Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Hmm, it gets worse. The router advertisement will announce the interface's global-scope (including ULA) ipv6 addresses and prefixes (unless suppressed, which it can do per address). However, it also doesn't look like there's a way to configure static routes in RAs. It's either default or nothing.
Hey i got a ICX 7250-24P offer accepted for 225 so I thought I should take it. it is not PoE. but it only has a 12v mini psu inside and 1 40x28 fan.
it seems I could add 3 less loud 40x20ish fans on the air intake side, and then either remove the loud fan or drill with 40mm holesaw (it has hardware to mount 3 exhaust fans but only one air hole) ...
I was wondering, I do need to have a security cam setup, but I can achieve the same thing as having this ICX7250 POE, by simply getting say
CSS610-8P-2S+IN thats a 8 port 1gb poe with 2 SFP+ , so I could then isolate that 10gb port on the 7250 and achieve the same thing right?
anyone have any experience modding this one for silence? i believe since there is only one fan it wont be hard... i was thinking about adding 60mmx60mmx10mm fans directly above the chips that get hot, so probably 3 inside there, remove the exhaust noisy fan, and put 3 quieter intake fans which combined CFM is greater than the previous 1 exhaust fan... that way I can keep the original case...
lmk how this sounds thanks STH
it seems I could add 3 less loud 40x20ish fans on the air intake side, and then either remove the loud fan or drill with 40mm holesaw (it has hardware to mount 3 exhaust fans but only one air hole) ...
I was wondering, I do need to have a security cam setup, but I can achieve the same thing as having this ICX7250 POE, by simply getting say
CSS610-8P-2S+IN thats a 8 port 1gb poe with 2 SFP+ , so I could then isolate that 10gb port on the 7250 and achieve the same thing right?
anyone have any experience modding this one for silence? i believe since there is only one fan it wont be hard... i was thinking about adding 60mmx60mmx10mm fans directly above the chips that get hot, so probably 3 inside there, remove the exhaust noisy fan, and put 3 quieter intake fans which combined CFM is greater than the previous 1 exhaust fan... that way I can keep the original case...
lmk how this sounds thanks STH
If it's not PoE, it's a 7250-24, not a 7250-24P
You didn't describe what you meant by 'the same thing'. Yes, you can link the CSS610 to the 7250 via SFP+ ports (using a DAC or AOC) and if the 7250 is primarily operating in layer 2 mode then you've essentially added 8 1GbE PoE ports to the overall network.
Well darn, looks like port 1/2/7 on my 6610 is damaged or misconfigured in some way.
I was using a breakout dac to my mikrotik crs312 sfp ports and 1/2/2-1/2/5 work just fine for LAG. but configuring the other breakout port the same way and putting the breakout into it - only 3 will show up as active.
I wonder If it's worth it to take apart and see if it's a component or solder issue that could be easily repairs - or a damaged PHY port. Probably not yet, since I dont have that many 40g devices yet.
I was using a breakout dac to my mikrotik crs312 sfp ports and 1/2/2-1/2/5 work just fine for LAG. but configuring the other breakout port the same way and putting the breakout into it - only 3 will show up as active.
I wonder If it's worth it to take apart and see if it's a component or solder issue that could be easily repairs - or a damaged PHY port. Probably not yet, since I dont have that many 40g devices yet.
This....
BUT
All hope is not lost. I've been trying to maximize my IPv6 use as of late and all but IoT gear that simply completely lacks IPv6 support are running IPv6 using my ICX 6610 as my core L3 router.
Some caveats...
As you've found out, the ICX routing firmware does not handle SLAAC or other EUI64 automatic addresses on it's interfaces*. If you have an ISP that occasionally changes your IPv6 prefix, you have to reconfigure each interface every time it changes. A PITA, but with Spectrum so far my IPv6 /56 only changes if I change my internet-facing OPNSense MAC/install or the modem is offline for extended periods (a day or more).
(* The switching-only firmware works just fine with IPv6 SLAAC on it's management interface.)
To help the situation of changing ISP-assigned IPv6 prefixes, set the ICX to broadcast the prefix with a very low valid time.
Code:
int ve 1234
ipv6 address 2601:3726:ab25:329a::1/64
ipv6 nd prefix-advertisement 2601:3726:ab25:329a::/64 1800 600 onlink autoconfigSo your choices are (less RIP/OSPF/BGP):
Code:
ipv6 route 2001:db8::/64 ve 3 fe80::1 (link-local address and specific interface the link-local address is attached)
ipv6 route 2001:db8::/64 2001:1234::1 (a GUA or ULA address that is on an attached and routable subnet)Hey guys, I need some help figuring out how to troubleshoot a problem. I have a brocade switch that I setup a VLAN to control around 12 cameras. The VLANs are set up as 192.168.3.x.
The problem is, I needed to reset a camera and I reset the camera to factory defaults, the IP defaults to 192.168.1.108.
I am unable to connect to this camera now to set it up. I set the system up several years ago and I forgot what I did then to add cameras to the network and reassign the IP addresses.
I thought I set up one of the ports on the brocade to be able to talk to all the other ports but I can't remember what I did.
What is the best way to access 192.168.1.108? Not sure what to google to try and figure this out. I don't know what port this particular camera is connected to.
The problem is, I needed to reset a camera and I reset the camera to factory defaults, the IP defaults to 192.168.1.108.
I am unable to connect to this camera now to set it up. I set the system up several years ago and I forgot what I did then to add cameras to the network and reassign the IP addresses.
I thought I set up one of the ports on the brocade to be able to talk to all the other ports but I can't remember what I did.
What is the best way to access 192.168.1.108? Not sure what to google to try and figure this out. I don't know what port this particular camera is connected to.
Code:
vlan 1 by port
untagged ethe 1/1/1
router-interface ve 1
!
vlan 2 by port
!
vlan 3 by port
untagged ethe 1/1/2 to 1/1/24
router-interface ve 3
!
vlan 999 name DEFAULT-VLAN by port
!
interface ve 1
ip address 192.168.1.250 255.255.255.0
!
interface ve 3
ip access-group 100 in
ip address 192.168.3.1 255.255.255.0
Last edited:
You didn't specify, but if the cameras are attached to vlan 3 then you can't reach one that is using address 192.168.1.108 since you have that subnet on vlan 1.
You can temporarily move that camera's port into VLAN 1, configure the camera, then move it back, but if you don't know the port number that will be challenging.
You can temporarily move that camera's port into VLAN 1, configure the camera, then move it back, but if you don't know the port number that will be challenging.
Does the unit have stacking turned on? It's possible that QSFP port is currently setup for linking.
No the stacking config is cleared. I even tried using the port outside of a LAG and it is just dead.
well it was labeled as one, so i got a partial refund thank you... still in market for a poe version...
i meant -- this is a L3 switch right, so I could theoretically have another managed switch with PoE even 2.5gb poe or higher, and a 10gb uplink to this switch, and I could put the L3 magic on that port and thus get a similar outcome to having a the poe version?
also, what is the best or highest firmware 7250 models are recommended to be on ?
last question --- is the 7250 a switch that has issues as a DHCP server?? that was one of the reasons among many others I went this direction. if it does have issues, what is the best solution for a dhcp server so I can setup the 7250 with dhcp relay or whatever?
thanks
i meant -- this is a L3 switch right, so I could theoretically have another managed switch with PoE even 2.5gb poe or higher, and a 10gb uplink to this switch, and I could put the L3 magic on that port and thus get a similar outcome to having a the poe version?
also, what is the best or highest firmware 7250 models are recommended to be on ?
last question --- is the 7250 a switch that has issues as a DHCP server?? that was one of the reasons among many others I went this direction. if it does have issues, what is the best solution for a dhcp server so I can setup the 7250 with dhcp relay or whatever?
thanks
I’m not sure exactly what you mean by wanting to “put the L3 magic on”, but you’d typically want to pick a single L3 router rather than using multiple routers. A managed L2 PoE switch would let you configure VLANs on that device downstream of your 7250. You could also use an unmanaged PoE switch (or individual PoE injectors) and manage VLANs on the 7250 itself (look for MAC/flex auth in the L2 security guide if you need dynamic VLANs on a single 7250 port - e.g., an IoT VLAN and a ‘trunk’ for an AP all powered by the same unmanaged PoE switch).
Check @fohdeesha ’s excellent guide
Yup - if devices don’t like a non-authoritative DHCP server, you’ll have problems using the switch in that capacity, but DHCP relay works well to a separate device (typically your upstream router/gateway/firewall or a separate server).
Practically, no. The PoE-less switches not only lack the PoE daughter board but are also missing other components.
Thanks for the confirmation. At this time, I've got OpenWRT doing the gateway to the ISP (Comcast) who gives me a /60. So OpenWRT has a static route through fe80::1 (ICX6450 ve 1) to the /60, and ve 1 has a default route through the link-local EUI-64 of OpenWRT to the internet. Then, I assign static /64's to ve 2 and ve 3 (thus allowing routing traffic to those segments) as well as giving them fe80::1. The switch announces that it is the default route on ve 2 and 3, which covers the delegated prefix as well as a ULA for the "site".
Code:
ipv6 unicast-routing
ipv6 route ::/0 ve 1 fe80::f2ad:4eff:fexx:xxxx
!
interface ve 1
ipv6 address fe80::1 link-local
ipv6 address fdxx:xxxx:xxxx::/64 eui-64
ipv6 address 2601:xxxx:xxxx:xxx0::/64 eui-64
ipv6 nd suppress-ra
!
interface ve 2
ipv6 address fe80::1 link-local
ipv6 address fd50:xxxx:xxxx:20::/64 eui-64
ipv6 address 2601:xxxx:xxxx:xxx2::/64 eui-64
ipv6 nd other-config-flagI've never felt comfortable with the idea of an L3 switch. I like to keep routing and switching separated.
I literally just figured out how to do this last week properly. I am using ISC's DHCP server on FreeBSD for IPv4 DHCP assignments and now the same for IPv6 DNS, NTP, and TFTP assignments.
Code:
ipv6 dhcp-relay destination <primary ipv6 dhcp server>
ipv6 dhcp-relay destination <secondary ipv6 dhcp server>
ipv6 dhcp-relay include-options interface-id remote-id
ipv6 nd other-config-flagDid you see that isc-dhcp-server is deprecated? They want you to move to isc-kea-server.
Thanks for the code snippet.