Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

986box

Active Member
Oct 14, 2017
228
40
28
44
thanks for confirming. The 1st post was a long time ago. Wasn't sure if its still valid.
 

richtj99

Member
Jul 8, 2017
67
1
8
50
This is another switch I am playing with - same thing as the 6450 - makes me think its me as I followed the guide.
Did you allow NTP in the Windows firewall?

Edit: Wait, you said, that the Windows server is working successfully as an NTP server for other devices?
Yes it is working as a NTP for other devices (cameras, ip phones, pcs).
 

kapone

Well-Known Member
May 23, 2015
1,095
641
113
This is another switch I am playing with - same thing as the 6450 - makes me think its me as I followed the guide.


Yes it is working as a NTP for other devices (cameras, ip phones, pcs).
Yeah, it does look likely that there's something in the switch config that's making it not work.
 

CIR-Engineering

I am a functional adult?
Jan 14, 2021
85
30
18
48
Chicago USA
www.cir-engineering.com
Well, looking at all of your posts to my questions and @fohdeesha's walk through again, NTP seems to be working fine. I cannot reboot the switch right now to verify the settings hold, but for now they look good. The only thing I can think of that might have happened before, was that I forgot to write mem after setting the default gateway and then just thought I was having NTP issues, but it was really not accessing the outside world issues. I would have thought that I would have noticed this though :rolleyes:

Code:
SSH@switch(config-vif-1)#show interface ve 1
ve1 is up, line protocol is up
  Hardware is Virtual Ethernet, address is cc4e.2451.f020 (bia cc4e.2451.f020)
  No port name
  Internet address is 192.168.1.2/24, IP MTU 1500 bytes, encapsulation ethernet
SSH@switch(config-vif-1)#show ntp ass
   address         ref clock      st  when  poll reach  delay   offset  disp
+~216.239.35.0    GOOG             1    64    64   377 42.557  -3.9964  2.999
*~216.239.35.4    GOOG             1     2    64   377 31.999   4.7768  4.772
* synced, # selected, + candidate, - outlayer, x falseticker, ~ configured
SSH@switch(config-vif-1)#show ntp stat
 Clock is synchronized, stratum 2, reference clock is 216.239.35.4
 precision is 2**-16
 reference time is 3831315119.273832170 (16:11:59.273832170 Central Sat May 29 2021)
 clock offset is 0.8829 msec, root delay is 31.9998 msec
 root dispersion is 10.7706 msec,  peer dispersion is 0.1167 msec
 system poll interval is 64,  last clock update was 341 sec ago
 NTP server mode is disabled, NTP client mode is enabled
 NTP master mode is disabled, NTP master stratum is 8
 NTP is not in panic mode

SSH@switch(config-vif-1)#
Thanks guys and I'll let you all know what happens after I can reboot.

Kind regards,
craigr
 
  • Like
Reactions: itronin

CIR-Engineering

I am a functional adult?
Jan 14, 2021
85
30
18
48
Chicago USA
www.cir-engineering.com
So I've sent @fohdeesha a couple PM's on the subject of trying to convert/re-code my ipolex 10G SFP+ RJ45 copper transceivers to official Brocade in my ICX6450-24P. While I await his reply I figured I'd post here in case anyone else can help. These are the optics I am working with:

Amazon.com: ipolex 2 Pack 10G SFP+ RJ45 Copper Transceiver, 10GBase-T Module for Cisco, Ubiquiti, D-Link, Supermicro, Netgear, Mikrotik (Cat6a/7, 30-Meter): Computers & Accessories

Here is what I get at the terminal when I show media:

SSH@switch(config)#show media ethernet 1/2/1
Port 1/2/1: Type : 10GE SR 300m ((SFP+))
Vendor: OEM Version: 02
Part# : SFP-10G-SR Serial#: CSF101L33816

I suspect that the eeprom may be unlocked because it looks like ipolex just copied the eeprom flash from a Cisco SFP-10G-SR and substituted Cicsco with "OEM." Obviously they are not Cisco, are not 300m, and are not 10GBASE SFP+. They are ipolex 10GBASE-T modules with RJ-45.

I'm trying to figure out if I can write to them or not using i2c. So far I have not been able to figure out the context. Firstly I looked at the post where he figured out how to recode the monoprice passive copper cables here and also several other posts.


Unfortunately, on the 6450 at the serial debug console "i2c read" is not a recognized command. In fact there are very few i2c commands here on the 6450 as far as I can tell using help or ?. That seems to be a dead end.

So next I looked at @fohdeesha's hidden dm menu inside enable config terminal. There are also some i2c commands their, but none of the seem helpful either.

Finally I used @fohdeesha's guide on "Hidden Brocade Dev Stuff" and then used "Hidden Bootloader Modes." This has proven to provide some answers. However, I cannot figure out the correct context. This is what I got so far inside the hidden bootloader.

ICX64XX-boot>> help i2cprobe
i2cprobe <device>
- probe special i2c device id
device : Valid devices are <pd69000|info_eeprom|sfp_port1|sfp_port2|sfp_port3|sfp_port4s
|cpld|rtc|pca9535_sfp|pca9535_led|pca9535_led_stack|pca9535_id|hwm>
ICX64XX-boot>> i2cprobe sfp_port1
I2C has probe the SFP Port 1.(Reg0=0x03)
loop: 1
i2cprobe PASS
ICX64XX-boot>>

We can see that the optics show up in SFP Port 1 and 3 using this command. In this hidden bootloader there is indeed an i2c read function, but this is where I am not sure about the correct syntax.

ICX64XX-boot>> help i2cread
i2cread <devAddr> <reg_addr> <addrlen> <get_len>
- Get special i2c device id
devAddr : I2C device address
reg_addr : I2c device register
addrlen : I2C device address size, [0/1/2] byte
get_len : Get data bytes

I have tried many variables for all of the switches above, but not to my surprise, nothing has worked. Here are some examples of my trials. Many don't make a lot of sense, but I was throwing the kitchen sink at it:

ICX64XX-boot>> i2cread 0=0x03 1 0 256
i2c read length fail (getLen=256)

ICX64XX-boot>> i2cread 0=0x03 1/2/1 0 FF
TWSI: mvTwsiRead: 977: mvTwsiAddrSet failed
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0 0x03 1/2/1 0 256
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0 0x03 0 256
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0 0x03 0 0 256
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0 0x03 1 0 256
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0 0x03 2 0 256
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0=0x03 1/2/1 0 256
i2c read length fail (getLen=256)

So what exactly is the syntax for devAddr (I2C device address), reg_addr (I2c device register), addrlen (I2C device address size) or do I even need to specify this one, and of course get_len (Get data bytes)? It was super late and I was really tired when I tried all this so it's a bit fuzzy already... I may have also been a bit inebriated o_O

Assuming I can figure out how to read the eeprom, after I back it up, I would then like to try and write one byte to see if it's unlocked. Anybody know the commands to write?

Thanks all,
craigr
So is anyone going to say anything about re-coding my "optics" with i2c to official Brocade? Will official Brocade optics show me the temperatures of said optics, or is there just absolutely no point whatsoever in re-coding RJ45 optics?

You guys can also just tell me I'm being an ass about this ;).

Thanks again,
craigr
 

jht3

New Member
Oct 5, 2015
14
7
3
Northern Virginia
trying to do layer 3 routing on the switch but only two of my four virtual interfaces are in the "up" status. what am i missing? do i need a physical device plugged into an interface; tagged or untagged for each vlan? am i incorrect in assuming the ve's would come up at boot without anything plugged in? i have full internet access on the working ve's so my nat and static routes are working.

i have 6 vlans:
vlan 100 is my WAN, layer 2 only
vlan 172 is the transit vlan with associated ve 172
vlan 1 is the default but doing nothing
vlan 9 is my server vlan with associated ve 9
vlan 10 is my user vlan with associated ve 10
vlan 11 is my guest vlan with associated ve 11

vlan/ve 172 is up, which is connected to my physical firewall, untagged
vlan/ve 9 is up, which i have a basic access point connected, untagged

the rest are down, but i do have interfaces tagged and untagged, but nothing actively plugged in

Code:
telnet@ICX6450-48P Router(config)#show ip address
        IP Address       Type      Lease Time       Interface
          10.0.1.1       Static    N/A             9
        172.16.0.1       Static    N/A             172
         10.0.10.1       Static    N/A             10
         10.0.11.1       Static    N/A             11

telnet@ICX6450-48P Router#show ip route
Total number of IP routes: 3
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
        Destination        Gateway         Port          Cost          Type Uptime
1       0.0.0.0/0          172.16.0.2      ve 172        1/1           S    1h51m
2       10.0.1.0/24        DIRECT          ve 9          0/0           D    2h15m
3       172.16.0.0/30      DIRECT          ve 172        0/0           D    2h15m

telnet@ICX6450-48P Router(config)#show ip int
Interface           IP-Address      OK?  Method    Status             Protocol   VRF       
Ve 9                10.0.1.1        YES  NVRAM     up                 up         default-vrf
Ve 172              172.16.0.1      YES  NVRAM     up                 up         default-vrf
Ve 10               10.0.10.1       YES  manual    down               down       default-vrf
Ve 11               10.0.11.1       YES  manual    down               down       default-vrf
Code:
telnet@ICX6450-48P Router(config)#show int ve 9
ve9 is up, line protocol is up
  Hardware is Virtual Ethernet, address is cc4e.2454.6d00 (bia cc4e.2454.6d00)
  No port name
  Internet address is 10.0.1.1/24, IP MTU 1500 bytes, encapsulation ethernet
telnet@ICX6450-48P Router(config)#show int ve 10
ve10 is down, line protocol is down
  Hardware is Virtual Ethernet, address is cc4e.2454.6d00 (bia cc4e.2454.6d00)
  No port name
  Internet address is 10.0.10.1/24, IP MTU 1500 bytes, encapsulation ethernet
Code:
telnet@ICX6450-48P Router(config)#show int br

Port       Link    State   Dupl Speed Trunk Tag Pvid Pri MAC             Name
1/1/1      Up      Forward Full 1G    None  No  100  0   cc4e.2454.6d00  VZW WAN   
1/1/2      Up      Forward Full 1G    None  No  100  0   cc4e.2454.6d01  FW WAN     
1/1/3      Up      Forward Full 1G    None  No  172  0   cc4e.2454.6d00  FW LAN     
1/1/47     Up      Forward Full 1G    None  No  9    0   cc4e.2454.6d00  ap         
1/1/48     Down    None    None None  None  Yes N/A  0   cc4e.2454.6d00  TRUNK

UPDATE: changed the port my AP is on to a dual-mode w/ tagged vlans for 10 and 11. now those ve's are up. so i guess you DO have to have something actually plugged in before pinging each ve gateway.
 
Last edited:

mintchipmadness

New Member
Nov 27, 2020
24
6
3
Hi All,
Does anyone know the specifications for the tiny enclosure screws in the icx 7250? I wasn't able to find the information in the documentation for the switch. The reason I ask is I am trying to buy replacements since I stripped a few of them. Please note that they are smaller than the screws for the rack ears which the specs were provided. Thank you for your help.
 

CIR-Engineering

I am a functional adult?
Jan 14, 2021
85
30
18
48
Chicago USA
www.cir-engineering.com
Well, looking at all of your posts to my questions and @fohdeesha's walk through again, NTP seems to be working fine. I cannot reboot the switch right now to verify the settings hold, but for now they look good. The only thing I can think of that might have happened before, was that I forgot to write mem after setting the default gateway and then just thought I was having NTP issues, but it was really not accessing the outside world issues. I would have thought that I would have noticed this though :rolleyes:

Code:
SSH@switch(config-vif-1)#show interface ve 1
ve1 is up, line protocol is up
  Hardware is Virtual Ethernet, address is cc4e.2451.f020 (bia cc4e.2451.f020)
  No port name
  Internet address is 192.168.1.2/24, IP MTU 1500 bytes, encapsulation ethernet
SSH@switch(config-vif-1)#show ntp ass
   address         ref clock      st  when  poll reach  delay   offset  disp
+~216.239.35.0    GOOG             1    64    64   377 42.557  -3.9964  2.999
*~216.239.35.4    GOOG             1     2    64   377 31.999   4.7768  4.772
* synced, # selected, + candidate, - outlayer, x falseticker, ~ configured
SSH@switch(config-vif-1)#show ntp stat
Clock is synchronized, stratum 2, reference clock is 216.239.35.4
precision is 2**-16
reference time is 3831315119.273832170 (16:11:59.273832170 Central Sat May 29 2021)
clock offset is 0.8829 msec, root delay is 31.9998 msec
root dispersion is 10.7706 msec,  peer dispersion is 0.1167 msec
system poll interval is 64,  last clock update was 341 sec ago
NTP server mode is disabled, NTP client mode is enabled
NTP master mode is disabled, NTP master stratum is 8
NTP is not in panic mode

SSH@switch(config-vif-1)#
Thanks guys and I'll let you all know what happens after I can reboot.

Kind regards,
craigr
NTP persisted and maintained settings after reboot. All is well and thanks to all.

craigr
 

jht3

New Member
Oct 5, 2015
14
7
3
Northern Virginia
new problem. my switch can't resolve hostnames via external DNS (1.1.1.1)

Code:
telnet@ICX6450-48P Router#ping time1.google.com 
 
Type Control-c to abort 
Sending DNS Query to 1.1.1.1 
Ping Failed DNS: DNS query timed out...failed to resolve 

telnet@ICX6450-48P Router#ping 216.239.35.0 
Sending 1, 16-byte ICMP Echo to 216.239.35.0, timeout 5000 msec, TTL 64 
Type Control-c to abort 
Request timed out. 
No reply from remote host. 

telnet@ICX6450-48P Router#ping 216.239.35.0 source 10.0.1.1 
Sending 1, 16-byte ICMP Echo to 216.239.35.0, timeout 5000 msec, TTL 64 
Type Control-c to abort 
Reply from 216.239.35.0    : bytes=16 time=31ms TTL=107 
Success rate is 100 percent (1/1), round-trip min/avg/max=31/31/31 ms. 

telnet@ICX6450-48P Router#ping 216.239.35.0 source 172.16.0.1 
Sending 1, 16-byte ICMP Echo to 216.239.35.0, timeout 5000 msec, TTL 64 
Type Control-c to abort 
Request timed out. 
No reply from remote host.
so it appears to be related to the interface used but i'm not sure how to fix this. i had problems w/ NTP but specified source-interface ve 9 as a workaround.

Code:
telnet@ICX6450-48P Router#show ip route 
Total number of IP routes: 5 
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric 
BGP  Codes - i:iBGP e:eBGP 
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 
        Destination        Gateway         Port          Cost          Type Uptime 
1       0.0.0.0/0          172.16.0.2      ve 172        1/1           S    2h17m  
2       10.0.1.0/24        DIRECT          ve 9          0/0           D    2h17m  
3       10.0.10.0/24       DIRECT          ve 10         0/0           D    2h17m  
4       10.0.11.0/24       DIRECT          ve 11         0/0           D    23m10s 
5       172.16.0.0/30      DIRECT          ve 172        0/0           D    2h17m
everything works from devices connected downstream (laptop) or upstream (fw) switch so it is not really a problem but an annoyance. here's the full show run.

Code:
telnet@ICX6450-48P Router#show run
Current configuration:
!
ver 08.0.30tT313
!
stack unit 1
  module 1 icx6450-48p-poe-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 9 name SERVERS by port
 tagged ethe 1/1/6 ethe 1/1/48
 untagged ethe 1/1/7 to 1/1/47 ethe 1/2/1 to 1/2/4
 router-interface ve 9
 spanning-tree 802-1w
!
vlan 10 name USERS by port
 tagged ethe 1/1/6 ethe 1/1/48
 router-interface ve 10
 spanning-tree 802-1w                                             
!
vlan 11 name GUESTS by port
 tagged ethe 1/1/6 ethe 1/1/48
 router-interface ve 11
 spanning-tree 802-1w
!
vlan 100 name WAN by port
 untagged ethe 1/1/1 to 1/1/2
 spanning-tree 802-1w
!
vlan 172 name TRANSIT by port
 untagged ethe 1/1/3 to 1/1/5
 router-interface ve 172
 spanning-tree 802-1w
!
!
!
!
!
ip dhcp-client disable
ip dns server-address 1.1.1.1
ip route 0.0.0.0/0 172.16.0.2
!                                                                 
cdp run
fdp run
!
!
clock summer-time
clock timezone us Eastern
!
!
ntp
 disable serve
 source-interface ve 9
 server 216.239.35.0
 server 216.239.35.4
!
!
!
!
!
interface ethernet 1/1/1
 port-name VZW WAN
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/2                                         
 port-name FW WAN
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/3
 port-name FW LAN
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/4
 port-name FW LAN
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/5
 port-name FW LAN
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/6
 port-name AP
 dual-mode  9
 spanning-tree 802-1w admin-edge-port
!
interface ethernet 1/1/13
 port-name LR Desk
 spanning-tree 802-1w admin-edge-port                             
!
interface ethernet 1/1/48
 port-name TRUNK
!
interface ve 9
 ip address 10.0.1.1 255.255.255.0
!
interface ve 10
 ip address 10.0.10.1 255.255.255.0
!
interface ve 11
 ip address 10.0.11.1 255.255.255.0
!
interface ve 172
 ip address 172.16.0.1 255.255.255.252
!
!
!
!
!
lldp run
!
!                                                                 
ip ssh  permit-empty-passwd yes
!
!
end
 

itronin

Well-Known Member
Nov 24, 2018
1,231
792
113
Denver, Colorado
@jht3

you don't mention what your Firewall/egress is but here's a guess.

Your switch is sourcing the 172 subnet for the ping and the dns query.
Your troubleshooting pretty much confirms this.

In your firewall do you have any allow and NAT rules for your 172 subnet ?
 
  • Like
Reactions: klui and fohdeesha

jht3

New Member
Oct 5, 2015
14
7
3
Northern Virginia
@jht3

you don't mention what your Firewall/egress is but here's a guess.

Your switch is sourcing the 172 subnet for the ping and the dns query.
Your troubleshooting pretty much confirms this.

In your firewall do you have any allow and NAT rules for your 172 subnet ?
@itronin
i guess i didn't think it was relevant? my fw is Vyos.

and you are spot on. no, i don't have a NAT rule for 172, only 10.0.0.0/16.

added the nat rule and problem solved!

Code:
vyos@vyos# show nat
source {
     rule 1 {
         outbound-interface eth0
         source {
             address 10.0.0.0/16
         }
         translation {
             address masquerade
         }
     }
     rule 2 {
         outbound-interface eth0
         source {
             address 172.16.0.0/30
         }
         translation {
             address masquerade
         }
     }
}
 
Last edited:
  • Like
Reactions: klui and fohdeesha

dontwanna

Member
Dec 22, 2016
90
20
8
Sorry if it's been already answered somewhere, tried to do some googling first, but still not clear. I've just won an auction for a couple of ICX 6610, and only after proceeding to the checkout, re-read the description again - and realized I somehow missed this:

"DEVICE IS FULLY WIPED AND WILL NEED REIMAGED/SOFTWARE,SET UP AND CONFIGURED!! DEVICE DOES TURN ON AND WAS WIPED!
"SWITCH CONTAINS NO BOOT IMAGE! A NEW BOOT IMAGE WILL NEED TO BE UPLOADED BEFORE CONFIGURATION!"

I've read the guides from the first post, but they seem to be about firmware upgrading, configuration etc, I couldn't find anything related to fully wiped switches with no boot image. Is this going to be a problem, or I'll be able to just upload new images / firmware by myself?
 

dennisp

New Member
Apr 1, 2021
18
13
3
Sorry if it's been already answered somewhere, tried to do some googling first, but still not clear. I've just won an auction for a couple of ICX 6610, and only after proceeding to the checkout, re-read the description again - and realized I somehow missed this:

"DEVICE IS FULLY WIPED AND WILL NEED REIMAGED/SOFTWARE,SET UP AND CONFIGURED!! DEVICE DOES TURN ON AND WAS WIPED!
"SWITCH CONTAINS NO BOOT IMAGE! A NEW BOOT IMAGE WILL NEED TO BE UPLOADED BEFORE CONFIGURATION!"

I've read the guides from the first post, but they seem to be about firmware upgrading, configuration etc, I couldn't find anything related to fully wiped switches with no boot image. Is this going to be a problem, or I'll be able to just upload new images / firmware by myself?
You will be fine, just follow the guide. It will likely power on directly to the bootloader prompt. Make sure to read the update guide carefully, and prepare for the steps in advance. Your 6610 will be in full howl mode until you get the OS booting, so it's in your best interest to move through the steps as quickly as possible.
 

richtj99

Member
Jul 8, 2017
67
1
8
50
Is there a way to find out fiber cable length on either a 6450 or 7250? I am thinking about buying a premade 6 strand OM5 LC/LC to replace my OM3 cable - for no other reason than 'because' - only thing is i am not sure what size fiber cable I have now & it is the same route for the new one.

I tried :

Code:
SSH@ICX7250-48P Router#show cable-diagnostics tdr 1/2/1
No TDR data on port 1/2/1
SSH@ICX7250-48P Router#

 UNIT 1: compiled on Apr  9 2019 at 03:20:17 labeled as SPR08080e
      (29826604 bytes) from Primary SPR08080e.bin
        SW: Version 08.0.80eT213
      Compressed Boot-Monitor Image size = 786944, Version:10.1.14T215 (spz10114)
Is there something else I can try?
 

mimino

Active Member
Nov 2, 2018
189
70
28
Is there a way to find out fiber cable length on either a 6450 or 7250? I am thinking about buying a premade 6 strand OM5 LC/LC to replace my OM3 cable - for no other reason than 'because' - only thing is i am not sure what size fiber cable I have now & it is the same route for the new one.

I tried :

Code:
SSH@ICX7250-48P Router#show cable-diagnostics tdr 1/2/1
No TDR data on port 1/2/1
SSH@ICX7250-48P Router#

UNIT 1: compiled on Apr  9 2019 at 03:20:17 labeled as SPR08080e
      (29826604 bytes) from Primary SPR08080e.bin
        SW: Version 08.0.80eT213
      Compressed Boot-Monitor Image size = 786944, Version:10.1.14T215 (spz10114)
Is there something else I can try?
I think you should do "clear/phy/show" in this order.
 
  • Like
Reactions: richtj99

richtj99

Member
Jul 8, 2017
67
1
8
50
I did the clear:

Code:
SSH@ICX7250-48P Router(config)#clear cable-diagnostics tdr 1/2/1
Then I went out of conf t

Code:
SSH@ICX7250-48P Router#phy cable-diagnostics tdr 1/2/1
        This feature is only supported when the interface is configured for Auto-Negotiation
I tried it with 1/2/8 (not part of a lag)

Code:
SSH@ICX7250-48P Router#phy cable-diagnostics tdr 1/2/8
        This feature is only supported when the interface is configured for Auto-Negotiation
I might be close?

1/2/1 is part of a lag, 1/2/8 is plugged into a unifi 1gb optic so its slowed to 1gb

next I turned off a part of my lag:

lag uplink
disable e 1/2/2

long story short, disabled a port from each lag, tried again, still didnt work.

Any other ideas?