Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
I could see a use case if you have FTTD (Fiber to the Desk) or ISP of an AON
who is doing fiber to desk but not just gpon? such a odd switch for be a brand new switch.
For anyone using the 09.* firmware, I am dropping this here in case anyone runs into this edge case.
I run a proxmox cluster that host multiple IoT vm's and containers (Homebrige, HA, Scrypted) among other things attached to my 7150-48zp. Ever since booting the fastiron 09. series ipv4 mDNS has been a real problem, but only from the proxmox guest VM, LXC, containers, everything else running baremetal and directly connected worked fine. For the longest time, I thought it was some conflict on the proxmox linux bridge side as I also upgraded to a new proxmox version about that time as well. Resorted to setting up avahi to publish/rebroadcast from everything hosted on proxmox.
By luck, I recently found that the IXC 08.* series firmware by default enables/allows Flooding of Unregistered IPv4 Multicast Frames with any IGMP-Snooping whereas the icx 09.* series firmware default disabled/denied them. As the result the cli commands changed, but the ruckus documentation title for the page was not changed and subsequently was misleading or incorrect.
device# ip multicast flood-unregisteredFastIron 09.0.10e Multicast documentation wrong
The default for Flooding of Unregistered IPv4 Multicast Frames changed from enabled to disabled between 8.0.95 and 9.0.*, and the documentation page title does not accurately reflect that change. 8.0.95 Disabling the Flooding of Unregistered IPv4 Multicast Frames in an IGMP-Snooping-Enabled...
Last edited:
Huh. Thanks for the tip. I have a 3-node proxmox cluster off the stacked 7250s, so that's good to know!For anyone using the 09.* firmware, I am dropping this here in case anyone runs into this edge case.
I run a proxmox cluster that host multiple IoT vm's and containers (Homebrige, HA, Scrypted) among other things attached to my 7150-48zp. Ever since booting the fastiron 09. series ipv4 mDNS has been a real problem, but only from the proxmox guest VM, LXC, containers, everything else running baremetal and directly connected worked fine. For the longest time, I thought it was some conflict on the proxmox linux bridge side as I also upgraded to a new proxmox version about that time as well. Resorted to setting up avahi to publish/rebroadcast from everything hosted on proxmox.
By luck, I recently found that the IXC 08.* series firmware by default enables/allows Flooding of Unregistered IPv4 Multicast Frames with any IGMP-Snooping whereas the icx 09.* series firmware disabled/denied them. As the result the cli commands changed, but the ruckus documentation title for the page was not changed and subsequently was misleading or incorrect.
device# ip multicast flood-unregistered
FastIron 09.0.10e Multicast documentation wrong
The default for Flooding of Unregistered IPv4 Multicast Frames changed from enabled to disabled between 8.0.95 and 9.0.*, and the documentation page title does not accurately reflect that change. 8.0.95 Disabling the Flooding of Unregistered IPv4 Multicast Frames in an IGMP-Snooping-Enabled...community.ruckuswireless.com
What is the difference of Fastiron switching software (SPS) to routing software (SPR) when only using L2 functions?
Up to know I always was using the routing software on a 7250 and a 7150. On one device I use routing functions. The other switch I am using as L2 only but with SPR software just because I am familiar with how to set it up. What benefit I would get changing to SPS software? I assume there must be any as otherwise there would be no reason the SPS software exits.
Up to know I always was using the routing software on a 7250 and a 7150. On one device I use routing functions. The other switch I am using as L2 only but with SPR software just because I am familiar with how to set it up. What benefit I would get changing to SPS software? I assume there must be any as otherwise there would be no reason the SPS software exits.
None.
I would always use the image that has the "most complete" features. In case you want to try/have to use a certain feature you don't have to reflash your switch.
Thank you. I thought there might be a reason for the existence of the L2 software with reduced functionality.
What I had in my mind is that it could be less power hungry what would end up in a cooler fanless device.
Thanks for that; I'm about to replace a stack with a new stack, and will be using only L2 features on the new stack, so had considered using the SPS firmware instead of SPR.
You would be surprised how many places are doing this now for security reasons. Its a lot harder to tap into without detection.
there's no power or heat difference in the images. the old l2 only images are a holdover from the Foundry days (before brocade bought them) and resulted in smaller images for devices with smaller flash, and some specific FIPS/security situations where a vendor might not allow certain software packages etc. no reason to use the l2 images now and just creates a big PITA if you ever want any of the features in the main image
Possible reasons to use software with less functionality: Security. What's not there can't be used against you.
I would agree to a certain degree for user applications, but if somebody has access to the cli of your switch and has the permissions to execute commands you already have other problems than l3 functionality 
edit:fixed typos
edit:fixed typos
And how do you get to having CLI access when the equipment owner doesn’t want you to? Exploit bugs and vulnerabilities in the software, firmware and hardware that make up the equipment.I would agree to a certain degree for user applications, but if somebody has access to the cli of your switch and has the permissions to execute commands you already have other problems than l3 functionality
edit:fixed typos
So by having less software when it is not needed, it means there is less “surface” that a hostile party can use to break into your equipment.
Security isn’t a reason to use less software if that software is fulfilling a need, but if you have no need for the software and security is a concern, it’s a good idea to remove the unused software.
in a home use setting, going down to the switch only software is probably gonna be overkill, given homes are lesser targets for most black hat hacking, but in large businesses and up, that level of control can be an important step
Anyone know if any of these switches are short depth (i.e. 14" or shorter)? With 12x or 24x SFP+ ports? Understandably the short depth is not very popular in enterprise so there's not many around, but wondering if any were made and if there are any model numbers I should be looking for.
Last edited:
Nope, none of the old ones.
The only one that would fit your requirements is the new ICX 8200-24FX with 11in depth.
In theory, there is also the ICX7150-24F, but it seems like it never even hit the market to begin with. There was an "Ruckus Emergency End of Sale Announcement – Ruckus ICX7250, ICX7150-C08PT, ICX7150-C08P and ICX7150-24F"
All of 6610, 6650, 7450, 7750, 7850 are too deep
So looking for some input and advice. A request for comment, if you will.
I've in the midst of upgrading my home network, mostly to get as much of it off wifi as possible.
While figuring out how I want to set it up for myself, it occurs to me that in the event I sell up, I'll need to strip out a pile of the configuration so that future owners can still use the wired network with their own gear.
What I have that I plan to be a "fixture", that is, remains here as part of the apartment:
The physical layout, from internet inwards, goes:
So what I'm wondering is how would you configure the ICX's in this layout, so that they would work with an unknown modem and a unknown wifi AP being installed without needing to be configured by whoever installs them? A VLAN being trunked to the TMM and the 2.4Ghz APs seems an obvious inclusion, but what else would I need to do?
Now I know some might say "why do planning for someone who might live here in the future?"
I have a few reasons for thinking about this.
And I'm not necessarily looking for anyone here to post a "do this config <code>", rather for the board strokes, like "you'll need to configure x, y and z to support a, b and c" so I can go looking into how I do that with a bit of a plan, rather than going in blind.
I did do my CCNA back like a decade and a half ago, but immediately got into a IT career that had absolutely no use for anything networking, so the knowledge has well and truely evaporated. I'm not starting from zero, but far enough back that I need the prodding
Anyway, hope some of you may have ideas, or even experience planning out something similar! Thanks in advance, and for reading!
I've in the midst of upgrading my home network, mostly to get as much of it off wifi as possible.
While figuring out how I want to set it up for myself, it occurs to me that in the event I sell up, I'll need to strip out a pile of the configuration so that future owners can still use the wired network with their own gear.
What I have that I plan to be a "fixture", that is, remains here as part of the apartment:
- ICX 7250-24P: The "core switch", being racked in the top of the cupboard where internet comes into the apartment
- ICX 7150-24: The switch for my office, racked with my Server and connecting my 3 Desktop computers (plus providing a easy point for me to connect new devices near a screen for configuration/testing before moving them to a more permanent home). In event of a move, I might swap this with a ICX 7150-C12P
- ICX 7150-C12P: Going down by the entertainment unit to connect a gaming computer, some consoles, streaming box and the TV
- Two short range 2.4GHz APs powered by POE (models not yet decided): The interference is so bad here, that small wifi devices, like those usually used in IoT devices like my ceiling fans and energy monitor, are not powerful enough to get their signal back through to the main AP. By putting them each back into their setup mode where they broadcast their own network, I was able to map out that there is no one spot in the apartment they can all reach, but there are 2 spots that would cover all of them, so I'm putting a small AP in each spot. These will be on their "own" network, not connected to the internet. Planning for them to be managed together through some sort of controller software so there is one place to manage them both. Likely Unifi for now, as HomeAssistant can be that controller.
- A "TinyMiniMicro"-esque box for VMs: Will run a HomeAssistant instance that has the "fixed" IoT devices all controlled from, and a PFSense instance to act as DHCP and DNS for the IoT stuff. I may run other VMs there that are network related, but remove them if I move out.
The physical layout, from internet inwards, goes:
- Modem, connects via Cat6 to:
- Firewall (probably as a VM on the TMM box), connects via DAC or Cat6 to:
- ICX 7250-24P, connects via 10Gbe over OM4/5 to #4 and #5, connects via Cat6 to #6 on a separate IoT VLAN
- ICX 7150-24 (or C12P, as appropriate): hosts client devices, and connects the main network AP (I'll leave a post-it saying this is the best spot for the new owner's wifi )
- ICX 7150-C12P, connecting whatever is in where the TV antenna connection is (so most likely TV, Consoles, etc). Might have the VLAN trunked to it for connecting devices you won't want phoning home, but do want to control. Effected ports would be labeled.
- The 2.4Ghz APs.
So what I'm wondering is how would you configure the ICX's in this layout, so that they would work with an unknown modem and a unknown wifi AP being installed without needing to be configured by whoever installs them? A VLAN being trunked to the TMM and the 2.4Ghz APs seems an obvious inclusion, but what else would I need to do?
Now I know some might say "why do planning for someone who might live here in the future?"
I have a few reasons for thinking about this.
- it might be a minor selling point (particularly over other nearby apartments) that there is a capable wired network to keep their netflix and video gaming stutter free in this grossly overcongested wireless environment, that they can just plug their stuff into and it will work.
- a neat experiment in configuration for me to do, since everything I've done networking-wise for the last decade has been to my specific needs, so figuring out making it all work for someone else's use case, or to more broadly work without specific uses in mind, seems like a good bit of practice.
- I want to leave the "smarts" of the hardwired IoT devices working for future owners, without having to leave them a pile of manuals to read to configure each one, so having the IoT wifi and HomeAssistant "embedded" in the home enables this, and the wired network partially configured enables that. There are a pile of things, light switches, ceiling fans, extraction fans, the air con, which I've rigged to be able to work remotely through HomeAssistant, although they are also all fully functional using their older "dumb" controls.
- If I figure this out now, when the walls are all wired I can do that config, test it works, and export the configs before doing the configuration that is more specific to my use of the network. Won't have to try figure that out when selling up to have it set and ready to go.
- What can I say, I'm a nice guy? Maybe it will inspire the new owners into becoming homelabbers?
And I'm not necessarily looking for anyone here to post a "do this config <code>", rather for the board strokes, like "you'll need to configure x, y and z to support a, b and c" so I can go looking into how I do that with a bit of a plan, rather than going in blind.
I did do my CCNA back like a decade and a half ago, but immediately got into a IT career that had absolutely no use for anything networking, so the knowledge has well and truely evaporated. I'm not starting from zero, but far enough back that I need the prodding
Anyway, hope some of you may have ideas, or even experience planning out something similar! Thanks in advance, and for reading!