Ah true that makes sense. It is the same CLI regardless of switch model I assume, like Cisco IOS (do they even call it that still?).
Makes sense that different hardware may give different info based on how it's designed to be racked.
Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Makes sense that different hardware may give different info based on how it's designed to be racked.
Ran back through the documentation following everything step by step and I think the issue is not that it cant reach the tftp...
so I see The code type 0 is not correct for the target hardware, abort!
Code:
ICX7250-48P Router#copy tftp flash 192.168.1.163 ICX7xxx\SPR08095mufi.bin primary
ICX7250-48P Router#
!!! Downloading this application image can result in application-boot image mismatch. Please use UFI image.
The code type 0 is not correct for the target hardware, abort!
File Type Check Failed
TFTP to Flash Error - code 8went to their site and downloaded the new zip file...
and it is now taking off!!!
following web said to use copy tftp flash 192.168.1.163 ICX7xxx/SPR08095mufi.bin primary
but new file is now copy tftp flash 192.168.1.163 ICX7xxx/SPR09010j_cdlufi.bin
and it is now taking off!!!
following web said to use copy tftp flash 192.168.1.163 ICX7xxx/SPR08095mufi.bin primary
but new file is now copy tftp flash 192.168.1.163 ICX7xxx/SPR09010j_cdlufi.bin
definitely more modern than the web interface for ICX-6610!
got 6 of my 8 poe ReoLink 4k connected. switch is too far from where it is supposed to be... other 2 will connect then..
and got 2 more 10gb... but all my 10gb only doin 2.5gb
so i'm still a huge networking newb, and may be misunderstanding what i'm doing here
for now, i was able to work around the issue to get some 'work' done, but ideally i want to go back and revisit how to set this up
i am using opnsense as my main firewall/"router", and had an interface configured on LAN with a static ip of 192.168.1.1, pretty typical of a default home "user" network
on the 7250, following fohdeesha's initial setup docs i assigned ports 1 through 24 (1 GbE) as untagged ports on VLAN 1 (DEFAULT-VLAN). i was reading that you shouldn't do this, but i only just got there and haven't gone back to 'fix' yet.
i removed all of the 10 GbE ports from this default VLAN 1, and added them to let's say VLAN 3 as untagged ports. this VLAN got a VE of 10.0.6.1.
the 7250 has a default route of 0.0.0.0/0 via 192.168.1.1 next hop.
after configuring 1 or 2 firewall rules on opnsense side, as well as a gateway on opnsense with 192.168.1.2 as the address on LAN interface, with a route towards 10.0.6.0/24 via 192.168.1.2 gateway, i was able to get stuff pinging internally
however, none of the hosts on address 10.0.6.2 through 10.0.6.10 can route or ping out to the internet. i tested a few times with manually created allow any rules from 10.0.6.0/24 network source on LAN interface destination any but this didnt seem to make a difference.
despite not having anything related to "VLANs" configured on opnsense side, am I supposed to set the port that contains the physical cabling between the opnsense hardware and the ICX 7250 to tagged with everything else as untagged? am i supposed to be overlapping port assignments to VLANs? that's where I'm a little lost i think, but this might not even be my problem.
for now, i was able to work around the issue to get some 'work' done, but ideally i want to go back and revisit how to set this up
i am using opnsense as my main firewall/"router", and had an interface configured on LAN with a static ip of 192.168.1.1, pretty typical of a default home "user" network
on the 7250, following fohdeesha's initial setup docs i assigned ports 1 through 24 (1 GbE) as untagged ports on VLAN 1 (DEFAULT-VLAN). i was reading that you shouldn't do this, but i only just got there and haven't gone back to 'fix' yet.
i removed all of the 10 GbE ports from this default VLAN 1, and added them to let's say VLAN 3 as untagged ports. this VLAN got a VE of 10.0.6.1.
the 7250 has a default route of 0.0.0.0/0 via 192.168.1.1 next hop.
after configuring 1 or 2 firewall rules on opnsense side, as well as a gateway on opnsense with 192.168.1.2 as the address on LAN interface, with a route towards 10.0.6.0/24 via 192.168.1.2 gateway, i was able to get stuff pinging internally
however, none of the hosts on address 10.0.6.2 through 10.0.6.10 can route or ping out to the internet. i tested a few times with manually created allow any rules from 10.0.6.0/24 network source on LAN interface destination any but this didnt seem to make a difference.
despite not having anything related to "VLANs" configured on opnsense side, am I supposed to set the port that contains the physical cabling between the opnsense hardware and the ICX 7250 to tagged with everything else as untagged? am i supposed to be overlapping port assignments to VLANs? that's where I'm a little lost i think, but this might not even be my problem.
There is probably an overly-restrictive outbound firewall rule, or NAT/masquerade rule, in your OPNSense configuration, and it is not allowing traffic from 10.0.6.0/24 to exit the WAN interface.
No, you've built a layer 3 (routed) configuration and that's completely fine; if you wanted a layer 2 (switched) configuration, where OPNsense was handling all routing (along with DHCP and other stuff) for all clients, you could use VLANs with tagging to achieve it, but it's not necessary.
can you ping your opnsense box from one of the vlans using the source parameter? here is an example of pinging my pfsense box with the source being the management interface for example:
ping 192.168.1.1 source 192.168.1.50
if you setup virtual interfaces on the vlans, can you use the same command to make the source the virtual interface and see if it pings. i have a similar problem with my ICX-6610 where pinging from a virtual interface to my pfsense box seems to fail as the request never leaves the switch. so we might have the same issue.
Updated to 10.0.10c on my ICX7650 and 09.0.10d on the ICX7150-C12P.
What I noticed was
- The 7650 login didn't work after the update but you can use Ctrl+Y to drop into the OS console and reset the local user and password
- The 7150 wouldn't connect to unleashed because of SSH key size - doing a
- The 7150-C12 now takes 6 minutes to boot up to a useful state (!) measured this with a stop watch
- The 7650 also takes longer to boot, will measure it more accurately later
- The UI for both 09.x and 10.0x is nicer and more streamlined
- You will need to adjust CLI timeout with
- The configs for both switches transferred without a problem, probably because both were already running the router firmware. For the 7650, all the VLANs survived and the switch was fine after the update
What I noticed was
- The 7650 login didn't work after the update but you can use Ctrl+Y to drop into the OS console and reset the local user and password
- The 7150 wouldn't connect to unleashed because of SSH key size - doing a
crypto key gen ec size 384 fixed that- The 7150-C12 now takes 6 minutes to boot up to a useful state (!) measured this with a stop watch
- The 7650 also takes longer to boot, will measure it more accurately later
- The UI for both 09.x and 10.0x is nicer and more streamlined
- You will need to adjust CLI timeout with
no cli timeout since under 9x and 10x, the timeout is a measly 120 seconds- The configs for both switches transferred without a problem, probably because both were already running the router firmware. For the 7650, all the VLANs survived and the switch was fine after the update
Last edited:
I have a ICX7150-C12P here, running 08.0.95m (UFI) which I can't for the love of god update to 09.0.10. Tried 09.0.10j and 09.0.10h. Both result in weird "Read Only file system" errors and some ubifs errors.
Pretty much - it's like a crappier Netgear UI - for example here's VLANs
Port settings
I found some bugs - adding a VE with an IP address via the UI creates the VE without any IP assigned. WTF ?
Yep, didn't work.
Pre-Update:
Code:
ICX7150-C12 Router>show version
Copyright (c) Ruckus Networks, Inc. All rights reserved.
UNIT 1: compiled on Aug 8 2023 at 23:06:54 labeled as SPR08095m
(33554432 bytes) from Primary SPR08095m.bin (UFI)
SW: Version 08.0.95mT213
Compressed Primary Boot Code size = 786944, Version:10.1.26T225 (mnz10126)
Compiled on Tue Nov 29 12:43:26 2022
HW: Stackable ICX7150-C12-POE
==========================================================================
UNIT 1: SL 1: ICX7150-C12-2X1G POE 12-port Management Module
Serial #:FEK3827R062
Software Package: ICX7150_L3_SOFT_PACKAGE
Current License: 2X10GR
P-ASIC 0: type B160, rev 11 Chip BCM56160_B0
==========================================================================
UNIT 1: SL 2: ICX7150-2X1GC 2-port 2G Module
==========================================================================
UNIT 1: SL 3: ICX7150-2X10GF 2-port 20G Module
==========================================================================
1000 MHz ARM processor ARMv7 88 MHz bus
8 MB boot flash memory
2 GB code flash memory
1 GB DRAM
STACKID 1 system uptime is 13 minute(s) 49 second(s)
The system started at 23:06:55 GMT+00 Tue Aug 08 2023
The system : started=cold start
ICX7150-C12 Router>show flash
Stack unit 1:
NAND Type: Micron NAND 2GiB (x 1)
Compressed Pri Code size = 33554432, Version:08.0.95mT213 (SPR08095m.bin)
Compressed Sec Code size = 33554432, Version:08.0.95mT213 (SPR08095m.bin)
Compressed Pri Boot Code size = 786944, Version:10.1.26T225 (mnz10126)
Compressed Sec Boot Code size = 786944, Version:10.1.26T225 (mnz10126)
Code Flash Free Space = 973778944
Code:
copy tftp flash 192.168.129.30 ICX7150/SPR09010dufi.bin primary
...lots of output, but no errors
copy tftp flash 192.168.129.30 ICX7150/SPR09010dufi.bin secondary
...lots of output, but no errors
boot system flash primary
Code:
Extract UFI FI version success, version = SPR09010d.bin
New packages found, uninstalling old packages if any..
Installing packages, this may take some time
Packages has been installed successfully
...
ln: /lib/libpam.so: File exists
ln: /lib/libpam.so.0: File exists
ln: /lib/libpam_misc.so.0: File exists
ln: /lib/libpam_misc.so: File exists
ln: /lib/libtac.so: File exists
starting console application
ln: /lib/libtac.so.2: File exists
ln: /lib/libtac.so.2.0.0: File exists
cp: can't stat '/.pkg/libpam/etc/*': No such file or directory
Code:
mv: write error: Structure needs cleaning
mv: can't preserve times of '/fast_iron/.tmp/FastIron': Read-only file system
mv: can't preserve ownership of '/fast_iron/.tmp/FastIron': Read-only file system
mv: can't preserve permissions of '/fast_iron/.tmp/FastIron': Read-only file system
BI FS error occurred, hence rebooting the system. if same issue happens after reboot, please do power-cycle the system, in order to recover
ln: /FastIron: File exists
...
/etc/backup_infra.sh: line 633: can't create /fast_iron/.hash_track.md5: Read-only file system
Requesting system reboot
[ 227.540368] reboot: Restarting system
[ 227.584266] Asserting GHPIO[7] reset sequence from Kernel ...Any idea how to fix this?
A big thanks to @fohdeesha for creating this immensely valuable resource!
I have an ICX6450-48p for my home. I got it for three main reasons: (1) built-in PoE to do away with the injector I was previously using, (2) management capabilities, specifically, to use VLANs to partition my network, and (3) having a few 10Gbps ports. I haven't gotten around to actually creating the VLANs yet. But otherwise, the switch works wonderfully (though I'm admittedly using about 0.001% of its potential!).
The one thing I was hoping to optimize is the power draw and noise. When I first got it, I seem to recall the idle/nothing connected (except console cable) power draw was around 60 watts. Noise isn't a real problem, since this is in a closet in the basement. But looking over this thread, it looks like the non-POE version has about half the idle power draw. The non-POE version definitely has a lower-rated power supply (which makes sense), and I'm willing to bet it also has fewer fans (or at least runs them much more slowly in a no-load state). The fan noise itself isn't so much a problem, but running them faster than necessary presumably adds to the power draw as well.
I don't need PoE capability on every port. Right now I only use PoE on five ports (three cameras and two wireless access points). I can't see myself ever needing much more in terms of PoE. So having a switch capable of powering all 48 ports with PoE is way overkill, and therefore leading to a huge inefficiency in terms of PSU sizing and fan noise.
Is the PoE support some kind of add-on module by chance? I was wondering if I could just buy a 6450-48 (non-PoE) and make it PoE-capable by stealing the PoE module (if it exists) from my current 48p switch?
The other option is to just use the 6450-48 (non-PoE) and go back to using a PoE injector.
Any other thoughts?
I have an ICX6450-48p for my home. I got it for three main reasons: (1) built-in PoE to do away with the injector I was previously using, (2) management capabilities, specifically, to use VLANs to partition my network, and (3) having a few 10Gbps ports. I haven't gotten around to actually creating the VLANs yet. But otherwise, the switch works wonderfully (though I'm admittedly using about 0.001% of its potential!).
The one thing I was hoping to optimize is the power draw and noise. When I first got it, I seem to recall the idle/nothing connected (except console cable) power draw was around 60 watts. Noise isn't a real problem, since this is in a closet in the basement. But looking over this thread, it looks like the non-POE version has about half the idle power draw. The non-POE version definitely has a lower-rated power supply (which makes sense), and I'm willing to bet it also has fewer fans (or at least runs them much more slowly in a no-load state). The fan noise itself isn't so much a problem, but running them faster than necessary presumably adds to the power draw as well.
I don't need PoE capability on every port. Right now I only use PoE on five ports (three cameras and two wireless access points). I can't see myself ever needing much more in terms of PoE. So having a switch capable of powering all 48 ports with PoE is way overkill, and therefore leading to a huge inefficiency in terms of PSU sizing and fan noise.
Is the PoE support some kind of add-on module by chance? I was wondering if I could just buy a 6450-48 (non-PoE) and make it PoE-capable by stealing the PoE module (if it exists) from my current 48p switch?
The other option is to just use the 6450-48 (non-PoE) and go back to using a PoE injector.
Any other thoughts?
It's one big PCB for all ports, you can't add PoE just for "some" ports
The non-PoE ICX6450 has unpopulated headers on the PCB and different RJ45 port types. No, you can't transform a non-PoE ICX6450 into a PoE 6450
The power supplies are totally different. The PSU in the PoE version has an additional 54V rail.
does anyone run the 7250s in the rear of their rack? i cant really decide if i want blinken-lights or easier cable management. is it worth swapping the direction of the fans in them if it's for home lab use? it would be interesting to try and put some more fans in, to exhaust out the singular side intake that's perforated on the chassis.
Sharing this for anyone else who has been trying to find rackmounts ears for a 7250 (-24P in my case): I ordered these from Amazon, "PhyinLan Rack Mount Kit Universal Adjustable 19 Inch Rack Ears for HP/ProCurve/Aruba/OfficeConnect/HPE and Other Switches" and they fit without any need to do any filing. Just barely -- it's off by about 1mm on the space between the horizontal rows (23mm vs. 24mm as I measured it for my 7250). Only $18 CAD -- a lot less than an official Brocade rack mount kit!
As has been noted elsewhere, you can just use regular PC (6/32, 1/4" I believe) to mount them. Everything seems to sit flush -- will mount in the rack shortly.
https://www.amazon.ca/gp/product/B0B6TM1LC1/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&th=1
Cheers.
Diagram of the hole spacing, based on my measurements:
Attachments
Last edited:
I run mine in the back - just makes a heck of a lot more sense from a cable management perspective. Didn't reverse the fans - didn't seem to matter.