Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Revoman

New Member
May 23, 2019
7
1
3
If anyone is interested, I have 2 ICX 6610's I'm looking to sell.
ICX-6610-48P (rj45 48 port PoE) and an ICX-6610-24F(24 SFP ports)
Message me if interested.
 

zunder1990

Active Member
Nov 15, 2012
210
72
28
Ok what is the need for this switch. I fail to see the need for this switch. Fiber switches are often core/mfd switches but why not just link at 10gb then?
ICX 8200-24F Fiber
· 24× 1GbE SFP ports
· 4× 1/10/25 GbE uplink/stacking SFP28 ports
 
  • Like
Reactions: TonyArrr

Vesalius

Active Member
Nov 25, 2019
253
195
43
For anyone using the 09.* firmware, I am dropping this here in case anyone runs into this edge case.

I run a proxmox cluster that host multiple IoT vm's and containers (Homebrige, HA, Scrypted) among other things attached to my 7150-48zp. Ever since booting the fastiron 09. series ipv4 mDNS has been a real problem, but only from the proxmox guest VM, LXC, containers, everything else running baremetal and directly connected worked fine. For the longest time, I thought it was some conflict on the proxmox linux bridge side as I also upgraded to a new proxmox version about that time as well. Resorted to setting up avahi to publish/rebroadcast from everything hosted on proxmox.

By luck, I recently found that the IXC 08.* series firmware by default enables/allows Flooding of Unregistered IPv4 Multicast Frames with any IGMP-Snooping whereas the icx 09.* series firmware default disabled/denied them. As the result the cli commands changed, but the ruckus documentation title for the page was not changed and subsequently was misleading or incorrect.

device# ip multicast flood-unregistered

 
Last edited:

dswartz

Active Member
Jul 14, 2011
610
79
28
For anyone using the 09.* firmware, I am dropping this here in case anyone runs into this edge case.

I run a proxmox cluster that host multiple IoT vm's and containers (Homebrige, HA, Scrypted) among other things attached to my 7150-48zp. Ever since booting the fastiron 09. series ipv4 mDNS has been a real problem, but only from the proxmox guest VM, LXC, containers, everything else running baremetal and directly connected worked fine. For the longest time, I thought it was some conflict on the proxmox linux bridge side as I also upgraded to a new proxmox version about that time as well. Resorted to setting up avahi to publish/rebroadcast from everything hosted on proxmox.

By luck, I recently found that the IXC 08.* series firmware by default enables/allows Flooding of Unregistered IPv4 Multicast Frames with any IGMP-Snooping whereas the icx 09.* series firmware disabled/denied them. As the result the cli commands changed, but the ruckus documentation title for the page was not changed and subsequently was misleading or incorrect.

device# ip multicast flood-unregistered

Huh. Thanks for the tip. I have a 3-node proxmox cluster off the stacked 7250s, so that's good to know!
 

tubs-ffm

Active Member
Sep 1, 2013
171
57
28
What is the difference of Fastiron switching software (SPS) to routing software (SPR) when only using L2 functions?

Up to know I always was using the routing software on a 7250 and a 7150. On one device I use routing functions. The other switch I am using as L2 only but with SPR software just because I am familiar with how to set it up. What benefit I would get changing to SPS software? I assume there must be any as otherwise there would be no reason the SPS software exits.
 

i386

Well-Known Member
Mar 18, 2016
4,240
1,546
113
34
Germany
What is the difference of Fastiron switching software (SPS) to routing software (SPR) when only using L2 functions?
None.
I would always use the image that has the "most complete" features. In case you want to try/have to use a certain feature you don't have to reflash your switch.
 

tubs-ffm

Active Member
Sep 1, 2013
171
57
28
None.
I would always use the image that has the "most complete" features. In case you want to try/have to use a certain feature you don't have to reflash your switch.
Thank you. I thought there might be a reason for the existence of the L2 software with reduced functionality.

What I had in my mind is that it could be less power hungry what would end up in a cooler fanless device.
 

kpfleming

Active Member
Dec 28, 2021
392
205
43
Pelham NY USA
I would always use the image that has the "most complete" features. In case you want to try/have to use a certain feature you don't have to reflash your switch.
Thanks for that; I'm about to replace a stack with a new stack, and will be using only L2 features on the new stack, so had considered using the SPS firmware instead of SPR.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,737
3,099
113
33
fohdeesha.com
Thank you. I thought there might be a reason for the existence of the L2 software with reduced functionality.

What I had in my mind is that it could be less power hungry what would end up in a cooler fanless device.
there's no power or heat difference in the images. the old l2 only images are a holdover from the Foundry days (before brocade bought them) and resulted in smaller images for devices with smaller flash, and some specific FIPS/security situations where a vendor might not allow certain software packages etc. no reason to use the l2 images now and just creates a big PITA if you ever want any of the features in the main image
 
  • Like
Reactions: tubs-ffm

i386

Well-Known Member
Mar 18, 2016
4,240
1,546
113
34
Germany
I would agree to a certain degree for user applications, but if somebody has access to the cli of your switch and has the permissions to execute commands you already have other problems than l3 functionality :D

edit:fixed typos
 

TonyArrr

Active Member
Sep 22, 2021
131
68
28
Straylia
I would agree to a certain degree for user applications, but if somebody has access to the cli of your switch and has the permissions to execute commands you already have other problems than l3 functionality :D

edit:fixed typos
And how do you get to having CLI access when the equipment owner doesn’t want you to? Exploit bugs and vulnerabilities in the software, firmware and hardware that make up the equipment.

So by having less software when it is not needed, it means there is less “surface” that a hostile party can use to break into your equipment.

Security isn’t a reason to use less software if that software is fulfilling a need, but if you have no need for the software and security is a concern, it’s a good idea to remove the unused software.

in a home use setting, going down to the switch only software is probably gonna be overkill, given homes are lesser targets for most black hat hacking, but in large businesses and up, that level of control can be an important step
 
  • Like
Reactions: Jason Antes

Xoid

New Member
Nov 14, 2018
27
4
3
Anyone know if any of these switches are short depth (i.e. 14" or shorter)? With 12x or 24x SFP+ ports? Understandably the short depth is not very popular in enterprise so there's not many around, but wondering if any were made and if there are any model numbers I should be looking for.
 
Last edited:

NablaSquaredG

Layer 1 Magician
Aug 17, 2020
1,336
810
113
Anyone know if any of these switches are short depth (i.e. 14" or shorter)? With 12x or 24x SPF+ ports? Understandably the short depth is not very popular in enterprise so there's not many around, but wondering if any were made and if there are any model numbers I should be looking for.
Nope, none of the old ones.

The only one that would fit your requirements is the new ICX 8200-24FX with 11in depth.

In theory, there is also the ICX7150-24F, but it seems like it never even hit the market to begin with. There was an "Ruckus Emergency End of Sale Announcement – Ruckus ICX7250, ICX7150-C08PT, ICX7150-C08P and ICX7150-24F"

All of 6610, 6650, 7450, 7750, 7850 are too deep
 
  • Like
Reactions: itronin and Xoid

jagsta21

New Member
Feb 23, 2023
1
0
1
would I be better off purchasing a 7250-48 for 450$ or a 6450-48p for 160$?
I guess what I'm asking is. is the "newer ness" of the 7250 worth the price increase over the 6450?
 

TonyArrr

Active Member
Sep 22, 2021
131
68
28
Straylia
So looking for some input and advice. A request for comment, if you will.

I've in the midst of upgrading my home network, mostly to get as much of it off wifi as possible.
While figuring out how I want to set it up for myself, it occurs to me that in the event I sell up, I'll need to strip out a pile of the configuration so that future owners can still use the wired network with their own gear.

What I have that I plan to be a "fixture", that is, remains here as part of the apartment:
  • ICX 7250-24P: The "core switch", being racked in the top of the cupboard where internet comes into the apartment
  • ICX 7150-24: The switch for my office, racked with my Server and connecting my 3 Desktop computers (plus providing a easy point for me to connect new devices near a screen for configuration/testing before moving them to a more permanent home). In event of a move, I might swap this with a ICX 7150-C12P
  • ICX 7150-C12P: Going down by the entertainment unit to connect a gaming computer, some consoles, streaming box and the TV
  • Two short range 2.4GHz APs powered by POE (models not yet decided): The interference is so bad here, that small wifi devices, like those usually used in IoT devices like my ceiling fans and energy monitor, are not powerful enough to get their signal back through to the main AP. By putting them each back into their setup mode where they broadcast their own network, I was able to map out that there is no one spot in the apartment they can all reach, but there are 2 spots that would cover all of them, so I'm putting a small AP in each spot. These will be on their "own" network, not connected to the internet. Planning for them to be managed together through some sort of controller software so there is one place to manage them both. Likely Unifi for now, as HomeAssistant can be that controller.
  • A "TinyMiniMicro"-esque box for VMs: Will run a HomeAssistant instance that has the "fixed" IoT devices all controlled from, and a PFSense instance to act as DHCP and DNS for the IoT stuff. I may run other VMs there that are network related, but remove them if I move out.
On top of that, I would have my own Wifi AP which would not stay here if I moved, for stuff like my Tablet, Phone, things that Ethernet is not an option for but that are internet connected, including guest devices. My office desk is the best location for this AP to cover the whole apartment. Unfortunately not a big enough place for Roaming to work, otherwise I'd use the other two APs for this.

The physical layout, from internet inwards, goes:
  1. Modem, connects via Cat6 to:
  2. Firewall (probably as a VM on the TMM box), connects via DAC or Cat6 to:
  3. ICX 7250-24P, connects via 10Gbe over OM4/5 to #4 and #5, connects via Cat6 to #6 on a separate IoT VLAN
  4. ICX 7150-24 (or C12P, as appropriate): hosts client devices, and connects the main network AP (I'll leave a post-it saying this is the best spot for the new owner's wifi :p)
  5. ICX 7150-C12P, connecting whatever is in where the TV antenna connection is (so most likely TV, Consoles, etc). Might have the VLAN trunked to it for connecting devices you won't want phoning home, but do want to control. Effected ports would be labeled.
  6. The 2.4Ghz APs.
Along with the Optics I'm putting in the wall, I'm pulling Cat6 along to all the same places, which I'll be using as either a management network or backup lines in case a SFP module fails, but new owners could just use as their networking if they didn't want to use the SFP capable switches.

So what I'm wondering is how would you configure the ICX's in this layout, so that they would work with an unknown modem and a unknown wifi AP being installed without needing to be configured by whoever installs them? A VLAN being trunked to the TMM and the 2.4Ghz APs seems an obvious inclusion, but what else would I need to do?

Now I know some might say "why do planning for someone who might live here in the future?"
I have a few reasons for thinking about this.
  1. it might be a minor selling point (particularly over other nearby apartments) that there is a capable wired network to keep their netflix and video gaming stutter free in this grossly overcongested wireless environment, that they can just plug their stuff into and it will work.
  2. a neat experiment in configuration for me to do, since everything I've done networking-wise for the last decade has been to my specific needs, so figuring out making it all work for someone else's use case, or to more broadly work without specific uses in mind, seems like a good bit of practice.
  3. I want to leave the "smarts" of the hardwired IoT devices working for future owners, without having to leave them a pile of manuals to read to configure each one, so having the IoT wifi and HomeAssistant "embedded" in the home enables this, and the wired network partially configured enables that. There are a pile of things, light switches, ceiling fans, extraction fans, the air con, which I've rigged to be able to work remotely through HomeAssistant, although they are also all fully functional using their older "dumb" controls.
  4. If I figure this out now, when the walls are all wired I can do that config, test it works, and export the configs before doing the configuration that is more specific to my use of the network. Won't have to try figure that out when selling up to have it set and ready to go.
  5. What can I say, I'm a nice guy? Maybe it will inspire the new owners into becoming homelabbers?
So I'm posting here because I figure all the config I would need to do on my way out will be on the ICX's, and no one knows them better than the folks in this thread! (I can cut this out and make it all it's own post if you like).

And I'm not necessarily looking for anyone here to post a "do this config <code>", rather for the board strokes, like "you'll need to configure x, y and z to support a, b and c" so I can go looking into how I do that with a bit of a plan, rather than going in blind.

I did do my CCNA back like a decade and a half ago, but immediately got into a IT career that had absolutely no use for anything networking, so the knowledge has well and truely evaporated. I'm not starting from zero, but far enough back that I need the prodding :)

Anyway, hope some of you may have ideas, or even experience planning out something similar! Thanks in advance, and for reading!