ICX 6430 初期設定

この記事は1年以上前に書かれたものです。 情報が古い可能性があります。

いろいろ買収されてよくわからん ICX スイッチさん。
あんまりマニュアルもなかったので備忘録。もともとはたぶん Foundry Networks の系譜。Brocade -> Rucks -> Arris を経て今は Comscope だと思う。

コマンド体系は Cisco 風ですが、結構違う部分も多いです。

試した環境 Brocade ICX6430-C12
System Revision : 08.0.10jT311

ICX6430-C12 Switch#show ver
  Copyright (c) 1996-2014 Brocade Communications Systems, Inc. All rights reserved.
    UNIT 1: compiled on Mar 26 2015 at 21:09:56 labeled as ICX64S08010j
                (8107184 bytes) from Primary ICX64S08010j.bin
        SW: Version 08.0.10jT311
  Boot-Monitor Image size = 779020, Version:08.0.00T310 (kxz08000)
  HW: Stackable ICX6430-C12
UNIT 1: SL 1: ICX6430C 12-port Management Module
         Serial  #: CPW********
         License: BASE_SOFT_PACKAGE   (LID: eryIHFJnFGv)
         P-ENGINE  0: type E7EE, rev 01
UNIT 1: SL 2: ICX6430C-Copper 2port 2G Module
UNIT 1: SL 3: ICX6430C-Fiber 2port 2G Module
  500 MHz ARM processor ARMv5TE, 400 MHz bus
32768 KB flash memory
  256 MB DRAM
STACKID 1  system uptime is 15 minutes 26 seconds
The system : started=cold start

初期ユーザ: なし


ICX6430-C12 Switch>en
No password has been assigned yet...
ICX6430-C12 Switch#conf t
ICX6430-C12 Switch(config)#hostname ICX6430

管理ユーザー作成 / enable パスワード設定
root や admin みたいなのはなさそう。

ICX6430(config)#username naoki password Password
ICX6430(config)#enable super-user-password Password

ICX6430(config)#enable aaa console

コンフィグ上は 「enable super-user-password …..」と伏字になる。

IP / デフォルトゲートウェイ
ping はなぜかデフォルトは 1 回。count N で回数指定。 L2 スイッチだからか show ip route みたいなのはなさそう。

ICX6430(config)#ip address

Sending 1, 16-byte ICMP Echo to, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from  : bytes=16 time=1ms TTL=255
Success rate is 100 percent (1/1), round-trip min/avg/max=1/1/1 ms.
ICX6430#conf t
ICX6430(config)#ip default-gateway

ICX6430#show ip address
        IP Address       Type      Lease Time       Static    N/A

ssh 設定(マネージメントポートを使用、鍵などの表示は一部省略)

ICX6430(config)#ip address
ICX6430(config)#ip default-gateway

ICX6430(config)#username naoki password Password
ICX6430(config)#aaa authentication login default local

ICX6430(config)#crypto key generate rsa  modulus 2048
Creating RSA key pair, please wait...

RSA Key pair is successfully created

telnet 無効化(デフォルト有効)

# conf t
ICX6430(config)#no telnet server

ICX6430#show telnet
Console connections:
        established, privilege super-user
        you are connecting to this session
        1 seconds in idle
Telnet server status: Disabled
Telnet connections (inbound):
 1      closed
 2      closed
Telnet connections (outbound):
 6      closed
SSH server status: Enabled
SSH connections:
SSH connections (inbound):
 1      closed
SSH connection (outbound):
 6      closed

cisco のように interface に vlan が紐づくのではなく、vlan に interface を指定する形式。

ICX6430(config)#vlan 10
ICX6430(config-vlan-10)#untagged ethernet 1/1/1
Added untagged port(s) ethe 1/1/1 to port-vlan 10.
ICX6430#show vlan
Total PORT-VLAN entries: 2
Maximum PORT-VLAN entries: 64

Legend: [Stk=Stack-Id, S=Slot]

PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree On
 Untagged Ports: (U1/M1)   3   4   5   6   7   8   9  10  11  12
 Untagged Ports: (U1/M2)   1
 Untagged Ports: (U1/M3)   1   2
   Tagged Ports: None
   Uplink Ports: None
 DualMode Ports: None
 Mac-Vlan Ports: None
     Monitoring: Disabled
PORT-VLAN 10, Name [None], Priority level0, Spanning tree On
 Untagged Ports: (U1/M1)   1   2
 Untagged Ports: (U1/M2)   2
   Tagged Ports: None
   Uplink Ports: None
 DualMode Ports: None
 Mac-Vlan Ports: None
     Monitoring: Disabled

# VLAN インターフェースに管理 IP を持たせる場合。(mgmtに設定していた場合、IP 以外は VLAN 側のみコンフィグに表示される。no management-vlan で元の設定に戻る。)
ICX6430(config-vlan-10)#default-gateway 1

Native VLAN
tagged に指定し、dual-mode で native vlan を指定する。意味わからん。

ICX6430(config-vlan-1701)#tagged ethernet 1/1/3 to 1/1/4
Added tagged port(s) ethe 1/1/3 to 1/1/4 to port-vlan 1701.
ICX6430(config)#int ethernet 1/1/3 to 1/1/4
ICX6430(config-mif-1/1/3-1/1/4)#dual-mode 1701

PORT-VLAN 1701, Name [None], Priority level0, Spanning tree On
 Untagged Ports: None
   Tagged Ports: (U1/M2)   1
   Uplink Ports: None
 DualMode Ports: (U1/M1)   3   4
 Mac-Vlan Ports: None
     Monitoring: Disabled
PORT-VLAN 1716, Name [None], Priority level0, Spanning tree On

なぜかタイムゾーン指定するまで sync してくれない。

ICX6430(config)#clock timezone gmt gmt+09

ICX6430#show ntp associations
   address         ref clock      st  when  poll reach  delay   offset  disp
 ~  2    12    64     1  1.886 21474836 202.99
* synced, # selected, + candidate, - outlayer, x falseticker, ~ configured

ICX6430#show ntp status
 Clock is synchronized, stratum 3, reference clock is
 precision is 2**-16
 reference time is 3864005831.3690378343 (15:57:11.3690378343 GMT+09 Sun Jun 12 2022)
 clock offset is 0.0057 msec, root delay is 33.0000 msec
 root dispersion is 211.6647 msec,  peer dispersion is 6.9912 msec
 system poll interval is 64,  last clock update was 117 sec ago
 NTP server mode is enabled, NTP client mode is enabled
 NTP master mode is disabled, NTP master stratum is 8
 NTP is not in panic mode

ICX6430#show clock
16:00:40.512 GMT+09 Sun Jun 12 2022


ICX6430(config)#logging host


ICX6430(config)#interface ethernet 1/1/3 to 1/1/4
ICX6430(config-mif-1/1/3-1/1/4)#inline power

PoE 802.3 at の場合、class を指定しないとエラーになる

ICX6430>show inline power

Power Capacity:         Total is 68000 mWatts. Current Free is 68000 mWatts.

Power Allocations:      Requests Honored 0 times

 Port   Admin   Oper    ---Power(mWatts)---  PD Type  PD Class  Pri  Fault/
        State   State   Consumed  Allocated                          Error
 1/1/1  Off     Off            0          0  n/a      n/a         3  n/a
 1/1/2  Off     Off            0          0  n/a      n/a         3  n/a
 1/1/3  On      Off            0          0  n/a      n/a         3  n/a
 1/1/4  On      Off            0          0  n/a      n/a         3  PD Detection Fault
 Total                         0          0

ICX6430>PoE Internal Error: Port status En/Dis data mismatch with s/w on port 1/1/4.
ICX6430(config)interface ethernet 1/1/4
ICX6430(config-if-e1000-1/1/4) inline power power-by-class 4

LLDP 有効化

ICX6430(config)#lldp run
ICX6430(config)#lldp enable ports all
ICX6430#show lldp neighbors
Lcl Port Chassis ID      Port ID         Port Description            System Name
1/1/3    5c5b.35f1.beef  5c5b.35f1.beef  ETH0                        nlab-sw01


ICX6430#write memory
Write startup-config done.

ICX6430#Flash Memory Write (8192 bytes per dot) .
Flash to Flash Done.


ICX6430-C12 Switch#erase startup-config
Erase startup-config Done.
dhcp server lease database is also removed

ICX6430-C12 Switch#reload
Are you sure? (enter 'y' or 'n'): y
Could not verify if the Running Config data has been changed.
Do you want to continue the reload anyway? (enter 'y' or 'n'):
Sent SIGKILL to all processes
Requesting system reboot
Restarting system.

「no password」と入力し「boot」を入力。


Ruckus (Brocade) ICX6430-C12 を買ったのでコマンドなどをメモ – Network (fc2.com)
Configuring Brocade ICX-Series Ethernet Switches – AN!Wiki (alteeve.com)
VLAN configuration on Ruckus ICX switches for Ruckus Wireless WLAN’s | Knowledge Base | Ruckus Wireless Support