Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

cyinite

New Member
Jun 28, 2024
8
5
3
just a heads up, the icx7150-24p/48p (and non-P variants!) can be had for <$200 on ebay these days, and these are arguably a contender for the "go-to" homelab switch. You can run it fanless (no need for any mods, just a simple CLI command) if you are okay with 150 watts of PoE output. They also sip power (15ish watts for non-P and 30-ish for P)
As well as make sure you reach out to sellers to double check information on the listing. eBay had a seller posting an ICX7150-24P 4X1G as the non-P varient and I confirmed the listing with them to get it for under $140 USD! Been loving how it's fanless as I've posted in the past trying to modify a 7250 to make it near silent.
 

autoturk

Active Member
Sep 1, 2022
236
200
43
As well as make sure you reach out to sellers to double check information on the listing. eBay had a seller posting an ICX7150-24P 4X1G as the non-P varient and I confirmed the listing with them to get it for under $140 USD! Been loving how it's fanless as I've posted in the past trying to modify a 7250 to make it near silent.
Yup! Had a similar experience. Also no need for a console cable. A simple usb-c to usb-a cable works to access the console (for some reason though usb-c to usb-c doesn’t).
 

kapone

Well-Known Member
May 23, 2015
1,285
738
113
its ok :) I started reading about VRFs. New thing to learn!

the devices on the other VLANs are iPhones. Can’t dual home :(
ahhh...Apple...the bane of networking... :)

Kudos for jumping into VRFs, it's always good to know more. That said, there may be more to it, as there may be broadcasts/mDNS involved. I recall having similar issues when I was trying to put all my media devices, including an Apple TV...on a separate VLAN, and my iPhone (and the Apple TV) started screaming and shouting at me.
 

seatrope

Member
Oct 5, 2018
35
12
8
Maine
www.ychng.com
ahhh...Apple...the bane of networking... :)

Kudos for jumping into VRFs, it's always good to know more. That said, there may be more to it, as there may be broadcasts/mDNS involved. I recall having similar issues when I was trying to put all my media devices, including an Apple TV...on a separate VLAN, and my iPhone (and the Apple TV) started screaming and shouting at me.
@kapone can you give me at least a conceptual way of how you could go about solving this issue with VRFs?

Basically i need different routing based on the source of the packet. If I implemented VRFs would my OpnSense router need to be VRF aware to handle it? as the packet is being sent back to OpnSense for Source NAT (which is really why I am doing all this routing).
OpnSense is i think sadly not VRF capable.

Thanks!!
 

kapone

Well-Known Member
May 23, 2015
1,285
738
113
@kapone can you give me at least a conceptual way of how you could go about solving this issue with VRFs?

Basically i need different routing based on the source of the packet. If I implemented VRFs would my OpnSense router need to be VRF aware to handle it? as the packet is being sent back to OpnSense for Source NAT (which is really why I am doing all this routing).
OpnSense is i think sadly not VRF capable.

Thanks!!
Lemme think about it (it's been a while since I played with this type of stuff).

On a different note...got the Mellanox SX6036 today, updated to the latest version...applied licenses...played with fans/PWM till I was somewhat happy...and idle power consumption is...36w.

Holy shit. This is a 36x40gb port switch!
 

BoGs

Member
Feb 18, 2019
129
20
18
Lemme think about it (it's been a while since I played with this type of stuff).

On a different note...got the Mellanox SX6036 today, updated to the latest version...applied licenses...played with fans/PWM till I was somewhat happy...and idle power consumption is...36w.

Holy shit. This is a 36x40gb port switch!
have ths same one sitting in the garage for tinkering after holidays before new years. Any tips on where you got the fw and process you took? esp with the licenses.
 

seatrope

Member
Oct 5, 2018
35
12
8
Maine
www.ychng.com
Lemme think about it (it's been a while since I played with this type of stuff).

On a different note...got the Mellanox SX6036 today, updated to the latest version...applied licenses...played with fans/PWM till I was somewhat happy...and idle power consumption is...36w.

Holy shit. This is a 36x40gb port switch!
exploring further @kapone would PBR (policy based routing) be able to achieve the same desired result of routing a packet based on source and destination addresses?
 

clcorbin

Member
Feb 15, 2014
76
10
8
So I need some (more) help. I have been running two ICX 6610's (one in my server rack on the 2nd floor of my house and one in the garage where most of the original network cables terminated) in a stack. Multiple vlans, etc., all running great for about three years. Recently, I started seeing strange behavior on the garage switch. Specifically, while everything connected through it had intranet access, nothing had INTERNET access. This was true for IOT items, computers, etc.

Everything directly connected to the server rack switch still has internet access like always. I've rebooted the stack and the behavior persists.

No changes have been made to the router (pfSense) since before this started and the switch is stacked, so pfSense should only aftec vlans and not a specific switch member... I've attached my show run (pretty basic in general, but I did delete some of the vlan stuff as they were all pretty much the same other than name/number/ip address. FYI: I had spanning tree enabled (you can see some of the config stuff in the vlan entries), but I did disable it and the problem remains.

Code:
Current configuration:
!
ver 08.0.30uT7f3
!
stack unit 1
  module 1 icx6610-48p-poe-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
  no legacy-inline-power
  stack-port 1/2/1 1/2/6
stack unit 2
  module 1 icx6610-48p-poe-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
  no legacy-inline-power
  priority 200
  stack-port 2/2/1 2/2/6
stack enable
stack mac xxxx.xxxx.xxxx
!
global-stp
!
!
!
<snip>
vlan 10 name "Internet xxxxxxxxxxxx" by port
 tagged ethe 1/1/39 ethe 1/1/41 to 1/1/48 ethe 1/2/2 to 1/2/5 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/4 ethe 2/1/6 to 2/1/8 ethe 2/2/2 to 2/2/4 ethe 2/2/7 to 2/2/9 ethe 2/3/1 to 2/3/8
 untagged ethe 1/1/22
 router-interface ve 10
!
<snip>
!
!
!
!
lacp-cfg-det-dis
aaa authentication web-server default local
aaa authentication login default local
default-vlan-id xx
enable telnet authentication
enable aaa console
hostname xxxx
ip dhcp-client disable
ip dns server-address xxxxx xxxxx xxxxx
ip route next-hop-enable-default
ip route 0.0.0.0/0 xxxxx
!
logging buffered 100
telnet login-timeout 10
no telnet server
username xxxxx password .....
cdp run
fdp run
snmp-server community ..... ro
!
!
clock summer-time
clock timezone us xxxxx
!
!
ntp
 server 132.163.96.3
 server 132.163.96.4
 server 132.163.96.6
 server 132.163.96.2
 server 132.163.96.1
!
!
no web-management http
hitless-failover enable
!
interface ethernet 1/1/1
 port-name xxxxx
!
interface ethernet 1/1/2
 port-name xxxxx
!
interface ethernet 1/1/3
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/4
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/5
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/6
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/7
 port-name xxxxx
!
interface ethernet 1/1/8
 port-name xxxxx
!
interface ethernet 1/1/9
 port-name xxxxx
!
interface ethernet 1/1/10
 port-name xxxxx
!
interface ethernet 1/1/11
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/12
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/13
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/14
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/15
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
 inline power
!
interface ethernet 1/1/16
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
 inline power
!
interface ethernet 1/1/17
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
 inline power
!
interface ethernet 1/1/18
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
 inline power
!
interface ethernet 1/1/19
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
 inline power
!
interface ethernet 1/1/20
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
 inline power
!
interface ethernet 1/1/21
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/22
 port-name xxxxx
!
interface ethernet 1/1/39
 port-name xxxxx
 spanning-tree 802-1w admin-pt2pt-mac
 inline power power-by-class 4
!
interface ethernet 1/1/41
 port-name xxxxx
 spanning-tree 802-1w admin-pt2pt-mac
!
interface ethernet 1/1/42
 port-name xxxxx
 inline power
!
interface ethernet 1/1/43
 port-name xxxxx
 spanning-tree 802-1w admin-pt2pt-mac
 inline power
!
interface ethernet 1/1/44
 port-name xxxxx
 inline power
!
interface ethernet 1/1/45
 port-name xxxxx
!
interface ethernet 1/1/46
 port-name xxxxx
!
interface ethernet 1/1/47
 port-name xxxxx
!
interface ethernet 1/1/48
 port-name xxxxx
!
interface ethernet 1/2/2
 port-name xxxxx
!
interface ethernet 1/2/3
 port-name xxxxx
!
interface ethernet 1/2/4
 port-name xxxxx
!
interface ethernet 1/2/5
 port-name xxxxx
!
interface ethernet 1/2/7
 port-name xxxxx
!
interface ethernet 1/2/8
 port-name xxxxx
!
interface ethernet 1/2/9
 port-name xxxxx
!
interface ethernet 1/2/10
 port-name xxxxx
!
interface ethernet 1/3/1
 port-name xxxxx
 speed-duplex 10G-full
 spanning-tree 802-1w admin-pt2pt-mac
!
interface ethernet 1/3/2
 port-name xxxxx
 speed-duplex 10G-full
!
interface ethernet 1/3/3
 port-name xxxxx
 speed-duplex 10G-full
!
interface ethernet 1/3/4
 port-name xxxxx
 speed-duplex 10G-full
!
interface ethernet 1/3/5
 port-name xxxxx
 speed-duplex 10G-full
!
interface ethernet 1/3/6
 port-name xxxxx
 speed-duplex 10G-full
!
interface ethernet 1/3/7
 port-name xxxxx
 speed-duplex 10G-full
!
interface ethernet 1/3/8
 port-name xxxxx
 speed-duplex 10G-full
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/1/1
 port-name xxxxx
!
interface ethernet 2/1/2
 port-name xxxxx
!
interface ethernet 2/1/3
 port-name xxxxx
!
interface ethernet 2/1/4
 port-name xxxxx
!
interface ethernet 2/1/5
 port-name xxxxx
 inline power
!
interface ethernet 2/1/6
 port-name xxxxx
 inline power power-by-class 4
!
interface ethernet 2/1/7
 port-name xxxxx
 inline power power-by-class 4
!
interface ethernet 2/1/8
 port-name xxxxx
 inline power power-by-class 4
!
interface ethernet 2/1/9
 port-name xxxxx
!
interface ethernet 2/1/10
 port-name xxxxx
!
interface ethernet 2/1/11
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/1/12
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/1/13
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
 inline power power-by-class 4
!
interface ethernet 2/1/14
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/1/15
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/1/16
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/1/17
 port-name xxxxx
!
interface ethernet 2/1/18
 port-name xxxxx
!
interface ethernet 2/1/19
 port-name xxxxx
!
interface ethernet 2/1/20
 port-name xxxxx
!
interface ethernet 2/1/21
 port-name xxxxx
!
interface ethernet 2/1/22
 port-name xxxxx
!
interface ethernet 2/1/23
 port-name xxxxx
!
interface ethernet 2/1/24
 port-name xxxxx
!
interface ethernet 2/1/25
 port-name xxxxx
!
interface ethernet 2/1/26
 port-name xxxxx
!
interface ethernet 2/1/27
 port-name xxxxx
 inline power
!
interface ethernet 2/1/28
 port-name xxxxx
 inline power
!
interface ethernet 2/1/29
 port-name xxxxx
 inline power
!
interface ethernet 2/1/30
 port-name xxxxx
 inline power
!
interface ethernet 2/1/31
 port-name xxxxx
 inline power
!
interface ethernet 2/1/32
 port-name xxxxx
 inline power
!
interface ethernet 2/1/33
 port-name xxxxx
 inline power
!
interface ethernet 2/1/34
 port-name xxxxx
 inline power
!
interface ethernet 2/1/35
 port-name xxxxx
!
interface ethernet 2/1/36
 port-name xxxxx
!
interface ethernet 2/1/37
 port-name xxxxx
!
interface ethernet 2/1/38
 port-name xxxxx
!
interface ethernet 2/1/39
 port-name xxxxx
!
interface ethernet 2/1/40
 port-name xxxxx
!
interface ethernet 2/1/41
 port-name xxxxx
!
interface ethernet 2/1/42
 port-name xxxxx
!
interface ethernet 2/1/43
 port-name xxxxx
!
interface ethernet 2/1/44
 port-name xxxxx
 inline power power-by-class 4
!
interface ethernet 2/1/45
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/1/46
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/1/47
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/1/48
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/2/2
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/2/3
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/2/4
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/2/5
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/2/7
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/2/8
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/2/9
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/2/10
 port-name xxxxx
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/3/1
 port-name xxxxx
 speed-duplex 10G-full
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/3/2
 port-name xxxxx
 speed-duplex 10G-full
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/3/3
 port-name xxxxx
 speed-duplex 10G-full
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/3/4
 port-name xxxxx
 speed-duplex 10G-full
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 2/3/5
 port-name xxxxx
 speed-duplex 10G-full
!
interface ethernet 2/3/6
 port-name xxxxx
 disable
 speed-duplex 10G-full
!
interface ethernet 2/3/7
 port-name xxxxx
 disable
 speed-duplex 10G-full
!
interface ethernet 2/3/8
 port-name xxxxx
 speed-duplex 10G-full
!
interface ve 1
 ip address xxxxx xxxxx
 ip helper-address 1 xxxxx
 ip helper-address 2 xxxx
!
interface ve 2
 ip address xxxxx xxxxx
!
interface ve 10
 ip address xxxxx xxxxx
 ip helper-address 1 xxxxxxxxxxxx
 ip helper-address 2 xxxxxxxxxxxx
 !
<snip>
!
!
lldp tagged-packets process
lldp run
!
!
ip ssh  idle-time 240
ip ssh  interactive-authentication no
!
!
end
 

cyinite

New Member
Jun 28, 2024
8
5
3
exploring further @kapone would PBR (policy based routing) be able to achieve the same desired result of routing a packet based on source and destination addresses?
Looking through the FastIron security guide, PBR might be exactly what they are looking for. You set an ACL of what is permitted through the policy (source and destination) and add that ACL to a route map applied to a port or VE that points to the router (pf/OPNsense) where you can set source NAT. Below is the example configuration from the chapter.

Code:
device# configure terminal
device(config)# ip access-list standard 99
device(config-std-ipacl-99)# permit 10.157.23.0 0.0.0.255
device(config-std-ipacl-99)# exit
device(config)# route-map test-route permit 99
device(config-routemap test-route)# match ip address 99
device(config-routemap test-route)# set ip next-hop 192.168.3.1
device(config-routemap test-route)# exit
device(config)# interface ethernet 1/1/3
device(config-if-e1000-1/1/3)# ip policy route-map test-route
device(config-if-e1000-1/1/3)# end
 

molnart

Member
Feb 5, 2023
43
0
6
how to configure the brocade switch to pass any VLAN on the default VLAN1 ? i am defining the VLANs on my OPNsense router, but it looks like on the brocade i need to explicitly mark the VLANs for any port. how do I achieve that the Brocade immediately picks up and passes a newly created VLAN from the OPNsense router?
 

BoGs

Member
Feb 18, 2019
129
20
18
how to configure the brocade switch to pass any VLAN on the default VLAN1 ? i am defining the VLANs on my OPNsense router, but it looks like on the brocade i need to explicitly mark the VLANs for any port. how do I achieve that the Brocade immediately picks up and passes a newly created VLAN from the OPNsense router?
You need to define the VLANs (any newly created ones) and tag the port to the OPNsense. There is no detection of new vlans and automagic that I am aware of in Brocade. Arista and Cisco have a trunk configuration but its better to just define them so vlans do not run everywhere in case of comprimise. Also it does not pass vlans on any vlans, it passes the frames over the port. VLAN 1 is just the default vlan on all ports.
 
  • Like
Reactions: kpfleming

Avamander

New Member
Feb 2, 2021
12
3
3
Hmm, I seem to have locked myself out of my ICX 7250 by accident, and all of the ports on the switch seem closed/filtered so I can't access SSH or the web interface any more. I have a Brocade console cable but there's absolutely no output (and I can't recall it ever working, so it might be burnt). I have not configured the management interface AFAIK (unless there are defaults I am not aware of).

Holding the reset button for whatever time period has had no effect, I still see it using the previous/broken config.

Is there a way to factory reset or restore access (without working console)?
 

BoGs

Member
Feb 18, 2019
129
20
18
Hmm, I seem to have locked myself out of my ICX 7250 by accident, and all of the ports on the switch seem closed/filtered so I can't access SSH or the web interface any more. I have a Brocade console cable but there's absolutely no output (and I can't recall it ever working, so it might be burnt). I have not configured the management interface AFAIK (unless there are defaults I am not aware of).

Holding the reset button for whatever time period has had no effect, I still see it using the previous/broken config.

Is there a way to factory reset or restore access (without working console)?
If I remember correctly if you look at fohdeshas guide you can see how to console and get in the boot prompt `b` and do factory reset and go through the setup. You should be able to console connect though, and see the output if you press enter to login with admin. Try connecting console and pull power and plug back in do you see the switch booting up? I do not think I have ever locked myself out of my switch if you did default setup.
 

Avamander

New Member
Feb 2, 2021
12
3
3
If I remember correctly if you look at fohdeshas guide you can see how to console and get in the boot prompt `b` and do factory reset and go through the setup. You should be able to console connect though, and see the output if you press enter to login with admin. Try connecting console and pull power and plug back in do you see the switch booting up? I do not think I have ever locked myself out of my switch if you did default setup.
Yeah, that's the thing. I can't get the console to respond to anything. There's no output even during boot or anything.
 

BoGs

Member
Feb 18, 2019
129
20
18
Maybe try a different console cable or switch to see if the cable is bad? if not it might be your switch? @fohdeesha might know more as this is beyond me.
 

Nystral

New Member
Oct 27, 2016
8
4
3
45
I have a ICX7250-48 and a ICX7150-12CP. Both were set up using the Fohdeesha guides. They also both have the same problem where after ~20 min after booting they will not respond to SSH or HTTP traffic. They still route packets as expected, but for some reason they become unresponsive after that golden time has passed.

Any ideas how to proceed? I cant even validate what versions they're running (likely <08095p).

EDIT: So apparently I have one device on my wired LAN vs Wireless that has ssh / http access to both devices. Now I'm puzzling why this PC works and my other devices don't. Some kind of ACL set unintentionally?
 
Last edited:

fohdeesha

Kaini Industries
Nov 20, 2016
2,875
3,374
113
34
fohdeesha.com
I have a ICX7250-48 and a ICX7150-12CP. Both were set up using the Fohdeesha guides. They also both have the same problem where after ~20 min after booting they will not respond to SSH or HTTP traffic. They still route packets as expected, but for some reason they become unresponsive after that golden time has passed.

Any ideas how to proceed? I cant even validate what versions they're running (likely <08095p).

EDIT: So apparently I have one device on my wired LAN vs Wireless that has ssh / http access to both devices. Now I'm puzzling why this PC works and my other devices don't. Some kind of ACL set unintentionally?

post the output of "show run" but it sounds like you have duplicate IPs somewhere, either both switches themselves have the same IP, or they both have IPs something else on your network does
 
  • Like
Reactions: gseeley

Nystral

New Member
Oct 27, 2016
8
4
3
45
post the output of "show run" but it sounds like you have duplicate IPs somewhere, either both switches themselves have the same IP, or they both have IPs something else on your network does
Thank you, this pointed me in the right direction. Long story short I went from a 192.168.1.0/24 to a 192.168.0.0/21 for my network, and never updated the switches. The device that could communicate was on the original 192.168.1.1/24 ip range while all other devices were in the expanded /21 range.

This had me go to the interface show ip route, then change subnet mask.

Of course I learned that if you're going to do:
Code:
no ip address 192.168.1.254/24
you need your console cable handy.

Thanks again for being such a phenomenal resource for the community.
 

tubs-ffm

Active Member
Sep 1, 2013
198
66
28
I just noted that FastIron 10.0.10f is out and it is supporting the ICX 7150 by this version.
But starting from FastIron 10.0.20 it will not support ICX 7150 any longer.


About FastIron Release 10.0.10f
FastIron release 10.0.10f reintroduces support for the ICX 7150 Series switches 1
  • Features supported on the ICX 7150 devices are the same as the features supported in FastIron release 09.0.10j.
  • Previous versions of FastIron release 10.0.10 (including FastIron 10.0.10 through FastIron 10.0.10e) and all FastIron 10.0.20 released do not support the ICX 7150 series switches except for the ICX 7150-ES series devices which are supported from FastIron release 10.0.10d.
  • Dynamic PoE management support is extended to ICX 7150 series switches with FI 10.0.10f release.
 

NablaSquaredG

Bringing 100G switches to homelabs
Aug 17, 2020
1,691
1,123
113
But starting from FastIron 10.0.20 it will not support ICX 7150 any longer.
No, I think this is a wrong conclusion. FastIron 10.0.20 already exists (released in July and October).
FastIron 10.0.20 seems to be a separate release train from 10.0.10

Ruckus' firmware situation is a bit of a clusterf... at the moment