Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Wolfstar

Active Member
Nov 28, 2015
159
83
28
48
Yeah I was worried about that... I can't believe how difficult it is to find some damn rack ears for these things.
Thank you @Wolfstar
I actually have a set of the Adustable Rack Mount shelves you were talking about, but I want something to hold the ICX6450 in a network rack.
Yeah, it's not a trivial find, though you'd think it would be. On the other hand, we have an absolute beast of a time finding FCX648 rack ears as well for work, and people hoard them like misers when they do find them.
 

Wolfstar

Active Member
Nov 28, 2015
159
83
28
48

infoMatt

Active Member
Apr 16, 2019
222
100
43
Does anyone have a design or a link to a design for 3D printed rack mount ears for the ICX 6450?
Please and Thank you,
Matt
Read the last few pages, I've posted the measurements of the ears of my switch, you can recreate those with a piece of sheet metal and a drill... nothing fancy, it's just an "L shaped" piece of steel...
Paying $65 for those simple items it's crazy, IMHO... Heck, you can even just place it on top of the equipment placed below it, it weighs nothing...
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
I think I have a bad NAND chip, or something. Any things I can try to revive this unit via uboot?
I have already used FTFP in uboot to reload the primary, secondary, and boot images, same result; and I tried a full TFTP boot, but it still errors out at the same point. I trimmed a lot of data (very long hex dumps), but I have the original PuTTY log that I can share if needed.
Code:
Ruckus Wireless Bootloader: 10.1.14T225 (Nov 15 2018 - 04:59:18 -0800)

Booted from partition 2
DRAM:  Validate Shmoo parameters stored in flash ..... OK

ICX7150-12 (POE), PVT1
SYS CPLD VER: 0x4 Released Ver: 0xa

device 0 offset 0x0, size 0xc0000
Enter 'b' to stop at boot monitor:
device 0 offset 0x0, size 0xc0000
bootdelay: ===
Booting image from Primary

NAND read: device 0 offset 0x0, size 0x2000000
 33554432 bytes read: OK
## Loading kernel from FIT Image at 70000200 ...
   Using 'conf@1' configuration
   Trying 'kernel@2' kernel subimage
     Description:  Ruckus Linux MN VER=08.0.80e
     Type:         Kernel Image
     Compression:  lzma compressed
     Data Start:   0x70213ff0
     Data Size:    2184164 Bytes = 2.1 MiB
     Architecture: ARM
     OS:           Linux
     Load Address: 0x61008000
     Entry Point:  0x61008000
     Hash algo:    crc32
     Hash value:   29a83c27
## Loading kernel from FIT Image at 70000200 ...
   Using 'conf@1' configuration
   Trying 'kernel@2' kernel subimage
     Description:  Ruckus Linux MN VER=08.0.80e
     Type:         Kernel Image
     Compression:  lzma compressed
     Data Start:   0x70213ff0
     Data Size:    2184164 Bytes = 2.1 MiB
     Architecture: ARM
     OS:           Linux
     Load Address: 0x61008000
     Entry Point:  0x61008000
     Hash algo:    crc32
     Hash value:   29a83c27
   Verifying Hash Integrity ... crc32+ OK
## Loading ramdisk from FIT Image at 70000200 ...
   Using 'conf@1' configuration
   Trying 'ramdisk@1' ramdisk subimage
     Description:  Ramdisk -rootfs
     Type:         RAMDisk Image
     Compression:  lzma compressed
     Data Start:   0x7042fd88
     Data Size:    25430519 Bytes = 24.3 MiB
     Architecture: ARM
     OS:           Linux
     Load Address: 0x00000000
     Entry Point:  0x00000000
     Hash algo:    crc32
     Hash value:   960fb2cd
   Verifying Hash Integrity ... crc32+ OK
## Loading fdt from FIT Image at 70000200 ...
   Using 'conf@1' configuration
   Trying 'fdt@3' fdt subimage
     Description:  Flattened Device Tree blob
     Type:         Flat Device Tree
     Compression:  uncompressed
     Data Start:   0x7042db30
     Data Size:    8607 Bytes = 8.4 KiB
     Architecture: ARM
     Hash algo:    crc32
     Hash value:   6fc9a37b
   Verifying Hash Integrity ... crc32+ OK
   Loading fdt from 0x7042db30 to 0x65008000
   Booting using the fdt blob at 0x65008000
   Uncompressing Kernel Image ... OK
   Using Device Tree in place at 65008000, end 6500d19e

Starting kernel ...

booting with 4.4 kernel
NAND Type: Micron NAND 2GiB (x 1)
PLATFORM MN
dd cmd: UBI
ubi0 error: ubi_io_read: error -74 (ECC error) while reading 1040384 bytes from PEB 841:8192, read 1040384 bytes
UBIFS error (ubi0:0 pid 565): ubifs_recover_leb: corruption -3
UBIFS error (ubi0:0 pid 565): ubifs_check_node: bad node length 263218
UBIFS error (ubi0:0 pid 565): ubifs_check_node: bad node at LEB 1134:884736
    magic          0x6101831
    crc            0x87f8e43e
    node_type      1 (data node)
    group_type     128 (unknown)
    sqnum          1378685144455
    len            263218
    key            (4194457, xentry, 0x00205e)
    size           335548416
    compr_typ      1344
    data size      263170
    data:
    00000000: d6 c1 c7 35 d4 a1 e1 f2 c1 d0 ef 02 7e 99 b9 63 4f 17 43 76 22 8a 8d f7 1e d1 49 19 d3 0b a3 60
    [trimmed]
    00025fa0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Unable to handle kernel paging request at virtual address f0ca1000
pgd = d0d14000
[f0ca1000] *pgd=86155811, *pte=00000000, *ppte=00000000
Internal error: Oops - BUG: 7 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 565 Comm: mount Not tainted 4.4.0 #1
Hardware name: BRCM XGS iProc
task: e51c2600 ti: d0c2c000 task.ti: d0c2c000
PC is at hex_dump_to_buffer+0x158/0x4d0
LR is at 0xd0c2db9a
pc : [<c0225670>]    lr : [<d0c2db9a>]    psr: 20000213
sp : d0c2db00  ip : 00000034  fp : d0c2db4c
r10: 00000020  r9 : c0432298  r8 : 00000020
r7 : f0ca0fff  r6 : 00000010  r5 : 00000066  r4 : 00000083
r3 : 00000066  r2 : 00000030  r1 : 00000032  r0 : 00000031
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 12c5387d  Table: 71d14059  DAC: 00000051
Process mount (pid: 565, stack limit = 0xd0c2c190)
Stack: (0xd0c2db00 to 0xd0c2e000)
db00: c0066134 c0065a4c 00000001 f0ca0ff0 00000061 00000000 00000020 00000020
[trimmed]
dfe0: b6e2d071 beab4a18 00051149 b6e2d078 80000230 beab4f18 00000000 00000000
Backtrace:
[<c0225518>] (hex_dump_to_buffer) from [<c0225a8c>] (print_hex_dump+0xa4/0x118)
[<c02259e8>] (print_hex_dump) from [<c01ca444>] (ubifs_dump_node+0x97c/0xbe0)
[<c01c9ac8>] (ubifs_dump_node) from [<c01a8224>] (ubifs_check_node+0x1c0/0x308)
[<c01a8064>] (ubifs_check_node) from [<c01af8e4>] (ubifs_scan_a_node+0xd0/0x1f4)
[<c01af814>] (ubifs_scan_a_node) from [<c01c1f80>] (ubifs_recover_leb+0x578/0x7e0)
[<c01c1a08>] (ubifs_recover_leb) from [<c01b11f0>] (ubifs_replay_journal+0xdd0/0x1540)
[<c01b0420>] (ubifs_replay_journal) from [<c01a5adc>] (ubifs_mount+0x1190/0x192c)
[<c01a494c>] (ubifs_mount) from [<c00d9bdc>] (mount_fs+0x14/0x40)
[<c00d9bc8>] (mount_fs) from [<c00f1bf4>] (vfs_kern_mount+0x50/0xf8)
[<c00f1ba4>] (vfs_kern_mount) from [<c00f4cc4>] (do_mount+0x1a8/0xc40)
[<c00f4b1c>] (do_mount) from [<c00f5acc>] (SyS_mount+0x7c/0xa8)
[<c00f5a50>] (SyS_mount) from [<c000a4a0>] (ret_fast_syscall+0x0/0x3c)
Code: 02a0cee5 cf00000a 010054e1 d100003a (0130f7e5)
[BrcdSoftlockup]: BUG: soft lockup - CPU#0 stuck for 524s! [mount:565]
---[ end trace a6e623cfc8e5011c ]---
note: mount[565] exited with preempt_count 1
Segmentation fault

Mounting Config partition failed, non-recoverable file system corruption
Reformatting the flash, please download config and keys again ...

ubidetach: error!: cannot detach mtd2
           error 16 (Device or resource busy)
ubiformat: error!: please, first detach mtd2 (/dev/mtd2) from ubi0
Formatting Doneubi0 error: ubi_attach_mtd_dev: mtd2 is already attached to ubi0

ubiattach: error!: cannot attach mtd2
           error 17 (File exists)
ubimkvol: error!: UBI device does not have free logical erasebloubi1: attaching mtd3
cks
!!!ERROR:ubimkvol failed for config partition
ubi1: scanning is finished
ubi1: attached mtd3 (name "resources", size 512 MiB)
ubi1: PEB size: 1048576 bytes (1024 KiB), LEB size: 1040384 bytes
ubi1: min./max. I/O unit sizes: 4096/4096, sub-page size 4096
ubi1: VID header offset: 4096 (aligned 4096), data offset: 8192
ubi1: good PEBs: 504, bad PEBs: 8, corrupted PEBs: 0
ubi1: user volume: 1, internal volumes: 1, max. volumes count: 128
ubi1: max/mean erase counter: 1/0, WL threshold: 4096, image sequence number: 677597375
ubi1: available PEBs: 0, total reserved PEBs: 504, PEBs reserved for bad PEB handling: 32
ubi1: background thread "ubi_bgt1d" started, PID 582
UBIFS (ubi1:0): background thread "ubifs_bgt1_0" started, PID 586
UBIFS (ubi1:0): recovery needed
UBIFS (ubi1:0): recovery completed
UBIFS (ubi1:0): UBIFS: mounted UBI device 1, volume 0, name "resources"
UBIFS (ubi1:0): LEB size: 1040384 bytes (1016 KiB), min./max. I/O unit sizes: 4096 bytes/4096 bytes
UBIFS (ubi1:0): FS size: 476495872 bytes (454 MiB, 458 LEBs), journal size 23928832 bytes (22 MiB, 23 LEBs)
UBIFS (ubi1:0): reserved for root: 4952683 bytes (4836 KiB)
UBIFS (ubi1:0): media format: w4/r0 (latest is w4/r0), UUID 8068C335-3096-4AA2-983E-4659B278DEBA, small LPT model
UBIFS (ubi1:0): full atime support is enabled.
Resource partition is mounted!!
Restore is Done
Kernel crashdump is disabled.
Backup is fine
dma_mem_base: 0x96000000, dma_mem_len: 0x8000000, warm_mem_base: 0x9f500000, warm_mem_len: 0xb00000
Creating TUN device
Starting TPM Infra
Group tss and User tss created
kernel.hostname = localhost
hostname set to localhost
Starting TCSD Daemon
TCSD Up and Running
Enabling time stamp.
Starting the FastIron.
USER=root
HOME=/
GCOV_PREFIX=/fast_iron
ethaddr=78:a6:e1:2e:48:29?
TERM=vt102
PATH=/sbin:/usr/sbin:/bin:/usr/bin
crashkernel=64M@0x70000000
ip=192.168.0.210:192.168.0.14::255.255.255.0:MN:eth0:off
SHELL=/bin/sh
PWD=/
i2c-0    i2c          Broadcom iProc I2C adapter          I2C adapter    2
i2c-1    i2c          Broadcom iProc I2C adapter          I2C adapter    2
!!!WARNING: Unable to read Filesystem information!!!
Total no. of blocks in FS = 0
Total no. of free blocks = 0
FIPS Disabled:PORT NOT DISABLED
platform type 90
OS>
Loaded Image SPR08080e from Pri Built on (UTC): Tue Apr  9 10:25:33 2019
Enabling Console Logging
flash_file=0.
Upgrade from pre 8.0.80 image. Dual mode to VLAN config upgrade needed

Hotplugger Daemon Initialized ..
External USB disk is not mounted or plugged in.
set_board_level: gi_board_type = 116[  628.362222] linux-kernel-bde: map phys range 0x3200000-0x3240000 to 0xb0d09000-0xb0d49000
[  628.544467] linux-kernel-bde: map phys range 0x88100000-0x90100000 to 0xa8c00000-0xb0c00000
DMA pool size: 134217728
PHY Reset De-asserted

sw_pp_sdk_init:137 ToR init

SOC unit 0 attached to PCI device BCM56160_B0
Firmware version from File: 2.1.1
Pre Parsing Config Data ...


Done with Pre-allocating nexthop id's for Unicast & Openflow
 
  • Like
Reactions: am45931472

LodeRunner

Active Member
Apr 27, 2019
540
227
43
I took a leap and issued nand erase.chip in uboot, then reloaded uboot, primary, and seconday images from my tftp server and got a clean startup.
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
All right, next issue. Unsure if this is doing more than spamming the console, but this command fails:
ICX7150-C12 Router#dm verify-device-certs
Commencing sanity check for device certs ...
Verifying TPM files ...
Failed: Check TCSD_PS Files

And the console is being spammed with Info: Device Key or Cert file is not available

My Google skills are apparently deficient for this issue.
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
Awesome, thanks. Saw those commands in your hidden commands list, but was unsure if I could just generate my own RSA stuff and load it it.

Edit:
Looks like those commands won't do that. The rsa key/cert parameters are for key based scp between devices or an scp server apparently. Found over on SmartZone troubleshooting:

So on a 7150, if the TPM or the device cert/key get munged, it requires an RMA. Unless there's a way into the TPM via Linux or uBoot.

I have Linux access on this unit if anyone wants me to try anything, or has a working one and can export key and cert (probably not, kinda the thing a TPM is meant to prevent, isn't it?).

My other 7150 came up with no issues post PSU replacement and has replaced a Cisco SG300-10 that I was using in my office; it had a password on Linux that was not the default root. It also let me ditch 2 POE injectors for my UniFI AP's, so that's nice too. Seriously looking into R610 or R710s to replace them due to several neighbors with very noisy APs that sit on overlapping channels at maximum power.

Edit 2: Interestingly, after updating the unit to 8080e, Linux requires a password and it's not the root password in the guides. Initially, I had loaded 8060 after erasing the NAND.
 
Last edited:

fohdeesha

Kaini Industries
Nov 20, 2016
2,727
3,075
113
33
fohdeesha.com
interesting, since you only zero'd the flash the TPM contents should still be good. I have a feeling this is a case of an undocumented command or linux script somewhere that needs to be executed but it could take some digging to find it. I highly doubt they're throwing RMAs with this issue in the trash and replacing the unit

also the root pass is wYbRaMWrYIJgg - just checked the 8080e binary - this is what is listed in the guide as well, which root pass were you trying?
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,727
3,075
113
33
fohdeesha.com
any way you can provide me remote access to the serial port? found a couple TPM things I'd like to try - only 7xxx series stuff I have here is non TPM
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
any way you can provide me remote access to the serial port? found a couple TPM things I'd like to try - only 7xxx series stuff I have here is non TPM
Sent you a DM.

I used that root password, I wonder if it was not pasting properly? I have not had issues pasting anything else in via PuTTY, but I did not try manually keying it.

I have a suspicion, which I can test later, that enabling authentication on the switch locks down the Linux side somehow? With the NAND erased and the system restored to v8060, it boots right to Linux with no password.
 

Loto_Bak

New Member
Mar 10, 2011
29
15
3
Does anyone have a design or a link to a design for 3D printed rack mount ears for the ICX 6450?
Please and Thank you,
Matt
I made one but as others have mentioned it will not support the switch's weight.
I have most of the weight sitting on a couple ears mounted under my desk from a print on thingiverse.

Also the holes are slightly small for the screws into the switch.
The screws will tap a thread in the print if you don't enlarge them.
 

Attachments

jzeus

New Member
Jan 22, 2017
19
4
3
interesting, since you only zero'd the flash the TPM contents should still be good. I have a feeling this is a case of an undocumented command or linux script somewhere that needs to be executed but it could take some digging to find it. I highly doubt they're throwing RMAs with this issue in the trash and replacing the unit

also the root pass is wYbRaMWrYIJgg - just checked the 8080e binary - this is what is listed in the guide as well, which root pass were you trying?
That was a DES encrypted password with salt.

openssl passwd --crypt --salt=wY --stdin <pswd

where pswd contains the default barcode password, see attached file.brocade_root.png
 
  • Like
Reactions: klui

jzeus

New Member
Jan 22, 2017
19
4
3
That password worked, thanks!
The cert and keys are stored in a ubifs volume mounted as /opt

mount -t ubifs -o sync ubi1:resources /opt

I got this from a bad update:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Resources partition is factory-corrupted! Formatting!!
Formatting will destroy all the certificates and licenses!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

printed from /etc/preinit.sh .

All tpm stuff is in /opt/tpm:
/opt/tpm/system.data
/opt/tpm/bkp-mfg-system.data
/opt/tpm/mfg-wrapped-key.pem
/opt/tpm/mfg-md5sum.txt
/opt/tpm/mfg-cert.pem
/opt/tpm/mfg-key.pem
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
Yeah, I copied those files from my working 7150 to the one that I had to erase the entire NAND chip on (it wouldn't just let me erase a partition). I get the following on boot:
Code:
ICX7150-C12 Router>2820269152:error:8006F06D:tpm engine:TPM_ENGINE_LOAD_KEY:request failed:e_tpm.c:672:
                                                                                                       2820269152:error:26096080:lib(38):func(150):reason(128):NA:0:
                     /vobs/fdry/build/../../../../..///vobs/mucho/mp/cmds/web_cmds.c:1605 Couldn't load TPM key "../opt/tpm/mfg-wrapped-key.pem" from file.
            update_tls_client_db_for_trustpoint, TPM key file load failed..!!
From the OS console (CTRL+Y, M over serial after booting):
Code:
OS>tpm key
TPM Engine:Couldn't load TPM Key File
Library error is: error:8006F06D:tpm engine:TPM_ENGINE_LOAD_KEY:request failed
dm create_device_profile_and_trustpoint generates a similar (identical, it seems) error as is displayed on boot:
Code:
ICX7150-C12 Router#dm create_device_profile_and_trustpoint 2788738144:error:8006F06D:tpm engine:TPM_ENGINE_LOAD_KEY:request failed:e_tpm.c:672:
2788738144:error:26096080:lib(38):func(150):reason(128):NA:0:
                                                             /vobs/fdry/build/../../../../..///vobs/mucho/mp/cmds/web_cmds.c:1605 Couldn't load TPM key "../opt/tpm/mfg-wrapped-key.pem" from file.

update_tls_client_db_for_trustpoint, TPM key file load failed..!!

fohdeesha noted that all the tpm related binaries had been removed from the BusyBox image; I tried to run armhf versions of them downloaded from the Debian Jessie repo as the libraries on the system appeared to meet the dependency requirements, but I encountered an error that's either due to compiler/library differences, or the fact that the switch runs sh and not bash.

Edit to add:
This switch really doesn't like having interfaces connected when the TPM doesn't work:
Code:
stack: 0147f0f0 0145a420 b6bc37c1 
Application received signal -> SIGNUM#11
Tuning CFS scheduler parameters...
Copying fitrace errorlog file to flash
[  123.059976] [BrcdSoftlockup]: sim_softwatchdog thread is detached on core=0 
CORE_PATTERN:PID=1055 UID=0 GID=0 sig=11
Sat Apr 18 21:20:00 UTC 2020: Dumping core file to /tmp.gz, this will take couple of minutes ...
Segmentation fault (core dumped)
Sat Apr 18 21:24:37 UTC 2020: Core file collected as /tmp.gz, processing the core file ...
Sat Apr 18 21:24:37 UTC 2020: Removing the oldest core file:core_1055-12_2020-04-18_21-07-50.gz of size 8484 kbytes
seq 13
Sat Apr 18 21:24:38 UTC 2020: Calculating checksum: core_1055-14_2020-04-18_21-24-38.gz
Sat Apr 18 21:24:38 UTC 2020: Checking integrity of core_1055-14_2020-04-18_21-24-38.gz
 
Last edited:

fohdeesha

Kaini Industries
Nov 20, 2016
2,727
3,075
113
33
fohdeesha.com
That was a DES encrypted password with salt.

openssl passwd --crypt --salt=wY --stdin <pswd

where pswd contains the default barcode password, see attached file.View attachment 13647
Really? that's strange, I've logged into my 7250 using that plaintext string numerous times. Wonder if they either forgot to hash it on older versions (can't remember the last time I tried), or if it's something specific to the TPM switches
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,727
3,075
113
33
fohdeesha.com
well indeed, specific to the 7150, so that would explain it (from preinit.sh)

Code:
if [[ "$platform" == "MN" ]] ; then
    cp /etc/passwdshadow /etc/passwd
fi
ICX7150 = MN Minion

ICX7250 = SI Sica

ICX7450 = SP Spatha

it did also respond nicely to just being told to boot in single user mode where no password was needed at all (but it's good to know fibranne now): setenv extra_bootargs noautostart single

it seems his problem is the TPM needs cleared and re-initialized, it's managed by the tcsd daemon which is present, but there's no packages like tpm-tools present to actually pass manual commands to the daemon. as far as I can tell he's gunna have to compile tpm-tools for the switch specifically. there's a bootarg "notpm" which skips initialization of the TPM completely (stops the execution of tpm-infra.sh entirely) but the switch still complained, even more if I remember right. It really wants to see /opt/tpm with keys matching what's held in the TPM

I'm going to have another look through the fastiron binary tonight if I get a chance, they clearly have at least a couple TPM related commands hidden buried in it, hopefully one of them will re-initialize the thing with new keys. I can't imagine switches RMAd with this issue need a custom toolchain loaded to fix it, that would be a huge waste of time on everyone's part. Whatever we do load obviously won't be Ruckus's keys so it won't link up with their smartzone controllers any longer, but at least the switch will function normally again
 
Last edited:
  • Like
Reactions: klui

muhfugen

Active Member
Dec 5, 2016
156
45
28
How loud are the icx 7450 switches? The data sheet says 46db for the non-PoE and 49db for the PoE model. A Catalyst 3750E is 45db and my current FlexFabric 5800 is 42db. is it really going to be a negligible difference compared to a Catalyst 3750E, or are the data sheets not reflective of reality? Also can the fans be modded on the icx 7450?