Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Lone Wolf · Jul 6, 2022

kimbo said:
I think so. The update failed twice with CRC errors, but then seemed to work. Is there a way to check if it updated successfully?
Do you think the CRC errors might be connected (or it might just have been my bad wifi)?

If you run 'show ver' it will tell you which firmware is running. On mine it shows SW: Version 08.0.30uT313, which is the latest for this switch. I did have some errors earlier on tho with the EEPROM and it had something to do with temp files in the file system. There is a note about that a month or two ago earlier in this thread from Fohdeesha. Although updating through wifi is never the best option if you can help it, expecially if you don't have rock solid signal strength. If you run 'show ver' and get the same version, then you know you are on the latest.

kimbo said:
Cool. Did you go for the NF-A4x10 or NF-A4x20?

NF-A4x20 FLX. It has more airflow than the A4x10, less noise and more static pressure. Seems a no-brainer

And they fit just fine (the built in fans are 20mm as well). If you plan on having several POE devices and lots of ethernet ports hooked up, you might want one of the Sunon or Deltas that move more air as more heat will be generated.

Whichever fan you get, you will likely need to swap two of the pins. I had to with the Nuctuas. I'd give you that info from the notes I took, but I can't seem to make sense of what I jotted down

I'll be pulling the switch apart soon so I'm going to figure it out again.

Lone Wolf · Jul 6, 2022

Scarlet said:
Check your temperatures with "show chassis" to make sure the noctuas acutally keep the switch cool enough. The ASIC is running at full speed all the time and gets quite hot.

The temps are quite fine. It's currently sitting at 57 degrees with two Noctuas. Two or three times a day on hot days it will hit fan speed 2 for a minute or two (which is also silent) and then its fine again. I don't like it thermal cycling like that tho, so I just picked up a third noctua fan and will install it soon. I'm figuring the extra air flow will keep it in fan speed 1 all the time. I monitor the switch with LibreNMS so I have nice graphs of the temperature to refer back to. It's never stayed in fan speed 2 for any length of time.

I also have very little plugged into my switch. Three 10Gig DACs, one POE Ethernet and one other Ethernet cable that rarely get used. I would've preferred the 6450-24 port instead of the 48, but all I could find was the 48. If I started adding more - especially POE devices - I would be expecting to get fans with better airflow to handle it.

kimbo · Jul 7, 2022

Lone Wolf said:
If you run 'show ver' it will tell you which firmware is running. On mine it shows SW: Version 08.0.30uT313, which is the latest for this switch.

Mine shows the same.

Fingers crossed that the fan issue is the only issue, and it stays alive!

Lone Wolf said:
NF-A4x20 FLX. It has more airflow than the A4x10, less noise and more static pressure. Seems a no-brainer And they fit just fine (the built in fans are 20mm as well). If you plan on having several POE devices and lots of ethernet ports hooked up, you might want one of the Sunon or Deltas that move more air as more heat will be generated.

Whichever fan you get, you will likely need to swap two of the pins. I had to with the Nuctuas. I'd give you that info from the notes I took, but I can't seem to make sense of what I jotted down I'll be pulling the switch apart soon so I'm going to figure it out again.

Cool

My switch is non-POE, so that should help with heat. I think I'll try a NF-A4x20 FLX, and I'll report back.

Thanks for the help.

Lone Wolf · Jul 7, 2022

kimbo said:
Mine shows the same.

Fingers crossed that the fan issue is the only issue, and it stays alive!

All three of mine show "fan failed", but they did that before I swapped the fans too. They correctly change speeds as needed, so I don't worry about it.

kimbo said:
My switch is non-POE, so that should help with heat. I think I'll try a NF-A4x20 FLX, and I'll report back.

Thanks for the help.

I would look into three if you can. One doesn't move much air and it's better to have more than you need than less than you need.

epicurean · Jul 7, 2022

epicurean said:
is it possible to do LACP on 2 of the 4 x10GB ports that were broken out from the QSFP ports of an ICX6610?
If so, how is that done?

Would anyone have insights into this?

danb35 · Jul 8, 2022

epicurean said:
Would anyone have insights into this?

I'd expect they'd work the same as any other port--have you tried?

dmitry.n.medvedev · Jul 9, 2022

Good morning all,

the context: Brocade ICX 6610-24
the problem: how do I shutdown/start the switch remotely? Does it have a stand-by mode?

PS: looks like the sysShutdown command does not exist.

badbrothers · Jul 9, 2022

Hey guys first time posting,

Got an ICX6450, following Fohdeesha guide to get it started but not working, a bit of a noob

o my network setup is like this:

Netgate 6100

- ISP Fiber thing with ethernet (1gbs) to netgate box

- 10gb SFP+ DAC Cable going to switch

Switch Brocade ICX6450

- DAC from netgate box (1/2/1)

- DAC to NAS (1/2/2)

- DAC to Optiplex Server (1/2/3)

- DAC to PC (1/2/4)

(I also have an unmanaged switch I have AP and PC hookedup to for internet until i can get this to work that is hooked up to regular lan port on netgate)

So I am now trying to setup to ICX6450 using this guide. I am connected fine to the serial port via an old Surface pro 3 (main pc a little far for cable)

ICX6450 - Fohdeesha Docs

I downloaded the files in the overview and put the tftp server on my main pc. Though not sure what I should set the server interface to? (the DAC?)

http://imgur.com/VPqgW5e

Anyway. I run into a problem on the first step, the factory set-default command isn't working for me it says unknown command.

I attempted to continue in the guide anyway

I set the IP to the IP i already setup for it in pfsense and the netmask.

Then set the serverip to the IP for my pc on pfsense and on the tftpd server program (192.168.1.101)

but i cant ping it or then load from it because it says its missing a gateway?

So yea im a little lost....

Im just getting started this is my eventual network I want. (I have a shed a lot of the equipment is going in which ill run fiber to which is why two 10gb switchs to netgate box, one in shed one inside, but for now just doing netgatebox to switch, pc, nas,server)

http://imgur.com/NWQ4h7q

Vesalius · Jul 9, 2022

start reading there and see if that solution works for you. You may have an older firmware.

https://forums.servethehome.com/index.php?threads/brocade-icx-series-cheap-powerful-10gbe-40gbe-switching.21107/post-334014

badbrothers said:
Hey guys first time posting,

Got an ICX6450, following Fohdeesha guide to get it started but not working, a bit of a noob

o my network setup is like this:

Netgate 6100

- ISP Fiber thing with ethernet (1gbs) to netgate box

- 10gb SFP+ DAC Cable going to switch

Switch Brocade ICX6450

- DAC from netgate box (1/2/1)

- DAC to NAS (1/2/2)

- DAC to Optiplex Server (1/2/3)

- DAC to PC (1/2/4)

(I also have an unmanaged switch I have AP and PC hookedup to for internet until i can get this to work that is hooked up to regular lan port on netgate)

So I am now trying to setup to ICX6450 using this guide. I am connected fine to the serial port via an old Surface pro 3 (main pc a little far for cable)

ICX6450 - Fohdeesha Docs

I downloaded the files in the overview and put the tftp server on my main pc. Though not sure what I should set the server interface to? (the DAC?)

http://imgur.com/VPqgW5e

Anyway. I run into a problem on the first step, the factory set-default command isn't working for me it says unknown command.

I attempted to continue in the guide anyway

I set the IP to the IP i already setup for it in pfsense and the netmask.

Then set the serverip to the IP for my pc on pfsense and on the tftpd server program (192.168.1.101)

but i cant ping it or then load from it because it says its missing a gateway?

So yea im a little lost....

Im just getting started this is my eventual network I want. (I have a shed a lot of the equipment is going in which ill run fiber to which is why two 10gb switchs to netgate box, one in shed one inside, but for now just doing netgatebox to switch, pc, nas,server)

http://imgur.com/NWQ4h7q

badbrothers · Jul 9, 2022

Well, I fixed it but error was on my side... not pluged into management port. But firmware is updated!

However now I am running into a new issue.

I got to the part in the tutorial to copy over the license. Switched to regular ethernet port, changed serial, now I am copying the license.

However it keeps erroring out as shown on tftpd64

zunder1990 · Jul 9, 2022

dmitry.n.medvedev said:
Good morning all,

the context: Brocade ICX 6610-24
the problem: how do I shutdown/start the switch remotely? Does it have a stand-by mode?

PS: looks like the sysShutdown command does not exist.

smartplug? the switch will auto boot when power is applyied.

Lone Wolf · Jul 10, 2022

badbrothers said:
Well, I fixed it but error was on my side... not pluged into management port. But firmware is updated!

However now I am running into a new issue.

I got to the part in the tutorial to copy over the license. Switched to regular ethernet port, changed serial, now I am copying the license.

However it keeps erroring out as shown on tftpd64

View attachment 23476

It looks like your PC is connected to the network on wireless, which as you listed above goes into an AP and then into an unmanged switch that goes into your Netgate which is connected to your ICX6450 with a DAC . Are you able to try with the PC plugged directly into the switch with an Ethernet cable? Eliminate all the middle men just in case there are problems in between somewhere.

epicurean · Jul 10, 2022

danb35 said:
I'd expect they'd work the same as any other port--have you tried?

How do i identify these breakout ports in the console?

EngineerNate · Jul 11, 2022

Wanted to drop by and say thanks to Fohdeesha again, I updated a second one of these switches last night using his guide and no hiccups.

The first I had to step up the firmware a few times before 8090 would take, thing was waaaay old on the firmware side. No problems once it finally got up to date.

I'm using amphenol branded QSFP+ DAC cables and they're linking up just fine at 40g to my server's ConnectX-3 cards.

kevinSTH · Jul 11, 2022

Hello, really new to the server space. If I were to get a CX6450-24P and it is fully reset. Would it function as an unmanaged switch?

danb35 · Jul 12, 2022

epicurean said:
How do i identify these breakout ports in the console?

See the "Port Layout" section here:

FCX / ICX6610 - Fohdeesha Docs

fohdeesha.com

kpfleming · Jul 12, 2022

kevinSTH said:
Hello, really new to the server space. If I were to get a CX6450-24P and it is fully reset. Would it function as an unmanaged switch?

It's possible, although if you try to use VLAN tags that may not work. If all of your traffic is untagged then yes, it would operate as a plain layer 2 switch.

luks · Jul 12, 2022

I don't quite understand how the switch management works when using the L3 firmware on ICX6450 and 6610. On the Fodeesha's guide, a static ip is set for ve 1 and that will become the IP where I can connect to the switch via SSH. But that wasn't explained very well in the guide and I got a bit confused.

I managed to set up some VLANs and routing between them. Now the switch management is also accessible through every VLAN as the switch works as a router for each of those VLANs. I would like the management access to be only accessible from a specified management VLAN. I couldn't find information from the manuals on how to do that.

Also why is the dedicated management port not used? I would prefer to have the SSH access to the switch only through the management ethernet port if that's possible.

kpfleming · Jul 12, 2022

You can use access-lists (ACLs) to restrict the ability to talk to the management IP address over SSH/HTTP/HTTPS/etc. if you wish. This is the same technique you'd use to restrict access across any other routed paths (between hosts, for example).

If you prefer to use the management port you certainly can, although you'll have to provide a way to connect to it

If you are going to route traffic between your VLANs you'll still need addresses on the VEs, though, so you'll have to use access-lists if you want to block access to the management interfaces through those addresses. I don't think there is any way to tell the device to *not* listen on the VE addresses for management traffic.

EngineerNate · Jul 12, 2022

kpfleming said:
You can use access-lists (ACLs) to restrict the ability to talk to the management IP address over SSH/HTTP/HTTPS/etc. if you wish. This is the same technique you'd use to restrict access across any other routed paths (between hosts, for example).

If you prefer to use the management port you certainly can, although you'll have to provide a way to connect to it If you are going to route traffic between your VLANs you'll still need addresses on the VEs, though, so you'll have to use access-lists if you want to block access to the management interfaces through those addresses. I don't think there is any way to tell the device to *not* listen on the VE addresses for management traffic.

Correct me if I'm wrong here, but if you create a VE it should only be exposed on the vlans you put it in right? If you run the command:

Code:

no router-interface ve 1

Inside the vlans where you don't want that interface, that interface shouldn't be accessible in those vlans right?

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Member

Member

New Member

Member

Active Member

New Member

New Member

New Member

Active Member

New Member

Active Member

Member

Active Member

Member

New Member

New Member

Active Member

New Member

Active Member

Member