Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[dmitry.n.medvedev]

Good morning all,

the context: Brocade ICX 6610-24
the problem: how do I shutdown/start the switch remotely? Does it have a stand-by mode?

PS: looks like the sysShutdown command does not exist.

 

[badbrothers]

Hey guys first time posting,

Got an ICX6450, following Fohdeesha guide to get it started but not working, a bit of a noob

o my network setup is like this:

Netgate 6100

- ISP Fiber thing with ethernet (1gbs) to netgate box

- 10gb SFP+ DAC Cable going to switch

Switch Brocade ICX6450

- DAC from netgate box (1/2/1)

- DAC to NAS (1/2/2)

- DAC to Optiplex Server (1/2/3)

- DAC to PC (1/2/4)

(I also have an unmanaged switch I have AP and PC hookedup to for internet until i can get this to work that is hooked up to regular lan port on netgate)

So I am now trying to setup to ICX6450 using this guide. I am connected fine to the serial port via an old Surface pro 3 (main pc a little far for cable)

ICX6450 - Fohdeesha Docs

I downloaded the files in the overview and put the tftp server on my main pc. Though not sure what I should set the server interface to? (the DAC?)

http://imgur.com/VPqgW5e

Anyway. I run into a problem on the first step, the factory set-default command isn't working for me it says unknown command.

I attempted to continue in the guide anyway

I set the IP to the IP i already setup for it in pfsense and the netmask.

Then set the serverip to the IP for my pc on pfsense and on the tftpd server program (192.168.1.101)

but i cant ping it or then load from it because it says its missing a gateway?

So yea im a little lost....



Im just getting started this is my eventual network I want. (I have a shed a lot of the equipment is going in which ill run fiber to which is why two 10gb switchs to netgate box, one in shed one inside, but for now just doing netgatebox to switch, pc, nas,server)

http://imgur.com/NWQ4h7q

 

[Vesalius]

start reading there and see if that solution works for you. You may have an older firmware.

https://forums.servethehome.com/index.php?threads/brocade-icx-series-cheap-powerful-10gbe-40gbe-switching.21107/post-334014

Hey guys first time posting,

Got an ICX6450, following Fohdeesha guide to get it started but not working, a bit of a noob

o my network setup is like this:

Netgate 6100

- ISP Fiber thing with ethernet (1gbs) to netgate box

- 10gb SFP+ DAC Cable going to switch

Switch Brocade ICX6450

- DAC from netgate box (1/2/1)

- DAC to NAS (1/2/2)

- DAC to Optiplex Server (1/2/3)

- DAC to PC (1/2/4)

(I also have an unmanaged switch I have AP and PC hookedup to for internet until i can get this to work that is hooked up to regular lan port on netgate)

So I am now trying to setup to ICX6450 using this guide. I am connected fine to the serial port via an old Surface pro 3 (main pc a little far for cable)

ICX6450 - Fohdeesha Docs

I downloaded the files in the overview and put the tftp server on my main pc. Though not sure what I should set the server interface to? (the DAC?)

http://imgur.com/VPqgW5e

Anyway. I run into a problem on the first step, the factory set-default command isn't working for me it says unknown command.

I attempted to continue in the guide anyway

I set the IP to the IP i already setup for it in pfsense and the netmask.

Then set the serverip to the IP for my pc on pfsense and on the tftpd server program (192.168.1.101)

but i cant ping it or then load from it because it says its missing a gateway?

So yea im a little lost....



Im just getting started this is my eventual network I want. (I have a shed a lot of the equipment is going in which ill run fiber to which is why two 10gb switchs to netgate box, one in shed one inside, but for now just doing netgatebox to switch, pc, nas,server)

http://imgur.com/NWQ4h7q

 

[badbrothers]

Well, I fixed it but error was on my side... not pluged into management port. But firmware is updated!

However now I am running into a new issue.

I got to the part in the tutorial to copy over the license. Switched to regular ethernet port, changed serial, now I am copying the license.

However it keeps erroring out as shown on tftpd64

 

[zunder1990]

Good morning all,

the context: Brocade ICX 6610-24
the problem: how do I shutdown/start the switch remotely? Does it have a stand-by mode?

PS: looks like the sysShutdown command does not exist.

smartplug? the switch will auto boot when power is applyied.

 

[Lone Wolf]

Well, I fixed it but error was on my side... not pluged into management port. But firmware is updated!

However now I am running into a new issue.

I got to the part in the tutorial to copy over the license. Switched to regular ethernet port, changed serial, now I am copying the license.

However it keeps erroring out as shown on tftpd64

View attachment 23476

It looks like your PC is connected to the network on wireless, which as you listed above goes into an AP and then into an unmanged switch that goes into your Netgate which is connected to your ICX6450 with a DAC . Are you able to try with the PC plugged directly into the switch with an Ethernet cable? Eliminate all the middle men just in case there are problems in between somewhere.

 

[epicurean]

I'd expect they'd work the same as any other port--have you tried?

How do i identify these breakout ports in the console?

 

[EngineerNate]

Wanted to drop by and say thanks to Fohdeesha again, I updated a second one of these switches last night using his guide and no hiccups.

The first I had to step up the firmware a few times before 8090 would take, thing was waaaay old on the firmware side. No problems once it finally got up to date.

I'm using amphenol branded QSFP+ DAC cables and they're linking up just fine at 40g to my server's ConnectX-3 cards.

 

[kevinSTH]

Hello, really new to the server space. If I were to get a CX6450-24P and it is fully reset. Would it function as an unmanaged switch?

 

[danb35]

How do i identify these breakout ports in the console?

See the "Port Layout" section here:

FCX / ICX6610 - Fohdeesha Docs

fohdeesha.com

 

[kpfleming]

Hello, really new to the server space. If I were to get a CX6450-24P and it is fully reset. Would it function as an unmanaged switch?

It's possible, although if you try to use VLAN tags that may not work. If all of your traffic is untagged then yes, it would operate as a plain layer 2 switch.

 

[luks]

I don't quite understand how the switch management works when using the L3 firmware on ICX6450 and 6610. On the Fodeesha's guide, a static ip is set for ve 1 and that will become the IP where I can connect to the switch via SSH. But that wasn't explained very well in the guide and I got a bit confused.

I managed to set up some VLANs and routing between them. Now the switch management is also accessible through every VLAN as the switch works as a router for each of those VLANs. I would like the management access to be only accessible from a specified management VLAN. I couldn't find information from the manuals on how to do that.

Also why is the dedicated management port not used? I would prefer to have the SSH access to the switch only through the management ethernet port if that's possible.

 

[kpfleming]

You can use access-lists (ACLs) to restrict the ability to talk to the management IP address over SSH/HTTP/HTTPS/etc. if you wish. This is the same technique you'd use to restrict access across any other routed paths (between hosts, for example).

If you prefer to use the management port you certainly can, although you'll have to provide a way to connect to it If you are going to route traffic between your VLANs you'll still need addresses on the VEs, though, so you'll have to use access-lists if you want to block access to the management interfaces through those addresses. I don't think there is any way to tell the device to *not* listen on the VE addresses for management traffic.

 

[EngineerNate]

You can use access-lists (ACLs) to restrict the ability to talk to the management IP address over SSH/HTTP/HTTPS/etc. if you wish. This is the same technique you'd use to restrict access across any other routed paths (between hosts, for example).

If you prefer to use the management port you certainly can, although you'll have to provide a way to connect to it If you are going to route traffic between your VLANs you'll still need addresses on the VEs, though, so you'll have to use access-lists if you want to block access to the management interfaces through those addresses. I don't think there is any way to tell the device to *not* listen on the VE addresses for management traffic.

Correct me if I'm wrong here, but if you create a VE it should only be exposed on the vlans you put it in right? If you run the command:

no router-interface ve 1

Inside the vlans where you don't want that interface, that interface shouldn't be accessible in those vlans right?

 

[kpfleming]

Nope, that's not correct

'router-interface ve 1' creates a virtual ethernet interface in VLAN 1. That interface only exists in VLAN 1, it does not exist anywhere else. Think of it as if the management CPU was in a box outside the switch and you connected it to a port that you put into VLAN 1... it's functionally the same, just virtual.

Once that VE exists, it is a layer 3 interface, and when you assign addresses to it those addresses are reachable from any other layer 3 host in the network, unless access-lists or some other mechanism stops the traffic.

 

[EngineerNate]

I guess I misunderstood the original question, I thought he was saying that it was reachable from outside the VLAN. I understand now and the behavior you describe is what I was trying to convey.

 

[kevinSTH]

It's possible, although if you try to use VLAN tags that may not work. If all of your traffic is untagged then yes, it would operate as a plain layer 2 switch.

Thanks

 

[Drewy]

Just plugged a Mikrotik S+RJ10 into one of my 7250's and it's not wanting to play.
The 7250 is running 08.0.95.

No lights on the sfp+ cage, no traffic. The other end (QNAP nas) does show a 10Gb link.

SSH@core#show media ethe 2/2/5
Port 2/2/5: Type : 1GE M-SX(SFP)
Vendor: MikroTik Version: 2.16
Part# : S+RJ10 Serial#: F060030B02B9

SSH@core#show interface ethe 2/2/5
10GigabitEthernet2/2/5 is down, line protocol is down
Port down for 1 day(s) 19 hour(s) 4 minute(s) 23 second(s)
Hardware is 10GigabitEthernet, address is 609c.9f9d.352c (bia 78a6.e12a.7235)
Configured speed optic-based, actual unknown, configured duplex fdx, actual unknown
Configured mdi mode AUTO, actual unknown
Untagged member of L2 VLAN 1, port state is BLOCKING
BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
Link Error Dampening is Disabled
STP configured to ON, priority is level0, mac-learning is enabled
MACsec is Disabled
Openflow is Disabled, Openflow Hybrid mode is Disabled, Flow Control is config enabled, oper enabled, negotiation disabled
Mirror disabled, Monitor disabled
Mac-notification is disabled
VLAN-Mapping is disabled
Not member of any active trunks
Not member of any configured trunks
No port name
IPG XGMII 96 bits-time
MTU 1500 bytes, encapsulation ethernet
MMU Mode is Store-and-forward
300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 multicasts, 0 unicasts
0 input errors, 0 CRC, 0 frame, 0 ignored
0 runts, 0 giants
0 packets output, 0 bytes, 0 underruns
Transmitted 0 broadcasts, 0 multicasts, 0 unicasts
0 output errors, 0 collisions
Relay Agent Information option: Disabled
Protected: No
MAC Port Security: Disabled

trying to set link speed manually and I get:

SSH@core(config-if-e10000-2/2/7)#speed-duplex 10g-full
ERROR: 2/2/7: optics <-> speed mismatch. Replace with SFP+ to enable link.

that and the output from show media above kinda looks like the 7250 thinks it's a sfp module...

any ideas?

 

[Shaun Bosworth]

longshot, but have you tried rebooting the switch?

Hi Fohdeesha

Just coming back to this post, I had the switch in storage for a while, but have managed to get it up and running again, but still having an issue with the 40G links between the switch and my XL710-QDA2 card.

The switch has been setup as per the previous and i have rebooted the switch on multiple occasions.

Any help would be appreciated.

Thanks

 

[OKGolombRuler]

BLUF: Possible to stack via 10G copper SFPs for Stacking.... over 2.5gbps MOCA links?

I feel like I could just as well have titled this request "How to get your OSI card revoked" but the question stands. I have spent a fair bit of quality time juggling VLANs and switch configs across a handful of small 7150s which are connected by, respectively, 1 fiber link, one CAT5 link, and a few point-to-point, I believe 2.5gbps max speed, MOCA bridges. I'd like to collapse most or all of it into one stack. I think I can get the CAT5 online either with a pair of 10G copper SFPs, or pulling another piece of glass (which, while annoying, would be mostly through "open"/unfinished space). The MOCA bridges are a pickle of another brine, however.

When I tried using 1gbps copper SFPs, I was unable to get the switch to stack; it complained the link wasn't 10gbps. I was hoping someone here might have experience, or eldritch knowledge, about whether I could use a cheap 10gbps SFP that might report 10gbps despite only being connected at 2.5gbps, and rate limit those interfaces to prevent drops. Anybody been down this road? If so, which SFPs do you like for this kind of adventure?