Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

kimbo

New Member
Jun 15, 2022
6
0
1
If you run 'show ver' it will tell you which firmware is running. On mine it shows SW: Version 08.0.30uT313, which is the latest for this switch.
Mine shows the same.

Fingers crossed that the fan issue is the only issue, and it stays alive!


NF-A4x20 FLX. It has more airflow than the A4x10, less noise and more static pressure. Seems a no-brainer :D And they fit just fine (the built in fans are 20mm as well). If you plan on having several POE devices and lots of ethernet ports hooked up, you might want one of the Sunon or Deltas that move more air as more heat will be generated.

Whichever fan you get, you will likely need to swap two of the pins. I had to with the Nuctuas. I'd give you that info from the notes I took, but I can't seem to make sense of what I jotted down :D I'll be pulling the switch apart soon so I'm going to figure it out again.
Cool :)

My switch is non-POE, so that should help with heat. I think I'll try a NF-A4x20 FLX, and I'll report back.

Thanks for the help.
 

Lone Wolf

Member
Apr 3, 2022
47
9
8
Mine shows the same.

Fingers crossed that the fan issue is the only issue, and it stays alive!
All three of mine show "fan failed", but they did that before I swapped the fans too. They correctly change speeds as needed, so I don't worry about it.

My switch is non-POE, so that should help with heat. I think I'll try a NF-A4x20 FLX, and I'll report back.

Thanks for the help.
I would look into three if you can. One doesn't move much air and it's better to have more than you need than less than you need.
 
Last edited:

dmitry.n.medvedev

New Member
Jun 25, 2022
1
0
1
Good morning all,

the context: Brocade ICX 6610-24
the problem: how do I shutdown/start the switch remotely? Does it have a stand-by mode?

PS: looks like the sysShutdown command does not exist.
 

badbrothers

New Member
Jul 8, 2022
2
0
1
Hey guys first time posting,

Got an ICX6450, following Fohdeesha guide to get it started but not working, a bit of a noob

o my network setup is like this:

Netgate 6100

- ISP Fiber thing with ethernet (1gbs) to netgate box

- 10gb SFP+ DAC Cable going to switch

Switch Brocade ICX6450

- DAC from netgate box (1/2/1)

- DAC to NAS (1/2/2)

- DAC to Optiplex Server (1/2/3)

- DAC to PC (1/2/4)

(I also have an unmanaged switch I have AP and PC hookedup to for internet until i can get this to work that is hooked up to regular lan port on netgate)

So I am now trying to setup to ICX6450 using this guide. I am connected fine to the serial port via an old Surface pro 3 (main pc a little far for cable)

ICX6450 - Fohdeesha Docs

I downloaded the files in the overview and put the tftp server on my main pc. Though not sure what I should set the server interface to? (the DAC?)
Anyway. I run into a problem on the first step, the factory set-default command isn't working for me it says unknown command.

I attempted to continue in the guide anyway

I set the IP to the IP i already setup for it in pfsense and the netmask.

Then set the serverip to the IP for my pc on pfsense and on the tftpd server program (192.168.1.101)

but i cant ping it or then load from it because it says its missing a gateway?

So yea im a little lost....



Im just getting started this is my eventual network I want. (I have a shed a lot of the equipment is going in which ill run fiber to which is why two 10gb switchs to netgate box, one in shed one inside, but for now just doing netgatebox to switch, pc, nas,server)
 

Vesalius

Active Member
Nov 25, 2019
224
160
43
start reading there and see if that solution works for you. You may have an older firmware.

Hey guys first time posting,

Got an ICX6450, following Fohdeesha guide to get it started but not working, a bit of a noob

o my network setup is like this:

Netgate 6100

- ISP Fiber thing with ethernet (1gbs) to netgate box

- 10gb SFP+ DAC Cable going to switch

Switch Brocade ICX6450

- DAC from netgate box (1/2/1)

- DAC to NAS (1/2/2)

- DAC to Optiplex Server (1/2/3)

- DAC to PC (1/2/4)

(I also have an unmanaged switch I have AP and PC hookedup to for internet until i can get this to work that is hooked up to regular lan port on netgate)

So I am now trying to setup to ICX6450 using this guide. I am connected fine to the serial port via an old Surface pro 3 (main pc a little far for cable)

ICX6450 - Fohdeesha Docs

I downloaded the files in the overview and put the tftp server on my main pc. Though not sure what I should set the server interface to? (the DAC?)
Anyway. I run into a problem on the first step, the factory set-default command isn't working for me it says unknown command.

I attempted to continue in the guide anyway

I set the IP to the IP i already setup for it in pfsense and the netmask.

Then set the serverip to the IP for my pc on pfsense and on the tftpd server program (192.168.1.101)

but i cant ping it or then load from it because it says its missing a gateway?

So yea im a little lost....



Im just getting started this is my eventual network I want. (I have a shed a lot of the equipment is going in which ill run fiber to which is why two 10gb switchs to netgate box, one in shed one inside, but for now just doing netgatebox to switch, pc, nas,server)
 
  • Like
Reactions: badbrothers

badbrothers

New Member
Jul 8, 2022
2
0
1
Well, I fixed it but error was on my side... not pluged into management port. But firmware is updated!

However now I am running into a new issue.

I got to the part in the tutorial to copy over the license. Switched to regular ethernet port, changed serial, now I am copying the license.

However it keeps erroring out as shown on tftpd64

1657395909327.png
 

Lone Wolf

Member
Apr 3, 2022
47
9
8
Well, I fixed it but error was on my side... not pluged into management port. But firmware is updated!

However now I am running into a new issue.

I got to the part in the tutorial to copy over the license. Switched to regular ethernet port, changed serial, now I am copying the license.

However it keeps erroring out as shown on tftpd64

View attachment 23476
It looks like your PC is connected to the network on wireless, which as you listed above goes into an AP and then into an unmanged switch that goes into your Netgate which is connected to your ICX6450 with a DAC . Are you able to try with the PC plugged directly into the switch with an Ethernet cable? Eliminate all the middle men just in case there are problems in between somewhere.
 

EngineerNate

Member
Jun 3, 2017
67
16
8
33
Wanted to drop by and say thanks to Fohdeesha again, I updated a second one of these switches last night using his guide and no hiccups.

The first I had to step up the firmware a few times before 8090 would take, thing was waaaay old on the firmware side. No problems once it finally got up to date.

I'm using amphenol branded QSFP+ DAC cables and they're linking up just fine at 40g to my server's ConnectX-3 cards.
 

kevinSTH

New Member
Jul 11, 2022
2
0
1
Hello, really new to the server space. If I were to get a CX6450-24P and it is fully reset. Would it function as an unmanaged switch?
 

kpfleming

Active Member
Dec 28, 2021
226
103
43
Pelham NY USA
Hello, really new to the server space. If I were to get a CX6450-24P and it is fully reset. Would it function as an unmanaged switch?
It's possible, although if you try to use VLAN tags that may not work. If all of your traffic is untagged then yes, it would operate as a plain layer 2 switch.
 

luks

New Member
Sep 23, 2021
8
2
3
Helsinki, Finland
I don't quite understand how the switch management works when using the L3 firmware on ICX6450 and 6610. On the Fodeesha's guide, a static ip is set for ve 1 and that will become the IP where I can connect to the switch via SSH. But that wasn't explained very well in the guide and I got a bit confused.

I managed to set up some VLANs and routing between them. Now the switch management is also accessible through every VLAN as the switch works as a router for each of those VLANs. I would like the management access to be only accessible from a specified management VLAN. I couldn't find information from the manuals on how to do that.

Also why is the dedicated management port not used? I would prefer to have the SSH access to the switch only through the management ethernet port if that's possible.
 

kpfleming

Active Member
Dec 28, 2021
226
103
43
Pelham NY USA
You can use access-lists (ACLs) to restrict the ability to talk to the management IP address over SSH/HTTP/HTTPS/etc. if you wish. This is the same technique you'd use to restrict access across any other routed paths (between hosts, for example).

If you prefer to use the management port you certainly can, although you'll have to provide a way to connect to it :) If you are going to route traffic between your VLANs you'll still need addresses on the VEs, though, so you'll have to use access-lists if you want to block access to the management interfaces through those addresses. I don't think there is any way to tell the device to *not* listen on the VE addresses for management traffic.
 

EngineerNate

Member
Jun 3, 2017
67
16
8
33
You can use access-lists (ACLs) to restrict the ability to talk to the management IP address over SSH/HTTP/HTTPS/etc. if you wish. This is the same technique you'd use to restrict access across any other routed paths (between hosts, for example).

If you prefer to use the management port you certainly can, although you'll have to provide a way to connect to it :) If you are going to route traffic between your VLANs you'll still need addresses on the VEs, though, so you'll have to use access-lists if you want to block access to the management interfaces through those addresses. I don't think there is any way to tell the device to *not* listen on the VE addresses for management traffic.
Correct me if I'm wrong here, but if you create a VE it should only be exposed on the vlans you put it in right? If you run the command:

Code:
no router-interface ve 1
Inside the vlans where you don't want that interface, that interface shouldn't be accessible in those vlans right?
 

kpfleming

Active Member
Dec 28, 2021
226
103
43
Pelham NY USA
Nope, that's not correct :)

'router-interface ve 1' creates a virtual ethernet interface in VLAN 1. That interface only exists in VLAN 1, it does not exist anywhere else. Think of it as if the management CPU was in a box outside the switch and you connected it to a port that you put into VLAN 1... it's functionally the same, just virtual.

Once that VE exists, it is a layer 3 interface, and when you assign addresses to it those addresses are reachable from any other layer 3 host in the network, unless access-lists or some other mechanism stops the traffic.
 

EngineerNate

Member
Jun 3, 2017
67
16
8
33
I guess I misunderstood the original question, I thought he was saying that it was reachable from outside the VLAN. I understand now and the behavior you describe is what I was trying to convey.