いろいろ買収されてよくわからん ICX スイッチさん。
あんまりマニュアルもなかったので備忘録。もともとはたぶん Foundry Networks の系譜。Brocade -> Rucks -> Arris を経て今は Comscope だと思う。
コマンド体系は Cisco 風ですが、結構違う部分も多いです。
古いのでコマンドが異なるものがあればご注意くださいませ。あくまで参考情報です。
試した環境 Brocade ICX6430-C12
System Revision : 08.0.10jT311
ICX6430-C12 Switch#show ver
Copyright (c) 1996-2014 Brocade Communications Systems, Inc. All rights reserved.
UNIT 1: compiled on Mar 26 2015 at 21:09:56 labeled as ICX64S08010j
(8107184 bytes) from Primary ICX64S08010j.bin
SW: Version 08.0.10jT311
Boot-Monitor Image size = 779020, Version:08.0.00T310 (kxz08000)
HW: Stackable ICX6430-C12
==========================================================================
UNIT 1: SL 1: ICX6430C 12-port Management Module
Serial #: CPW********
License: BASE_SOFT_PACKAGE (LID: eryIHFJnFGv)
P-ENGINE 0: type E7EE, rev 01
==========================================================================
UNIT 1: SL 2: ICX6430C-Copper 2port 2G Module
==========================================================================
UNIT 1: SL 3: ICX6430C-Fiber 2port 2G Module
==========================================================================
500 MHz ARM processor ARMv5TE, 400 MHz bus
32768 KB flash memory
256 MB DRAM
STACKID 1 system uptime is 15 minutes 26 seconds
The system : started=cold start
初期ユーザ: なし
初期パスワード:なし
ホスト名(以下ホスト名の表示は省略)
ICX6430-C12 Switch>en
No password has been assigned yet...
ICX6430-C12 Switch#conf t
ICX6430-C12 Switch(config)#hostname ICX6430
ICX6430(config)#
管理ユーザー作成 / enable パスワード設定
root や admin みたいなのはなさそう。
ICX6430(config)#username naoki password Password
ICX6430(config)#enable super-user-password Password
#コンソールパスワードの有効化
ICX6430(config)#enable aaa console
コンフィグ上は 「enable super-user-password …..」と伏字になる。
IP / デフォルトゲートウェイ
ping はなぜかデフォルトは 1 回。count N で回数指定。 L2 スイッチだからか show ip route みたいなのはなさそう。
ICX6430(config)#ip address 172.16.120.222/24
ICX6430(config)#exit
ICX6430#ping 172.16.120.254
Sending 1, 16-byte ICMP Echo to 172.16.120.254, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 172.16.120.254 : bytes=16 time=1ms TTL=255
Success rate is 100 percent (1/1), round-trip min/avg/max=1/1/1 ms.
ICX6430#conf t
ICX6430(config)#ip default-gateway 172.16.120.254
ICX6430(config)#exit
ICX6430#show ip address
IP Address Type Lease Time
172.16.120.222 Static N/A
ssh 設定(マネージメントポートを使用、鍵などの表示は一部省略)
ICX6430(config)#ip address 172.16.120.222/24
ICX6430(config)#exit
ICX6430(config)#ip default-gateway 172.16.120.254
ICX6430(config)#username naoki password Password
ICX6430(config)#aaa authentication login default local
#鍵作成するなら
ICX6430(config)#crypto key generate rsa modulus 2048
Creating RSA key pair, please wait...
RSA Key pair is successfully created
telnet 無効化(デフォルト有効)
# conf t
ICX6430(config)#no telnet server
ICX6430#show telnet
Console connections:
established, privilege super-user
you are connecting to this session
1 seconds in idle
Telnet server status: Disabled
Telnet connections (inbound):
1 closed
2 closed
~省略~
Telnet connections (outbound):
6 closed
~省略~
SSH server status: Enabled
SSH connections:
SSH connections (inbound):
1 closed
~省略~
SSH connection (outbound):
6 closed
~省略~
VLAN設定
cisco のように interface に vlan が紐づくのではなく、vlan に interface を指定する形式。
ICX6430(config)#vlan 10
ICX6430(config-vlan-10)#untagged ethernet 1/1/1
Added untagged port(s) ethe 1/1/1 to port-vlan 10.
ICX6430(config-vlan-10)#exit
ICX6430(config)#exit
ICX6430#show vlan
Total PORT-VLAN entries: 2
Maximum PORT-VLAN entries: 64
Legend: [Stk=Stack-Id, S=Slot]
PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree On
Untagged Ports: (U1/M1) 3 4 5 6 7 8 9 10 11 12
Untagged Ports: (U1/M2) 1
Untagged Ports: (U1/M3) 1 2
Tagged Ports: None
Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
Monitoring: Disabled
PORT-VLAN 10, Name [None], Priority level0, Spanning tree On
Untagged Ports: (U1/M1) 1 2
Untagged Ports: (U1/M2) 2
Tagged Ports: None
Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
Monitoring: Disabled
# VLAN インターフェースに管理 IP を持たせる場合。(mgmtに設定していた場合、IP 以外は VLAN 側のみコンフィグに表示される。no management-vlan で元の設定に戻る。)
ICX6430(config-vlan-10)#management-vlan
ICX6430(config-vlan-10)#default-gateway 172.16.120.254 1
Native VLAN
tagged に指定し、dual-mode で native vlan を指定する。意味わからん。
ICX6430(config-vlan-1701)#tagged ethernet 1/1/3 to 1/1/4
Added tagged port(s) ethe 1/1/3 to 1/1/4 to port-vlan 1701.
ICX6430(config-vlan-1701)#exit
ICX6430(config)#int ethernet 1/1/3 to 1/1/4
ICX6430(config-mif-1/1/3-1/1/4)#dual-mode 1701
ICX6430(config-mif-1/1/3-1/1/4)#exit
PORT-VLAN 1701, Name [None], Priority level0, Spanning tree On
Untagged Ports: None
Tagged Ports: (U1/M2) 1
Uplink Ports: None
DualMode Ports: (U1/M1) 3 4
Mac-Vlan Ports: None
Monitoring: Disabled
PORT-VLAN 1716, Name [None], Priority level0, Spanning tree On
NTP設定
なぜかタイムゾーン指定するまで sync してくれない。
ICX6430(config)#clock timezone gmt gmt+09
ICX6430(config)#ntp
ICX6430(config-ntp)#server 172.16.120.254
ICX6430#show ntp associations
address ref clock st when poll reach delay offset disp
~172.16.120.254 133.243.238.164 2 12 64 1 1.886 21474836 202.99
* synced, # selected, + candidate, - outlayer, x falseticker, ~ configured
ICX6430#show ntp status
Clock is synchronized, stratum 3, reference clock is 172.16.120.254
precision is 2**-16
reference time is 3864005831.3690378343 (15:57:11.3690378343 GMT+09 Sun Jun 12 2022)
clock offset is 0.0057 msec, root delay is 33.0000 msec
root dispersion is 211.6647 msec, peer dispersion is 6.9912 msec
system poll interval is 64, last clock update was 117 sec ago
NTP server mode is enabled, NTP client mode is enabled
NTP master mode is disabled, NTP master stratum is 8
NTP is not in panic mode
ICX6430#show clock
16:00:40.512 GMT+09 Sun Jun 12 2022
SYSLOG設定
ICX6430(config)#logging host 172.16.10.11
PoE有効化
ICX6430(config)#interface ethernet 1/1/3 to 1/1/4
ICX6430(config-mif-1/1/3-1/1/4)#inline power
ICX6430(config-mif-1/1/3-1/1/4)#exit
ICX6430(config)#exit
PoE 802.3 at の場合、class を指定しないとエラーになる
ICX6430>show inline power
Power Capacity: Total is 68000 mWatts. Current Free is 68000 mWatts.
Power Allocations: Requests Honored 0 times
Port Admin Oper ---Power(mWatts)--- PD Type PD Class Pri Fault/
State State Consumed Allocated Error
--------------------------------------------------------------------------
1/1/1 Off Off 0 0 n/a n/a 3 n/a
1/1/2 Off Off 0 0 n/a n/a 3 n/a
1/1/3 On Off 0 0 n/a n/a 3 n/a
1/1/4 On Off 0 0 n/a n/a 3 PD Detection Fault
--------------------------------------------------------------------------
Total 0 0
ICX6430>PoE Internal Error: Port status En/Dis data mismatch with s/w on port 1/1/4.
ICX6430(config)interface ethernet 1/1/4
ICX6430(config-if-e1000-1/1/4) inline power power-by-class 4
LLDP 有効化
ICX6430(config)#lldp run
ICX6430(config)#lldp enable ports all
ICX6430#show lldp neighbors
Lcl Port Chassis ID Port ID Port Description System Name
1/1/3 5c5b.35f1.beef 5c5b.35f1.beef ETH0 nlab-sw01
設定保存
ICX6430#write memory
Write startup-config done.
ICX6430#Flash Memory Write (8192 bytes per dot) .
Flash to Flash Done.
初期化
ICX6430-C12 Switch#erase startup-config
Erase startup-config Done.
dhcp server lease database is also removed
ICX6430-C12 Switch#reload
Are you sure? (enter 'y' or 'n'): y
Could not verify if the Running Config data has been changed.
Do you want to continue the reload anyway? (enter 'y' or 'n'):
Sent SIGKILL to all processes
Requesting system reboot
Restarting system.
パスワードリセット(未検証)
システム起動時にコンソールで「b」を押し続ける。
「no password」と入力し「boot」を入力。
パスワードがバイパスしてプロンプトが起動するので、パスワードを再設定。
参考情報
Ruckus (Brocade) ICX6430-C12 を買ったのでコマンドなどをメモ – Network (fc2.com)
Configuring Brocade ICX-Series Ethernet Switches – AN!Wiki (alteeve.com)
VLAN configuration on Ruckus ICX switches for Ruckus Wireless WLAN’s | Knowledge Base | Ruckus Wireless Support
コメント