Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Is it possible to stack two switches using RG6 cable? I terminated the cable with f-type connectors but could of course reterminate them if needed. Unfortunately the RG6 is stapled to the studs inside the wall and it's not trivial to run fiber to the two levels of the house where I want network access. I have a MoCA bridge already set up but not sure if I can use that for stacking.
I don't believe there are any products that offer 10GbE over RG-6, and stacking requires 10Gbit links.
Are you sure that stacking requires 10G? In the datasheet for the icx6450 it says:
I'd believe you if you said it wasn't possible over RG6 due to inherent limitations of a moca or g.hn adapter, but my reading of that is that the ports are dual 1g/10g. And the icx6430 doesn't even have 10g so surely that must be able to stack with 1g connections.
I don't mean to be lazy, but this is a 468 page thread at this point! Are these switches still a good value to buy? how many copper 10gbe modules can you put in the sfp+ ports? I think many switches have a limit due to power/heat?
I'm looking for at least 8 sfp+ ports for dacs, at least 15 1gbps rj45 ports, at least 12 poe ports, and at least 5 multigig ports (that could be accomplished with aquantia transceivers that i already have. it looks like the 6610-48p is my best bet. I just cringe at the power draw.
I'm looking for at least 8 sfp+ ports for dacs, at least 15 1gbps rj45 ports, at least 12 poe ports, and at least 5 multigig ports (that could be accomplished with aquantia transceivers that i already have. it looks like the 6610-48p is my best bet. I just cringe at the power draw.
Last edited:
Yes
No limit. Your transceiver might be the limiting factor due to heat if you use SFP+ to 10GBase-T transceivers of special stuff like super long range (e.g. 80km)
Not a lot of affordable options with your requirements if it must all be in one switch.
Ahh... my experience is with the ICX7xxx series, which does require 10GbE links for stacking. Your initial post didn't specify a switch model/family so I made an assumption
I'm open to multiple switches, but I imagine that I would still wind up with a similar power envelope with 2 or more switches. Unless you have any suggestions?
I can't speak to the 10.x codetrain, but I would stay away from 09.x for the time being. I was just telling @fohdeesha the other day about how my 7450's running the latest 09.x somehow suffered a spontaneous VLAN "collapse." All of my ports got reset to the default VLAN and I only noticed it after a broadcast storm shut down one of my low bandwidth devices.
Hi all,
Have my ICX running the routing firmware and wondering if there's a better/preferable/more secure way to write ACL rules to permit mDNS/Bonjour traffic across VLANs?
The rules I’ve added work, but are fairly wide open. I’ve limited traffic to tcp only and ports > 1023 to add some protection but wondering what others have done.
My main network is on VLAN20 and all my IoT products (Sonos, Apple TV etc) on VLAN40. The addresses on the vlans are not static, hence reason for permitting access to the entire subnet in the rules. I thought about assigning static IPs but there would be too many rules needed.
Restricting by ports might make sense and for the time being I’ve left it wide open above 1023. I’m not sure if the ports used by devices when broadcasting services like AirPlay/AirPrint/HAP/Sonos tend to remain the same or change?
The two rules I’m using are below illustrated in pseudo code:
permit tcp <vlan20 subnet> <vlan 40 subnet> for ports > 1023
permit tcp <vlan40 subnet> <vlan 20 subnet> for ports > 1023
How are others accomplishing this?
Have my ICX running the routing firmware and wondering if there's a better/preferable/more secure way to write ACL rules to permit mDNS/Bonjour traffic across VLANs?
The rules I’ve added work, but are fairly wide open. I’ve limited traffic to tcp only and ports > 1023 to add some protection but wondering what others have done.
My main network is on VLAN20 and all my IoT products (Sonos, Apple TV etc) on VLAN40. The addresses on the vlans are not static, hence reason for permitting access to the entire subnet in the rules. I thought about assigning static IPs but there would be too many rules needed.
Restricting by ports might make sense and for the time being I’ve left it wide open above 1023. I’m not sure if the ports used by devices when broadcasting services like AirPlay/AirPrint/HAP/Sonos tend to remain the same or change?
The two rules I’m using are below illustrated in pseudo code:
permit tcp <vlan20 subnet> <vlan 40 subnet> for ports > 1023
permit tcp <vlan40 subnet> <vlan 20 subnet> for ports > 1023
How are others accomplishing this?
Last edited:
i have a ICX-6610 and for the life of me I can't get traffic on any other vlan out to the internet. for instance I have a vlan 5 which has the the router interface 10.5.0.1. any client on vlan 5 can ping the router interface and the management IP of the switch which is on the default vlan. but if I try and get a client to ping the upstream router at 192.168.1.1, that doesn't seem to work.
if I try the command "ping 192.168.1.1 source 10.5.0.1" on the switch I get no response. what am I missing here? I'm running router code associated with the downloads on page 1 of this thread. if can post my config if that would help
if I try the command "ping 192.168.1.1 source 10.5.0.1" on the switch I get no response. what am I missing here? I'm running router code associated with the downloads on page 1 of this thread. if can post my config if that would help
If you do a packet capture on the "lan" interface of your router (the device that does te breakout), do you see the ICMP messages coming? Usually when you have a transit vlan the problem comes with the "return" packets as the route to internal is missing or blocked by the firewall.
your 192.168.1.1 router needs a route telling it how to get back to 10.5.0.x (and any other vlan networks you have), otherwise its going to do a route lookup, match on the default route you have pointing to your ISP, and shove it out there
I will be opening up a new can of fun worms....
I have posted about having an old style connectx-1 and 2 cards that are the old cx4 style plug... they work.. 10gb, fast transfers, etc..
wife wants utility room cleaned up so time to do so..
so out with the old fastiron 648s and I will be putting in an ICX7250-48P-2X10G...
I will be able to get rid of my 8 port poe switch that controls my reolink cameras, will be able to have 8 10gb sfp+ ports available to me, get rid of my hp procurve 6400cl and all the cables that go with it...
I have posted about having an old style connectx-1 and 2 cards that are the old cx4 style plug... they work.. 10gb, fast transfers, etc..
wife wants utility room cleaned up so time to do so..
so out with the old fastiron 648s and I will be putting in an ICX7250-48P-2X10G...
I will be able to get rid of my 8 port poe switch that controls my reolink cameras, will be able to have 8 10gb sfp+ ports available to me, get rid of my hp procurve 6400cl and all the cables that go with it...
the 192.168.1.1 has a route available as i have BGP routing setup between the pfsense box and the switch. as shown below:
that's what is so perplexing about why this doesn't work. that being said, i do have a double nat situation going on as the pfsense router is behind another router.
i'd also like to add that the route back to say a client on the 10.5.0.0 seems to work as i'm able to ping 10.5.0.2 from the pfsense router at 192.168.1.1, so pinging in to the switch and the vlan 5 seems to work no problem.
Last edited:
so i just realized on page 1 - what made me compare the two switches and decide on the 7250, i read:
- 8x 10gbE SFP+
***********Edited
Found it.. now i understand..
Fixed ports: 1/10 Gbps SFP+ (10 GbE SPF+ optional upgrade license)
Last edited:
here is what i will be doing...
giving others ideas/pricing ideas...
I just decided and went
$160 - Brocade 7250 POE
$100 - 5x intel x520-da2 nic each with 2x fiber modules so can move 1 into switch!!!!
$35 - 4x LC to LC fiber cables - need to order 1 more though
$15 - brocade to db9 cable - offer on ebay so waiting
__________________
$310 Total
So I picked up an ICX7250 and went through all the initial Setup / Config / Licensing Guide - Thank you @fohdeesha for the excellent documentation to get things started, made things very easy. I did cisco courses about 17 years ago and man did it bring back memories. Plan to play with this switch and see what I can learn.
I wanted to ask first, what is best way to keep up on updates? I just happen to notice the webui posted by @Sealside and wow that actually looks nice. What is the best way to update while keeping my configuration? Sorry for such a noob question.
Next up- nearly silent - oh boy that is not my experience so far. This switch is easily the loudest component in my rack by 10 miles. Do you think there is an issue with the thermals in my unit that I can address? Or is it a matter of swapping the stock fans out? I did get the 48 port PoE version- it was a choice based on price (cheaper than any other option I could find). I found from a lot of googling @RoachedCoach 's post proclaiming success with the Sunon MF60101V3-1000U-A99 and Mechatronics MR4020X12B1-RSR fans. Where should I buy fans likes in in NA? Would others still recommend this path? Definitely want to do all I can to cool and quiet down my switch.
Happy I didn't go for the ICX6610 even though I did want the 40GbE. I opted for 7250 since I wanted things to stay quiet and figured let me start out at 10GbE since that's what I have on my TrueNAS box (only issue there is it's onboard rj45 but that's a problem to figure out later). If the 6610 is even louder than this then dayum.
Appreciate the thread and any suggestions anyone wishes to provide.
I wanted to ask first, what is best way to keep up on updates? I just happen to notice the webui posted by @Sealside and wow that actually looks nice. What is the best way to update while keeping my configuration? Sorry for such a noob question.
Next up- nearly silent - oh boy that is not my experience so far. This switch is easily the loudest component in my rack by 10 miles. Do you think there is an issue with the thermals in my unit that I can address? Or is it a matter of swapping the stock fans out? I did get the 48 port PoE version- it was a choice based on price (cheaper than any other option I could find). I found from a lot of googling @RoachedCoach 's post proclaiming success with the Sunon MF60101V3-1000U-A99 and Mechatronics MR4020X12B1-RSR fans. Where should I buy fans likes in in NA? Would others still recommend this path? Definitely want to do all I can to cool and quiet down my switch.
Happy I didn't go for the ICX6610 even though I did want the 40GbE. I opted for 7250 since I wanted things to stay quiet and figured let me start out at 10GbE since that's what I have on my TrueNAS box (only issue there is it's onboard rj45 but that's a problem to figure out later). If the 6610 is even louder than this then dayum.
Appreciate the thread and any suggestions anyone wishes to provide.
Last edited:
i have the 6610 and it's about 6 feet away and i'm thinking about getting noise cancelling headphones