Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

arglebargle

H̸̖̅ȩ̸̐l̷̦͋l̴̰̈ỏ̶̱ ̸̢͋W̵͖̌ò̴͚r̴͇̀l̵̼͗d̷͕̈
Jul 15, 2018
657
244
43
I bought $12 or $15 RJ45 to USB cisco switch cables for mine on amazon, let me look through my purchase history.

Here's the one I'm using, they're down to $11 now. I have a pi plugged into each of my switches with these while I learn how to use them, that way it's harder for me to lock myself out of the device entirely.
 
  • Like
Reactions: itronin and tjk

Ouraing

Member
Dec 31, 2018
25
28
13
Can someone link me to the console cable needed for the 7750 switches?
Brocade ICX 7750 Specifications
Connector options
•1003/1000 Mbps, 10 Gbps 10GBASE-T ports: RJ-45
• 1/10 Gbps SFP+ ports
• 40 Gbps QSFP+ ports
• Out-of-band Ethernet management: 10/100/1000 Mbps RJ-45
• Console management: mini-USB serial port (Mini-B plug)
• File transfer: USB port, (standard-A plug)

You just need a USB cable.
You just need a USB to serial cable (all hail Fohdeesha)
 
Last edited:

fohdeesha

Kaini Industries
Nov 20, 2016
2,729
3,082
113
33
fohdeesha.com
I bought $12 or $15 RJ45 to USB cisco switch cables for mine on amazon, let me look through my purchase history.

Here's the one I'm using, they're down to $11 now. I have a pi plugged into each of my switches with these while I learn how to use them, that way it's harder for me to lock myself out of the device entirely.

the ICX7750 (and most of the icx7xxx series) do not use RJ45 ports like the icx6xxx line, they have a mini USB connector, and it does NOT run USB. It's rs232 serial over a mini-usb connector, so you need the cable I linked.

You just need a USB cable.
nope, see above. figured you guys would trust me on these switches by now :p
 

Ouraing

Member
Dec 31, 2018
25
28
13
the ICX7750 (and most of the icx7xxx series) do not use RJ45 ports like the icx6xxx line, they have a mini USB connector, and it does NOT run USB. It's rs232 serial over a mini-usb connector, so you need the cable I linked.
That's the cable I use with my 6450 and Aruba S2500/3500s, but this is a USB to RJ45 cable, how would that work with the ICX7750 mini-usb serial port? The RMK for the 7750 looks like it comes with a mini-usb to RJ45 cable which then plugs into a RJ45 to DB9 connector, why wouldn't they spend the couple of pennies to just put a usb to serial port chip in them and let you use regular USB cables??
 

tjk

Active Member
Mar 3, 2013
481
199
43
the ICX7750 (and most of the icx7xxx series) do not use RJ45 ports like the icx6xxx line, they have a mini USB connector, and it does NOT run USB. It's rs232 serial over a mini-usb connector, so you need the cable I linked.



nope, see above. figured you guys would trust me on these switches by now :p
Oh, I fully trust you and am not questioning your answer, just sucks to pay $35 bucks for $4 worth of parts.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,729
3,082
113
33
fohdeesha.com
I know I know just kidding with you guys :p someone maybe 10 or 15 pages back did make his own ICX7xxx series cable if I remember right
 
  • Like
Reactions: tjk

Emdee

New Member
Feb 28, 2019
5
0
1
So after lurking around a bit I joined the ICX6610 club and managed to buy two of them for fairly cheap.

Two questions:

1. The license output shows this:
Code:
SSH@Brocade01#sh lice
Index    Lic Mode        Lic Name               Lid/Serial No  Lic Type    Status     Lic Period    Lic Capacity
Stack unit 1:
1        Node Lock       ICX6610-PREM-LIC-SW    dzrHKGOlFJH    Normal      Active     Unlimited         0
This means it only has the premium license right? Not the 10Gbit ones?

2. Although the switch itself is relatively quiet, I've noticed that the PSU fans spin up and down every minute or so, has anyone else had this problem?
 

Snorf

New Member
Nov 12, 2018
24
8
3
BC, Canada
adding a "new" ICX to the guide soon. beware, it's a beefer
Is there a super secret pre-release product ID unveiling so we can buy them up before the prices sky rocket? :)

Sad day yesterday :(

One of my ICX7150-C12P's died..... It just stopped dead no lights nothing. Pulled the power supply and it looks good but no output. Anyone know what it outputs to the switch components so I could rig something up from a computer power supply for testing what died first?

Snorf
 

svtkobra7

Active Member
Jan 2, 2017
362
87
28
someone maybe 10 or 15 pages back did make his own ICX7xxx series cable if I remember right
  • And there is another guy who was bored, started cutting a bunch of CAT, plugged it into his switch, thought it looked like a snake, and called it a snake test. You guys ... sheesh.
  • And wait, who are you again? ;)
  • Much love = i will always remember the gent who helped this network knowledge deficient idiot set up his first vlan.
  • But check it, I started to get crazy with those vlans and figured out how to use 1 phy port for wan and lan port groups, such that a router / firewall type thing could use 1 port - I think I will call it a router on a stick! Almost as creative as a snake test!
  • OK - actually did that - works fantastico with 100/70 uplink. Considering I set up pf, the firewall is prob more like a sieve though LOL.
 
  • Like
Reactions: fohdeesha

fohdeesha

Kaini Industries
Nov 20, 2016
2,729
3,082
113
33
fohdeesha.com
So after lurking around a bit I joined the ICX6610 club and managed to buy two of them for fairly cheap.

Two questions:

1. The license output shows this:
Code:
SSH@Brocade01#sh lice
Index    Lic Mode        Lic Name               Lid/Serial No  Lic Type    Status     Lic Period    Lic Capacity
Stack unit 1:
1        Node Lock       ICX6610-PREM-LIC-SW    dzrHKGOlFJH    Normal      Active     Unlimited         0
This means it only has the premium license right? Not the 10Gbit ones?

2. Although the switch itself is relatively quiet, I've noticed that the PSU fans spin up and down every minute or so, has anyone else had this problem?

correct, thats only the advanced routing license, no 10gb. pm me

as for the fans spinning up, its probably cycling up to fan speed 2 because wherever you have them is right on the edge of the speed 1 > speed 2 temp threshold. check the output of "show chassis" next time it ramps up, it should show what speed things are at
 

Emdee

New Member
Feb 28, 2019
5
0
1
correct, thats only the advanced routing license, no 10gb. pm me
PM sent! Thanks

as for the fans spinning up, its probably cycling up to fan speed 2 because wherever you have them is right on the edge of the speed 1 > speed 2 temp threshold. check the output of "show chassis" next time it ramps up, it should show what speed things are at
Yeah, that is what it feels / sounds like.

Code:
SSH@Brocade01>sh chas
The stack unit 1 chassis info:

Power supply 1 (AC - Regular) present, status ok
        Model Number:   23-0000144-01
        Serial Number:  0AN
        Firmware Ver:    B
Power supply 1 Fan Air Flow Direction:  Front to Back
Power supply 2 (AC - Regular) present, status ok
        Model Number:   23-0000144-01
        Serial Number:  085
        Firmware Ver:    B
Power supply 2 Fan Air Flow Direction:  Front to Back

Fan 1 ok, speed (auto): [[1]]<->2
Fan 2 ok, speed (auto): [[1]]<->2

Fan controlled temperature: 51.0 deg-C

Fan speed switching temperature thresholds:
                Speed 1: NM<----->78       deg-C
                Speed 2:       73<-----> 83 deg-C (shutdown)

Fan 1 Air Flow Direction:  Front to Back
Fan 2 Air Flow Direction:  Front to Back
MAC 1 Temperature Readings:
        Current temperature : 44.5 deg-C
CPU Temperature Readings:
        Current temperature : 40.0 deg-C
sensor A Temperature Readings:
        Current temperature : 25.5 deg-C
sensor B Temperature Readings:
        Current temperature : 34.0 deg-C
sensor C Temperature Readings:
        Current temperature : 23.0 deg-C
sensor D Temperature Readings:
        Current temperature : 20.5 deg-C
stacking card Temperature Readings:
        Current temperature : 51.0 deg-C
        Warning level.......: 80.0 deg-C
        Shutdown level......: 83.0 deg-C
Boot Prom MAC : 748e.f8f9.851c
Management MAC: 748e.f8f9.851c
However, I'm pretty sure it's only the fans of the power supply that ramp up and down semi-constantly. The fans of the switch itself don't have this behavior.
 

arglebargle

H̸̖̅ȩ̸̐l̷̦͋l̴̰̈ỏ̶̱ ̸̢͋W̵͖̌ò̴͚r̴͇̀l̵̼͗d̷͕̈
Jul 15, 2018
657
244
43
Ok! finished reading through all 76 freaking pages. My goodness. My eyes are sore.

I have 2 on best offer for the 6450's. We'll see. Im not too confident on price though. Im a cheap bastard.
Setup email alerts for switches under $120 or so. They're selling for more now than they were a year ago but they still pop up every couple of weeks.
 
  • Like
Reactions: Sleyk

arglebargle

H̸̖̅ȩ̸̐l̷̦͋l̴̰̈ỏ̶̱ ̸̢͋W̵͖̌ò̴͚r̴͇̀l̵̼͗d̷͕̈
Jul 15, 2018
657
244
43
Thanks Argle, I hadn't thought about that :)
Will setup an alert now
Sure thing. When I'm shopping for a bargain I usually do a quick skim of recent sales first, that tells you what the market price for the thing actually is. The confusing thing for a lot of people is that the prices you see for listings when you search on eBay aren't actual sale prices, they're the price at which things haven't sold yet. Definitely look at sold items first when you're considering a purchase, then set your alerts accordingly. Sometimes actual sale prices and current listings are waaaaaaay out of whack.
 
  • Like
Reactions: Ouraing

Blue)(Fusion

Active Member
Mar 1, 2017
150
56
28
Chicago
I think I got my 6610 ACLs figured out and removed almost all firewalling from pfSense to switch-duty. The only firwalling pfSense does now is to the WAN. All devices now use the switch VE interfaces as gateways. This is still new for me, so if anyone is curious to use it, be cautions and anyone with know-how, please tell me if this is wildly or even mildly wrong:

Code:
access-list 102 remark ALLOW DHCP
access-list 102 permit udp any any eq bootps                     
access-list 102 permit udp any any eq bootpc
access-list 102 remark ALLOW ANY ICMP
access-list 102 permit icmp any any
access-list 102 remark ALLOW ESTABLISHED TCP TRAFFIC
access-list 102 permit tcp any any established
access-list 102 remark ALLOW DNS REQUESTS TO PFSENSE
access-list 102 permit udp 10.1.2.0 0.0.0.255 host 10.1.2.254 eq dns
access-list 102 remark ALLOW NTP REQUESTS TO PFSENSE
access-list 102 permit udp 10.1.2.0 0.0.0.255 host 10.1.1.254 eq ntp
access-list 102 permit udp 10.1.2.0 0.0.0.255 host 10.1.2.254 eq ntp
access-list 102 remark DENY ALL OTHER ACCESS TO SWITCH AND ROUTER
access-list 102 deny ip any host 10.1.2.1 log
access-list 102 deny ip any host 10.1.2.254 log
access-list 102 remark DENY INTER-VLAN TRAFFIC
access-list 102 deny ip any 10.1.1.0 0.0.0.255
access-list 102 deny ip any 10.1.3.0 0.0.0.255
access-list 102 deny ip any 10.1.4.0 0.0.0.255
access-list 102 deny ip any 10.1.6.0 0.0.0.255
access-list 102 deny ip any 10.1.10.0 0.0.0.255
access-list 102 deny ip any 10.1.20.0 0.0.0.255
access-list 102 remark ALLOW SAME VLAN TRAFFIC
access-list 102 permit ip 10.1.2.0 0.0.0.255 10.1.2.0 0.0.0.255   
access-list 102 remark DENY REMAINING TRAFFIC
access-list 102 deny ip any any log
!
access-list 103 remark ALLOW DHCP
access-list 103 permit udp any any eq bootps
access-list 103 permit udp any any eq bootpc
access-list 103 remark ALLOW ANY ICMP
access-list 103 permit icmp any any
access-list 103 remark ALLOW ESTABLISHED TCP TRAFFIC
access-list 103 permit tcp any any established
access-list 103 remark ALLOW DNS REQUESTS TO PFSENSE
access-list 103 permit udp 10.1.3.0 0.0.0.255 host 10.1.3.254 eq dns
access-list 103 remark ALLOW NTP REQUESTS TO PFSENSE
access-list 103 permit udp 10.1.3.0 0.0.0.255 host 10.1.1.254 eq ntp
access-list 103 permit udp 10.1.3.0 0.0.0.255 host 10.1.3.254 eq ntp
access-list 103 remark ALLOW NTP REQUEST RETURNS FROM PFSENSE
access-list 103 permit udp host 10.1.1.254 eq ntp 10.1.3.0 0.0.0.255
access-list 103 permit udp host 10.1.3.254 eq ntp 10.1.3.0 0.0.0.255
access-list 103 remark ALLOW RETURN OF SNMP TRAFFIC TO LIBRENMS SERVER
access-list 103 permit udp 10.1.3.0 0.0.0.255 eq snmp host 10.1.6.61 gt 1024
access-list 103 permit udp 10.1.3.0 0.0.0.255 eq snmp-trap host 10.1.6.61 gt 1024
access-list 103 remark ALLOW ECOBEE STRICT WAN ACCESS
access-list 103 permit tcp host 10.1.3.50 host 216.220.61.236 eq 8190
access-list 103 remark DENY ALL OTHER ACCESS TO SWITCH AND ROUTER
access-list 103 deny ip any host 10.1.3.1 log
access-list 103 deny ip any host 10.1.3.254 log                   
access-list 103 remark DENY INTER-VLAN TRAFFIC
access-list 103 deny ip any 10.1.1.0 0.0.0.255
access-list 103 deny ip any 10.1.2.0 0.0.0.255
access-list 103 deny ip any 10.1.4.0 0.0.0.255
access-list 103 deny ip any 10.1.6.0 0.0.0.255
access-list 103 deny ip any 10.1.10.0 0.0.0.255
access-list 103 deny ip any 10.1.20.0 0.0.0.255
access-list 103 remark ALLOW SAME VLAN TRAFFIC
access-list 103 permit ip 10.1.3.0 0.0.0.255 10.1.3.0 0.0.0.255
access-list 103 remark DENY REMAINING TRAFFIC
access-list 103 deny ip any any log
!
access-list 104 remark ALLOW ICMP
access-list 104 permit icmp any any
access-list 104 remark DENY ALL OTHER ACCESS TO SWITCH
access-list 104 deny ip any host 10.1.4.1 log
access-list 104 remark ALLOW LOCAL VLAN TRAFFIC
access-list 104 permit ip 10.1.4.0 0.0.0.255 10.1.4.0 0.0.0.255
access-list 104 remark DENY REMAINING TRAFFIC
access-list 104 deny ip any any log
!
access-list 105 remark ALLOW DHCP
access-list 105 permit udp any any eq bootps
access-list 105 permit udp any any eq bootpc
access-list 105 remark ALLOW ANY ICMP
access-list 105 permit icmp any any
access-list 105 remark ALLOW ESTABLISHED TCP TRAFFIC
access-list 105 permit tcp any any established
access-list 105 remark ALLOW RETURN OF NTP REQUESTS FROM PFSENSE TO ANY VLAN
access-list 105 permit udp host 10.1.1.254 eq ntp 10.1.0.0 0.0.255.255
access-list 105 remark ALLOW RETURN OF SNMP TRAFFIC TO LIBRENMS SERVER
access-list 105 permit udp 10.1.1.0 0.0.0.255 eq snmp host 10.1.6.61 gt 1024
access-list 105 permit udp 10.1.1.0 0.0.0.255 eq snmp-trap host 10.1.6.61 gt 1024
access-list 105 remark ALLOW IPMI, DRAC ACCESS from VLAN10 and SLB1/2
access-list 105 permit udp 10.1.1.0 0.0.0.255 eq asf-rmcp 10.1.10.0 0.0.0.255 gt 1024
access-list 105 permit udp 10.1.1.0 0.0.0.255 eq asf-rmcp host 10.1.6.39 gt 1024
access-list 105 permit udp 10.1.1.0 0.0.0.255 eq asf-rmcp host 10.1.6.40 gt 1024
access-list 105 remark ALLOW RETURN TRAFFIC FROM PROXMOX HOSTS TO VLAN10
access-list 105 permit ip host 10.1.1.10 10.1.10.0 0.0.0.255
access-list 105 permit ip host 10.1.1.11 10.1.10.0 0.0.0.255
access-list 105 remark ALLOW IPERF3 TRAFFIC TO/FROM VLAN 10
access-list 105 permit tcp 10.1.1.0 0.0.0.255 10.1.10.0 0.0.0.255 eq 5201
access-list 105 remark DENY INTER-VLAN TRAFFIC
access-list 105 deny ip any 10.1.2.0 0.0.0.255
access-list 105 deny ip any 10.1.3.0 0.0.0.255
access-list 105 deny ip any 10.1.4.0 0.0.0.255
access-list 105 deny ip any 10.1.6.0 0.0.0.255
access-list 105 deny ip any 10.1.10.0 0.0.0.255
access-list 105 deny ip any 10.1.20.0 0.0.0.255
access-list 105 remark ALLOW REMAINING TRAFFIC
access-list 105 permit ip any any
!
access-list 106 remark ALLOW DHCP
access-list 106 permit udp any any eq bootps
access-list 106 permit udp any any eq bootpc
access-list 106 remark ALLOW ANY ICMP
access-list 106 permit icmp any any
access-list 106 remark ALLOW ESTABLISHED TCP TRAFFIC
access-list 106 permit tcp any any established
access-list 106 remark ALLOW DNS REQUESTS TO PFSENSE
access-list 106 permit udp 10.1.6.0 0.0.0.255 host 10.1.6.254 eq dns
access-list 106 remark ALLOW NTP REQUESTS TO PFSENSE
access-list 106 permit udp 10.1.6.0 0.0.0.255 host 10.1.1.254 eq ntp
access-list 106 permit udp 10.1.6.0 0.0.0.255 host 10.1.6.254 eq ntp
access-list 106 remark ALLOW LIBRENMS SERVER TO QUERY ALL VLANS
access-list 106 permit udp host 10.1.6.61 any eq snmp
access-list 106 permit udp host 10.1.6.61 any eq snmp-trap
access-list 106 remark ALLOW SLB1/2 SSH/222, IPMI, DRAC ACCESS TO ALL VLANS
access-list 106 permit tcp host 10.1.6.39 any eq ssh
access-list 106 permit tcp host 10.1.6.40 any eq ssh
access-list 106 permit tcp host 10.1.6.39 any eq rsh-spx
access-list 106 permit tcp host 10.1.6.40 any eq rsh-spx
access-list 106 permit tcp host 10.1.6.39 any eq asf-rmcp
access-list 106 permit tcp host 10.1.6.40 any eq asf-rmcp
access-list 106 permit udp host 10.1.6.39 any eq asf-rmcp
access-list 106 permit udp host 10.1.6.40 any eq asf-rmcp
access-list 106 remark ALLOW RETURN OF NFS UDP TRAFFIC FROM TORRENTS TO VLAN10
access-list 106 permit udp host 10.1.6.199 eq sunrpc 10.1.10.0 0.0.0.255
access-list 106 permit udp host 10.1.6.199 eq nfs 10.1.10.0 0.0.0.255
access-list 106 remark ALLOW IPERF3 TRAFFIC TO/FROM VLAN 10
access-list 106 permit tcp 10.1.6.0 0.0.0.255 10.1.10.0 0.0.0.255 eq 5201
access-list 106 remark DENY ALL OTHER ACCESS TO SWITCH AND ROUTER
access-list 106 deny ip any host 10.1.6.1 log
access-list 106 deny ip any host 10.1.6.254 log
access-list 106 remark DENY INTER-VLAN TRAFFIC
access-list 106 deny ip any 10.1.1.0 0.0.0.255
access-list 106 deny ip any 10.1.2.0 0.0.0.255
access-list 106 deny ip any 10.1.3.0 0.0.0.255
access-list 106 deny ip any 10.1.4.0 0.0.0.255
access-list 106 deny ip any 10.1.10.0 0.0.0.255
access-list 106 deny ip any 10.1.20.0 0.0.0.255
access-list 106 remark ALLOW REMAINING TRAFFIC
access-list 106 permit ip any any
!
access-list 110 remark VIP VLAN GETS ACCESS ANYWHERE
access-list 110 permit ip any any                                 
!
access-list 120 remark ALLOW DHCP
access-list 120 permit udp any any eq bootps
access-list 120 permit udp any any eq bootpc
access-list 120 remark ALLOW ANY ICMP
access-list 120 permit icmp any any
access-list 120 remark ALLOW ESTABLISHED TCP TRAFFIC
access-list 120 permit tcp any any established
access-list 120 remark ALLOW DNS REQUESTS TO PFSENSE
access-list 120 permit udp 10.1.20.0 0.0.0.255 host 10.1.20.254 eq dns
access-list 120 remark ALLOW NTP REQUESTS TO PFSENSE
access-list 120 permit udp 10.1.20.0 0.0.0.255 host 10.1.1.254 eq ntp
access-list 120 permit udp 10.1.20.0 0.0.0.255 host 10.1.20.254 eq ntp
access-list 120 remark ALLOW RETURN OF SNMP TRAFFIC TO LIBRENMS SERVER
access-list 120 permit udp 10.1.20.0 0.0.0.255 eq snmp host 10.1.6.61 gt 1024
access-list 120 permit udp 10.1.20.0 0.0.0.255 eq snmp-trap host 10.1.6.61 gt 1024
access-list 120 remark ALLOW HTTP/IPP/LPD/JETDIRECT TRAFFIC TO PRINTER
access-list 120 permit tcp 10.1.20.0 0.0.0.255 host 10.1.3.5 eq http
access-list 120 permit tcp 10.1.20.0 0.0.0.255 host 10.1.3.5 eq printer
access-list 120 permit tcp 10.1.20.0 0.0.0.255 host 10.1.3.5 eq ipp
access-list 120 permit tcp 10.1.20.0 0.0.0.255 host 10.1.3.5 eq 9100
access-list 120 remark DENY ALL OTHER ACCESS TO SWITCH AND ROUTER
access-list 120 deny ip any host 10.1.20.1 log
access-list 120 deny ip any host 10.1.20.254 log
access-list 120 remark DENY INTER-VLAN TRAFFIC
access-list 120 deny ip any 10.1.1.0 0.0.0.255
access-list 120 deny ip any 10.1.2.0 0.0.0.255
access-list 120 deny ip any 10.1.3.0 0.0.0.255
access-list 120 deny ip any 10.1.4.0 0.0.0.255
access-list 120 deny ip any 10.1.6.0 0.0.0.255
access-list 120 deny ip any 10.1.10.0 0.0.0.255
access-list 120 remark ALLOW REMAINING TRAFFIC
access-list 120 permit ip any any
Each ACL is numbered as 1${vlanid}

VLAN setup:
1 - Default - unused
2 - VoIP - no WAN access
3 - IoT - no WAN access - printers, cameras
4 - NAS/Gluster - no WAN access, no VLAN interface on pfSense)
5 - Management - access to all switch admin, pfSense, Proxmox hosts)
6 - App - VMs and other servers running various apps like MySQL, Apache, HAProxy, Deluged, monitoring software. Some with external access from WAN (HTTP/HTTPS)
10 - Trusted - My desktops, HTPC, laptop
20 - Untrusted - Guest wireless devices, cell phones, iPads, Smart TVs


Also, all the access-groups are in the "in" direction. Is this appropriate?
Code:
interface ve 2
 ip access-group 102 in
 ip address 10.1.2.1 255.255.255.0
!
interface ve 3
 ip access-group 103 in
 ip address 10.1.3.1 255.255.255.0
!
interface ve 4
 ip access-group 104 in
 ip address 10.1.4.1 255.255.255.0                              
!
interface ve 5
 ip access-group 105 in
 ip address 10.1.1.1 255.255.255.0
!
interface ve 6
 ip access-group 106 in
 ip address 10.1.6.1 255.255.255.0
!
interface ve 10
 ip address 10.1.10.1 255.255.255.0
!
interface ve 20
 ip access-group 120 in
 ip address 10.1.20.1 255.255.255.0
 
Last edited: