Thank you,
I've proceeded with setting setenv image_name xxxxx and loading the new images into flash.
Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
I've proceeded with setting setenv image_name xxxxx and loading the new images into flash.
This may be a really dumb question as this is my first time using a switch of this caliber but I have my network currently configured to have most stuff use VLAN1 by default but then isolate IoT crap to VLAN2. Currently in the ruckus CLI as soon as I add a port to carry tagged traffic for VLAN2 it removes the port from VLAN1 and no traffic from VLAN1 can be carried anymore. Is this expected behavior?
zero reason to run the switching only firmware image, unless you want a less tested/vetted image for some reason. they don't even build switch only images anymore
You'd have to tell the switch that the port can receive tagged traffic for VLAN2, and any untagged traffic becomes VLAN1. Unless you want to make it a trunk port where it receives tagged VLAN1 and VLAN2 traffic.
As soon as I tell it to add a port for tagged traffic on VLAN2 it is removed from VLAN1 and I get an error when trying to add it back for untagged traffic in VLAN1. I will upload the exact error later today.
Yes VLAN1 is special and you should use any other vlans then 1 as it does disappear. Create another default vlan and use those two instead of the default.
Depending on the FastIron software version (you haven't included that detail), if you don't enable `dual-mode` on the port then it can only handle untagged *or* tagged traffic, but not both.
When you say, they don't build switch only images anymore, is that with verion 9/10?
I've only been loading the SPS images based on what I've found here. Normally I would use a L3 switch and just disable routing but I was going by what I've read in the forums for the ICX 7150 line.
No need to disable routing. If you don't define any SVIs, there's nothing to route...
I just see fohdeesha repeating "use the SPR Firmware" again and again. Just use the SPR (or TNR or whatever) firmware...
I'm looking for a new switch with more 10G SFP+ ports. Is the only difference between the ICX7150-48ZP-E2X10G and ICX7150-48ZP-E8X10G the default license? As far as I can tell from fohdeesha's documentation the 7XXX series are easy to add licenses for the 10G ports.
Sorry, should have specified. I flashed the latest version available on the guide from the first post here. Looks like it was from Jan 8th this year.
Is there any way of getting access to an ICX7450 without using the console? I've tried every cable, every setting, restarting while connected, screen, putty, windows and linux but no output (or input). I see that there is an option to send configuration settings to the switch during reboot, but that does seem to be dependent on the switch being told to reset to factory default first?
The switch has worked in the past, i.e. I've gotten console access to it, but for whatever reason, I am just unable to do so now...
Fixed.
For anyone else, these two items eventually got me access.
USB to RS232 Serial Adapter, USB Mini 5 Pin Male to DB9 9 Pin Female Serial Converter Cable 1.8M/6Feet (Mini USB to RS232 Serial)
CableCreation USB to RS232 Adapter with FTDI Chipset, USB to RS232 Male DB9 Serial Converter for Cashier Register, Modem, Scanner, Industrial Machinery, CNC, Black
The switch has worked in the past, i.e. I've gotten console access to it, but for whatever reason, I am just unable to do so now...
Fixed.
For anyone else, these two items eventually got me access.
USB to RS232 Serial Adapter, USB Mini 5 Pin Male to DB9 9 Pin Female Serial Converter Cable 1.8M/6Feet (Mini USB to RS232 Serial)
CableCreation USB to RS232 Adapter with FTDI Chipset, USB to RS232 Male DB9 Serial Converter for Cashier Register, Modem, Scanner, Industrial Machinery, CNC, Black
Last edited:
After reading this post I recently purchased an ICX-7250 to replace my Cisco 3650. Thanks to this post setup was a breeze.
However, I ran into one issue I cant seem to figure out. My network consists of a PFSense firewall and the ICX-7250. When I connect the PFSense LAN NIC to the ICX via a 10Gb port the performance of my 1Gb clients drastically suffers. My understanding is that the ICX series have very small buffers thus the issue. Well I ran into this same problem with my Cisco 3650 and the solution was a very simple Global Command: " qos queue-softmax-multiplier 1200".
For the life of me I cant seem to figure out how to increase buffer sizes on the ICX in a similar fashion. It it matters or helps, I did successfully enable Flow Control on the ICX, not sure if that would help or hurt things regarding the performance issue when mixing 1Gb clients when the uplink to the firewall is 10Gb.
If anyone could help me here I would greatly appreciate it, I'd rather not have to fall back to my Cisco 3650, but if that is honestly a better switch please advise.
However, I ran into one issue I cant seem to figure out. My network consists of a PFSense firewall and the ICX-7250. When I connect the PFSense LAN NIC to the ICX via a 10Gb port the performance of my 1Gb clients drastically suffers. My understanding is that the ICX series have very small buffers thus the issue. Well I ran into this same problem with my Cisco 3650 and the solution was a very simple Global Command: " qos queue-softmax-multiplier 1200".
For the life of me I cant seem to figure out how to increase buffer sizes on the ICX in a similar fashion. It it matters or helps, I did successfully enable Flow Control on the ICX, not sure if that would help or hurt things regarding the performance issue when mixing 1Gb clients when the uplink to the firewall is 10Gb.
If anyone could help me here I would greatly appreciate it, I'd rather not have to fall back to my Cisco 3650, but if that is honestly a better switch please advise.
I have a similar setup, 7250 as the core switch connected to the firewall via a 10Gb DAC, but I don’t have any performance issues with wired or wireless clients.
I imagine that since you’re using PFsense, all your VLANs are trunked through to it for DHCP? Mine is connected via a Transit VLAN, so I don’t know how much impact that difference might have… but all inter-VLAN traffic of mine is routed in the 7250’s ASIC, so only internet bound traffic goes to the firewall
You should check that the uplink is at 10GB as you had not mentioned if you applied all the licenses for 8x10G. Check both PFSense and ICX that is at 10G link, next do you know if you were doing routing on the switch? You could do what @TonyArrr mentioned with intervlan transit, when I tried PFSense I could only do intervlan routing on PFSense at 1-2G which is why I went to using Mikrotik 2116
Setup issue.You should check that the uplink is at 10GB as you had not mentioned if you applied all the licenses for 8x10G. Check both PFSense and ICX that is at 10G link, next do you know if you were doing routing on the switch? You could do what @TonyArrr mentioned with intervlan transit, when I tried PFSense I could only do intervlan routing on PFSense at 1-2G which is why I went to using Mikrotik 2116
@ngr2001 :
1. Your performance issues for the 1gb clients is almost certainly a config/user error issue. Just gotta get the configuration right. I ran pfSense with the ICX for the longest time and had zero issues with 1gb or 10gb (or 40gb) clients. But...read below.
2. Really, with these types of L3 switches (i.e powerful/line rate L3 switching), there is zero reason to do VLAN routing in your firewall. All VLAN routing should be at L3 level, with only external ingress/egress going to your firewall.
p.s. A lot of people confuse the fact that you don't VLANs in pfSense/OpnSense to do firewall rules. Aliases/Networks (which is what a VLAN is)/Single Hosts all work just fine. The only reason to create interfaces/VLANs in pfSense/OpnSense with a L3 switch, would be if you wanted your firewall for DHCP.... There's many ways to not do that.
Not entirely true, as I have firewall rules that are easy to duplicate on L3 switch such as not letting some vlans talk to others, to impossible to replicate on L3 switch such as downloading DoT and DoH ip addresses, blocking dns queries to them and NAT regular DNS to my servers that block ads, trackers and all that at the network level so I see no ads. All above that it allows me to block sites that spy on me such as Google, CLoudflare, meta, etc etc. as much as possible.Setup issue.
@ngr2001 :
1. Your performance issues for the 1gb clients is almost certainly a config/user error issue. Just gotta get the configuration right. I ran pfSense with the ICX for the longest time and had zero issues with 1gb or 10gb (or 40gb) clients. But...read below.
2. Really, with these types of L3 switches (i.e powerful/line rate L3 switching), there is zero reason to do VLAN routing in your firewall. All VLAN routing should be at L3 level, with only external ingress/egress going to your firewall.
p.s. A lot of people confuse the fact that you don't VLANs in pfSense/OpnSense to do firewall rules. Aliases/Networks (which is what a VLAN is)/Single Hosts all work just fine. The only reason to create interfaces/VLANs in pfSense/OpnSense with a L3 switch, would be if you wanted your firewall for DHCP.... There's many ways to not do that.