Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[audiobahn]

If you can ssh in, then follow the instructions here ICX6xxx Advanced - Fohdeesha Docs .

Sounds like you need...
aaa authentication web default local

If you can't ssh in, then start with FCX / ICX6610 - Fohdeesha Docs ...

 

[fleeball]

Thanks for the reply and I did look at those instructions, but a far as I can tell the commands can only be executed via the console port. If I try to SSH it is asking to login.

 

[audiobahn]

If nothing works you might just need to connect via the console port, worst case scenario you need to buy a LONG Ethernet cable they come in handy though I have a bad habit of cutting out smaller ones when I’m need until they’re no longer long enough!

 

[fleeball]

Yeap just ordered a console cable, seems as that is going to be the way I can get back into the switch. Thanks for your suggestions..

Update: Console cable resolved the issue.

 

[OKGolombRuler]

Having some trouble with DHCP relay (read: ip helper) on an ICX7150-24 L3 switch running 8.0.95h routing firmware. The DHCP server is running on a virtual Mikrotik, on an esxi server hung off one of the switchports. When I trunk the VLANs through to the mikrotik, and set up individual DHCP servers on each VLAN, no problem-- the MT L3 VLAN interface sees the broadcast, responds, everybody's happy. When I configure IP relay on the switch VEs, nothing happens-- the MT's loopback interface (192.168.101.1) with the dhcp server doesn't see packets, and I don't seem to see anything in the switch logs, even with a few debug flags (e.g. dhcp_relay) enabled. I confirmed that I can ping the MT loopback from the switch, and specifically from the VE source IP.

Here's a sample config on the VE port:

#sh run int ve7
interface ve 7
port-name guest VE
ip address 192.168.7.254 255.255.255.0
ip bootp-gateway 192.168.7.254
ip directed-broadcast
ip helper-address 1 192.168.101.1
ipv6 enable
ipv6 nd router-preference high
ipv6 nd ra-dns-server 2620:fe::11
ipv6 nd ra-dns-server 2620:fe::fe:11
!

and from the top-level config:

#sh run | incl dhcp
ip dhcp snooping vlan 7 9
ip dhcp-client disable
ip dhcp-server relay-agent-echo enable
dhcp snooping trust
dhcp snooping trust
dhcp snooping trust

#sh run | incl gate
ip bootp-gateway 192.168.7.254
ip bootp-gateway 192.168.9.254


#sh debug                                                                 
Debug message destination:  Console                                                                 
Debug message destination:  SSH session 1                                                           
Generic IP:                                                                                         
          DHCP SNOOPING:  debugging is on                                                           
          DHCP RELAY:  debugging is on                                                              
UDP:                                                                                                
          UDP:  debugging is on

I've reloaded the switch just to be sure.

Three questions for the Brain Trust:

1. What if any other commands might I want to run for debugging / diagnostic purposes?
2. Am I wrong in expecting the MT loopback (101.1) to see IPv4 UDP port 67 packets 'stamped' from 192.168.7.254?
3. Anybody who's gotten ip helper/dhcp relay working, got any ideas to try or config to share?


Actually I'll add a fourth, unrelated-but-tangential question to save thread clarity:

4. I'd like to be able to push traffic going 'up the stick' between the switch and the virtualized router 'out of' one ethernet port and 'back into' another, so I can jumper in (and then back around) a physical bump-in-the-wire device I'd like to play with, without changing any other configs. It seems (per the 8.0.95 L3 manual) that 7150s don't do VRFs. Any ideas on how to do this gracefully with my 7150?

 

[OKGolombRuler]

ETA the MT DHCP server config:

      name="guest1" interface=loopback relay=192.168.7.254 lease-time=2h address-pool=xx7x
      bootp-support=dynamic bootp-lease-time=lease-time server-address=192.168.101.1
      authoritative=yes use-radius=no conflict-detection=no lease-script=""
      allow-dual-stack-queue=no

The MT is running latest, 7.7 I believe.

 

[Matta]

Greetings !
Recently I've acquired ICX6610-48p and I just wanted to use it as a switch (I like those SFP+ ports) . I just gave it IP address within main subnet and that's it. Most of my equipment is Mikrotik (main router, switches, APs).
I have two virtual WLANs on all APs and everything is working like it should when Brocade is not in equation (clients are getting IP addresses, can access internet, speed limitation, etc.).
When I connect some APs (or switches with connected APs) to Brocade, wifi clients on virtual WLANs are not getting IP addresses.
Main subnet is working without issues, both wifi clients and computers connected to LAN ports.

My question is (since this is my first contact with industry-grade switch):
- Do I need to config VLANs also on Brocade, in order that virtual WLAN clients could get IP addresses and access internet without problems ?

It's maybe dumb for most of you but, as I said, this is my first with these kind of switches and I'm clueless.

Thanks !

 

[OKGolombRuler]

ETA the MT DHCP server config:

      name="guest1" interface=loopback relay=192.168.7.254 lease-time=2h address-pool=xx7x
      bootp-support=dynamic bootp-lease-time=lease-time server-address=192.168.101.1
      authoritative=yes use-radius=no conflict-detection=no lease-script=""
      allow-dual-stack-queue=no

The MT is running latest, 7.7 I believe.

Further edited to add, apparently I don't understand debug destinations. After getting a firehose to the face and a little no debug udp, I got some useful logs:

Debug: Jan 29 11:38:20 DHCP_RELAY : Relay agent rxed message on port v7
Debug: Jan 29 11:38:20 DHCP_RELAY : Received Bootp request msg on port v7
Debug: Jan 29 11:38:20 DHCP_RELAY : Bootp request packet send with GiAddr 192.168.7.254
Debug: Jan 29 11:38:20 DHCP_RELAY : Bootp request packet sent on port INVALID,With helper-address 192.168.101.1
Debug: Jan 29 11:38:20 DHCP_RELAY :restored gi_l2_action_required: 1
Debug: Jan 29 11:38:25 DHCP_RELAY : Relay agent rxed message on port v7
Debug: Jan 29 11:38:25 DHCP_RELAY : Received Bootp request msg on port v7
Debug: Jan 29 11:38:25 DHCP_RELAY : Bootp request packet send with GiAddr 192.168.7.254
Debug: Jan 29 11:38:25 DHCP_RELAY : Bootp request packet sent on port INVALID,With helper-address 192.168.101.1
Debug: Jan 29 11:38:25 DHCP_RELAY :restored gi_l2_action_required: 1
Debug: Jan 29 11:38:29 DHCP_RELAY : Relay agent rxed message on port v7
Debug: Jan 29 11:38:29 DHCP_RELAY : Received Bootp request msg on port v7
Debug: Jan 29 11:38:29 DHCP_RELAY : Bootp request packet send with GiAddr 192.168.7.254
Debug: Jan 29 11:38:29 DHCP_RELAY : Bootp request packet sent on port INVALID,With helper-address 192.168.101.1
Debug: Jan 29 11:38:29 DHCP_RELAY :restored gi_l2_action_required: 1

...which suggests that it's seeing the DHCP DISCOVER, stamping it correctly, setting the proper unicast destination... and then trying to send it out a nonexistent interface? Because the DHCP server is not on a directly-connected interface (have to route packet to get there)? Am I reading that right? Because it makes no sense to me that it wouldn't just... route that unicast traffic like all the rest of it...

 

[kpfleming]

Does the ICX have a route to 192.168.101.1? What is in the IPv4 routing table on the ICX?

 

[Richard Watt]

TLDR: Can split-tunneled VPN traffic not be allowed?

I'm running a ICX6450-24. I followed the directions at Fohdeesha Docs to get everything setup and it has been working fine. Once I connect my computer to our university's Cisco AnyConnect VPN — split-tunneling is allowed — I lose the ability to connect to any local resources (e.g., 10.0.1.0/24). I've confirmed that this IP range is listed in the Cisco Route Details Non-Secured Routes.

Is there anything on the ICX6450-24 that could be interfering with the traffic? I didn't have this issue with my previous switch (Dell PowerConnect 2816). I don't have it hooked up that I can re-test at the moment, which is why I'm reaching out here.

I've posted my config in case I mis-configured something. If you can offer any insight that would be great, thank you!

Spoiler: Here's my running-config

==========================================================================
BEGIN : show running-config
CONTEXT : CONSOLE#0 : CONFIG
TIME STAMP : 10:23:53.535 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================
Current configuration:
!
ver 08.0.30uT313
!
stack unit 1
  module 1 icx6450-24-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
!
!
!
!
!
aaa authentication web-server default local
aaa authentication login default local
enable telnet authentication
enable aaa console
hostname nitrogen
ip dhcp-client disable
ip dns server-address 10.0.1.1
ip route 0.0.0.0/0 10.0.1.1
!
no telnet server
username root password .....
!
!
clock summer-time
clock timezone us Central
!
!
ntp
disable serve
server 216.239.35.0
server 216.239.35.4
!
!
no web-management http
!
!
!
interface ve 1
ip address 10.0.1.100 255.255.255.0
!
!
!
!
!
!
!
!
!
end

==========================================================================
TIME STAMP : 10:23:53.854 Central Mon Jan 30 2023
END : show running-config
TIME TAKEN : 53134306 ticks (265671530 nsec)
==========================================================================
==========================================================================
BEGIN : show version
CONTEXT : CONSOLE#0 : HW INFO
TIME STAMP : 10:23:53.854 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================
  Copyright (c) 1996-2016 Brocade Communications Systems, Inc. All rights reserved.
    UNIT 1: compiled on Apr 23 2020 at 10:57:06 labeled as ICX64R08030u
                (9871112 bytes) from Primary ICX64R08030u.bin
        SW: Version 08.0.30uT313
  Boot-Monitor Image size = 786944, Version:10.1.05T310 (kxz10105)
  HW: Stackable ICX6450-24
==========================================================================
UNIT 1: SL 1: ICX6450-24 24-port Management Module
         Serial  #: 2ax5o2jk68e
         License: ICX6450_PREM_ROUTER_SOFT_PACKAGE   (LID: H4CKTH3PLN8)
         P-ENGINE  0: type DEF0, rev 01
==========================================================================
UNIT 1: SL 2: ICX6450-SFP-Plus 4port 40G Module
==========================================================================
  800 MHz ARM processor ARMv5TE, 400 MHz bus
65536 KB flash memory
  512 MB DRAM
STACKID 1  system uptime is 11 day(s) 23 minute(s) 36 second(s)
The system started at 10:00:39 Central Thu Jan 19 2023

The system : started=cold start

==========================================================================
TIME STAMP : 10:23:53.945 Central Mon Jan 30 2023
END : show version
TIME TAKEN : 15086484 ticks (75432420 nsec)
==========================================================================
==========================================================================
BEGIN : show interfaces brief
CONTEXT : CONSOLE#0 : PORT STATUS
TIME STAMP : 10:23:53.963 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================
Port       Link    State   Dupl Speed Trunk Tag Pvid Pri MAC             Name
1/1/1      Up      Forward Full 1G    None  No  1    0   748e.f8b0.44a0
1/1/2      Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/3      Up      Forward Full 1G    None  No  1    0   748e.f8b0.44a0
1/1/4      Up      Forward Full 1G    None  No  1    0   748e.f8b0.44a0
1/1/5      Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/6      Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/7      Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/8      Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/9      Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/10     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/11     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/12     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/13     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/14     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/15     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/16     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/17     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/18     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/19     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/20     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/21     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/22     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/23     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/1/24     Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/2/1      Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/2/2      Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/2/3      Down    None    None None  None  No  1    0   748e.f8b0.44a0
1/2/4      Down    None    None None  None  No  1    0   748e.f8b0.44a0
mgmt1      Down    None    None None  None  No  None 0   748e.f8b0.44a0
ve1        Up      N/A     N/A  N/A   None  N/A N/A  N/A 748e.f8b0.44a0
==========================================================================
TIME STAMP : 10:23:54.084 Central Mon Jan 30 2023
END : show interfaces brief
TIME TAKEN : 20263672 ticks (101318360 nsec)
==========================================================================
==========================================================================
BEGIN : show statistics ethernet
CONTEXT : CONSOLE#0 : PACKET COUNTERS
TIME STAMP : 10:23:54.085 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================
Port       Link    State   Dupl Speed Trunk Tag Pvid Pri MAC             Name
1/1/1      Up      Forward Full 1G    None  No  1    0   748e.f8b0.44a0

Port 1/1/1 Counters:
         InOctets           2529985912           OutOctets           3189571457
           InPkts              9739676             OutPkts              3122756
  InBroadcastPkts              4886030    OutBroadcastPkts                 1144
  InMulticastPkts              2440536    OutMulticastPkts                 3243
    InUnicastPkts              2413110      OutUnicastPkts              3118369
        InBadPkts                    0
      InFragments                    0
       InDiscards                    0           OutErrors                    0
              CRC                    0          Collisions                    0
         InErrors                    1      LateCollisions                    0
      InGiantPkts                    0
      InShortPkts                    0
         InJabber                    0
   InFlowCtrlPkts                    0     OutFlowCtrlPkts                    0
     InBitsPerSec                80304       OutBitsPerSec               107960
     InPktsPerSec                   20       OutPktsPerSec                   18
    InUtilization                0.00%      OutUtilization                0.00%

Port       Link    State   Dupl Speed Trunk Tag Pvid Pri MAC             Name
1/1/3      Up      Forward Full 1G    None  No  1    0   748e.f8b0.44a0

Port 1/1/3 Counters:
         InOctets           3185313043           OutOctets           1576577892
           InPkts              3071073             OutPkts              3035191
  InBroadcastPkts                  625    OutBroadcastPkts               407669
  InMulticastPkts                 2992    OutMulticastPkts               277541
    InUnicastPkts              3067456      OutUnicastPkts              2349981
        InBadPkts                    0
      InFragments                    0
       InDiscards                    0           OutErrors                    0
              CRC                    0          Collisions                    0
         InErrors                    0      LateCollisions                    0
      InGiantPkts                    0
      InShortPkts                    0
         InJabber                    0
   InFlowCtrlPkts                   16     OutFlowCtrlPkts                    0
     InBitsPerSec               107896       OutBitsPerSec                78096
     InPktsPerSec                   18       OutPktsPerSec                   19
    InUtilization                0.00%      OutUtilization                0.00%

Port       Link    State   Dupl Speed Trunk Tag Pvid Pri MAC             Name
1/1/4      Up      Forward Full 1G    None  No  1    0   748e.f8b0.44a0

Port 1/1/4 Counters:
         InOctets               737562           OutOctets             97006566
           InPkts                 6382             OutPkts               692663
  InBroadcastPkts                   10    OutBroadcastPkts               406433
  InMulticastPkts                  251    OutMulticastPkts               279474
    InUnicastPkts                 6121      OutUnicastPkts                 6756
        InBadPkts                    0
      InFragments                    0
       InDiscards                    0           OutErrors                    0
              CRC                    0          Collisions                    0
         InErrors                    0      LateCollisions                    0
      InGiantPkts                    0
      InShortPkts                    0
         InJabber                    0
   InFlowCtrlPkts                    0     OutFlowCtrlPkts                    0
     InBitsPerSec                   16       OutBitsPerSec                 6120
     InPktsPerSec                    0       OutPktsPerSec                    5
    InUtilization                0.00%      OutUtilization                0.00%

==========================================================================
TIME STAMP : 10:23:57.583 Central Mon Jan 30 2023
END : show statistics ethernet
TIME TAKEN : 583156587 ticks (2915782935 nsec)
==========================================================================
==========================================================================
BEGIN : show logging
CONTEXT : CONSOLE#0 : STATIC/DYNAMIC LOG
TIME STAMP : 10:23:57.704 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================
Syslog logging: enabled ( 0 messages dropped, 0 flushes, 105 overruns)
    Buffer logging: level ACDMEINW, 50 messages logged
    level code: A=alert C=critical D=debugging M=emergency E=error
                I=informational N=notification W=warning

Dynamic Log Buffer (50 lines):
Jan 30 10:23:30:I:Security: console login by root to PRIVILEGED EXEC mode
Jan 30 10:23:27:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 10:23:27:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 10:23:27:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 10:23:27:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 10:23:25:I:Security: console login by root to USER EXEC mode
Jan 30 10:16:14:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:16:14:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:16:14:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:16:12:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:16:12:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:16:12:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:09:56:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 10:09:56:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 10:09:56:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 10:09:56:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 10:03:31:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:03:31:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:03:31:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:03:29:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:03:29:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 10:03:29:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:56:25:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:56:25:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:56:25:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:56:25:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:50:49:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:50:49:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:50:49:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:50:47:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:50:47:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:50:47:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:42:55:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:42:55:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:42:55:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:42:55:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:38:06:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:38:06:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:38:06:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:38:04:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:38:04:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:38:04:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:29:25:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:29:25:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:29:25:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:29:25:I:SNMP: Auth. failure, intruder IP:  10.0.1.1
Jan 30 09:25:24:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:25:24:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:25:24:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
Jan 30 09:25:22:I:SNMP: Auth. failure, intruder IP:  10.0.1.103
==========================================================================
TIME STAMP : 10:23:57.954 Central Mon Jan 30 2023
END : show logging
TIME TAKEN : 41739781 ticks (208698905 nsec)
==========================================================================
==========================================================================
BEGIN : dm statistics
CONTEXT : CONSOLE#0 : DIAGONSTIC RELATED STATISTICS
TIME STAMP : 10:23:57.959 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================
real_transition-transit-sw_reset-discards:
3-0-0-0(1/1/1) 0-0-0-0(1/1/2) 229-0-0-0(1/1/3) 5-0-0-0(1/1/4)
0-0-0-0(1/1/5) 0-0-0-0(1/1/6) 0-0-0-0(1/1/7) 0-0-0-0(1/1/8)
0-0-0-0(1/1/9) 0-0-0-0(1/1/10) 0-0-0-0(1/1/11) 0-0-0-0(1/1/12)
0-0-0-0(1/1/13) 0-0-0-0(1/1/14) 0-0-0-0(1/1/15) 0-0-0-0(1/1/16)
0-0-0-0(1/1/17) 0-0-0-0(1/1/18) 0-0-0-0(1/1/19) 0-0-0-0(1/1/20)
0-0-0-0(1/1/21) 0-0-0-0(1/1/22) 0-0-0-0(1/1/23) 0-0-0-0(1/1/24)
0-0-0-0(1/2/1) 0-0-0-0(1/2/2) 0-0-0-0(1/2/3) 0-0-0-0(1/2/4)
==========================================================================
TIME STAMP : 10:23:57.959 Central Mon Jan 30 2023
END : dm statistics
TIME TAKEN : 90010 ticks (450050 nsec)
==========================================================================
==========================================================================
BEGIN : show media
CONTEXT : CONSOLE#0 : OPTICS TYPE
TIME STAMP : 10:23:58.084 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================
Port 1/1/1:  Type : 1G M-C (Gig-Copper)
Port 1/1/2:  Type : 1G M-C (Gig-Copper)
Port 1/1/3:  Type : 1G M-C (Gig-Copper)
Port 1/1/4:  Type : 1G M-C (Gig-Copper)
Port 1/1/5:  Type : 1G M-C (Gig-Copper)
Port 1/1/6:  Type : 1G M-C (Gig-Copper)
Port 1/1/7:  Type : 1G M-C (Gig-Copper)
Port 1/1/8:  Type : 1G M-C (Gig-Copper)
Port 1/1/9:  Type : 1G M-C (Gig-Copper)
Port 1/1/10:  Type : 1G M-C (Gig-Copper)
Port 1/1/11:  Type : 1G M-C (Gig-Copper)
Port 1/1/12:  Type : 1G M-C (Gig-Copper)
Port 1/1/13:  Type : 1G M-C (Gig-Copper)
Port 1/1/14:  Type : 1G M-C (Gig-Copper)
Port 1/1/15:  Type : 1G M-C (Gig-Copper)
Port 1/1/16:  Type : 1G M-C (Gig-Copper)
Port 1/1/17:  Type : 1G M-C (Gig-Copper)
Port 1/1/18:  Type : 1G M-C (Gig-Copper)
Port 1/1/19:  Type : 1G M-C (Gig-Copper)
Port 1/1/20:  Type : 1G M-C (Gig-Copper)
Port 1/1/21:  Type : 1G M-C (Gig-Copper)
Port 1/1/22:  Type : 1G M-C (Gig-Copper)
Port 1/1/23:  Type : 1G M-C (Gig-Copper)
Port 1/1/24:  Type : 1G M-C (Gig-Copper)
Port 1/2/1:  Type : EMPTY
Port 1/2/2:  Type : EMPTY
Port 1/2/3:  Type : EMPTY
Port 1/2/4:  Type : EMPTY
==========================================================================
TIME STAMP : 10:23:58.353 Central Mon Jan 30 2023
END : show media
TIME TAKEN : 44928833 ticks (224644165 nsec)
==========================================================================
==========================================================================
BEGIN : dm save-area
CONTEXT : CONSOLE#0 : REGISTER INFO
TIME STAMP : 10:23:58.355 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================

[Empty]
==========================================================================
TIME STAMP : 10:23:58.484 Central Mon Jan 30 2023
END : dm save_area
TIME TAKEN : 21479460 ticks (107397300 nsec)
==========================================================================
==========================================================================
BEGIN : show license
CONTEXT : CONSOLE#0 : LICENSE
TIME STAMP : 10:23:58.734 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================

License Information
===================
Index    Lic Mode        Lic Name               Lid/Serial No  Lic Type    Status     Lic Period    Lic Capacity
Stack unit 1:
1        Node Lock       ICX6450-PREM-LIC-SW    H4CKTH3PLN8    Normal      Active     Unlimited         1
2        Node Lock       ICX6450-10G-LIC-POD    H4CKTH3PLN8    Normal      Active     Unlimited         2
==========================================================================
TIME STAMP : 10:23:58.740 Central Mon Jan 30 2023
END : show license
TIME TAKEN : 1073960 ticks (5369800 nsec)
==========================================================================
==========================================================================
BEGIN : show stack
CONTEXT : CONSOLE#0 : STACK DETAILS
TIME STAMP : 10:23:58.854 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================

Stack Details
=============
T=11d23m41.3: alone: standalone, D: dynamic cfg, S: static
ID   Type          Role    Mac Address    Pri State   Comment
1  S ICX6450-24    alone   748e.f8b0.44a0   0 local   None:0


     +---+
  2/1| 1 |2/3
     +---+
Current stack management MAC is 748e.f8b0.44a0

Image-Auto-Copy is Enabled.

      Stack Port Status                        Neighbors
Unit# Stack-port1         Stack-port2          Stack-port1         Stack-port2
1     none                none                 none                none
==========================================================================
TIME STAMP : 10:23:58.855 Central Mon Jan 30 2023
END : show stack
TIME TAKEN : 226154 ticks (1130770 nsec)
==========================================================================
==========================================================================
BEGIN : hw bc
CONTEXT : CONSOLE#0 : HW BUFFER COUNT
TIME STAMP : 10:23:58.855 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================
==========================================================================
TIME STAMP : 10:23:58.855 Central Mon Jan 30 2023
END : hw bc
TIME TAKEN : 23845 ticks (119225 nsec)
==========================================================================
==========================================================================
BEGIN : de
CONTEXT : CONSOLE#0 : DUMP EXTRA SYSTEM COUNTERS
TIME STAMP : 10:23:59.103 Central Mon Jan 30 2023
HW/SW INFO : ICX6450-24/ICX64R08030u
==========================================================================
GADDR        =   03193020       Dram Buf     =       2720
CPU_R        =    4284349       Buf Msgs     =          0
SNOOP_TX     =    2683783       SNOOP_DP     =     105715
GET_B        =    4318229       FREE_B       =    8631931
Sw_Mode      =          0       New_Addr     =       1905
NA_Learn     =       1905       NA_Age       =       1768
NA_Update    =          0       NA_Hash_Full =          0
NA_Hash_Del  =          0       SFLOW_sample =          0
Buf_G_Msgs   =          0       Buf_F_Msgs   =          0
Buf_Count    =          0
CPU_XR[TC0-3 [5435][0][0][0]
CPU_XR[TC4-7 [3747443][99773][0][431698]
==========================================================================
TIME STAMP : 10:23:59.104 Central Mon Jan 30 2023
END : de
TIME TAKEN : 64650 ticks (323250 nsec)
==========================================================================

 

[kpfleming]

Is there anything on the ICX6450-24 that could be interfering with the traffic? I didn't have this issue with my previous switch (Dell PowerConnect 2816). I don't have it hooked up that I can re-test at the moment, which is why I'm reaching out here.

It seems very unlikely given that your switch is in a very basic configuration which doesn't include any L3 routing configuration.

 

[fumble]

If anyone wants a pinout for the DC cable to power 64XX switches with an ICX6400-EPS1500

WST Coonnectors P20-I42002 (ATX V1, MiniFit Jr 1727080020 etc.)

Pins are straight through, connection 1 on one end goes to connection 1 on the other end.

Cable including connectors is 1M long.

Viewed from the switch or psu side. Retaining clip at top.

______________===______________
|11|12|13|14|15|16|17|18|19|20|
|01|02|03|04|05|06|07|08|09|10|

1-5,11-15 : 18AWG 300V insulated wire.
______________===______________
|11|12|13|14|15|  |  |  |  |  |
|01|02|03|04|05|  |  |  |  |  |

7-10,17-19 : 7 Conductor Unshielded Cable, 18AWG 300V insulated wire. Like Belden 8467MN. These may be the 54v PoE wires.
______________===______________
|  |  |  |  |  |  |17|18|19|  |
|  |  |  |  |  |  |07|08|09|10|

6,16,20 : Empty
______________===______________
|  |  |  |  |  |16|  |  |  |20|
|  |  |  |  |  |06|  |  |  |  |

 

[Richard Watt]

It seems very unlikely given that your switch is in a very basic configuration which doesn't include any L3 routing configuration.

Thank you! I rebooted my iMac last night and connected to VPN and things seemed to work fine. Tried again this morning and it's back to not working. Some very brief searching indicated that maybe macOS Ventura (I'm on 13.2) is having issues with VPN split-tunneling. I'm going to reach out to the group that handles our VPN to see if they can help.

 

[OKGolombRuler]

Does the ICX have a route to 192.168.101.1? What is in the IPv4 routing table on the ICX?

Yes, and it pings fine.

ping 192.168.101.1
Sending 1, 16-byte ICMP Echo to 192.168.101.1, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 192.168.101.1   : bytes=16 time=1ms TTL=64
Success rate is 100 percent (1/1), round-trip min/avg/max=1/1/1 ms.    

traceroute 192.168.101.1

Type Control-c to abort
Tracing the route to IP node 192.168.101.1(192.168.101.1) from 1 to 30 hops

  1     1 ms   <1 ms   <1 ms 192.168.101.1

The ICX's routes:

sh ip route                                                                                                                
Total number of IP routes: 9                                                                                                                          
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric                                                                              
BGP  Codes - i:iBGP e:eBGP                                                                                                                            
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2                                                                                        
STATIC Codes - v:Inter-VRF                                                                                                                            
        Destination        Gateway         Port          Cost          Type Uptime                                                                    
1       0.0.0.0/0          192.168.99.227  ve 99         110/2         O1   2d8h                                                                      
...
6       192.168.9.0/24     DIRECT          ve 9          0/0           D    2d8h                                                                      
...                                            
9       192.168.101.1/32   192.168.99.227  ve 99         110/2         O    2d3h

and the MT's routes:

 /ip route print
Flags: D - DYNAMIC; A - ACTIVE; c, s, o, d, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
#     DST-ADDRESS       GATEWAY             DISTANCE
  DAd 0.0.0.0/0         MyISPSubnet.1                1
  DAc MyISPSubnet.0/24    outside               0
0  As 192.168.0.0/16    192.168.99.254             1
...
DAo 192.168.9.0/24    192.168.99.254%v99       110
...
  DAc 192.168.101.1/32  loopback                   0

 

[Mark]

Just tried a 100G QSFP28 to 4X 25G SFP28 Breakout DAC in one of the 100g ports on the 7650 and it does not appear to be supported as I'm getting the following from show media: Port 1/3/2: Type : 40GBASE-Passive Copper 1m (QSFP+) (Not Supported)

The cable is juniper coded any idea if this would have anything to do with it? Doesn't seem like there is anything documented around breaking out the 100g port on the 7650.

 

[itronin]

Just tried a 100G QSFP28 to 4X 25G SFP28 Breakout DAC in one of the 100g ports on the 7650 and it does not appear to be supported as I'm getting the following from show media: Port 1/3/2: Type : 40GBASE-Passive Copper 1m (QSFP+) (Not Supported)

The cable is juniper coded any idea if this would have anything to do with it? Doesn't seem like there is anything documented around breaking out the 100g port on the 7650.

hmmm. I just picked one up off the bay (need a new house switch since we are moving). I did some brief reserarch and did not see anything about 4x breakout on the 100's I thought they could only run 100 or 40. The 40 ports I thought were also not breakout. I also read that if you use the rear ports for uplink instead of stacking then it disables the front modular bay. Actually it literally says "disables configuration" of the modular bay ports. Not sure if that means they will or won't work. Hoping to get mine on the bench this coming weekend to play with it.

Honestly though I'm more interested in the 24 ports of multi-gig on mine. Probably still use my icx6610's for sfp+ ports in the rack.

 

[MESSERCHMIDT]

do any of these units support 2.5 or 5gbs? or just 1gbs/10gbs? (and some 40gbs on the back) [specifically the Brocade ICX6610]

 

[TonyArrr]

do any of these units support 2.5 or 5gbs? or just 1gbs/10gbs? (and some 40gbs on the back) [specifically the Brocade ICX6610]

I think I saw one of the 7150 or 7450 24 port models did some 2.5g, but NbaseT is a bit of a bastardised standard built to save a few bucks over 10GbaseT when making consumer gear, so a lot of enterprise level gear just doeouch it, taking a position of “if it’s worth going over 1G, why would we not do 10?”

There is a new line coming out literally right now, the 8200 line, which the 12-port one has all their downlink ports as 2.5s to support running wifi 6 APs, but the very little I’ve been able to find on pricing suggests a cool 2k US for them when they get to sale

I remember reading a thread where someone was asking how to get a 2.5g SFP module to work in a 6610 and the Ruccus support rep just told them to use 10g modules, and they didn’t plan to write support into the ICX software base because there was no reason in the target market to do 2.5 anyway.

Old thread, definitely before wifi 6, so things may have changed since then. Probably no new firmware for something like the 6610 to run it properly, but @fohdeesha would know much better than I on that front

 

[Mark]

hmmm. I just picked one up off the bay (need a new house switch since we are moving). I did some brief reserarch and did not see anything about 4x breakout on the 100's I thought they could only run 100 or 40. The 40 ports I thought were also not breakout. I also read that if you use the rear ports for uplink instead of stacking then it disables the front modular bay. Actually it literally says "disables configuration" of the modular bay ports. Not sure if that means they will or won't work. Hoping to get mine on the bench this coming weekend to play with it.

Honestly though I'm more interested in the 24 ports of multi-gig on mine. Probably still use my icx6610's for sfp+ ports in the rack.

I finally found a document that shows what cables they support and yeah its a no go on breaking out those ports for the time being at least. It appears that they have been adding support for additional cables in the later software releases. PDF with details below:
https://www.commscope.com/globalassets/digizuite/61722-ds-ethernet-optics-family.pdf

I didn't actually buy the switch specifically for breaking out the 100g ports but I figured if I could run 2x25g to each of my 3 esxi servers that would save me some of the multi gig ports in the front. I've got the switch racked up and its really amazing I have 5 Cisco 4800 series AP's that do 5g multi gig and a bunch of 10g workstations. I still need to setup a stack to the 7150 in my attic. I'll keep my fingers crossed that they add breakout support in the future!

 

[Scarlet]

Just wanted to add my 2 cents on how much power ICX6450-24P (PoE models) draw when idle and with nothing but power connected.

I tested three ICX6450-24P (using a Shelly Plus 1PM), and all three consistently reported the same values:

25 W power draw during boot (when the two fans run at full speed)
22 W power draw after boot (when the two fans drop to low speed)
35 W power draw after a few seconds when the PoE power supply is initialized

So it seems the PoE power supply adds ~13 W on top of the idle power without PoE.