Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Rttg

Member
May 21, 2020
71
47
18
if you would like to actually block anything on physical port 20 from getting out to the internet, that's also possible, but it requires creating and applying the ACL a little differently
I hate to revisit this mention from a few years back, but can you apply ACLs to a single port when running the router image on an ICX6450?

For some reason, I’m only seeing the ‘ip access-group’ option when configuring a ``ve`` not a physical interface (and because I’m looking to add 802.1p marking to packets flowing across a single, unrouted VLAN, that doesn’t seem to work).
 

richtj99

Member
Jul 8, 2017
70
1
8
50
A follow up question.

Right now I am using two 6450's:

Switch 1: 1/2/1, 1/2/2, 1/2/3 are in a lag to switch 2.
Show Int brief shows a 30gb lag

With the ICX7250:

If I setup a stack, how would I be able to setup that same 30gb lag (assuming the 6450 units go away)?

Or is the best I can do is stack two 10gb connections?


@richtj99
you don’t need a lag between switches that are stacked. Stacking makes them 1 logical switch. All vlans etc are available on both switches. The stack link\connection handles all management and inter switch traffic. You don’t have to run additional lags between the switches, the stack does it all.
 

Drewy

Active Member
Apr 23, 2016
208
56
28
54
pretty sure some of what you can do related to stacking will be dependant on the firmware version you are running.
with the 7250 up to 4 of the 10gb ports can be used for stacking. You can also configure truck stack ports, (I think) you could use any of:
1 port each switch - linear stack
2 ports each switch - either trunked linear stack or a non trunked ring stack
4 ports each switch - trunked ring stack

 

fohdeesha

Kaini Industries
Nov 20, 2016
2,728
3,075
113
33
fohdeesha.com
I hate to revisit this mention from a few years back, but can you apply ACLs to a single port when running the router image on an ICX6450?

For some reason, I’m only seeing the ‘ip access-group’ option when configuring a ``ve`` not a physical interface (and because I’m looking to add 802.1p marking to packets flowing across a single, unrouted VLAN, that doesn’t seem to work).
enable
conf t
enable acl-per-port-per-vlan
write mem
reload


 
  • Like
Reactions: tommybackeast

fohdeesha

Kaini Industries
Nov 20, 2016
2,728
3,075
113
33
fohdeesha.com
Hey @fohdeesha is this going to happen in the near future? Just picked up a new switch and I'm debating on waiting for the revised guide before messing with it or if I should just use the guide as it stands now and do it all over when you update it with the latest firmware. Thanks for your hard work!
I would just follow it now, I hope to get it updated this week but work has been really unpredictable. Once you follow the guide, when the new version / later codetrain is out, you will be able to jump to it with a single command
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,728
3,075
113
33
fohdeesha.com
6610 can only use the rear 40gbe ports for stacking. all of this and pretty much every question on the last 3 pages is answered in the documentation included in the firmware zip. specifically fastiron-08030b-switchstackingguide.pdf for the 6 series and fastiron-08080-switchstackingguide.pdf for the 7 series

I'll be disappearing from this thread in a month or two so you all need to get accustomed to reading documentation :)
 

Drewy

Active Member
Apr 23, 2016
208
56
28
54
A quick sanity check if I may. Not looking for solutions\instructions, just a simple yes or no will suffice.
i’m wanting to use l3 routing for some of my subnets but other (the internet of tat) I’d like to still route via my opnsense box which will also be the default route for the subnets that are routed l3 at the switch.
At some point (assuming I get comfortable with extended acl’s) all routing may happen at the l3 switch level but the “mixed” model allows me to get the internal 10gb traffic routed at line speed at not capped at 1gb by the opnsense box, sooner.
is this possible (not how, I can read manuals and earlier posts…) ?
 

nw60312

New Member
Jul 28, 2021
6
0
1
In the layer 3 example above, is it possible to have the switch route traffic but forward things like mdns broadcasts to the opnsense router where they can be reflected to select other vlans?
 

infoMatt

Active Member
Apr 16, 2019
222
100
43
In the layer 3 example above, is it possible to have the switch route traffic but forward things like mdns broadcasts to the opnsense router where they can be reflected to select other vlans?
The easiest way that I can think of is to use a linux box running Avahi with an interface on every VLAN where you want to listen and repeat the mDNS queries to. Be careful with the firewall rules on this machine, or it can be used to "jump" between networks.
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
The easiest way that I can think of is to use a linux box running Avahi with an interface on every VLAN where you want to listen and repeat the mDNS queries to. Be careful with the firewall rules on this machine, or it can be used to "jump" between networks.
Having to do stuff like hoping the mdns-proxy/avahi-reflector would work stably and not cause grief for my wife is why I flattened my network back out after having full layer 3 VLAN routing done on the switch.
 

Propaganda

Active Member
Dec 6, 2017
154
62
28
43
What is recommended for firmware L2(sps) or L3(spr)? I will be running some vlans which pfsense is handling the routing on at the moment so should I just stick to L2?
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
What is recommended for firmware L2(sps) or L3(spr)? I will be running some vlans which pfsense is handling the routing on at the moment so should I just stick to L2?
Just install SPR. That way if you ever want to experiment, it doesn't require a firmware update and reload.
 

Oodaloop

New Member
Jul 28, 2021
3
0
1
Looking for a little help creating a console cable for the brocade switches. I've searched through the thread and saw other examples but for whatever reason my cable does not appear to work.

I hacked up a micro usb cable and attached its wiring to a RJ45 keystone. Green to pin 6, White to pin 3. Red & Black to nothing. And connected that to a cisco RJ45 to USB console cable.

Am I doing something wrong with the wiring?
 

Attachments