Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[Serveur]

No it has something to do with the subnet mask.

I experimented with the out-of-band management port.

If I specify ip address 192.168.178.2/24 or ip address 192.168.178.2/26, it is working fine (192.168.178.2 is responding).
If I specify ip address 192.168.178.65/26 or ip address 192.168.178.128/25, it is not working (pinging 192.168.178.65 or 192.168.178.128 doesn't work).

There is obviously something that I don't get with the syntax. But I haven't found a lot of resources talking about /25 or /26. Everybody is using/24.

 

[dbvader]

If I specify ip address 192.168.178.2/24 or ip address 192.168.178.2/26, it is working fine (192.168.178.2 is responding).
If I specify ip address 192.168.178.65/26 or ip address 192.168.178.128/25, it is not working (pinging 192.168.178.65 or 192.168.178.128 doesn't work).

There is obviously something that I don't get with the syntax. But I haven't found a lot of resources talking about /25 or /26. Everybody is using/24.

Perhaps using /24 may simplify things a bit? E.g. 192.168.178.128/25 is a network address and you seem to want to use it as a host address?

Otherwise or else regardless, you may want to check the addresses you're using with an ip address calculator.

 

[Serveur]

Using calculator.net, entering 192.168.178.128/25 gives me:

IP Address:	192.168.178.128
Network Address:	192.168.178.128
Usable Host IP Range:	192.168.178.129 - 192.168.178.254
Broadcast Address:	192.168.178.255
Total Number of Hosts:	128
Number of Usable Hosts:	126
Subnet Mask:	255.255.255.128

But indeed in the virtual interface ip address <ip-address> <mask>, in the manual it is written that <ip-address> is the host address and <mask> the IP network mask.

Meaning that you cannot split a /24 subnet into 2 useable subnets using /25.
Only the first part of the /25 (or the /26 or the /27...) can be used: the one from 192.168.178.1 to 192.168.178.126.

It is quite weird as it seems to be possible using Cisco switches (and using the same commands).

Would be nice if someone can confirm my interpretation.
In the meantime I'll stay with /24 masks.

 

[jode]

The table above seems to hint at your confusion. In ethernet networks the first and the last address of the address range are reserved and as a result the range of "usable hosts" is smaller than the total number of addresses.
As the network range decreases (24 to 25 to... 31) this becomes more noticeable.

There are tons of free resources online that explan networking 101. Here is one example:

 

[iiq_87cjs]

Instead of using the console, have you tried to connect your LAN to one of the ethernet ports and login via ssh or telnet?
I do not know what the standard configuration after reset looks like for every software version. But this might work.

I can SSH using an Ethernet port, but the enable password has not been assigned yet.

 

[Serveur]

The table above seems to hint at your confusion. In ethernet networks the first and the last address of the address range are reserved and as a result the range of "usable hosts" is smaller than the total number of addresses.
As the network range decreases (24 to 25 to... 31) this becomes more noticeable.

There are tons of free resources online that explan networking 101. Here is one example:

Oh sorry I understand the confusion, I typed too fast.
Let me repeat:

If I specify ip address 192.168.178.2/24 or ip address 192.168.178.2/26, it is working fine (192.168.178.2 is responding).
If I specify ip address 192.168.178.70/26 or ip address 192.168.178.140/25 it is not working (pinging 192.168.178.70 or 192.168.178.140 doesn't work).

So it is not a problem with the first or last address of the address range, if I want to use /25, I can only specify a host IP address between 192.168.178.1 and 192.168.178.127.
My initial intention was to try to use in a VLAN the 2nd subnet of /25, from 192.168.178.129 to 192.168.178.254. This doesn't seem possible.

 

[ThatzMatt]

So I just pulled the trigger on a ICX6610-48P thanks to this post. It will cover 99.9% of what I need. It is replacing 2x 24 port Nortel 5540Ps. Since my ISP has changed their base offering to 1GB symmetrical and will likely be offering multigig in the near future, I figured it was time to bring my network into the 10Gb era. I only really need it for my server and my office computer but having the 8x 10Gb ports plus the 40Gb ports is a real nice touch at this price point (I paid $95 on ebay and it has ears, 2x power supplies, and 2x fan sleds). The only thing it doesn't have is any way to provide 2.5Gb to my PoE APs, but I can deal with that since I only use wifi for my phone/tablet and IoT. I am a firm believer in "If it can be wired it should be wired" - which is especially true when you live in an apartment building with 15 neighbors worth of interference lol.



Don't laugh at my install... I will eventually get around to terminating in a patch panel and putting all this into a rack.... Someday... There''s nothing more permanent than a temorary install, right? Lol.

So the only issue I see so far is that the SFPPs I have (Checkpoint coded Finistars that I bought for the Checkpoint card in the Sophos box) aren't being recognized as SFP+, therefore are only linking at 1Gb per show media ethernet. However I have set up a LAGG to the router, and under show lag they are registering as a 10Gb link. I had a DAC that ended up being too short for something else laying around, and that shows up as 10Gb, so what is going on with the SFPPs?

As I mentioned in my other post about my Mellanox cards I'm very green when it comes to fiber (and this is my first foray into using Brocade/Ruckus, I've really only worked with HP, Avaya and Dell) so maybe I'm missing something? I was under the impression that Brocade wasn't picky about optics, and I would think vendor locking wouldn't allow it to work at all, right?

I've already ordered a set of Brocade SFPPs so it's not a huge deal, but I'm into homelabbing to learn!

 

[blunden]

So the only issue I see so far is that the SFPPs I have (Checkpoint coded Finistars that I bought for the Checkpoint card in the Sophos box) aren't being recognized as SFP+, therefore are only linking at 1Gb per show media ethernet. However I have set up a LAGG to the router, and under show lag they are registering as a 10Gb link. I had a DAC that ended up being too short for something else laying around, and that shows up as 10Gb, so what is going on with the SFPPs?

Can you plug in the fiber transceivers in one of your NICs and run ethtool -m [interface] on that interface? I'm curious what the transceiver EEPROM says it is. It might provide some clues.

 

[TonyArrr]

"If it can be wired it should be wired"

Preach, fam!

 

[iiq_87cjs]

That is the wrong one for ICX7250 - as its miniusb - mine is the two below

Mini USB to RS232 Serial Adapter, Dafensoy Right Turn Mini USB 5 Pin Male to DB9 Pin Female Converter Cable, for Various Serial Devices and USB Mini Port Black 1.8M/6Feet : Amazon.ca: Electronics

Mini USB to RS232 Serial Adapter, Dafensoy Right Turn Mini USB 5 Pin Male to DB9 Pin Female Converter Cable, for Various Serial Devices and USB Mini Port Black 1.8M/6Feet : Amazon.ca: Electronics

www.amazon.ca

SABRENT USB 2.0 to Serial (9 Pin) DB 9 RS 232 Converter Cable, Prolific Chipset, HEXNUTS, [Windows 11/10/8.1/8/7/VISTA/XP, Mac OS X 10.6 and Above] 2.5 Feet (CB-DB9P) : Amazon.ca: Electronics

SABRENT USB 2.0 to Serial (9 Pin) DB 9 RS 232 Converter Cable, Prolific Chipset, HEXNUTS, [Windows 11/10/8.1/8/7/VISTA/XP, Mac OS X 10.6 and Above] 2.5 Feet (CB-DB9P) : Amazon.ca: Electronics

www.amazon.ca

The management port is for ethernet to manage the switch, not for console.

I dont think so the usb to computer needs to have FTDI chip in it to do rendering its somewhere in the thread as the switch does not. the ICX7250 and 7450 are the same

Thanks again for the cord recommendation. I'm up and running now
Next up, advanced config.

 

[ThatzMatt]

Can you plug in the fiber transceivers in one of your NICs and run ethtool -m [interface] on that interface? I'm curious what the transceiver EEPROM says it is. It might provide some clues.

This poses another problem lol.... These SFPs don't want to work in my Mellanox cards either (to the switch or each other). They are plugged in via Mellanox QSFP28-SFP adapters (after having issues with the ProLine adapters I had originally bought). I have Mellanox optics on the way too, they should be here Monday or Tuesday. They won't link to each other OR the switch, and mlxlink gives this output in my windows box:

PS C:\Windows\system32> mlxlink -d mt4115_pciconf0.1 -m

Operational Info
----------------
State                              : Polling
Physical state                     : ETH_AN_FSM_ABILITY_DETECT
Speed                              : N/A
Width                              : N/A
FEC                                : N/A
Loopback Mode                      : No Loopback
Auto Negotiation                   : ON

Supported Info
--------------
Enabled Link Speed                 : 0xf801f0d3 (50G,40G,25G,10G,1G)
Supported Cable Speed              : 0x00002001 (10G,1G)

Troubleshooting Info
--------------------
Status Opcode                      : 2
Group Opcode                       : PHY FW
Recommendation                     : Negotiation failure

Tool Information
----------------
Firmware Version                   : 12.28.4704
MFT Version                        : mft 4.33.0-169

Module Info
-----------
Temperature [C]                    : 52 [-13..78]
Voltage [mV]                       : 3302.2 [2900..3700]
Bias Current [mA]                  : 5.570,0,0,0 [2..13.2]
Rx Power Current [dBm]             : -2,0,0,0 [-20..0]
Tx Power Current [dBm]             : -4,0,0,0 [-8..0]
Identifier                         : QSA (QSFP->SFP)
Compliance                         : 10G Base-SR
Cable Technology                   : N/A
Cable Type                         : Optical Module (separated)
OUI                                : Other
Vendor Name                        : FINISARCORP.
Vendor Part Number                 : FTLX8571D3BCV-CK
Vendor Serial Number               : MVK0N45
Rev                                : A
Wavelength [nm]                    : 850
Transfer Distance [m]              : 0
Attenuation (5g,7g,12g)[dB]        : N/A
FW Version                         : N/A
Digital Diagnostic Monitoring      : Yes
Power Class                        : 0 (1.0 W max)
MAX Power                          : 0.0 W max
CDR RX                             : N/A
CDR TX                             : N/A
LOS Alarm                          : N/A
SNR Media Lanes [dB]               : N/A
SNR Host Lanes [dB]                : N/A
IB Cable Width                     : N/A
Memory Map Revision                : 0
Linear Direct Drive                : 0
Cable Breakout                     : N/A
SMF Length                         : N/A
Cable Rx AMP                       : 0
Cable Rx Emphasis                  : 0
Cable Rx Post Emphasis             : 0
Cable Tx Equalization              : 0
Wavelength Tolerance               : 0.0nm
Module State                       : N/A
DataPath state [per lane]          : N/A,N/A,N/A,N/A
Rx Output Valid [per lane]         : 0,0,0,0
Nominal bit rate                   : 0.000Gb/s
Rx Power Type                      : OMA
Manufacturing Date                 : N/A
Active Set Host Compliance Code    : N/A
Active Set Media Compliance Code   : N/A
Error Code Response                : N/A
Module FW Fault                    : N/A
DataPath FW Fault                  : N/A
Tx Fault [per lane]                : 0,0,0,0
Tx LOS [per lane]                  : N/A
Tx CDR LOL [per lane]              : 0,0,0,0
Rx LOS [per lane]                  : 0,0,0,0
Rx CDR LOL [per lane]              : 0,0,0,0
Tx Adaptive EQ Fault [per lane]    : N/A

Ethtool on my Unraid server comes back with this:

root@Osiris:~# ethtool -m eth2
        Identifier                                : 0x03 (SFP)
        Extended identifier                       : 0x04 (GBIC/SFP defined by 2-wire interface ID)
        Connector                                 : 0x07 (LC)
        Transceiver codes                         : 0x10 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00
        Transceiver type                          : Ethernet: 1000BASE-SX
        Encoding                                  : 0x06 (64B/66B)
        BR Nominal                                : 10300MBd
        Rate identifier                           : 0x02 (8/4/2G Rx Rate_Select only)
        Length (SMF)                              : 0km
        Length (OM2)                              : 80m
        Length (OM1)                              : 30m
        Length (Copper or Active cable)           : 0m
        Length (OM3)                              : 300m
        Laser wavelength                          : 850nm
        Vendor name                               : FINISAR CORP.
        Vendor OUI                                : 00:90:65
        Vendor PN                                 : FTLX8571D3BCV-CK
        Vendor rev                                : A
        Option values                             : 0x00 0x3a
        Option                                    : RATE_SELECT implemented
        BR margin max                             : 0%
        BR margin min                             : 0%
        Vendor SN                                 : MVK14GV
        Date code                                 : 160514
        Optical diagnostics support               : Yes
        Laser bias current                        : 4.876 mA
        Laser output power                        : 0.3521 mW / -4.53 dBm
        Receiver signal average optical power     : 0.5350 mW / -2.72 dBm
        Module temperature                        : 28.68 degrees C / 83.62 degrees F
        Module voltage                            : 3.3268 V
        Alarm/warning flags implemented           : Yes
        Laser bias current high alarm             : Off
        Laser bias current low alarm              : Off
        Laser bias current high warning           : Off
        Laser bias current low warning            : Off
        Laser output power high alarm             : Off
        Laser output power low alarm              : Off
        Laser output power high warning           : Off
        Laser output power low warning            : Off
        Module temperature high alarm             : Off
        Module temperature low alarm              : Off
        Module temperature high warning           : Off
        Module temperature low warning            : Off
        Module voltage high alarm                 : Off
        Module voltage low alarm                  : Off
        Module voltage high warning               : Off
        Module voltage low warning                : Off
        Laser rx power high alarm                 : Off
        Laser rx power low alarm                  : Off
        Laser rx power high warning               : Off
        Laser rx power low warning                : Off
        Laser bias current high alarm threshold   : 13.200 mA
        Laser bias current low alarm threshold    : 2.000 mA
        Laser bias current high warning threshold : 12.600 mA
        Laser bias current low warning threshold  : 3.000 mA
        Laser output power high alarm threshold   : 1.0000 mW / 0.00 dBm
        Laser output power low alarm threshold    : 0.1585 mW / -8.00 dBm
        Laser output power high warning threshold : 0.7943 mW / -1.00 dBm
        Laser output power low warning threshold  : 0.1995 mW / -7.00 dBm
        Module temperature high alarm threshold   : 78.00 degrees C / 172.40 degrees F
        Module temperature low alarm threshold    : -13.00 degrees C / 8.60 degrees F
        Module temperature high warning threshold : 73.00 degrees C / 163.40 degrees F
        Module temperature low warning threshold  : -8.00 degrees C / 17.60 degrees F
        Module voltage high alarm threshold       : 3.7000 V
        Module voltage low alarm threshold        : 2.9000 V
        Module voltage high warning threshold     : 3.6000 V
        Module voltage low warning threshold      : 3.0000 V
        Laser rx power high alarm threshold       : 1.0000 mW / 0.00 dBm
        Laser rx power low alarm threshold        : 0.0100 mW / -20.00 dBm
        Laser rx power high warning threshold     : 0.7943 mW / -1.00 dBm
        Laser rx power low warning threshold      : 0.0158 mW / -18.01 dBm

Interestingly the Windows machine sees it as a 10Gb SFPP via mlxlink, but the Unraid box sees it as a 1Gb SFP via ethtool...... They are both the same Mellanox ConnectX-4 cards with the same firmware..... Figure that one out lol!

ifconfig on the pfSense box spits this out - so it is seeing 10Gb as well...

ix3: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=4e138bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 00:1c:7f:3f:d7:22
        hwaddr 00:1c:7f:3f:d7:23
        inet6 fe80::21c:7fff:fe3f:d720%ix3 prefixlen 64 scopeid 0x4
        media: Ethernet autoselect (10Gbase-SR <full-duplex,rxpause,txpause>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        drivername: ix3
        plugged: SFP/SFP+/SFP28 10G Base-SR (LC)
        vendor: FINISAR CORP. PN: FTLX8571D3BCV-CK SN: MTB0QWJ DATE: 2015-03-30
        module temperature: 47.86 C voltage: 3.31 Volts
        lane 1: RX power: 0.56 mW (-2.54 dBm) TX bias: 8.48 mA

 

[blunden]

Ethtool on my Unraid server comes back with this:

root@Osiris:~# ethtool -m eth2
        Identifier                                : 0x03 (SFP)
        Extended identifier                       : 0x04 (GBIC/SFP defined by 2-wire interface ID)
        Connector                                 : 0x07 (LC)
        Transceiver codes                         : 0x10 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00
        Transceiver type                          : Ethernet: 1000BASE-SX
        Encoding                                  : 0x06 (64B/66B)
        BR Nominal                                : 10300MBd
        Rate identifier                           : 0x02 (8/4/2G Rx Rate_Select only)
        Length (SMF)                              : 0km
        Length (OM2)                              : 80m
        Length (OM1)                              : 30m
        Length (Copper or Active cable)           : 0m
        Length (OM3)                              : 300m
        Laser wavelength                          : 850nm
        Vendor name                               : FINISAR CORP.
        Vendor OUI                                : 00:90:65
        Vendor PN                                 : FTLX8571D3BCV-CK
        Vendor rev                                : A
        Option values                             : 0x00 0x3a
        Option                                    : RATE_SELECT implemented
        BR margin max                             : 0%
        BR margin min                             : 0%
        Vendor SN                                 : MVK14GV
        Date code                                 : 160514
        Optical diagnostics support               : Yes
        Laser bias current                        : 4.876 mA
        Laser output power                        : 0.3521 mW / -4.53 dBm
        Receiver signal average optical power     : 0.5350 mW / -2.72 dBm
        Module temperature                        : 28.68 degrees C / 83.62 degrees F
        Module voltage                            : 3.3268 V
        Alarm/warning flags implemented           : Yes
        Laser bias current high alarm             : Off
        Laser bias current low alarm              : Off
        Laser bias current high warning           : Off
        Laser bias current low warning            : Off
        Laser output power high alarm             : Off
        Laser output power low alarm              : Off
        Laser output power high warning           : Off
        Laser output power low warning            : Off
        Module temperature high alarm             : Off
        Module temperature low alarm              : Off
        Module temperature high warning           : Off
        Module temperature low warning            : Off
        Module voltage high alarm                 : Off
        Module voltage low alarm                  : Off
        Module voltage high warning               : Off
        Module voltage low warning                : Off
        Laser rx power high alarm                 : Off
        Laser rx power low alarm                  : Off
        Laser rx power high warning               : Off
        Laser rx power low warning                : Off
        Laser bias current high alarm threshold   : 13.200 mA
        Laser bias current low alarm threshold    : 2.000 mA
        Laser bias current high warning threshold : 12.600 mA
        Laser bias current low warning threshold  : 3.000 mA
        Laser output power high alarm threshold   : 1.0000 mW / 0.00 dBm
        Laser output power low alarm threshold    : 0.1585 mW / -8.00 dBm
        Laser output power high warning threshold : 0.7943 mW / -1.00 dBm
        Laser output power low warning threshold  : 0.1995 mW / -7.00 dBm
        Module temperature high alarm threshold   : 78.00 degrees C / 172.40 degrees F
        Module temperature low alarm threshold    : -13.00 degrees C / 8.60 degrees F
        Module temperature high warning threshold : 73.00 degrees C / 163.40 degrees F
        Module temperature low warning threshold  : -8.00 degrees C / 17.60 degrees F
        Module voltage high alarm threshold       : 3.7000 V
        Module voltage low alarm threshold        : 2.9000 V
        Module voltage high warning threshold     : 3.6000 V
        Module voltage low warning threshold      : 3.0000 V
        Laser rx power high alarm threshold       : 1.0000 mW / 0.00 dBm
        Laser rx power low alarm threshold        : 0.0100 mW / -20.00 dBm
        Laser rx power high warning threshold     : 0.7943 mW / -1.00 dBm
        Laser rx power low warning threshold      : 0.0158 mW / -18.01 dBm

Feels like the transceiver has bad EEPROM data to me. If it's not password protected, or if the password is known, you might be able to patch it to get detected properly.

 

[ThatzMatt]

Feels like the transceiver has bad EEPROM data to me. If it's not password protected, or if the password is known, you might be able to patch it to get detected properly.

That's six different optics tho... Look at the serial numbers. I've swapped them around to no success.. But on that note, I don't have a programmer (but have a Pi, some Arduinos, and some ESP32s laying around), could you point me to some EILI5 resources on reprogramming if it's possible without additional hardware beyond SFP cages? I have a switch I could salvage one from if I need to. I'd like to learn how to do that too.

 

[blunden]

That's six different optics tho... Look at the serial numbers. I've swapped them around to no success.. But on that note, I don't have a programmer (but have a Pi, some Arduinos, and some ESP32s laying around), could you point me to some EILI5 resources on reprogramming if it's possible without additional hardware beyond SFP cages? I have a switch I could salvage one from if I need to. I'd like to learn how to do that too.

I haven't done so myself so I don't know for sure. The people in the transceiver password thread mentioned the video below:

But I've also seen people reference patching the EEPROM in ways that didn't appear to mention extra hardware. I don't have a link to give you, but I'll let you know if I come across it again. It might've been in a thread on the OpenWrt forums about the Realtek switches, but it might also have been somewhere else.

 

[iiq_87cjs]

Comparatively, I think the Brocade switches (7250s) are louder and use more energy than the Aruba. I still plan on replacing the Aruba switch with them, but was just curious what is annoying you about the Aruba.

Follow-up: Noise levels between the 7250-24P and the 2500-24P are about the same, but I find the former less high-pitched — I sit next to it.

After the fan mod, it's the same noise level (subjectively the brocade might be quieter in steady state, and objectively it is quieter at bootup)

Agreed. Even with stock fans.

 

[fohdeesha]

That's six different optics tho... Look at the serial numbers. I've swapped them around to no success.. But on that note, I don't have a programmer (but have a Pi, some Arduinos, and some ESP32s laying around), could you point me to some EILI5 resources on reprogramming if it's possible without additional hardware beyond SFP cages? I have a switch I could salvage one from if I need to. I'd like to learn how to do that too.

checkpoint did not code them correctly, maybe on purpose, to avoid people being able to (easily) code optics for checkpoint hardware - it's probably looking for these "wrong" values. The type field bit is definitely wrong, if these really are 10gb adapters.

This poses another problem lol.... These SFPs don't want to work in my Mellanox cards either (to the switch or each other). They are plugged in via Mellanox QSFP28-SFP adapters (after having issues with the ProLine adapters I had originally bought). I have Mellanox optics on the way too, they should be here Monday or Tuesday. They won't link to each other OR the switch, and mlxlink gives this output in my windows box:

PS C:\Windows\system32> mlxlink -d mt4115_pciconf0.1 -m

Operational Info
----------------
State                              : Polling
Physical state                     : ETH_AN_FSM_ABILITY_DETECT
Speed                              : N/A
Width                              : N/A
FEC                                : N/A
Loopback Mode                      : No Loopback
Auto Negotiation                   : ON

Supported Info
--------------
Enabled Link Speed                 : 0xf801f0d3 (50G,40G,25G,10G,1G)
Supported Cable Speed              : 0x00002001 (10G,1G)

Troubleshooting Info
--------------------
Status Opcode                      : 2
Group Opcode                       : PHY FW
Recommendation                     : Negotiation failure

Tool Information
----------------
Firmware Version                   : 12.28.4704
MFT Version                        : mft 4.33.0-169

Module Info
-----------
Temperature [C]                    : 52 [-13..78]
Voltage [mV]                       : 3302.2 [2900..3700]
Bias Current [mA]                  : 5.570,0,0,0 [2..13.2]
Rx Power Current [dBm]             : -2,0,0,0 [-20..0]
Tx Power Current [dBm]             : -4,0,0,0 [-8..0]
Identifier                         : QSA (QSFP->SFP)
Compliance                         : 10G Base-SR
Cable Technology                   : N/A
Cable Type                         : Optical Module (separated)
OUI                                : Other
Vendor Name                        : FINISARCORP.
Vendor Part Number                 : FTLX8571D3BCV-CK
Vendor Serial Number               : MVK0N45
Rev                                : A
Wavelength [nm]                    : 850
Transfer Distance [m]              : 0
Attenuation (5g,7g,12g)[dB]        : N/A
FW Version                         : N/A
Digital Diagnostic Monitoring      : Yes
Power Class                        : 0 (1.0 W max)
MAX Power                          : 0.0 W max
CDR RX                             : N/A
CDR TX                             : N/A
LOS Alarm                          : N/A
SNR Media Lanes [dB]               : N/A
SNR Host Lanes [dB]                : N/A
IB Cable Width                     : N/A
Memory Map Revision                : 0
Linear Direct Drive                : 0
Cable Breakout                     : N/A
SMF Length                         : N/A
Cable Rx AMP                       : 0
Cable Rx Emphasis                  : 0
Cable Rx Post Emphasis             : 0
Cable Tx Equalization              : 0
Wavelength Tolerance               : 0.0nm
Module State                       : N/A
DataPath state [per lane]          : N/A,N/A,N/A,N/A
Rx Output Valid [per lane]         : 0,0,0,0
Nominal bit rate                   : 0.000Gb/s
Rx Power Type                      : OMA
Manufacturing Date                 : N/A
Active Set Host Compliance Code    : N/A
Active Set Media Compliance Code   : N/A
Error Code Response                : N/A
Module FW Fault                    : N/A
DataPath FW Fault                  : N/A
Tx Fault [per lane]                : 0,0,0,0
Tx LOS [per lane]                  : N/A
Tx CDR LOL [per lane]              : 0,0,0,0
Rx LOS [per lane]                  : 0,0,0,0
Rx CDR LOL [per lane]              : 0,0,0,0
Tx Adaptive EQ Fault [per lane]    : N/A

Ethtool on my Unraid server comes back with this:

root@Osiris:~# ethtool -m eth2
        Identifier                                : 0x03 (SFP)
        Extended identifier                       : 0x04 (GBIC/SFP defined by 2-wire interface ID)
        Connector                                 : 0x07 (LC)
        Transceiver codes                         : 0x10 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00
        Transceiver type                          : Ethernet: 1000BASE-SX
        Encoding                                  : 0x06 (64B/66B)
        BR Nominal                                : 10300MBd
        Rate identifier                           : 0x02 (8/4/2G Rx Rate_Select only)
        Length (SMF)                              : 0km
        Length (OM2)                              : 80m
        Length (OM1)                              : 30m
        Length (Copper or Active cable)           : 0m
        Length (OM3)                              : 300m
        Laser wavelength                          : 850nm
        Vendor name                               : FINISAR CORP.
        Vendor OUI                                : 00:90:65
        Vendor PN                                 : FTLX8571D3BCV-CK
        Vendor rev                                : A
        Option values                             : 0x00 0x3a
        Option                                    : RATE_SELECT implemented
        BR margin max                             : 0%
        BR margin min                             : 0%
        Vendor SN                                 : MVK14GV
        Date code                                 : 160514
        Optical diagnostics support               : Yes
        Laser bias current                        : 4.876 mA
        Laser output power                        : 0.3521 mW / -4.53 dBm
        Receiver signal average optical power     : 0.5350 mW / -2.72 dBm
        Module temperature                        : 28.68 degrees C / 83.62 degrees F
        Module voltage                            : 3.3268 V
        Alarm/warning flags implemented           : Yes
        Laser bias current high alarm             : Off
        Laser bias current low alarm              : Off
        Laser bias current high warning           : Off
        Laser bias current low warning            : Off
        Laser output power high alarm             : Off
        Laser output power low alarm              : Off
        Laser output power high warning           : Off
        Laser output power low warning            : Off
        Module temperature high alarm             : Off
        Module temperature low alarm              : Off
        Module temperature high warning           : Off
        Module temperature low warning            : Off
        Module voltage high alarm                 : Off
        Module voltage low alarm                  : Off
        Module voltage high warning               : Off
        Module voltage low warning                : Off
        Laser rx power high alarm                 : Off
        Laser rx power low alarm                  : Off
        Laser rx power high warning               : Off
        Laser rx power low warning                : Off
        Laser bias current high alarm threshold   : 13.200 mA
        Laser bias current low alarm threshold    : 2.000 mA
        Laser bias current high warning threshold : 12.600 mA
        Laser bias current low warning threshold  : 3.000 mA
        Laser output power high alarm threshold   : 1.0000 mW / 0.00 dBm
        Laser output power low alarm threshold    : 0.1585 mW / -8.00 dBm
        Laser output power high warning threshold : 0.7943 mW / -1.00 dBm
        Laser output power low warning threshold  : 0.1995 mW / -7.00 dBm
        Module temperature high alarm threshold   : 78.00 degrees C / 172.40 degrees F
        Module temperature low alarm threshold    : -13.00 degrees C / 8.60 degrees F
        Module temperature high warning threshold : 73.00 degrees C / 163.40 degrees F
        Module temperature low warning threshold  : -8.00 degrees C / 17.60 degrees F
        Module voltage high alarm threshold       : 3.7000 V
        Module voltage low alarm threshold        : 2.9000 V
        Module voltage high warning threshold     : 3.6000 V
        Module voltage low warning threshold      : 3.0000 V
        Laser rx power high alarm threshold       : 1.0000 mW / 0.00 dBm
        Laser rx power low alarm threshold        : 0.0100 mW / -20.00 dBm
        Laser rx power high warning threshold     : 0.7943 mW / -1.00 dBm
        Laser rx power low warning threshold      : 0.0158 mW / -18.01 dBm

Interestingly the Windows machine sees it as a 10Gb SFPP via mlxlink, but the Unraid box sees it as a 1Gb SFP via ethtool...... They are both the same Mellanox ConnectX-4 cards with the same firmware..... Figure that one out lol!

ifconfig on the pfSense box spits this out - so it is seeing 10Gb as well...

ix3: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=4e138bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 00:1c:7f:3f:d7:22
        hwaddr 00:1c:7f:3f:d7:23
        inet6 fe80::21c:7fff:fe3f:d720%ix3 prefixlen 64 scopeid 0x4
        media: Ethernet autoselect (10Gbase-SR <full-duplex,rxpause,txpause>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        drivername: ix3
        plugged: SFP/SFP+/SFP28 10G Base-SR (LC)
        vendor: FINISAR CORP. PN: FTLX8571D3BCV-CK SN: MTB0QWJ DATE: 2015-03-30
        module temperature: 47.86 C voltage: 3.31 Volts
        lane 1: RX power: 0.56 mW (-2.54 dBm) TX bias: 8.48 mA

These are dual rate 1gbps / 10gbps optics, which there is really no "standard" identifier hex value in the SFP EEPROM standards, so as you can see they just went with ident'ing it as a 1gbe device. And as you've noticed, some devices don't like that, because they will try to bring it up at that speed only, and a lot of SFP+ ports on stuff do not support 1gbE. The usual trick is to hard set the rate on the switch interface to 10gbps, which you have to do on the ICX anyway, that's why they're working on your ICX. Other stuff like mellanox NICs etc are more strict about letting optics come up at speeds outside what they've identified as https://www.reddit.com/r/homelab/comments/zpikcv

 

[Serveur]

My initial intention was to try to use in a VLAN the 2nd subnet of /25, from 192.168.178.129 to 192.168.178.254. This doesn't seem possible.

So I gave up on using /25 subnets in different VLAN and I have adopted the usual approach (192.168.10.0/24, 192.168.20.0/24, 192.168.30.0/24 and so on...).
I wanted to use VLAN 10 (192.168.10.0/24) to isolate devices which only needs to access internet (and not other devices or other vlan), but there is something I don't understand with ACL.

Here is my setup:

!
vlan 10 name Work by port
 untagged ethe 1/1/15 to 1/1/16
 router-interface ve 10
!
ip dhcp-server pool work
 dhcp-default-router 192.168.10.1
 dns-server 192.168.178.1
 excluded-address 192.168.10.1
 lease 0 1 0
 network 192.168.10.0 255.255.255.0
 deploy
!
ip dns server-address 192.168.178.1
ip route 0.0.0.0/0 192.168.178.1
!
interface ve 10
 ip access-group "vlan10 internet only IN" in
 ip address 192.168.10.1 255.255.255.0
!

192.168.178.1 is my router and 192.168.178.20 is my DNS server.

But with this ACL, when I connect a computer, I cannot even receive an IP address:

ip access-list extended "vlan10 internet only IN"
 permit ip 192.168.10.0 0.0.0.255 host 192.168.178.1
 permit ip 192.168.10.0 0.0.0.255 host 192.168.178.20
 deny ip any 192.168.0.0 0.0.255.255
 permit ip 192.168.10.0 0.0.0.255 any

If I replace the last line with permit ip any any, then everything is working as expected.
But why is my line permit ip 192.168.10.0 0.0.0.255 any not sufficient ?

 

[sic0048]

So I gave up on using /25 subnets in different VLAN and I have adopted the usual approach (192.168.10.0/24, 192.168.20.0/24, 192.168.30.0/24

But with this ACL, when I connect a computer, I cannot even receive an IP address:

ip access-list extended "vlan10 internet only IN"
permit ip 192.168.10.0 0.0.0.255 host 192.168.178.1
permit ip 192.168.10.0 0.0.0.255 host 192.168.178.20
deny ip any 192.168.0.0 0.0.255.255
permit ip 192.168.10.0 0.0.0.255 any

If I replace the last line with permit ip any any, then everything is working as expected.
But why is my line permit ip 192.168.10.0 0.0.0.255 any not sufficient ?

Because it is after the deny rule that will block all access to 192.168.x.x. The rules go in sequence, but only as far as the first matching rule. It's a "first match wins" type scenario. Therefore if you want to allow 192.168.10.0 0.0.0.255, it needs to be located before the deny 192.168.0.0 0.0.255.255 rule because that rule includes the 192.168.10.x subnet and you are currently denying it.

PS - if you simply list everything that you want to allow, you don't need to include a deny rule. Deny is the default action anytime you list a rule. (Default is permit all if no rules are added). If you get to the bottom of the list of "permit" rules and nothing has matched, then traffic would be denied even without a "deny rule" being listed.

 

[Serveur]

Oh yes I forgot part of the story.
At first I didn't include the last line, thinking that the previous 3 lines were sufficient to achieve my purpose.
But as it failed (no ip address received), I included the permit ip any any and then it worked.
So I replaced the permit ip any any with permit ip 192.168.10.0 0.0.0.255 any to try to understand what is going on.

I guess the question would be why is permit ip any any necessary at the end ?
Which packet it is allowing which is not handled by the first 3 lines ?

Thanks a lot !

 

[fohdeesha]

guys, huge news - dark mode Brocade Overview - Fohdeesha Docs