Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Blue)(Fusion

Active Member
Mar 1, 2017
150
56
28
Chicago
For 6450 switches, ACL sequence numbers aren't supported (seems that requires >8.0.60), what is the best way to add new entries to an ACL in that case?
Use extended ACLs.

Code:
ip access-list extended aclname
remark DENY ALL OTHER INTER-VLAN TRAFFIC                         
deny ip any 10.0.0.0 0.255.255.255 log 
remark ALLOW REMAINING TRAFFIC
permit ip any any
enable-accounting
exit
When it's time to alter something, copy the current ACL to a text editor, make your changes, and add a line to the top to "no" the access-list which will delete the entire thing.

Code:
no ip access-list extended aclname
ip access-list extended aclname
remark ALLOW ESTABLISHED TCP TRAFFIC
permit tcp any any established
remark ALLOW SOME INTER-VLAN TRAFFIC
permit tcp any 10.0.0.0/8 eq ssl
remark DENY ALL OTHER INTER-VLAN TRAFFIC                         
deny ip any 10.0.0.0 0.255.255.255 log 
remark ALLOW REMAINING TRAFFIC
permit ip any any
enable-accounting
exit
 

anomaly

Active Member
Jan 8, 2018
235
48
28
Use extended ACLs.

When it's time to alter something, copy the current ACL to a text editor, make your changes, and add a line to the top to "no" the access-list which will delete the entire thing.

OK, is this compatible with the SSH access list as well or it only accepts standard ones?:

Code:
access-list 1 remark SSH-Protection
access-list 1 permit XXX 0.0.0.255
access-list 1 permit host HHH
access-list 1 permit host DDD
access-list 1 permit ZZZ 0.0.0.255
access-list 1 deny any log
That is what my current list looks like.
 

Blue)(Fusion

Active Member
Mar 1, 2017
150
56
28
Chicago
OK, is this compatible with the SSH access list as well or it only accepts standard ones?:

Code:
access-list 1 remark SSH-Protection
access-list 1 permit XXX 0.0.0.255
access-list 1 permit host HHH
access-list 1 permit host DDD
access-list 1 permit ZZZ 0.0.0.255
access-list 1 deny any log
That is what my current list looks like.
Yes,

It would end up being:

Code:
ip access-list extended SSH-Protection
  permit XXX 0.0.0.255
  permit host HHH
  permit host DDD
  permit ZZZ 0.0.0.255
  deny any log
  enable-accounting
exit
Bind it to an interface almost the same as before, except now it's a name.
Code:
int ve 1234
  ip access-group SSH-Protection in
exit
 
  • Like
Reactions: klui and anomaly

juju

New Member
Sep 29, 2021
29
1
3
I am looking to setup a transit from my 7250 to my proxmox server - for dns and dhcp servers there. Finding it hard to wrap my head around how to set it up on both ends.

I have setup a lag on the 7250 - 1/1/2 and 1/1/4 . This is connected to an lacp interface on the proxmox box. Now not sure how to configure the lag interface on the 7250 and also on the proxmox side ( more of the proxmox question so not relevant here but hoping someone has done it )
 

Blue)(Fusion

Active Member
Mar 1, 2017
150
56
28
Chicago
I use openvswitch on Proxmox and it works great. Use OpenVSwitch to bond the interfaces (LACP LAG), create an openvswitch interface on that bond with the IP address of the Proxmox server and default route as appropriate, and then when you configure the vNICs on your VMs, you can simply have it tag a VLAN as desired.

Here's my /etc/network/interfaces from one of my Promox servers:
Code:
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

auto eno2
iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

auto enp6s0
iface enp6s0 inet manual

auto enp6s0d1
iface enp6s0d1 inet manual

auto pve
iface pve inet static
address 10.23.70.11/24
gateway 10.23.70.1
ovs_type OVSIntPort
ovs_bridge vmbr0
ovs_options tag=2370

iface pve inet6 static
address 2603:xxxx:xxxx:2570::11/64

auto pvebackup
iface pvebackup inet static
address 10.23.75.11/24
ovs_type OVSIntPort
ovs_bridge vmbr1

auto bond0
iface bond0 inet manual
ovs_bonds enp6s0 enp6s0d1
ovs_type OVSBond
ovs_bridge vmbr0
ovs_options other_config:lacp-time=fast lacp=active bond_mode=balance-tcp

auto bond1
iface bond1 inet manual
ovs_bonds eno1 eno2
ovs_type OVSBond
ovs_bridge vmbr1
ovs_options bond_mode=active-backup

auto vmbr0
iface vmbr0 inet manual
ovs_type OVSBridge
ovs_ports bond0 pve

auto vmbr1
iface vmbr1 inet manual
ovs_type OVSBridge
ovs_ports bond1 pvebackup
EDIT to add:

In my case, the Proxmox management IP addresses are on interface "pve". The pve interface is not tagging VLAN traffic (although each VM vNIC is tagged as needed in their settings). Therefore, all VLANs are tagged on this LAG but the management IP network, which is dual-mode (ICX6xxx series term, not sure what it is in ICX7xxx).
 
  • Like
Reactions: klui

juju

New Member
Sep 29, 2021
29
1
3
I use openvswitch on Proxmox and it works great. Use OpenVSwitch to bond the interfaces (LACP LAG), create an openvswitch interface on that bond with the IP address of the Proxmox server and default route as appropriate, and then when you configure the vNICs on your VMs, you can simply have it tag a VLAN as desired.
I did this but using a linux bridge. I am now able to ping the proxmox vm created for the dhcp server from the switch, but cant ping the switch from the proxmox server though they are directly connected via their LACP interfaces.
 

atb

New Member
Sep 7, 2021
7
7
3
I have the icx7250-48P running without approved fans!

This is the spoofer that worked for me (the other model I got either didn't work, or was a dud) and the vendor:

The other fan currently connected in the picture is this Noctua - it's running at 100% speed, but is barely louder than my CPU fan while in the same room



I didn't have to re-pin it, just make sure that when the chip is facing away from the white tab, the furthest left pin hole (ground) is sitting on the furthest left pin.


Code:
LAB-TABLE-04-7250#show chassis unit-id 1
The stack unit 1 chassis info:

Power supply 1 (AC - PoE) present, status ok
Power supply 2 not present
Power supply 3 not present

Fan 1 failed
Fan 2 failed
Fan 3 ok, speed (auto): 1<->[[2]]

Fan controlled temperature:
        Rule 1/2 (MGMT THERMAL PLANE): 87.9 deg-C
        Rule 2/2 (AIR OUTLET NEAR PSU): 49.0 deg-C

Fan speed switching temperature thresholds:
        Rule 1/2 (MGMT THERMAL PLANE):
                Speed 1: NM<-----> 95       deg-C
                Speed 2:        85<----->105 deg-C (shutdown)
        Rule 2/2 (AIR OUTLET NEAR PSU)***active***:
                Speed 1: NM<-----> 41       deg-C
                Speed 2:        34<----->105 deg-C (shutdown)

Fan 1 Air Flow Direction:  Front to Back
Fan 2 Air Flow Direction:  Front to Back                         
Fan 3 Air Flow Direction:  Front to Back
Slot 1 Current Temperature: 87.9 deg-C (Sensor 1), 49.0 deg-C (Sensor 2)
Slot 2 Current Temperature: NA
        Warning level.......: 100.0 deg-C
        Shutdown level......: 105.0 deg-C
Boot Prom MAC : cc4e.24e6.6522
Management MAC: cc4e.24e6.6522
 
  • Like
Reactions: Aluminat

up3up4

Member
Jun 10, 2018
85
28
18
why not use a fan on fin? what about temp of your 7250-24? mine is 62-67 in summer
Because I don’t have a slim fan. Those two heat pipes pair with 0.1a delta 8020 fan made the temperature 61.7 degree, with a Foxconn 0.16a 8028 fan is 60 degree. Room temperature around 22 degree.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,728
3,078
113
33
fohdeesha.com
Could someone please tell me, are the fans and power supplies the same for the 6610, 6650, and 7450? I may need to try some mixing and matching.

Thanks!
craigr
So, the ICX7450 and ICX6610 fan trays are identical. However for some reason, the ICX6650 fans, albeit in the same formfactor/tray, are different. They look identical but the fans inside the tray are a different model and RPM, and the ICX6610 will not like them. I bought some ICX6650 trays and put them in my ICX6610's, and the status light will light up orange, they will attempt to start spinning, then stall/stop

PSUs are the identical/same model number as the non-poe icx6610 PSUs, RPS15
 
  • Like
Reactions: klui and Serhan

RoachedCoach

Member
Feb 4, 2020
35
41
18
I have the icx7250-48P running without approved fans!

This is the spoofer that worked for me (the other model I got either didn't work, or was a dud) and the vendor:

The other fan currently connected in the picture is this Noctua - it's running at 100% speed, but is barely louder than my CPU fan while in the same room



I didn't have to re-pin it, just make sure that when the chip is facing away from the white tab, the furthest left pin hole (ground) is sitting on the furthest left pin.


Code:
LAB-TABLE-04-7250#show chassis unit-id 1
The stack unit 1 chassis info:

Power supply 1 (AC - PoE) present, status ok
Power supply 2 not present
Power supply 3 not present

Fan 1 failed
Fan 2 failed
Fan 3 ok, speed (auto): 1<->[[2]]

Fan controlled temperature:
        Rule 1/2 (MGMT THERMAL PLANE): 87.9 deg-C
        Rule 2/2 (AIR OUTLET NEAR PSU): 49.0 deg-C

Fan speed switching temperature thresholds:
        Rule 1/2 (MGMT THERMAL PLANE):
                Speed 1: NM<-----> 95       deg-C
                Speed 2:        85<----->105 deg-C (shutdown)
        Rule 2/2 (AIR OUTLET NEAR PSU)***active***:
                Speed 1: NM<-----> 41       deg-C
                Speed 2:        34<----->105 deg-C (shutdown)

Fan 1 Air Flow Direction:  Front to Back
Fan 2 Air Flow Direction:  Front to Back                        
Fan 3 Air Flow Direction:  Front to Back
Slot 1 Current Temperature: 87.9 deg-C (Sensor 1), 49.0 deg-C (Sensor 2)
Slot 2 Current Temperature: NA
        Warning level.......: 100.0 deg-C
        Shutdown level......: 105.0 deg-C
Boot Prom MAC : cc4e.24e6.6522
Management MAC: cc4e.24e6.6522
That is running really hot...you're ok with that?
 

nlj

New Member
Sep 8, 2021
6
21
3
FYI - Ruckus recently released FastIron 09.0.00a (interestingly, since someone at Ruckus mentioned they would go straight to 09.0.10 or similar). It seems to resolve a lot of the open bugs with 09.0.00 GA. I've updated to it on my 7250-24 (was previously on GA) and haven't had any issues, but I have a pretty basic config.
 

atb

New Member
Sep 7, 2021
7
7
3
That is running really hot...you're ok with that?
No, I turned it off shortly after until I can get more of those Noctuas installed and the case put back on it. it was running open with 0 fans on it during that screenshot, so no air being moved over it at all