Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[Craig Curtin]

I have seen this behavior on simulated & non sine wave UPS's... ie. low cost UPS's. The ICX 6610 psu is pretty sensitive to power. Made no difference running a single or dual PSU. Made no difference rev A or rev B or a mix of rev PSU's. I have seen the switch stay up for 1 or 2 days or up to 20+ days but eventually it gets unhappy on the low cost UPS's and randomly restarts.

Moved the 6610's to an EATON 2200 and the cold start/random reboots disappeared. They also disappeared just running them on street power. I put them back on a cheap APC or Cyberpower UPS and they periodically reboot.

Thanks for the quick answer - not a cheap UPS unfortunately - it is an APC 3000RMT XL - double conversion pure sine wave - running from a Lithium battery bank good for approx 8 hours run time

So does COLD start actually mean a full switch reboot ? i.e. loss of power

Craig

 

[itronin]

Thanks for the quick answer - not a cheap UPS unfortunately - it is an APC 3000RMT XL - double conversion pure sine wave - running from a Lithium battery bank good for approx 8 hours run time

So does COLD start actually mean a full switch reboot ? i.e. loss of power

Craig

based on what I've seen its the same as pulling the cables and plugging them back in or hitting the kill switch on a pdu. FWIW when it first started I was thinking I had a bad switch so I pointed syslog to a server (same as you) to watch what was getting logged. going back into the switch and looking at show tech (I think) there was some crash dump information.

The only thing I can suggest is try running on street power (if yours is stable) for a while and see what happens.

My eaton is SLA and I would not expect that to make a difference though.

If you have access to an older APC 2000/3000 with SLA you might try that to rule it out though as I have seen different behaviors between newer APC's vs. some of the older "tanks". obviously YMMV and I have 0 experience with the newer Li-ION UPS's.

edit

you could also have bad switches I guess. You didn't buy them from g-electronic here in the states did you?

 

[Craig Curtin]

based on what I've seen its the same as pulling the cables and plugging them back in or hitting the kill switch on a pdu. FWIW when it first started I was thinking I had a bad switch so I pointed syslog to a server (same as you) to watch what was getting logged. going back into the switch and looking at show tech (I think) there was some crash dump information.

The only thing I can suggest is try running on street power (if yours is stable) for a while and see what happens.

My eaton is SLA and I would not expect that to make a difference though.

If you have access to an older APC 2000/3000 with SLA you might try that to rule it out though as I have seen different behaviors between newer APC's vs. some of the older "tanks". obviously YMMV and I have 0 experience with the newer Li-ION UPS's.

edit

you could also have bad switches I guess. You didn't buy them from g-electronic here in the states did you?

Yeah i might move it back to street power for a little while and see what happens - hopefully it is not that finicky with power requirements !!

No i didn't get them from g-electronic - but it was from a US Ebay vendor and they were given a bashing in transit - so i ended up getting them for free through the EBAY global shipping program - thought it was OK until i see these issues - maybe not

Will report back in a couple of days

Craig

 

[itronin]

Yeah i might move it back to street power for a little while and see what happens - hopefully it is not that finicky with power requirements !!

No i didn't get them from g-electronic - but it was from a US Ebay vendor and they were given a bashing in transit - so i ended up getting them for free through the EBAY global shipping program - thought it was OK until i see these issues - maybe not

Will report back in a couple of days

Craig

one thing I never tried... though easy enough to do in a couple of weeks when I have time. run one PSU on a cheap UPS and another on streeet power. see if it is more stable. problem is that it could stay up for like 3 weeks on the cheap UPS before cycling.

btw, I should add I did NOT always see a crash report after it did the spontaneous reboot.

 

[Craig Curtin]

one thing I never tried... though easy enough to do in a couple of weeks when I have time. run one PSU on a cheap UPS and another on streeet power. see if it is more stable. problem is that it could stay up for like 3 weeks on the cheap UPS before cycling.

btw, I should add I did NOT always see a crash report after it did the spontaneous reboot.

OK got me thinking after your posts (BTW - thanks again) - here is a dump of some of the show tech - should i be concerned in here - is this indicating an ECC memory issues ?

==========================================================================
==========================================================================
BEGIN : show sysmon counters all
CONTEXT : SSH#1 : SYSTEM MONITORING INFO
TIME STAMP : Nov 8 12:41:50.418
HW/SW INFO : ICX6610-48-HPOE/FCXR08030u
==========================================================================
Sysmon error detected on: Stacking Unit 1 (number of times)

****Stacking unit 1 (ICX) Link error detect
1st device, core 2. port 42
Link error detect = 0 remote fault detect = 0 gearbox error = 0
1st device, core 3. port 58
Link error detect = 0 remote fault detect = 0 gearbox error = 0
2nd device, core 0. port 10
Link error detect = 0 remote fault detect = 0 gearbox error = 0
2nd device, core 1. port 26
Link error detect = 0 remote fault detect = 0 gearbox error = 0

==========================
Sysmon ECC error detected on: Stacking Unit 1 (number of times)

****Stacking unit 1 (ICX) ecc error detect
ECC one-time error detect = 0 ECC two-time error detect = 0
==========================
==========================================================================
TIME STAMP : Nov 8 12:41:50.421
END : show sysmon counters all
TIME TAKEN : 120208 ticks (2404160 nsec)
==========================================================================

And does this unit think it is still part of a stack ??

==========================================================================
BEGIN : show stack
CONTEXT : SSH#1 : STACK DETAILS
TIME STAMP : Nov 8 12:41:50.664
HW/SW INFO : ICX6610-48-HPOE/FCXR08030u
==========================================================================

Stack Details
=============
T=11h6m39.2: alone: standalone, D: dynamic cfg, S: static
ID Type Role Mac Address Pri State Comment
1 S ICX6610-48P alone cc4e.24b9.c6d0 0 local None:0


+---+
2/1| 1 |2/6
+---+
Current stack management MAC is cc4e.24b9.c6d0

Image-Auto-Copy is Enabled.

Stack Port Status Neighbors
Unit# Stack-port1 Stack-port2 Stack-port1 Stack-port2
1 none none none none
==========================================================================
TIME STAMP : Nov 8 12:41:50.667
END : show stack
TIME TAKEN : 155765 ticks (3115300 nsec)
==========================================================================

Craig

 

[kevindd992002]

Nope but i have 3 of them to do that have just arrived from the USA - will try and get onto them this week and advise

Craig

Thanks. FWIW, I reflashed the PoE controller firmware and this time I pressed enter to go back to the console after a few seconds (just like instructed in fohdeesha's guide) and I did not see the "PoE info" messages (which I assume are console messages) I saw earlier when I did not press enter (https://forums.servethehome.com/ind...erful-10gbe-40gbe-switching.21107/post-353942)

The show log command only shows the " U1-MSG: PoE Info" messages which is why most people here probably didn't see anything related to this. When you upgrade the PoE controller firmware on your units, would you mind not pressing enter and waiting for the whole process to finish just like I did?

 

[itronin]

And does this unit think it is still part of a stack ??

Spoiler: still part of a stack??

==========================================================================
BEGIN : show stack
CONTEXT : SSH#1 : STACK DETAILS
TIME STAMP : Nov 8 12:41:50.664
HW/SW INFO : ICX6610-48-HPOE/FCXR08030u
==========================================================================

Stack Details
=============
T=11h6m39.2: alone: standalone, D: dynamic cfg, S: static
ID Type Role Mac Address Pri State Comment
1 S ICX6610-48P alone cc4e.24b9.c6d0 0 local None:0


+---+
2/1| 1 |2/6
+---+
Current stack management MAC is cc4e.24b9.c6d0

Image-Auto-Copy is Enabled.

Stack Port Status Neighbors
Unit# Stack-port1 Stack-port2 Stack-port1 Stack-port2
1 none none none none
==========================================================================
TIME STAMP : Nov 8 12:41:50.667
END : show stack
TIME TAKEN : 155765 ticks (3115300 nsec)
==========================================================================

Craig

sooo the symptoms you described in an earlier post - about going crazy - were indicative to me of what I experienced not quite disabling stacking and trying to use one of the 40/10 breakouts. One worked for breakout - the other did not...

here's what my standalone switch shows and see the difference?

edit - just realized you cut n pasted the output from show tech... try it from the command line and see what that says.

Spoiler: Definitely not enabled

SSH@icx6610-stack>enable
User Name:root
Password:
SSH@icx6610-stack#show stack

***** Warning! stack is not enabled. *****

T=20d16h4m43.1: alone: standalone, D: dynamic cfg, S: static
ID Type Role Mac Address Pri State Comment
1 S ICX6610-48P alone 748e.f8dc.ae80 128 local None:0


+---+
2/1| 1 |2/6
+---+
Current stack management MAC is 748e.f8dc.ae80
SSH@icx6610-stack#

as far as the ecc errors. I remember specifically seeing that in one of the crash reports - however like I said changing the power source solved the issue. @fohdeesha did point me at some memory on the bay to buy if I really felt that was the issue. still have the sticks somewhere in the basement mess...

 

[Craig Curtin]

Thanks. FWIW, I reflashed the PoE controller firmware and this time I pressed enter to go back to the console after a few seconds (just like instructed in fohdeesha's guide) and I did not see the "PoE info" messages (which I assume are console messages) I saw earlier when I did not press enter (https://forums.servethehome.com/ind...erful-10gbe-40gbe-switching.21107/post-353942)

The show log command only shows the " U1-MSG: PoE Info" messages which is why most people here probably didn't see anything related to this. When you upgrade the PoE controller firmware on your units, would you mind not pressing enter and waiting for the whole process to finish just like I did?

Yep will do - will setup this afternoon and do the first one and advise

Craig

 

[Craig Curtin]

sooo the symptoms you described in an earlier post - about going crazy - were indicative to me of what I experienced not quite disabling stacking and trying to use one of the 40/10 breakouts. One worked for breakout - the other did not...

here's what my standalone switch shows and see the difference?

edit - just realized you cut n pasted the output from show tech... try it from the command line and see what that says.

Spoiler: Definitely not enabled

SSH@icx6610-stack>enable
User Name:root
Password:
SSH@icx6610-stack#show stack

***** Warning! stack is not enabled. *****

T=20d16h4m43.1: alone: standalone, D: dynamic cfg, S: static
ID Type Role Mac Address Pri State Comment
1 S ICX6610-48P alone 748e.f8dc.ae80 128 local None:0


+---+
2/1| 1 |2/6
+---+
Current stack management MAC is 748e.f8dc.ae80
SSH@icx6610-stack#

as far as the ecc errors. I remember specifically seeing that in one of the crash reports - however like I said changing the power source solved the issue. @fohdeesha did point me at some memory on the bay to buy if I really felt that was the issue. still have the sticks somewhere in the basement mess...

Aah good one - thanks for that peace of mind

SSH@6610-POE-Basement#show stack

***** Warning! stack is not enabled. *****

T=13h58m15.5: alone: standalone, D: dynamic cfg, S: static
ID Type Role Mac Address Pri State Comment
1 S ICX6610-48P alone cc4e.24b9.c6d0 0 local None:0


+---+
2/1| 1 |2/6
+---+
Current stack management MAC is cc4e.24b9.c6d0
SSH@6610-POE-Basement#


Was it in this thread re the replacement RAM ? Would not mind searching it up as a standby just n case

Craig

 

[Craig Curtin]

Thanks. FWIW, I reflashed the PoE controller firmware and this time I pressed enter to go back to the console after a few seconds (just like instructed in fohdeesha's guide) and I did not see the "PoE info" messages (which I assume are console messages) I saw earlier when I did not press enter (https://forums.servethehome.com/ind...erful-10gbe-40gbe-switching.21107/post-353942)

The show log command only shows the " U1-MSG: PoE Info" messages which is why most people here probably didn't see anything related to this. When you upgrade the PoE controller firmware on your units, would you mind not pressing enter and waiting for the whole process to finish just like I did?

OK here you go - think it has finished now - but will go away and leave it for another 1/2 hour anyway

Command executed successfully
ICX64XX-boot>> reset
Reset CPU by asserting RstOutn

Bootloader Version: 10.1.05T310 (Mar 19 2015 - 16:39:59)


Model ID: 1.0.0.1.1.0

Enter 'b' to stop at boot monitor: 0
bootdelay: ===
Booting image from Primary
## Booting image at 00007fc0 ...
Created: 2020-04-23 17:58:12 UTC
Data Size: 9870536 Bytes = 9.4 MB
Load Address: 00008000
Entry Point: 00008000
Verifying Checksum ... OK
OK

Starting kernel in BE mode ...
Uncompressing Image.............................................................................................................................................................................................................................................................................................................................................................................................................. done, booting the kernel.
Config partition mounted.
FIPS reset is enable.
Removing startup config & backup
Removing stacking.boot
Removing SSL_CERT_FILE
Removing SSH_RSA_HOSTKEY_FILE
Removing SSH_DSA_HOSTKEY_FILE
Creating TUN device
Starting the FastIron.
FIPS DisabledORT NOT DISABLED
platform type 47
OS>Unable to set the kernel wall time
Starting Main Task .Applying factory defaults..
INFO: startup config data is not available, try to read from backup
INFO: startup config data in the backup area is not available
CPSS DxCh Version: cpss3.4p1 release
Pre Parsing Config Data ...
INFO: empty config data in the primary area, try to read from backup
INFO: empty config data in the backup area also

Parsing Config Data ...
INFO: empty config data in the primary area, try to read from backup
INFO: empty config data in the backup area also

PoD: No license present for port 1/2/2
PoD: No license present for port 1/2/4
System initialization completed...console going online.
Copyright (c) 1996-2016 Brocade Communications Systems, Inc. All rights reserved.
UNIT 1: compiled on Apr 23 2020 at 10:57:06 labeled as ICX64R08030u
(9871112 bytes) from Primary ICX64R08030u.bin
SW: Version 08.0.30uT313
Boot-Monitor Image size = 786944, Version:10.1.05T310 (kxz10105)
HW: Stackable ICX6450-48-HPOE
==========================================================================
UNIT 1: SL 1: ICX6450-48P POE 48-port Management Module
Serial #: BZT3226K07S
License: ICX6450_BASE_ROUTER_SOFT_PACKAGE (LID: dbvIHHLmFMu)
P-ENGINE 0: type DEF0, rev 01
P-ENGINE 1: type DEF0, rev 01
==========================================================================
UNIT 1: SL 2: ICX6450-SFP-Plus 4port 40G Module
==========================================================================
800 MHz ARM processor ARMv5TE, 400 MHz bus
65536 KB flash memory
512 MB DRAM
STACKID 1 system uptime is 27 second(s)
The system started at 00:00:39 GMT+00 Thu Jan 01 1970

The system : started=cold start

ICX6450-48P Router>
Stack unit 1 PS 1, Internal Power supply detected and up.

Stack unit 1 PS 1, Internal Power supply detected and up.
PoE: Stack unit 1 PS 1, Internal Power supply with 740000 mwatts capacity is up
PoE Info: Adding new 54V capacity of 740000 mW, total capacity is 740000, total free capacity is 740000
PoE Info: PoE module 1 of Unit 1 on ports 1/1/1 to 1/1/48 detected. Initializing....
PoE Event Trace Log Buffer for 2000 log entries allocated
PoE Event Trace Logging enabled...
PoE Info: Programming Ruckus defaults. Step 1: Writing port defaults on module in slot 1....
PoE Info: Programming Ruckus Defaults: Step 2: Writing PM defaults on module in slot 1.
PoE Info: Programming Ruckus defaults. Step 3: Writing user byte 0xf3 on module in slot 1.
PoE Info: Programming Ruckus defaults. Step 4: Saving settings on module in slot 1.
PoE Info: Programming Ruckus defaults....completed.
PoE Info: PoE module 1 of Unit 1 initialization is done.

ICX6450-48P-Router>TFTP session timed out

ICX6450-48P-Router>en
No password has been assigned yet...
ICX6450-48P-Router#conf t
ICX6450-48P-Router(config)#ip dhcp-client disable
ICX6450-48P-Router(config)#TFTP session timed out

ICX6450-48P-Router(config)#ip dhcp-client disable
ICX6450-48P-Router(config)#vlan 1
ICX6450-48P-Router(config-vlan-1)#rou
router-interface Attach router interface for Layer 2 VLAN
ICX6450-48P-Router(config-vlan-1)#router-interface ve 1
ICX6450-48P-Router(config-vlan-1)#exit
ICX6450-48P-Router(config)#int ve 1
ICX6450-48P-Router(config-vif-1)#ip address 172.16.100.243/24
ICX6450-48P-Router(config-vif-1)#exit
ICX6450-48P-Router(config)#wr mem

There is no startup config file, unable to save legacy config

ICX6450-48P-Router(config)#Flash Memory Write (8192 bytes per dot) .
Write startup-config done.
Copy Done.
ICX6450-48P-Router(config)#exit
ICX6450-48P-Router#inline power install-firmware stack-unit 1 tftp 172.16.100.115 ICX64xx/icx64xx_poeplus_02.1.0.b004.fw
ICX6450-48P-Router#Flash Memory Write (8192 bytes per dot) ..................
tftp download successful file name = poe-fw
Sending PoE Firmware to Unit 1.
Firmware version from File: 2.1.1
PoE Warning: Upgrading firmware in slot 1....DO NOT HOTSWAP OR POWER DOWN THE MODULE.
PoE Info: FW Download on slot 1...sending download command...
PoE Info: FW Download on slot 1...TPE response received.
PoE Info: FW Download on slot 1...sending erase command...
PoE Info: FW Download on slot 1...erase command...accepted.
PoE Info: FW Download on slot 1...erasing firmware memory...
PoE Info: FW Download on slot 1...erasing firmware memory...completed
PoE Info: FW Download on slot 1...sending program command...
PoE Info: FW Download on slot 1...sending program command...accepted.
PoE Info: FW Download on slot 1...programming firmware...takes around 12 minutes....
U1-MSG: PoE Info: Firmware Download on slot 1.....10 percent completed.
U1-MSG: PoE Info: Firmware Download on slot 1.....20 percent completed.
U1-MSG: PoE Info: Firmware Download on slot 1.....30 percent completed.
U1-MSG: PoE Info: Firmware Download on slot 1.....40 percent completed.
U1-MSG: PoE Info: Firmware Download on slot 1.....50 percent completed.
U1-MSG: PoE Info: Firmware Download on slot 1.....60 percent completed.
U1-MSG: PoE Info: Firmware Download on slot 1.....70 percent completed.
U1-MSG: PoE Info: Firmware Download on slot 1.....80 percent completed.
U1-MSG: PoE Info: Firmware Download on slot 1.....90 percent completed.
U1-MSG: PoE Info: Firmware Download on slot 1.....100 percent completed.
PoE Info: FW Download on slot 1...programming firmware...completed.
PoE Info: FW Download on slot 1...upgrading firmware...completed. Module will be reset.
PoE Info: Resetting in slot 1....
PoE Info: Resetting module in slot 1....completed.
PoE Info: Programming Ruckus defaults. Step 1: Writing port defaults on module in slot 1....
PoE Info: Programming Ruckus Defaults: Step 2: Writing PM defaults on module in slot 1.
PoE Info: Programming Ruckus defaults. Step 3: Writing user byte 0xf3 on module in slot 1.
PoE Info: Programming Ruckus defaults. Step 4: Saving settings on module in slot 1.
PoE Info: Programming Ruckus defaults....completed.
PoE Info: PoE module 1 of Unit 1 initialization is done.


Craig

 

[dadof2brats]

Brocade ICX7250 daughter board with console port?

I gambled and bought a used 7250-24 from ebay, the auction was sold as-is and said it didn't power on. I hoped it was just a bad power supply, however it's a PoE version of the switch but the PoE daughter card is missing, I just had to plug the PS back into the motherboard; when the PoE card was removed, nobody reconnected the main power cable.

So I have it powered on, lights, sirens, fans, all the things. I decided to try and connect a console cable to see what is going on, I cut up an old usb cable and used my cisco usb/rj45 console cable (it has the serial chip onboard) but I wasn't getting anything from the console. I chased my tail a bit thinking I just didn't pin it out right. My issue was I was trying to console in via the USB A port on the switch, which seems to be just a USB port not a serial port.

So realizing this, I chopped up a micro usb cable and pinned it out connected to a keystone jack. Then I went to plug the console into the micro usb port on the switch and there isn't one.

First question, where is my console port? The hole through the chassis is there but there's no micro usb and even no reset switch. Is the console port physically on the PoE daughter card or on the PoE daughter card?

Second question, what are the part numbers? I tried searching ebay, but couldn't find a listing for the PoE card or a different daughter card for the console but came up blank.

Surprisingly, the switch is getting an IP address on the management port, connected to my LAN, I can ping the IP and ssh. Google helped me find the default username and password and I was able to log into ssh and the web gui and set a new password.

Now, question three, is there a way to update the firmware without the console? Can I do that via SSH or even the GUI?

edit: FYI the switch is currently running 8.0.90hT213 which isn't the latest, but not super old.

Running Image Version:​	SW: Version 08.0.90hT213 Compiled on Nov 4 2020 at 22:05:18 labeled as SPR08090h

 

[fohdeesha]

Aah good one - thanks for that peace of mind

SSH@6610-POE-Basement#show stack

***** Warning! stack is not enabled. *****

T=13h58m15.5: alone: standalone, D: dynamic cfg, S: static
ID Type Role Mac Address Pri State Comment
1 S ICX6610-48P alone cc4e.24b9.c6d0 0 local None:0


+---+
2/1| 1 |2/6
+---+
Current stack management MAC is cc4e.24b9.c6d0
SSH@6610-POE-Basement#


Was it in this thread re the replacement RAM ? Would not mind searching it up as a standby just n case

Craig

switch only takes 1 DIMM of this, so this is two spares: Centon Lot of 2 RD703G01 2GB PC2-5300 Reg ECC CL5 DDR2 667Mhz 1 Rank SODIMM 6-2 | eBay

 

[guzkiy]

Hello all,
I can get IBM Brocade Ruckus ICX7150-24 ( 01KV352 ) switch at a good price. Can it be flashed according to this guide (as 'normal' Brocade ICX7150)?
Thank you.

 

[fohdeesha]

Hello all,
I can get IBM Brocade Ruckus ICX7150-24 ( 01KV352 ) switch at a good price. Can it be flashed according to this guide (as 'normal' Brocade ICX7150)?
Thank you.

yes

 

[Vesalius]

FYI Ruckus running forward on ICX release versions. Now has a 10.0.00 release. Only runs on ICX 7550, 7560 and 7850 Series. obviously not recommended, although doubt many have one of the supported switch series.

 

[Craig Curtin]

switch only takes 1 DIMM of this, so this is two spares: Centon Lot of 2 RD703G01 2GB PC2-5300 Reg ECC CL5 DDR2 667Mhz 1 Rank SODIMM 6-2 | eBay

Thanks @Fodeesha - unfortunately he does not ship to the land down under - but now i know the specs i can start looking - i assume this is the same memory across unit (i.e. non POE and POE ?) i may take the module from a non-poe and see if the problem goes away (It happened again last night with a reboot at around midnight or so)

[EDIT] nope looked around no on else with ECC SODIMMs like that so i have used a US drop shipper and will see how that goes - will in the meantime cannabalise a module from a non POE here and see how we go

Craig

 

[jayb998]

Hi, getting up and running with my 6450 and struggling with VLANs. My router is Unifi UDM Pro SE and I have several VLANs already set up and working fine on a different Unifi switch (which has its own uplink to the UDM for now so as not to interfere with the Brocade) Most traffic goes through the default VLAN 1 including where the switch is getting its IP from right now.

I basically followed fohdeesha's guide and it's functioning fine at the level of a simple unmanaged Layer 2 switch. I plug in devices to a port and they get a 192.168.1.0/24 IP. No problem at all.

I can't get any devices outside of default VLAN to work. I added port #3 as untagged on VLAN 25 and when I plug in the device, the Unifi gives it a 192.168.1.0/24 IP (not a 192.168.25.0/24 IP as it should) and I can't ping it.

What are some things I should be checking? I'm not using Layer 3 routing at this point so as I imagine things would work, I would tag ports to the appropriate VLANs which match what's on my UDM, and the UDM handles the rest. Should be easy right? What am I missing?

Thanks

 

[Craig Curtin]

Hi, getting up and running with my 6450 and struggling with VLANs. My router is Unifi UDM Pro SE and I have several VLANs already set up. Most traffic goes through the default VLAN 1 including where the switch is getting its IP from right now.

I basically followed fohdeesha's guide and it's functioning fine as an unmanaged Layer 2 switch. I plug in devices to a port and they get a 192.168.1.0/24 IP. No problem at all.

I can't get any devices outside of default VLAN to work. I added port #3 as untagged on VLAN 25 and when I plug in the device, the Unifi gives it a 192.168.1.0/24 IP (not a 192.168.25.0/24 IP as it should) and I can't ping it.

What are some things I should be checking? I'm not using Layer 3 routing at this point so as I imagine things would work, I would tag ports to the appropriate VLANs which match what's on my UDM, and the UDM handles the rest. Should be easy right? What am I missing?

Thanks

OK so think about what you are trying to accomplish here

Something has to route between the VLANs - you can keep it simple to start with and leave the switch as essentially L2 and use the UDM Pro as that is where you are comfortable


So on the unifi it has to know about all of the VLANs that you are going to setup and it needs to have a DHCP config for each of those subnets.

Now for a port to be in multiple VLANs (on the 6450) then it must be able to understand which VLAN a packet is for - this is done by Tagging the packets (which is just a way of saying putting a bit of info in the front to say which VLAN the packet is for)

If you have a dumb device that does not understand VLANs (like a TV or similar) then it can not tag packets - but it still needs to be able to get packets meant for it - so we set a port as being untagged and give it a VLAN that it will be a member of and that the switch will add the tag to the front of every packet the TV generates.

As a network guy - i shudder when people talk about using the default VLAN for data traffic - but lots of people do it - so just remember i told you so later when you want to come back and fix it !

So first up you need to create a VLAN 25

login as root/admin etc

then

en (enable mode)

then

conf t (go into config mode)

then

vlan 25 name VLAN25 (create VLAN 25 and give it a name)

then

untag e 1/1/3 (add port 3 in untagged mode to the VLAN)



Now you have not said which port the Unifi is plugged into - for sake of the argument lets say port 48 (i always put my important network stuff up at the end of the switch)

So port 48 needs to receive packets for both VLAN 1 and VLAN 25

With the software release we have on these devices they had a kludge for using an untagged VLAN

you need to enable dual mode on the port

So continuuing on from up above

tag e 1/1/48 (add port 48 into VLAN 25) (this also takes it out of the default VLAN 1)

int e 1/1/48 (go the int 48 and configure it)
dual-mode 1 (which will leave the tagging on this port for VLAN 25) and add untagged on VLAN 1


Now you will need to configure this up on the UDM pro end to understand that VLAN 1 traffic is untagged and VLAN 25 traffic is tagged

Craig

 

[fohdeesha]

Thanks @Fodeesha - unfortunately he does not ship to the land down under - but now i know the specs i can start looking - i assume this is the same memory across unit (i.e. non POE and POE ?) i may take the module from a non-poe and see if the problem goes away (It happened again last night with a reboot at around midnight or so)

[EDIT] nope looked around no on else with ECC SODIMMs like that so i have used a US drop shipper and will see how that goes - will in the meantime cannabalise a module from a non POE here and see how we go

Craig

yeah all the 6610 variants use the same ram. DDR2 ECC registered sodimm - the size is only 512mb, but ones that small are even harder to find so any size above will work

 

[jayb998]

Thanks so much Craig! Duly noted advice on default VLAN - I'll probably make some adjustments down the line and would love to do inter VLAN routing too... but for now I just want to work with what I have and minimize the number of moving parts...

Now you have not said which port the Unifi is plugged into - for sake of the argument lets say port 48 (i always put my important network stuff up at the end of the switch)

So port 48 needs to receive packets for both VLAN 1 and VLAN 25

This seems to have been the missing piece for me. I had the VLAN configured correctly on the Brocade for the device port #3, and I had VLANs configured on the UDM, but I didn't have the uplink to the UDM configured on the Brocade. I assumed (incorrectly) that it would be treated as a trunk port. Am I correct to assume that this concept doesn't exist on Brocade i.e. I need to add every single VLAN (either tagged or untagged) on every single port that I might want to use?

I had to use a console cable to complete this step as I lost my SSH link to the Brocade once I tagged the uplink to VLAN #25. As soon as I put the port in dual mode it came back online again. There was nothing to configure on the Unifi since the SFP+ downlink was already marked as a trunk port so it defaults to #1 but allows any VLAN already on the router to be passed through it.

For what it's worth my uplink is on 1/2/1 since it's a SFP+ link.


NOW... to build on this question a bit, two things:

1. If I want to add a different VLAN for a different device port, do I essentially repeat the same steps? Do I need to re-add 1/2/1 to dual-mode after tagging it to a new VLAN, or is that part done?
2. What if I want a hypervisor or a downstream switch or a WAP that passes traffic on multiple VLANs? (I have a Proxmox server and a couple of small Unifi switches.) Do I tag the device port with every VLAN it might conceivably use and put it in dual-mode/untagged on VLAN 1?

Thanks so much for the help!