Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[carbon60]

I think you meant the 7250-24p and not the 7150-24p. I did a lot of research and came to the conclusion to buy a 7150-24p. I got a good offer and bought it.

The 7150-24p needs ~30W in idle with only one uplink which is 5W(~15%) less then the 6450-24p. So I'm almost satisfied now, only I have to change the fans because they are too loud to run in the office rack.

My girlfriend tears my head off when she has to work with the noise. But I have already ordered Noctua NF-A4x20 4-PIN.

btw. thank you @fohdeesha for this thread and your guides.

The 7150-24P does have a Silent Mode where it will turn the fans off but reduce the PoE Budget to 150W.

 

[simcaa]

The 7150-24P does have a Silent Mode where it will turn the fans off but reduce the PoE Budget to 150W.

Thanks for the advice
I didn't know that.

chassis fanless all

turned it off, but the noctua was already ordered yesterday. So, if i need more than the 150w poe, it's better to have some fans that run at lower rpm too ^^

i currently have FastIron 09.0.10j installed, but it is slow to respond and consumes a lot of CPU without doing anything, maybe it is better to revert to FastIron 08.0.95p

 

[trauts14]

Yes. You'll definitely need an ethernet cable in addition to the USB console cable. You'll start with the network cable plugged into the management port, but will quickly end up moving it to a regular network port on the switch when directed to in the guide.

Long story short, the commands you enter into the CLI are via the USB console cable, but the data transfers from the tftp server happen over the network cable.

the switch is working now. i am not sure what i did/did not do, but i keep getting this password message when i login via SSH. pic attached. do you have any suggestions as to where i should look to fix this?

 

[simcaa]

the switch is working now. i am not sure what i did/did not do, but i keep getting this password message when i login via SSH. pic attached. do you have any suggestions as to where i should look to fix this?

This message only tells you that no enable password has been set.
If you want to get rid of it, you must set it. Results in a different password prompt when you switch to enable mode.

or you set

aaa authentication enable default local

If you then log in, you will be directly in enable mode.

 

[trauts14]

This message only tells you that no enable password has been set.
If you want to get rid of it, you must set it. Results in a different password prompt when you switch to enable mode.

or you set

aaa authentication enable default local

If you then log in, you will be directly in enable mode.

thank you. i feel like i am not doing something correctly. attached is a pic showing what is returned when i issue the, "
aaa authentication enable default local" command.

 

[simcaa]

thank you. i feel like i am not doing something correctly. attached is a pic showing what is returned when i issue the, "
aaa authentication enable default local" command.

Well this command need to be used in "configure terminal"
you are not even in enable mode currently.
....

enable
configure terminal
aaa authentication enable default local
exit
write memory

 

[trauts14]

Well this command need to be used in "configure terminal"
you are not even in enable mode currently.
....

enable
configure terminal
aaa authentication enable default local
exit
write memory

thank you! that worked perfectly.

 

[simcaa]

thank you! that worked perfectly.

Some mistakes by me. ^^
The above solution just asks again for the "admin user/password". When u change into enable mode.

And if u want to be directly in enable mode u can enter this.

enable
configure terminal
no aaa authentication enable default local
aaa authentication login privilege-mode
exit
write memory

 

[RuckusVol]

Hey guys! I have a 7250 and I’ll try my best not to put my foot in my mouth with autocorrect about @fohdeesha this time haha.

I got an SFP ONT module to bypass my fiber carrier’s equipment. To set it up I need to access a web GUI for the module after setting a static IP address for it. The recommended IP is 192.168.1.200 but I’m on a different subnet. After plugging in the module, it lights up and shows Tx activity but no Rx. It doesn’t get a DHCP lease from my firewall.

How can I assign a static IP to that port so I can access it from a browser? It seems so simple and I cannot figure it out. I’ve found references to the ‘ip address’ command but that comes back as invalid on the ‘interface ethernet 1/2/5’ config. I also tried to setup a new VLAN with a static IP address and assign that port to it, but that didn’t seem to work.

The port state shows ‘Forwarding’. I don’t know if another setting needs to be changed for it to process anything or not.

Any help is much appreciated.

 

[RuckusVol]

I was interested in getting a Ruckus AP. Any opinions or details on what may be a good model to get? From the research I've done they seem real nice.

Also thank you @fohdeesha for the great documentation and resources. I don't think I ever dropped a proper thank you even though I've been running fine for a while now.

I have an R650 and I love it. 2000 sq ft, two story home. One AP covers it easily and signal is good several houses away. I have about 70 active clients at any given time and it doesn’t blink. The R850 is too power hungry and is really designed for high density and throughput in smaller areas. The R750 has worse coverage than the R650. You can check the data sheets for the azimuth and elevation plots. When you get down to the R350 the receive sensitivity is a fair bit worse along with range. I don’t know a ton about the R550. The 50 series is a great deal now if you don’t care about 6GHz yet.

There’s a fair bit of config to do. If you only have one AP, you’ll probably want to set a fixed channel or disable DFS channels. If it changes channels to a DFS channel it goes offline to listen for 60 seconds, which is a big disruption. But you can let channelfly run for a week and see which channels work best and pick your favorite.

 

[kpfleming]

How can I assign a static IP to that port so I can access it from a browser? It seems so simple and I cannot figure it out. I’ve found references to the ‘ip address’ command but that comes back as invalid on the ‘interface ethernet 1/2/5’ config. I also tried to setup a new VLAN with a static IP address and assign that port to it, but that didn’t seem to work.

There are multiple ways to do this, but since your eventual goal is to have the SFP provide routes to the Internet (which it will do over one or more VLANs), you don't want to use the layer 3 (router-only) method.

Which version of the ICX software are you running? Is it the 'S' (layer 2) or 'R' (layer 3) flavor? If it's 'R', are you currently using the ICX as a router, or are all of your ports and VLANs configured for layer 2 connectivity only?

You say the 'recommended' address for the SFP is 192.168.1.200, but what's critical to know is how the device will get its address. It will either be hardcoded in the device, or it will use BOOTP or DHCP to obtain an address (in which case there is no real need to use the 'recommended' address).

With the answers to all of those questions, it is possible to figure out a working configuration.

 

[fohdeesha]

Hey guys! I have a 7250 and I’ll try my best not to put my foot in my mouth with autocorrect about @fohdeesha this time haha.

I got an SFP ONT module to bypass my fiber carrier’s equipment. To set it up I need to access a web GUI for the module after setting a static IP address for it. The recommended IP is 192.168.1.200 but I’m on a different subnet. After plugging in the module, it lights up and shows Tx activity but no Rx. It doesn’t get a DHCP lease from my firewall.

How can I assign a static IP to that port so I can access it from a browser? It seems so simple and I cannot figure it out. I’ve found references to the ‘ip address’ command but that comes back as invalid on the ‘interface ethernet 1/2/5’ config. I also tried to setup a new VLAN with a static IP address and assign that port to it, but that didn’t seem to work.

The port state shows ‘Forwarding’. I don’t know if another setting needs to be changed for it to process anything or not.

Any help is much appreciated.

which SFP ONT? you'll most likely not want to do any IP addressing or routing on the icx itself. Just plug the SFP in, then on a computer on the same network (plugged into an ICX port that's on the same VLAN as the sfp+ port), and assign that computer the .200 address. the ICX shouldn't have an IP in that SFP+ vlan. Which leads me to - if you haven't, the sfp should be in its own isolated vlan, as it will be providing your internet feed. then you can connect that vlan to your routers WAN port, by either putting another icx port in that vlan, or trunking the vlan over something to your router. This is what I'm doing with my WAS-110 ONT in my icx6610

 

[gmtelford]

I think you meant the 7250-24p and not the 7150-24p. I did a lot of research and came to the conclusion to buy a 7150-24p. I got a good offer and bought it.

The 7150-24p needs ~30W in idle with only one uplink which is 5W(~15%) less then the 6450-24p. So I'm almost satisfied now, only I have to change the fans because they are too loud to run in the office rack.

My girlfriend tears my head off when she has to work with the noise. But I have already ordered Noctua NF-A4x20 4-PIN.

btw. thank you @fohdeesha for this thread and your guides.

Aside from turning on fanless mode, I'm curious to see your temps after you swap the Noctuas in. Just got a 7150-48P and the stock fans were too "whiny" with the rack in my office. I turned on fanless mode and ran an hourly script to capture the temps and they averaged 70.1 Celsius over a few days, with 3 poe devices plugged in and all 4 sfp cages full, 10 other regular 1G ethernet ports used.

I've always heard the Noctuas can't move much air due to the low RPM and static pressure limitations in a 1U switch. I just bought and installed 2 Delta PFB0412EHN-TP06 fans (the 48P comes with 2) yesterday.

Current temps are right at 55 Celsius, and dm fan-speed shows around 4k RPM on both fans. The only caveat is the chassis fanless all command doesn't actually turn the fans off anymore, just spins them down to ~2k rpm, but even at 4k they aren't noticeable in my rack.

For reference, my noise floor for any new fans is they have to be quieter than my Dell R630 fans that run around 12% speed, and hum along. Anything whinier gets the boot.

 

[simcaa]

Aside from turning on fanless mode, I'm curious to see your temps after you swap the Noctuas in. Just got a 7150-48P and the stock fans were too "whiny" with the rack in my office. I turned on fanless mode and ran an hourly script to capture the temps and they averaged 70.1 Celsius over a few days, with 3 poe devices plugged in and all 4 sfp cages full, 10 other regular 1G ethernet ports used.

I've always heard the Noctuas can't move much air due to the low RPM and static pressure limitations in a 1U switch. I just bought and installed 2 Delta PFB0412EHN-TP06 fans (the 48P comes with 2) yesterday.

Current temps are right at 55 Celsius, and dm fan-speed shows around 4k RPM on both fans. The only caveat is the chassis fanless all command doesn't actually turn the fans off anymore, just spins them down to ~2k rpm, but even at 4k they aren't noticeable in my rack.

For reference, my noise floor for any new fans is they have to be quieter than my Dell R630 fans that run around 12% speed, and hum along. Anything whinier gets the boot.

The 7150-24P is not yet implemented in my Homelab. But I left it connected for 3 days without load and 1g uplink.

The temperature with Noctua NF-A4x20 PWM was 57 degrees after 3 days. However, the switch was on a table and therefore the values may have been somewhat distorted by the heat build-up under the switch.

The room temperature itself was a constant 25 degrees during these days. I can continue to keep an eye on the temperature when it is implemented.

 

[dreamsin]

SSH key access on the 6450 series - once more.

So i now have my ICX6450-48p fully flashed with latest, licenced, and set up. As usual i had issues getting SSH key access to work:

First i generated a 2048 bit RSA key with

ssh-keygen -t rsa -b 2048

But this method doesn't add the ---- BEGIN SSH2 PUBLIC KEY ---- line to the public keyfile. This produces an error when attempting to upload the public key via tftp:

icx6450(config)#ERROR: key# 1 must begin with ---- BEGIN SSH2 PUBLIC KEY ----

To add that line, i had to add the -e (export) command to ssh-keygen. I ran ssh-keygen again:

ssh-keygen -t rsa -b 2048 -e
Enter file in which the key is (/home/user/.ssh/id_rsa):

this added the ---- BEGIN SSH2 PUBLIC KEY ---- and ---- END SSH2 PUBLIC KEY ---- to my public keyfile. After uploading that public key it finally worked.

Note i did try to manually add those lines to my public keyfile at first, which did NOT work. It just resulted in Permission denied (publickey)

So i wrote this for anyone that has the same issues. I didn't notice this being documented in @fohdeesha 's guide for the ICX6450 series.

Just a bump so that I will remember myself the next time I need it
Also I had forgotten how painful it is to rack an 6450-48P by myself.

 

[kpfleming]

Just a bump so that I will remember myself the next time I need it
Also I had forgotten how painful it is to rack an 6450-48P by myself.

You don't need to 'bump' posts in order to find them... click the 'bookmark' icon in the top-right corner of the post and it will be in your bookmarks list until you remove it.

 

[simcaa]

Aside from turning on fanless mode, I'm curious to see your temps after you swap the Noctuas in. Just got a 7150-48P and the stock fans were too "whiny" with the rack in my office. I turned on fanless mode and ran an hourly script to capture the temps and they averaged 70.1 Celsius over a few days, with 3 poe devices plugged in and all 4 sfp cages full, 10 other regular 1G ethernet ports used.

I've always heard the Noctuas can't move much air due to the low RPM and static pressure limitations in a 1U switch. I just bought and installed 2 Delta PFB0412EHN-TP06 fans (the 48P comes with 2) yesterday.

Current temps are right at 55 Celsius, and dm fan-speed shows around 4k RPM on both fans. The only caveat is the chassis fanless all command doesn't actually turn the fans off anymore, just spins them down to ~2k rpm, but even at 4k they aren't noticeable in my rack.

For reference, my noise floor for any new fans is they have to be quieter than my Dell R630 fans that run around 12% speed, and hum along. Anything whinier gets the boot.

The switch is now partially implemented.
8x gbe, 3x sfp+ 10g connected.

Noctua fans run at ~2200 rpm on fan speed 1.

Temps are ~61 degree. Top floor, room temperature 25 degrees.

 

[tls]

I picked up a few baby 6450s (ICX 6450-C12-PD) for locations where I have just 1 or 2 POE devices. I'm having a very odd problem configuring MSTP. I try to set it up just like on my 6450-24P units:

mstp scope all
mstp instance 0 vlan 1 to 2
mstp instance 0 vlan 13
mstp instance 0 vlan 77
mstp instance 0 vlan 101
mstp instance 0 vlan 111
mstp start

But when I get to the second line, or any time I try to actually add a vlan to the instance, I get an error I've never seen on the larger 6450s and can't find any hint of with a Google search:

edgesw-bms(config)#mstp instance 0 vlan 1 to 2
error - attach to/detach from CIST is not valid

However, when I actually show the config, it appears it took these statements, and when I show MSTP, it seems to show all the vlans are correctly configured onto instance 0. Is this just some weird spurious error message?

The only other oddity on this switch is that it seems to show interfaces 1/1/9 through 1/1/12 as "up" when there is nothing plugged into them and they definitely should not be up. Can be seen in the show mstp output below. Are the little 6450s just weird in a few ways like this, or is there something else going on?

edgesw-bms(config)#show mstp
MSTP Instance 0 (CIST) - VLANs:
1 to 2 13 77 101 111
----------------------------------------------------------------------------
Bridge           Bridge Bridge Bridge Bridge Root   Root  Root   Root
Identifier       MaxAge Hello  FwdDly Hop    MaxAge Hello FwdDly Hop
hex              sec    sec    sec    cnt    sec    sec   sec    cnt
8000cc4e2408dd86 20     2      15     20     20     2     15     20

Root             ExtPath   RegionalRoot     IntPath   Designated       Root
Bridge           Cost      Bridge           Cost      Bridge           Port
hex                        hex                        hex
8000cc4e2408dd86 0         8000cc4e2408dd86 0         8000cc4e2408dd86 Root

Port      Pri Port PortPath  P2P Edge Role      State   Designa-  Designated
Num           Id   Cost      Mac Port                   ted cost  bridge
1/1/9     128 9    20000     F   F    DESIGNATE FORWARD 0         8000cc4e2408dd86
1/1/10    128 10   20000     F   F    DESIGNATE FORWARD 0         8000cc4e2408dd86
1/1/11    128 11   20000     F   F    DESIGNATE FORWARD 0         8000cc4e2408dd86
1/1/12    128 12   20000     F   F    DESIGNATE FORWARD 0         8000cc4e2408dd86

edgesw-bms(config)#show int brief

Port       Link    State   Dupl Speed Trunk Tag Pvid Pri MAC             Name
1/1/1      Down    None    None None  None  Yes N/A  0   cc4e.2408.dd86  "Downlink to ap
1/1/2      Down    None    None None  None  No  2    0   cc4e.2408.dd87
1/1/3      Down    None    None None  None  No  2    0   cc4e.2408.dd88
1/1/4      Down    None    None None  None  No  2    0   cc4e.2408.dd89
1/1/5      Down    None    None None  None  No  2    0   cc4e.2408.dd8a
1/1/6      Down    None    None None  None  No  2    0   cc4e.2408.dd8b
1/1/7      Down    None    None None  None  No  2    0   cc4e.2408.dd8c
1/1/8      Down    None    None None  None  No  2    0   cc4e.2408.dd8d
1/1/9      Up      Forward Full 1G    None  No  2    0   cc4e.2408.dd8e
1/1/10     Up      Forward Full 1G    None  No  2    0   cc4e.2408.dd8f
1/1/11     Up      Forward Full 1G    None  No  2    0   cc4e.2408.dd90
1/1/12     Up      Forward Full 1G    None  No  2    0   cc4e.2408.dd91
1/2/1      Disable None    None None  None  Yes N/A  0   cc4e.2408.dd86
1/2/2      Disable None    None None  None  Yes N/A  0   cc4e.2408.dd86
1/3/1      Down    None    None None  None  Yes N/A  0   cc4e.2408.dd86
1/3/2      Down    None    None None  None  Yes N/A  0   cc4e.2408.dd86
mgmt1      Disable None    None None  None  No  None 0   cc4e.2408.dd86

Port       Link    State   Dupl Speed Trunk Tag Pvid Pri MAC             Name
ve13       Down    N/A     N/A  N/A   None  N/A N/A  N/A cc4e.2408.dd86

 

[thehedgefrog]

New to me 7250-48P. Ports 37-38-40 appear dead, although 39 works as expected. Stats (and lights) show some extremely brief activity on 37/38 and nothing on 40. Config was reset to OEM prior to setting up, and I can't think of anything blocking these ports from working. Looking for ideas. Thanks!

 

[bgubs]

I've got an ICX 7250-48 that I'm doing the fan mod on based on a comment way on this forum. I had also added the fan to the CPU like they recommended, but the original poster stated that he had spliced into one of the fans for power. Now the 7250-48 comes with 2 fans, but has the headers for the 3rd. It looks like it should work if I can enable the 3rd fan, but I don't know how in my current firmware (08.0.95). Is it even possible in this firmware version or would I need to upgrade to 09.0.10? I'm really hoping that it isn't something entirely disabled in the firmware.