Brocade ICX6450 - Help with VLAN Config/SFP Licensing Question

Discussion in 'Networking' started by Karson, Oct 3, 2018.

  1. Karson

    Karson New Member

    Joined:
    Sep 4, 2018
    Messages:
    6
    Likes Received:
    1
    I have a user VLAN (VLAN100) configured in pfSense. The uplink for pfsense is on 1/1/1. At this point, I want all 1/1/1->1/1/48 GbE ports on that VLAN as untagged access ports (I think?).

    Is my config file below way off? I know I'm missing the port range config somewhere.

    Also, in the future I might utilize the SFP+ ports for some 10Gb connectivity to FreeNAS. Is there anything special as far as the SFP ports being configured as access ports? Are all 4 SFP ports configurable to access ports/is there any licensing gotchas I need to look into before going any further?

    I apologize for the very basic questions. I am trying to grasp more networking fundamentals in my homelab, but am getting frustrated with VLAN configuration on this switch. It seems like @fodeesha is the equivalent of Michael McNamara of the Nortel world, so I'm still trying to sort through forum posts of his.

    I tried to configure a few things via the WebUI, but screwed something up to the point of having to re-rack my Nortel 5520 just to get back online. To make matters worse, I can't find my gender bender adapter to console into the 5520 to look at how I had the VLAN/ports configured :(

    Code:
    enable
    configure terminal
    vlan 100
    router-interface ve 100
    exit
    interface ve 100
    ip address 192.168.1.55/24
    exit
    interface ethernet 1/1/2 to 1/1/12
    inline power
    hostname brocade
    crypto key generate rsa
    username root password redacted
    aaa authentication login default local
    aaa authentication enable default local
    aaa authentication web default local
    enable telnet authentication
    write memory
    
     
    #1
    Last edited: Oct 3, 2018
  2. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    616
    Likes Received:
    247
    I'm confused...if you're using the 6450 as a "Layer 3" switch, why do you have VLANs on pfSense??
     
    #2
    Karson likes this.
  3. Karson

    Karson New Member

    Joined:
    Sep 4, 2018
    Messages:
    6
    Likes Received:
    1
    Full disclosure - because I don't know any better. Doing all the routing through pfSense was clearer for me when I first started out. I would absolutely go forward with leveraging the switch's Layer 3 features if I felt more comfortable, but I'm not there yet.

    Is it painfully easy to do all the routing on the switch as opposed to pfSense?
     
    #3
  4. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    616
    Likes Received:
    247
    Well...not sure how to say this...you have a long road ahead of you. :) Dabbling in OSI layers is not for the faint of the heart, and patience is definitely a virtue in this case.

    My advice would be:
    - Draw a diagram of how you want your network to be. Label ports, interfaces, IP addresses on the diagram first.
    - Start with the 6450 disconnected from pfSense.
    - Create two VLANs on the 6450 and see if you can communicate between them, don't worry about internet/transit access just yet.
    - Figure out how you're going to do DHCP and DNS with VLANs (hint: pfSense can't do it).
     
    #4
    Karson likes this.
  5. Karson

    Karson New Member

    Joined:
    Sep 4, 2018
    Messages:
    6
    Likes Received:
    1
    Thanks - I picked this switch up based off recommendations here knowing I would use likely only use 1% of its features. I'd be just fine with a 48 port unmanaged switch, but then it ends up being more expensive than these are used once you add in the need for PoE.

    What helped me most in the past was getting a working/running config to baseline off of, then if I really bomb something, I'm only a factory reset and reapplication of the working config away from being back to square 1.

    Since you responded, I found this site: Configuring Brocade Switches - AN!Wiki

    I should be able to hack something together from that later tonight.
     
    #5
  6. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    616
    Likes Received:
    247
    If that's the case...you might wanna just load the "Switch firmware" (instead of the router firmware) aka Layer 2 firmware, and just use it that way.
     
    #6
    Karson likes this.
  7. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    1,390
    Likes Received:
    1,117
    LOL

    assuming the pfsense port to the switch has vlan 100 set as tagged, you just need to add port 1/1/1 to vlan 100 as tagged. Then add the rest of the ports to vlan 100 as well, but untagged (since they will be normal end devices)

    enable
    conf t
    vlan 100
    tagged e 1/1/1
    untagged e 1/1/2 to 1/1/48
    #put the 10gbe ports in there too
    untagged e 1/2/1 to 1/2/4
    #save
    write mem

    If for some reason the vlan 100 pfsense port is untagged, and not actually configured for vlan tags, the first "tagged e 1/1/1" would instead be "untagged e 1/1/1"

    I usually recommend staying on the l3 firmware image even if not specifically using l3 features, they don't seem to spend much time/attention on the L2 images the last couple years, plus if you ever wanna use any L3 feature, it'll be a PITA to forklift all of your l2 only config over to the l3 image where different commands do different things
     
    #7
    Karson likes this.
  8. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    1,390
    Likes Received:
    1,117
    As for licenses, 2 of the 10gbE ports come ready to use, and the remaining 2 require a software license to unlock. Some advanced routing features (that I don't think you'll be using based on your setup) also require a software license. If you want them, pm me

    I highly recommend reading through the ICX megathread here, I know it's long but it has a lot of good info
     
    #8
    Karson likes this.
  9. Karson

    Karson New Member

    Joined:
    Sep 4, 2018
    Messages:
    6
    Likes Received:
    1
    Thanks for responding - which ports come 10Gb ready out of the box? 1 & 2? I don't know if my 6450 had a license on it from the eBay seller, or if the factory set-default command I did might've cleared it out when I first set it up.

    I appreciate everyone's responses and deserve some critical responses about my setup. As much as I planned upfront to do this homelab v2 upgrade/consolidation, some gotchas appeared (like always) and I got frustrated and panicked being short on time. So, I grabbed something to eat since I hadn't eaten all day, got the kids from daycare and after we got them down to bed, had a chance to collect my thoughts.

    I am weak at networking, like I mentioned in my first post. However, configuring things in my lab in realistic, albeit illogical ways, has paid dividends in my professional career. Even if I don't even sniff at becoming a fluent network guy, at least I can be on the phone with network engineers and speak/ask logical questions.

    I will take everyone's advice here, diagram things out, and get my config sorted. I got the cart way in front of the horse asking for config questions before even knowing what I want to do myself. I do have a couple physical hosts along with a FreeNAS controller in front of a Lenovo SA120 I'd like to 10G, so ideally 3 ports at 10Gb would be helpful in the near future.
     
    #9
  10. Karson

    Karson New Member

    Joined:
    Sep 4, 2018
    Messages:
    6
    Likes Received:
    1
    I'm up and running, for the most part. Very basic config, but something I can start out with One thing I can't seem to figure out is how to get access remote access (telnet/ssh) as well as name my ports.

    I created the ve 1 like in fodeesha's site, and essentially added a few more config options to round out my setup. Even after doing a factory set-default and running this config, the switch only is accessible through local console.

    I've got a good switch diagram created in Excel (I don't have a Visio license), and would like to name my ports within the switch. But, I am having a hard time after RTFM and dissecting some of the blogs I've read on how to do that. Can someone help me with the CLI command to accomplish that?

    Lastly, is there a "softer" way to clear the config beyond entering the bootloader and running factory set-default?

    Code:
    enable
    configure terminal
    ip dhcp-client disable
    write memory
    exit
    reload
    
    enable
    configure terminal
    vlan 1
    router-interface ve 1
    interface ve 1
    ip address 192.168.1.55/24
    exit
    hostname brocade
    vlan 100 name User
    tagged ethernet 1/1/1
    untagged ethernet 1/1/2 to 1/1/48
    !#put the 10gbe ports in there too
    untagged ethernet 1/2/1 to 1/2/4
    exit
    inline power ethernet 1/1/2 to 1/1/12
    crypto key generate rsa
    username redacted password redacted
    aaa authentication login default local
    aaa authentication enable default local
    aaa authentication web default local
    enable telnet authentication
    !#save
    write mem
    
     
    #10
  11. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    616
    Likes Received:
    247
    Edit: As far as port naming goes, I almost never do it, and I don't think the names show up in all of the commands consistently. I keep my diagram handy, which has the server-port mappings.
     
    #11
    Karson and fohdeesha like this.
  12. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    1,390
    Likes Received:
    1,117
    you cant telnet/ssh to it because you added the virt interface to vlan 1, but put everything in vlan 100

    remove the vlan 1 config stuff:

    vlan 1
    no router-interface ve 1
    interface ve 1
    no ip address 192.168.1.55/24
    exit

    #add it to vlan 100
    vlan 100
    router-interface ve 100
    interface ve 100
    ip address 192.168.1.55/24
    write mem
    #make sure to change that IP to something that is free on your network

    as far as naming ports, just go to that port and run port-name
    interface e 1/1/1
    port-name intertubes
    write mem

    Now when you run "show int br" you'll see names next to ports

    It's good to remember that to see all possible commands at the current level, just hit tab a couple times. Like go to a port config level and hit tab twice, you'll see port-name with a description listed
     
    #12
    Karson likes this.
  13. Karson

    Karson New Member

    Joined:
    Sep 4, 2018
    Messages:
    6
    Likes Received:
    1
    That's a good thing to remember - I can see where that'd be tedious, and over time, less accurate than an easy to edit diagram. I'm going full n00b here and posting my diagram. Probably embarrasing myself, but oh well. (things like the VID, I'm not sure are applicable here. I think they are, but still reading...)

    [​IMG]

    Thank you!
     
    #13
    PGlover likes this.
  14. arglebargle

    arglebargle H̸̖̅ȩ̸̐l̷̦͋l̴̰̈ỏ̶̱ ̸̢͋W̵͖̌ò̴͚r̴͇̀l̵̼͗d̷͕̈

    Joined:
    Jul 15, 2018
    Messages:
    634
    Likes Received:
    209
    Just a heads up -- pfSense handles DHCP and DNS per VLAN without issue, I've been using pfSense to do just this for a couple of years now. I actually prefer handling all of my inter-vlan routing with pfSense for log readability and use of the firewall. Obviously raw performance is going to be better on an ASIC but logging and firewall rules on pfSense are a lot nicer. I'm still running pfSense 2.3.x for ~reasons~ so these aren't new features.
     
    #14
  15. ViciousXUSMC

    ViciousXUSMC Active Member

    Joined:
    Nov 27, 2016
    Messages:
    160
    Likes Received:
    63
    I am assuming you mean as long as it has a vlan interface for that subnet.
    I would assume DNS can work just fine with layer 3 done on the switch (need to test) but I do know the pain points for the DHCP issues. I also like having all my DHCP on PFSense as I have everything aliased and static leases.

    I have a few ideas on how to get DHCP working while still using the switch to do the inter-vlan routing.
     
    #15
  16. PGlover

    PGlover Active Member

    Joined:
    Nov 8, 2014
    Messages:
    439
    Likes Received:
    48
    Can you please post a copy of your Excel spreadsheet. I would like to use it as template for mapping my ports on the ICX6610.
     
    #16
Similar Threads: Brocade ICX6450
Forum Title Date
Networking MikroTik CSS326-24G-2S+RM vs Brocade ICX6450-24 Nov 1, 2019
Networking Brocade ICX6450-24P vs Aruba S2500-24P for Homelab Sep 22, 2019
Networking [SOLVED] Help Needed - Brocade ICX 6450 + Ruckus R720 Nov 25, 2019
Networking Brocade ICX 6610 - what does dhcp-client enable do? Nov 19, 2019
Networking Brocade VDX 6720 - what do I need to know? Sep 16, 2019

Share This Page