Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[TeleFragger]

Follow the guide, licensing is applied for "free"; you pay nothing. Good seller, imo. I got mine from them.

I won't comment on licensing for the fcx, since I don't know.

https://forums.servethehome.com/index.php?threads/brocade-icx-series-cheap-powerful-10gbe-40gbe-switching.21107/page-143#post-248899

Bit more info in the link to the 648s.

My ultimate goal is to "cleanup" my setup as I now have:
brocade 48 port rack mount
hp procurve 6 port rack mount
8 port poe for cameras

Goals are:
15 x1gb ports
6 or more POE
6-8 10 gig ports.. all close to each other except 1 about 15ft away (gaming rig)

do you recommend a different switch or could I do all of this with that switch?

Googled and found specs here Brocade ICX 6610-48P Switch | DataSwitchWorks.com
you mention license is free for 10gb.. i see this..
Dual-mode 1/10 GbE SFP/SFP+ ports
(10 GbE SFP+ optional upgrade license)

 

[els]

I've been reading this thread a bit and looked at different ICX models. I seem to have narrowed to 7150 ZP. Currently I have Juniper EX2200 which has served well for the last 10 years but has some limitations so I am looking to replace it with something better.

Requirements:
1 / 2.5GbE ports (I have Ruckus R650)
POE capability (to power IP cameras, Ruckus AP, as well as 5- or 8-port switches in various rooms)
At least 6 GbE SFP+ (I have 5 10GbE copper which means I would need adapters these are connected directly to servers / my desktop so would uplink ports allow for VLAN, intervlan routing rules, etc?)
L2 / L3 functionality
Furthermore, I read a bit about ICX it sounds like REST API is supported?

Would 7150 ZP fit the bill or should I look for something else? How does 7150 compare to Juniper EX2200 in terms of functionality and performance?

Thanks.

 

[bacourt]

Hey all,

I have a stack of two 6610's and they work great. I was looking at installing certificates from my root CA as I've been working with certificates and it's good practice.

Anyway, after struggling with it for a bit,

*edit* I needed to use a PKCS#1 certificate instead of PKCS#8, I believe? My CA is a Windows Machine, the root CA was added to the bottom of the certificate in base64 format (.pem was used for the certificate and private key, the private key was decrypted).

I finally got the certificate installed - the http access works as intended, you can log in and the page displays correctly, but when attempting to access via https (via IP or hostname) I'm getting this error:

Via Chrome or any other browser.

This site can’t be reached
The webpage at

https://1.2.3.4/

might be temporarily down or it may have moved permanently to a new web address.
ERR_SSL_BAD_RECORD_MAC_ALERT

Turning on http allows me to access the web page, so I'm wondering what's going on here. Searching this error didn't find me much.

Any advice or information is greatly appreciated!

 

[ManoftheSea]

when attempting to access via https (via IP or hostname) I'm getting this error:

Complete guess? Your certificate uses some algorithm the ICX doesn't. Too big RSA key? SHA256 signature?

 

[bacourt]

Complete guess? Your certificate uses some algorithm the ICX doesn't. Too big RSA key? SHA256 signature?

I made sure the RSA bit count was 2048 - do you know what the limit on the hashing signature is instead of SHA256? Any information would be really appreciated

 

[NablaSquaredG]

yeah, but I'm willing to escalate this, possibly to the uboot authors themselves.

I don't care about their support contract shitshow, GPL is GPL

BTW, this has now been escalated to denx who maintain u-boot

 

[CTurtle]

Hey,

First off, the obligatory thank you to fohdeesha et al, it is amazing the effort applied here to avoid e-waste and help the community out, it is highly appreciated and does make one "do better" overall.

With that off my chest, I bought a couple of 6610PE units from ebay, followed the documentation to upgrade and license said units, it all went smoothly as one could expect. Only one is in operation currently, with a handful of 10GB, 1GB and even one of the 40GB ports in use and, until recently, one of the 1GB ethernet ports was supplying POE power to an Ubiquity AP. This unit sits in a rack powered by a single PSU supplied through an HP UPS, so some protection exists.

The other day there was a storm and some ridiculously close lightning strike happen that killed power to the house. We were left in the dark for about one hour and the UPS did turn off, which it really shouldn't so there might be some issue there, but I haven't been able to address that yet. Anyway, everything seemed to power up fine, there seems to be zero damage which, frankly, is quite astonishing but I do have surge suppressors everywhere and good GFCIs all around.

What I noticed yesterday is that the AP was out, so I though "there, that's one victim to the storm" but testing it using a separate POE injector worked fine, so I thought maybe I had forgotten to "write mem" when I turned on the inline power, but no, it was still set up to be on:

SSH@puft-prince>show inline power 1/1/13

 Port   Admin   Oper    ---Power(mWatts)---  PD Type  PD Class  Pri  Fault/
        State   State   Consumed  Allocated                          Error
--------------------------------------------------------------------------
 1/1/13 On      Off            0          0  n/a      n/a         3  n/a

SSH@puft-prince>show inline power

Power Capacity:         Total is 748000 mWatts. Current Free is 748000 mWatts.

Power Allocations:      Requests Honored 0 times
...

I tried ports in each of the 4 16 port groups, but clearly something broke here. The switch is otherwise working great still, so I wondered if, me being handy with the soldering iron and all, I should even attempt to troubleshoot this, and if there are any pointers you could provide me as to how to proceed.

Or maybe I just downgrade the switch to a non POE version in my head, and use it as such

Thanks in advance.

 

[jode]

Check the status of your POE module.

SSH@ICX6610#show chassis
The stack unit 1 chassis info:

Power supply 1 (AC - PoE) present, status ok
     Model Number:    23-0000141-02
    Serial Number:    61L     
    Firmware Ver:      C
...

and

SSH@ICX6610#show module
       Module                                         Status Ports Starting MAC 
U1:M1  ICX6610-24P POE 24-port Management Module        OK     24   78a6.e144.eede
U1:M2  ICX6610-QSFP 10-port 160G Module                 OK     10   78a6.e144.eede
U1:M3  ICX6610-8-port Dual Mode(SFP/SFP+) Module        OK     8    78a6.e144.eede

If the results say anything other than 'OK' you need to consider downgrading it to a non POE switch, or fix the hw.

 

[CTurtle]

Check the status of your POE module.

Looks fine, right?

SSH@puft-prince>show chassis
The stack unit 1 chassis info:

Power supply 1 (AC - PoE) present, status ok
        Model Number:   23-0000142-02
        Serial Number:  RT8
        Firmware Ver:    A
Power supply 1 Fan Air Flow Direction:  Front to Back
Power supply 2 not present

Fan 1 ok, speed (auto): [[1]]<->2
Fan 2 not present
...

SSH@puft-prince>show module
       Module                                         Status Ports Starting MAC
U1:M1  ICX6610-48P POE 48-port Management Module        OK     48   cc4e.243d.2e4e
U1:M2  ICX6610-QSFP 10-port 160G Module                 OK     10   cc4e.243d.2e4e
U1:M3  ICX6610-8-port Dual Mode(SFP/SFP+) Module        OK     8    cc4e.243d.2e4e

 

[jode]

Looks good to me.

Also, check if the show log command brings up anything related/useful.

Next, I'd try connecting your AP using another cable, to another port, again monitoring activity with show log.

 

[blunden]

First off, the obligatory thank you to fohdeesha et al, it is amazing the effort applied here to avoid e-waste and help the community out, it is highly appreciated and does make one "do better" overall.

Agreed.

What I noticed yesterday is that the AP was out, so I though "there, that's one victim to the storm" but testing it using a separate POE injector worked fine, so I thought maybe I had forgotten to "write mem" when I turned on the inline power, but no, it was still set up to be on [...]

It could also be that the lightning strike fried the PoE negotiation circuitry of the AP. The Unifi PoE injectors was at least in the past passive PoE (i.e. they just inject power, no 802.3af/at/bt negotiation), so they tend to work even when the PoE circuitry fails.

 

[CTurtle]

Looks good to me.

Also, check if the show log command brings up anything related/useful.

Next, I'd try connecting your AP using another cable, to another port, again monitoring activity with show log.

Cables are not the issue, first thing I did was connect the AP to the POE injector using a whole new set of cables, and when that worked out I reuse the same known good cables to try in the switch again, which failed.

Show log show nothing, really. I have both ports 13 and 14 with POE powered devices, and these don't even show up in the log after a cold boot:

SSH@puft-prince#show inline power

Power Capacity:         Total is 748000 mWatts. Current Free is 748000 mWatts.

Power Allocations:      Requests Honored 0 times


 Port   Admin   Oper    ---Power(mWatts)---  PD Type  PD Class  Pri  Fault/
        State   State   Consumed  Allocated                          Error
--------------------------------------------------------------------------
 1/1/13 On      Off            0          0  n/a      n/a         3  n/a
 1/1/14 On      Off            0          0  n/a      n/a         3  n/a

Jan 21 14:02:46:I:System: Interface ethernet 1/1/47, state up
Jan 21 14:02:45:I:System: Interface ethernet 1/1/23, state up
Jan 21 14:02:45:I:System: Stack unit 1 POE  Power supply 1  with 748000 mwatts capacity is up
Jan 21 14:02:45:I:System: Interface ethernet 1/1/24, state up
Jan 21 14:02:45:I:System: Interface ethernet 1/2/2, state up
Jan 21 14:02:45:I:System: Interface ethernet 1/1/15, state up
Jan 21 14:02:43:I:System: Interface ethernet 1/3/3, state up
Jan 21 14:02:43:I:System: Interface ethernet 1/3/1, state up
Jan 21 14:02:43:I:System: Interface ve 1, state up
Jan 21 14:02:43:I:System: Cold start
Jan 21 14:02:17:I:System: Port init success Stack unit 1 Port 1/2/1 Lane 0 T 0 R 0 Type 0:  00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x000
Jan 21 14:00:15:I:DHCPC: protocol disabled by user
Jan 21 14:00:15:I:NTP: The system clock is not synchronized to any time source.
Jan 21 14:00:15:I:NTP: The system clock is not synchronized and does not have a reference configured.

It could also be that the lightning strike fried the PoE negotiation circuitry of the AP. The Unifi PoE injectors was at least in the past passive PoE (i.e. they just inject power, no 802.3af/at/bt negotiation), so they tend to work even when the PoE circuitry fails.

Well, I'm embarrassed I didn't think of that immediately, it is a good part of my day job to troubleshoot similar things, but unfortunately that was not the culprit.

I used a Netgear GS108PEv3 switch I had laying around as a POE source, it is supposed to only do 802.3af, so no passive POE in theory, and the AP worked fine connected to it. As a further step I connected another POE powered device (A DLink switch that does POE passthrough) which I have working in my home lan powered by POE, so definitely working correctly, and did a cold boot of the brocade with the switch on port 13 and the AP on port 14... neither got detected by the switch.

At this point the only thing I know for certain is that the issue is within the brocade switch itself.

 

[mp.]

So this might be a dumb question, but does anyone know if the ICX 7150-C08P has 10g sfp+ uplink ports? There is almost no info out there on them because they were discontinued so quickly.

 

[bwahaha]

So this might be a dumb question, but does anyone know if the ICX 7150-C08P has 10g sfp+ uplink ports? There is almost no info out there on them because they were discontinued so quickly.

Nearly everything I see says 1gb sfp. I found one link that said sfp+, but I believe they were mixing up the 10/12 port versions.

 

[mp.]

It’s confusing because the 12-port is often listed with 1G sfp because the 10g license upgrade was a separate SKU. It seems to have been totally purged from Ruckus’ website.

 

[SkullAbyss]

It’s confusing because the 12-port is often listed with 1G sfp because the 10g license upgrade was a separate SKU. It seems to have been totally purged from Ruckus’ website.

Which switch do you have?

 

[SkullAbyss]

1) make sure it's a poe model. There are some without.
2) sfp module? mine doesn't care about brand, so yes.
3) Follow the guides for the 6610, all licensing will be applied. You want the licensing for 10gbe.

I used this guide to get mine running. https://fohdeesha.com/docs/brocade-overview.html; it's very informative and even has the license needed as well included.

 

[mp.]

Which switch do you have?

Neither one at the moment, but there were a few 8-port ones on eBay for about half the going rate of the 12-port. Good deal if they have 10g uplink, so-so if not.

 

[ViciousXUSMC]

Has anyone tried using a Multi-Gig SFP on one of the Brocade ICX switches to get 2.5/5gb support for RJ45?
I have a stack of these three ICX6450 and one ICX6610 and they have served me well.


But my new upgrade to my network introduces new things. My desktop for the first time is running 10gb RJ45 rather than a PCIe card for Fiber 10gb.

That is working with this: https://****/3U9hkFC
But its 10gb so I have no idea if it works for the 2.5 & 5gb speeds

The other new item is upgraded access points.
I have one with 2.5gb ethernet, one with 5gb ethernet and the new one I just ordered supports 10gb ethernet, but I doubt my in wall wiring will support 10gb so it will probably fall back to 5gb.

So I could buy a multi-gig swith and just patch it in to the ICX6450, but then I increase the number of things running, electricity, etc.

I could replace the ICX6450 all together with something like the Zyxel XGS2220-54HP - https://store.zyxel.com/xgs2220-54hp-us0101f.html
But that its pretty big money for my home where this is more a hobby than a need.


So if mutli gig SFP works I could just hunt down an ICX 7250 and that would work as a single drop in replacement.
R710 Fiber SFP
R510 Fiber SFP
R210ii Fiber SFP
AP#1 RJ45 SFP
AP#2 RJ45 SFP

Leaving me one open 10gb to add another switch if ever needed.

 

[blunden]

Has anyone tried using a Multi-Gig SFP on one of the Brocade ICX switches to get 2.5/5gb support for RJ45?

You would almost certainly need to use the special type of SFP+ transceiver that negotiates 10G to the switch and then does speed limiting itself. You want an Aquantia based transceiver if you want that to work properly. I highly doubt these old switches have native support for anything other than 1G and 10G.