Ruckus/ICX-6450
https://www.ruckussecurity.com/ICX-6450-48.asp
Connect
tio -b 9600 /dev/ttyS0
Clear Settings
ICX6450-48 Switch#erase startup-config Erase startup-config Done. dhcp server lease database is also removed
ICX6450-48 Switch#show config INFO: empty config data in the primary area, try to read from backup INFO: empty config data in the backup area also
ICX6450-48 Switch#reload Are you sure? (enter 'y' or 'n'): y Could not verify if the Running Config data has been changed. Do you want to continue the reload anyway? (enter 'y' or 'n'): y Halt and reboot
ICX6450-48 Switch> Stack unit 1 PS 1, Internal Power supply detected and up. show config INFO: empty config data in the primary area, try to read from backup INFO: empty config data in the backup area also
ICX6450-48 Switch>enable No password has been assigned yet...
ICX6450-48 Switch#show config INFO: empty config data in the primary area, try to read from backup INFO: empty config data in the backup area also
ICX6450-48 Switch#write memory Write startup-config done. ICX6450-48 Switch#Flash Memory Write (8192 bytes per dot) . Flash to Flash Done.
ICX6450-48 Switch#show config ! Startup-config data location is flash memory ! Startup configuration: ! ver 07.4.00T311 ! stack unit 1 module 1 icx6450-48-port-management-module module 2 icx6450-sfp-plus-4port-40g-module ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! end
Once it comes back up, your switch will be as-new.
ref: https://www.alteeve.com/w/Configuring_Brocade_ICX-Series_Ethernet_Switches
Configure IP
ICX6610-24 Switch> enable ICX6610-48 Switch#configure terminal ICX6610-48 Switch(config)#ip address 10.20.1.1 255.255.0.0 ICX6610-48 Switch(config)#exit # Ping external device test ICX6610-48 Switch#ping 10.20.255.254 ICX6610-48 Switch#write memory
Show connected interfaces
ICX6610-24 Switch(config)#show interfaces brief Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name 1/1/1 Down None None None None No 1 0 cc4e.24b9.4b74 1/1/2 Down None None None None No 1 0 cc4e.24b9.4b75 1/1/3 Down None None None None No 1 0 cc4e.24b9.4b76 1/1/4 Down None None None None No 1 0 cc4e.24b9.4b77
reF: https://www.alteeve.com/w/Configuring_Brocade_ICX-Series_Ethernet_Switches
Show ARP table
Show IP
ICX6450-48 Switch(config)#show ip Switch IP address: 10.10.10.220 Subnet mask: 255.255.255.0 Default router address: 10.10.10.1 TFTP server address: None Configuration filename: None Image filename: None IP MTU: 1500
Ping External
Example failure:
ICX6450-48 Switch#ping 10.10.10.1 Sending 1, 16-byte ICMP Echo to 10.10.10.1, timeout 5000 msec, TTL 64 Type Control-c to abort Request timed out. No reply from remote host.
Show VLANs
Example None configured:
ICX6450-48 Switch>show vlan Total PORT-VLAN entries: 1 Maximum PORT-VLAN entries: 64 Legend: [Stk=Stack-Id, S=Slot]
License
ICX6450-48 Switch>show license License record empty
Show Stack
Example not configured:
ICX6450-48 Switch>show stack ***** Warning! stack is not enabled. ***** alone: standalone, D: dynamic config, S: static config ID Type Role Mac Address Pri State Comment 1 S ICX6450-48 alone 748e.f8bb.15a0 0 local None:0 +---+ -2/3| 1 |2/1- +---+ Current stack management MAC is 748e.f8bb.15a0 Note: no "stack mac" config. My MAC will change after failover.
Reset Lost Password
On the front of the switch will be a small "Reset" switch. To press this, you will need a very thin object in order to press the button, like a small paper clip, needle or so on.
During the boot process, press b when you see the Enter 'b' to stop at boot monitor: prompt.
Enter 'b' to stop at boot monitor: 0 ICX64XX-boot>> no password OK! Skip password check when the system is up. ICX64XX-boot>> boot system flash primary Usage: boot - boot default, i.e., run 'bootcmd' ICX64XX-boot>> boot_primary Booting image from Primary ## Booting image at 00007fc0 ... Created: 2013-04-27 3:19:57 UTC Data Size: 10552120 Bytes = 10.1 MB Load Address: 00008000 Entry Point: 00008000 Verifying Checksum ... OK OK
ref: https://www.alteeve.com/w/Configuring_Brocade_ICX-Series_Ethernet_Switches
Paging
Brocade#skip Disable page display mode Brocade#page Enable page display mode
Show Interfaces
ICX6450-48 Switch#show interfaces brief Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name 1/1/1 Up Forward Full 1G None No 1 0 748e.f8bb.15a0 1/1/2 Down None None None None No 1 0 748e.f8bb.15a1 1/1/3 Down None None None None No 1 0 748e.f8bb.15a2 1/1/4 Down None None None None No 1 0 748e.f8bb.15a3 1/1/5 Down None None None None No 1 0 748e.f8bb.15a4 1/1/6 Down None None None None No 1 0 748e.f8bb.15a5 1/1/7 Down None None None None No 1 0 748e.f8bb.15a6 1/1/8 Down None None None None No 1 0 748e.f8bb.15a7 1/1/9 Down None None None None No 1 0 748e.f8bb.15a8 1/1/10 Down None None None None No 1 0 748e.f8bb.15a9 1/1/11 Down None None None None No 1 0 748e.f8bb.15aa 1/1/12 Down None None None None No 1 0 748e.f8bb.15ab 1/1/13 Down None None None None No 1 0 748e.f8bb.15ac 1/1/14 Down None None None None No 1 0 748e.f8bb.15ad ....
Show Interface By Port
ICX6450-48 Switch#show int eth 1/1/1 GigabitEthernet1/1/1 is up, line protocol is up Hardware is GigabitEthernet, address is 748e.f8bb.15a0 (bia 748e.f8bb.15a0) Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Configured mdi mode AUTO, actual MDI Member of L2 VLAN ID 1, port is untagged, port state is FORWARDING BPDU guard is Disabled, ROOT protect is Disabled Link Error Dampening is Disabled STP configured to OFF, priority is level0, mac-learning is enabled Loop Detection is ENABLED Flow Control is config enabled, oper enabled, negotiation disabled Mirror disabled, Monitor disabled Not member of any active trunks Not member of any configured trunks No port name Inter-Packet Gap (IPG) is 96 bit times MTU 1500 bytes 300 second input rate: 7600 bits/sec, 11 packets/sec, 0.00% utilization 300 second output rate: 512 bits/sec, 1 packets/sec, 0.00% utilization 4551 packets input, 373995 bytes, 0 no buffer Received 333 broadcasts, 4178 multicasts, 40 unicasts 0 input errors, 0 CRC, 0 frame, 0 ignored 0 runts, 0 giants 390 packets output, 26172 bytes, 0 underruns Transmitted 2 broadcasts, 385 multicasts, 3 unicasts 0 output errors, 0 collisions Relay Agent Information option: Disabled ...
Show Management Network Interface MAC
telnet@myswitch#show interfaces brief mgmt1 Down None None None None No None 0 c0c5.20b7.1111
c0:c5:20:b7:11:11
Clear VLANs
enable show config no vlan [#]
Disable Spanning Tree
interface ethernet 1/1/1 loop-detection no spanning-tree ! interface ethernet 1/1/2 loop-detection no spanning-tree !... interface ethernet 1/1/48 port-name uplink no spanning-tree !
Hostname
hostname "my switch"
DHCP
ip dhcp-client enable ip dhcp-client auto-update enable
no ip dhcp-client enable
Static IP
ip address 10.10.10.104 255.255.255.0 ip default-gateway 10.10.10.1 no ip dhcp-client auto-update enable no ip dhcp-client enable
super-user-password
enable super-user-password [PASSWORD]
no enable super-user-password
Show Logs
sh logs
Clear logs:
clear logs
Show errors:
! Error disable recover sh errdisable recovery
! Error disable summary sh errdisable summary
Show Software Version and Switch Model
>sh version Copyright (c) 1996-2012 Brocade Communications Systems, Inc. All rights reserved. UNIT 1: compiled on Mar 2 2012 at 12:38:17 labeled as ICX64S07400 (10360844 bytes) from Primary ICX64S07400.bin SW: Version 07.4.00T311 Boot-Monitor Image size = 512, Version:07.4.00T310 (kxz07400) HW: Stackable ICX6450-48-HPOE ========================================================================== UNIT 1: SL 1: ICX6450-48p POE 48-port Management Module Serial #: BZTXXXXXXXX License: BASE_SOFT_PACKAGE (LID: dbvHKIFjFox) P-ENGINE 0: type DEF0, rev 01 P-ENGINE 1: type DEF0, rev 01 ========================================================================== UNIT 1: SL 2: ICX6450-SFP-Plus 4port 40G Module ========================================================================== 800 MHz ARM processor ARMv5TE, 400 MHz bus 65536 KB flash memory 512 MB DRAM STACKID 1 system uptime is 1 days 21 hours 15 minutes 32 seconds The system : started=warm start reloaded=by "reload"
Enable SSH
(Note telnet is enabled by default, and doesn't require user)
crypto key generate - http://docs.ruckuswireless.com/fastiron/08.0.50/fastiron-08050-commandref/GUID-74724EE0-E8FB-46A1-8FBA-9E2F342D5B93.html
- To enable SSH, you generate a DSA or RSA host key on the device. The SSH server on the Brocade device uses this host DSA or RSA key, along with a dynamically generated server DSA or RSA key pair, to negotiate a session key and encryption method with the client trying to connect to it. While the SSH listener exists at all times, sessions cannot be started from clients until a host key is generated. After a host key is generated, clients can start sessions. When a host key is generated, it is saved to the flash memory of all management modules. The time to initially generate SSH keys varies depending on the configuration, and can be from a under a minute to several minutes.
- To disable SSH, you delete all of the host keys from the device. When a host key is deleted, it is deleted from the flash memory of all management modules.
Enable SSH: [1]
## Generate keys crypto key generate dsa # Add admin user: username admin pri 0 password passphrase # enable aaa authentication login default local
then wait... takes about 5 minutes, and you will eventually see:
DSA Key pair is successfully created
.. ..
root@server:~# ssh admin@10.10.10.100 Unable to negotiate with 10.10.10.100 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
fix with: (from switch)
ip ssh key-exchange-method dh-group14-sha1
or from SSH:
ssh -v -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -caes256-cbc 10.10.10.100
Generate keys:
(config)#crypto key generate rsa modulus 2048 (config)#ip ssh key-exchange-method dh-group14-sha1 Warning: This operation would close all existing SSH connection. (config)#username admin privilege 0 password [PASSWORD] DECIMAL <0 READ-WRITE, 4 PORT-CONFIG, 5 READ-ONLY> User privilege level (config)#aaa authentication login default local
To require the enable login locally as well:
(config)#aaa authentication enable default local
To auto go to privileged mode after login (use in labs only, not production):
(config)#aaa authentication login privilege-mode
To change password:
(config)#username admin password [PASSWORD]
ref: https://robrobstation.com/2017/07/17/ruckus-icx7150-c12p-initial-configuration/
Sample config:
ICX7150-48-Switch(config)#write terminal Current configuration: ! ver 08.0.61aT211 ! stack unit 1 module 1 icx7150-48-port-management-module module 2 icx7150-2-copper-port-2g-module module 3 icx7150-4-sfp-plus-port-40g-module ! ! ! ! ! ! ! ! ! ! aaa authentication enable default local aaa authentication login default local ip address 10.10.10.228 255.255.255.0 dynamic ip default-gateway 10.10.10.1 dynamic ! username admin password ..... ! ! interface ethernet 1/3/1 speed-duplex 1000-full ! interface ethernet 1/3/2 speed-duplex 1000-full ! interface ethernet 1/3/3 speed-duplex 1000-full ! interface ethernet 1/3/4 speed-duplex 1000-full ! ! ! ! ! ! ip ssh key-exchange-method dh-group14-sha1 ! ! end
Disable SSH
Delete the host keys
crypto key zeroize
crypto key zeroize dsa
crypto key generate - http://docs.ruckuswireless.com/fastiron/08.0.50/fastiron-08050-commandref/GUID-74724EE0-E8FB-46A1-8FBA-9E2F342D5B93.html
- To disable SSH, you delete all of the host keys from the device. When a host key is deleted, it is deleted from the flash memory of all management modules.
Enable POE
On the ICX 6450-48P ('P' meaning PoE support)
Enabling and disabling Power over Ethernet http://docs.ruckuswireless.com/fastiron/08.0.80/fastiron-08080-managementguide/GUID-B427DDA2-C8F4-40F7-A100-9A8E7DC55156.html
Enable:
device# configure terminal device(config)# interface ethernet 1/1/1 device(config-if-e1000-1/1/1)# inline power
PoE: Power enabled on port 1/1/1.
Disable:
device# configure terminal device(config)# interface ethernet 1/1/1 to 1/1/48 device(config-mif-1/1/1-1/1/48)# no inline power
Show interface POE details:
show inline power
telnet@myswitch#show inline power Power Capacity: Total is 740000 mWatts. Current Free is 451400 mWatts. Power Allocations: Requests Honored 564 times Port Admin Oper ---Power(mWatts)--- PD Type PD Class Pri Fault/ State State Consumed Allocated Error -------------------------------------------------------------------------- 1/1/1 On Off 0 0 n/a n/a 3 n/a 1/1/2 On Off 0 0 n/a n/a 3 n/a ... 1/1/13 On On 9500 30000 802.3at Class 4 3 n/a 1/1/14 On Non-PD 0 0 n/a n/a 3 n/a ... 1/1/48 Off Off 0 0 n/a n/a 3 n/a -------------------------------------------------------------------------- Total 99900 288600
Show power detail overview:
show inline power detail
device# show inline power detail Power Supply Data On stack 1: ++++++++++++++++++ Power Supply Data: ++++++++++++++++++ Power Supply #1: Max Curr: 13.7 Amps Voltage: 54.0 Volts Capacity: 740 Watts power supply 2 is not present power supply 3 is not present POE Details Info. On Stack 1 : General PoE Data: +++++++++++++++++ Firmware Version -------- 02.1.0 Cumulative Port State Data: +++++++++++++++++++++++++++ #Ports #Ports #Ports #Ports #Ports #Ports #Ports Admin-On Admin-Off Oper-On Oper-Off Off-Denied Off-No-PD Off-Fault ------------------------------------------------------------------------- 1 47 1 47 0 0 0 Cumulative Port Power Data: +++++++++++++++++++++++++++ #Ports #Ports #Ports Power Power Pri: 1 Pri: 2 Pri: 3 Consumption Allocation ----------------------------------------------- 0 0 1 0.751 W 30.0 W
Limit POE Power
Default is 30 W (30,000 mW), which on a 48 port only allows 24 ports (half) = 720 mW of 740 W Max
To limit to 25 W, which allows 29 ports:
int ent ethernet 1/1/1 to 1/1/48
inline power inline power power-limit 25000
Full Clear VLANs Example
Enable edit:
ICX6450-48 Switch> enable Enter Privileged mode ping Ping IP node show Display system information stop-traceroute Stop current TraceRoute traceroute TraceRoute to IP Node ICX6450-48 Switch> ICX6450-48 Switch>enable No password has been assigned yet... ICX6450-48 Switch# ICX6450-48 Switch#show config ! ... ...
See Config:
ICX6450-48 Switch#show config ! Startup-config data location is flash memory ! Startup configuration: ! ver 07.4.00T311 ! stack unit 1 module 1 icx6450-48-port-management-module module 2 icx6450-sfp-plus-4port-40g-module ! ! ! ! vlan 1 name DEFAULT-VLAN by port ! vlan 4 name Management by port tagged ethe 1/1/1 ! vlan 192 name my_lab by port tagged ethe 1/1/1 untagged ethe 1/1/2 to 1/1/48 ! ! ! ! ! ! ! ! ! ! ! ! ip address 10.10.10.50 255.255.255.0 no ip dhcp-client enable ip default-gateway 10.10.10.1 username admin password ..... ! ! ! ! ! ! end
Edit settings:
ICX6450-48 Switch#configure terminal ICX6450-48 Switch(config)#no vlan 4 ICX6450-48 Switch(config)#no vlan 192 ICX6450-48 Switch(config)#write terminal ...
Write temporary config:
ICX6450-48 Switch(config)#write terminal Current configuration: ! ver 07.4.00T311 ! stack unit 1 module 1 icx6450-48-port-management-module module 2 icx6450-sfp-plus-4port-40g-module ! ! ! ! vlan 1 name DEFAULT-VLAN by port ! ! ! ! ! ! ! ! ! ! ! ! ip address 10.10.10.50 255.255.255.0 no ip dhcp-client enable ip default-gateway 10.10.10.1 username admin password ..... ! ! ! ! ! ! end
Save to memory:
ICX6450-48 Switch(config)#write memory Write startup-config done. ICX6450-48 Switch(config)#Flash Memory Write (8192 bytes per dot) . Flash to Flash Done.
If you wanted to change the IP:
ICX6450-48 Switch(config)#ip address 10.10.10.20 255.255.255.0 ICX6450-48 Switch(config)#ip default-gateway 10.10.10.2