

Member
Nov 25, 2017
33
4
8
42
Thanks, @AndroidCat, I'll have to give that a try--I'd been having trouble myself. Are the credentials required even when you're using public-key authentication? And I'd expected the model would be fastiron, not ironware.

Edit: I see that the problem on my 6450 (firmware version 8.0.30u) is that it's using an output pager, even though oxidized tries to disable it with skip-page-display and terminal length 0. Since show version produces output more than one screen's worth of output, and Oxidized times out waiting for a prompt it's never going to see. Not sure what to do about that at this point, though.

Edit 2: Ah, I wasn't clear on the use of enable in the config fragment above, and had assumed it called for the enable password. Since I don't have one set, I didn't include this line. Adding that line with a dummy value made it work. Excellent!
 
Last edited:

thebwack

New Member
Jul 7, 2020
7
3
3
I got all four breakouts into the InstaPatch working using @fohdeesha wiring pic and diagram. Awesome! Now I'm playing with static LAG'ing them into 4 ports on an older unmanaged version of the Qnap-Qsw-1208-8c and I keep getting the non primary port states switched to Blocking. trying to decide if I should just get a 7250 or something like this:

https://www.amazon.com/MikroTik-12-...t=&hvlocphy=9027500&hvtargid=pla-814106935359

I need to get at least a few 10GB ports in addition to the trunk, and I need the switch to be near silent. I need the trunk bandwidth as this is a room fulll of video editors and creatives. When we come back from a shoot and dump TB's of footage it slows our editors down. all sharing one 10GB uplink for now.

Any thoughts on a quiet managed switch with 8+ 10GB ports that could handle this? RJ45 preferred. Or I'll eventually get the Qnap working here, we'll see.
 
  • Like
Reactions: fohdeesha

PANiCnz

New Member
Apr 22, 2022
4
0
1
Just picked up a 6450 but it didn't come with the mounting brackets, can anyone recommend some generic brackets off Amazon, eBay etc that will fit?
 

LodeRunner

Active Member
Apr 27, 2019
426
177
43
I got all four breakouts into the InstaPatch working using @fohdeesha wiring pic and diagram. Awesome! Now I'm playing with static LAG'ing them into 4 ports on an older unmanaged version of the Qnap-Qsw-1208-8c and I keep getting the non primary port states switched to Blocking. trying to decide if I should just get a 7250 or something like this:

https://www.amazon.com/MikroTik-12-...t=&hvlocphy=9027500&hvtargid=pla-814106935359

I need to get at least a few 10GB ports in addition to the trunk, and I need the switch to be near silent. I need the trunk bandwidth as this is a room fulll of video editors and creatives. When we come back from a shoot and dump TB's of footage it slows our editors down. all sharing one 10GB uplink for now.

Any thoughts on a quiet managed switch with 8+ 10GB ports that could handle this? RJ45 preferred. Or I'll eventually get the Qnap working here, we'll see.
I doubt you’ll get an unmanaged switch working. Static LAG still requires the other switch to be aware of what’s happening. Unless that Qnap is a smart or partially managed switch.

As far as footage offload, would this be multiple streams or single stream? The single stream speed over a LAG is the speed of a single interface.

Whats the disk system you’re ingesting to?
 

aido

New Member
Feb 23, 2017
9
0
1
43
Hi all, I finally got around to updating and licensing one of the ICX6610s today which I've had sat for two years in the garage - thanks @fohdeesha and all for the info.

Just a quick question regarding optimal fan location.

I've read the hardware installation guide and that seems to keep showing 1 PSU models and as you look at the switch standing from the back they show the power supply on the left side and fan installed on the right side.

I'm not 100% clear reading @fohdeesha's site which is ideal placement for low fan speeds.

Looking at pics some of you have them installed both on the left when looking from the back (ie both to the right looking from the front) and some are split so power supply to the left and fan to the right like the hardware installation guide.

I'm trying both but just wondered please.

Mine came with 2 PSUs and 1 fan unit, which is currently installed to the right as you look at it from the back and doesn't seem optimal judging by the wiki on @fohdeesha's page.

I've swapped it around for now, ie fans to the left as you look from the back and seeing how it goes.
 
Last edited:

thebwack

New Member
Jul 7, 2020
7
3
3
I doubt you’ll get an unmanaged switch working. Static LAG still requires the other switch to be aware of what’s happening. Unless that Qnap is a smart or partially managed switch.

As far as footage offload, would this be multiple streams or single stream? The single stream speed over a LAG is the speed of a single interface.

Whats the disk system you’re ingesting to?
While testing with the QNAP unmanaged at one point I did have 2 of the 4 streams forwarding and in LAG. Via a disk speed test I was seeing about 7-9GB read and write on two different computers, which is more than we've ever seen. Honestly if I can make that a stable uplink that would be plenty. I think I was doing something wrong with VLANs which triggered the blocking (maybe) and after a reboot it seemed to clear everything. I don't have a ton of free time to play and test with this, so I wanna give the QNAP another shot before going another route (cause I already have it, and its dead quiet)

I'm upgrading a few of parts of the chain here. We are currently on a 12bay QNAP TS1877X with Ironwolf SATA drives in Raid 6. I know it has been the biggest bottleneck but it has served us well. We can have 3-4 editors working on 4k timelines and it all keeps up. But always as soon as we start dumping footage from our dump station it just crawls, which I know is totally to be expected. I also have thought about just having ingest happen in the server room but I'd really like to avoid that.

I just built a Truenas box with 16 SAS 12Gb/s drives in 8 Mirrored pair vdevs from 2 SAS cards. 40GB uplink from that box to the Brocade and then the breakout 40GB trunk 100ft through a conduit to the editing room. When plugging straight into the brocade in the server room with a few computers for testing I'm seeing great improvements, reading and writing simultaneously 9-10GB peaks 8GB average per computer. I still think the drives are gonna bottleneck before the 40GB uplink but this is still a huge improvement. I plan on adding more mirrored vdev pairs in the future and maybe speed there will improve as our team grows.
 

MelnorMelvin

New Member
Apr 21, 2022
9
2
3
Anyone running v09.0.10 on their ICX7000 series with positive results? Specifically, I've tried it on an ICX7250-24P and ICX7150-C12P.

I've had the console stop responding twice now after the WebGUI dumped a python error to console (I didn't save it, didn't think of it, sorry). It's amazing to me that this can even happen. I almost thought it was because of the system SSH keys missing (with aaa auth login set), but then I realized that I had been using it shortly before and long after the upgrade to v09. Really weird that I could login to the WebGUI, but even the Web Console was failing. A power reset resolved it both times.

Also, it seems like the configuration items in the WebGUI are half-baked. Almost like it was only ever meant to be used for the default Dashboard page, and not for configuration changes.

I guess I'll probably roll back to v08.0.95. Just wondering if I'm actually missing out on anything worthwhile in v09.
 

kpfleming

Active Member
Dec 28, 2021
192
75
28
Pelham NY USA
A previous user in this thread straight had it failing to boot. 9.0.10 is alpha quality at best it seems.

Edit, and here it is, previous page: https://forums.servethehome.com/ind...erful-10gbe-40gbe-switching.21107/post-338714
I have been running 09.x pretty much since it was released on a 4-unit stack of 7150-C12P and it's been working quite well. The new Web GUI is definitely half-baked, the last time I tried to use it to edit some port settings it changed a bunch of unrelated settings to its own defaults even though they had not been displayed that way. For now I treat the Web UI as read-only, except I use to make configuration backups too since it gives nice names for the backup files.
 
  • Like
Reactions: MelnorMelvin

danb35

Member
Nov 25, 2017
33
4
8
42
I managed to configure Oxidized to fetch ICX6610 config.
Thanks for the pointers. I now have Oxidized set up, systemd unit running, picking up configs from both my 6610 and my 6450, sending them to my local Gitea server. Backups, backups, backups.

But it leaves me wondering something: is this backup something I can directly upload or import into the switch? Or does it just give me a reference for the device's configuration?