Brocade switches

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
5,986
That thread pretty much has all you need--just read the whole thing and then post any questions there. The STH are good folks and many of them are here too. (y)
 

Eulogy

2[H]4U
Joined
Nov 9, 2005
Messages
2,900
I had one for awhile after we retired it from production. It was a pretty good switch. It ended up dying out of warranty (unknown reason why), and I ended up replacing with a Dell 5524p. I'm debating new switching gear as well, and Mikrotik has been on my sights, but maybe a used Brocade can get back on my list again. I'll have to read that thread :)
 

amrogers3

Gawd
Joined
Nov 7, 2010
Messages
640
Thanks Samir. Wait....so the configurations are within those 320 pages?? Brother, I have time but not that kind of time. I was looking for a PDF or something similar that I could read up on the commands and functionality. I googled and I have not been able to find any kind of config documentation on the Brocades.

Eulogy, I was looking at Miktotik as well. Might just end up getting getting a Cisco due to the extensive how-tos and documentation available on them.

EDIT: disregard that SamirD. I see the manuals are contained in the ZIP file. Sorry for the miss on my part.
 
Last edited:

Eulogy

2[H]4U
Joined
Nov 9, 2005
Messages
2,900
Thanks Samir. Wait....so the configurations are within those 320 pages?? Brother, I have time but not that kind of time. I was looking for a PDF or something similar that I could read up on the commands and functionality. I googled and I have not been able to find any kind of config documentation on the Brocades.

Eulogy, I was looking at Miktotik as well. Might just end up getting getting a Cisco due to the extensive how-tos and documentation available on them.

EDIT: disregard that SamirD. I see the manuals are contained in the ZIP file. Sorry for the miss on my part.
It's pretty straight forward, but, it's not normal Cisco-esque commands sadly. But still pretty easy to get around, just some slight syntax differences. Depending on all of what you're wanting to do, just routing and VLANs is very straight forward. Advertising BGP and more advanced stuff is not so simple. You can also use OpenFlow if you want to go that route.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,956
I got one myself cause of that thread, dead easy to set up

Just look up Brocade [switch model] quick start or something, or look up specifically what you want to do, you will find simple guides around
 

amrogers3

Gawd
Joined
Nov 7, 2010
Messages
640
Thanks Eulogy and MrGuvernment. I went ahead and picked up a new/open box one on eBay.

Couple questions though, I see that I need to flash it but what is the purpose of flashing it if it already has an OS on it?

This is for a camera network I am trying to isolate and have the Brocade L3 do all the routing. I still need to be able to access the Camera VLAN 3 to configure the cameras and NVR.

I have been reading up on ACLs and how to secure the VLANs. Would it better to assign the management port the management-vlan or use ACLs to prevent other VLANs from accessing the management port?

Screen Shot 2021-12-04 at 12.51.45 PM.png
 

Eulogy

2[H]4U
Joined
Nov 9, 2005
Messages
2,900
Thanks Eulogy and MrGuvernment. I went ahead and picked up a new/open box one on eBay.

Couple questions though, I see that I need to flash it but what is the purpose of flashing it if it already has an OS on it?

This is for a camera network I am trying to isolate and have the Brocade L3 do all the routing. I still need to be able to access the Camera VLAN 3 to configure the cameras and NVR.

I have been reading up on ACLs and how to secure the VLANs. Would it better to assign the management port the management-vlan or use ACLs to prevent other VLANs from accessing the management port?

View attachment 418598
You need to flash it to the latest OS version, via a TFTP server. That's a prereq before doing all the licensing and unlocking. You may not absolutely need it if you don't need the licensed features and such, but even then it's still a good idea for stability, security, etc.
 

Eulogy

2[H]4U
Joined
Nov 9, 2005
Messages
2,900
Thanks Eulogy and MrGuvernment. I went ahead and picked up a new/open box one on eBay.

Couple questions though, I see that I need to flash it but what is the purpose of flashing it if it already has an OS on it?

This is for a camera network I am trying to isolate and have the Brocade L3 do all the routing. I still need to be able to access the Camera VLAN 3 to configure the cameras and NVR.

I have been reading up on ACLs and how to secure the VLANs. Would it better to assign the management port the management-vlan or use ACLs to prevent other VLANs from accessing the management port?

View attachment 418598
Sorry, just missed the 2nd question about VLAN. If the only link back to your LAN is int1/1/1, you either need to have a trunk so you can get mgmt-vlan + vlan3 (then tag switchports with appropriate vlans), or use ACLs. I personally don't have a dedicated switch just for cameras/oob type stuff like this, so I just tag VLANs on the switchports and am done. VLANs are a natural segmentation, without some sort of route between them they are isolated from each other. The way I handle my cameras is by putting them on VLAN2 (my default vlan, basically, 10.10.2.x), configure them up, then drop them onto VLAN100 (which only has cameras + ZoneMinder on it, 10.10.100.x).
 

amrogers3

Gawd
Joined
Nov 7, 2010
Messages
640
This is my first L3 and I have been reading the config guide trying to figure this out.

I may be reading this wrong but isn't a trunk used for when the pfSense box would be the one doing the routing?

My plan is to have the ICX6450 do all the routing but manage the switch from the LAN on the pfsense side.
 

Eulogy

2[H]4U
Joined
Nov 9, 2005
Messages
2,900
This is my first L3 and I have been reading the config guide trying to figure this out.

I may be reading this wrong but isn't a trunk used for when the pfSense box would be the one doing the routing?

My plan is to have the ICX6450 do all the routing but manage the switch from the LAN on the pfsense side.
Please don't take this the wrong way, but you may want to brush up on VLANs and routing in network segements a bit. I, and others here certainly, could answer each specific question, but I feel like it may be in your best interest to kind of start at the base and learn it all :).
Trunking has nothing to do with routing, directly. Put simply, a trunk port simply carriers multiple (or even all) configured VLANs. So in your diagram, if you only tag mgmt-vlan between pFsense and the switch, you'll only have access to mgmt-vlan, nothing else. If all of your devices plug into this one switch you can route between them, but, based on your diagram and what I commonly know to be "management" network segments, I don't see how you'd get out to the internet, as an example.
 

amrogers3

Gawd
Joined
Nov 7, 2010
Messages
640
Please don't take this the wrong way, but you may want to brush up on VLANs and routing in network segements a bit. I, and others here certainly, could answer each specific question, but I feel like it may be in your best interest to kind of start at the base and learn it all :).

Not at all bud. Trying to learn and have been reading a lot. Been watching videos on VLAN configuration also. Always more to figure out and learn though :)

I went back and read up on trunking. From my understanding, the main purpose of trunking is to carry traffic between switches and maintain the VLAN information. I am only trying to route between VLANs on the brocade not carry VLAN information from/to the pfSense box.

Nothing on the switch needs internet access, matter of fact, I am trying to prevent that.

#Create VLANs
Code:
vlan 2 Management_VLAN
untagged ethe 1/1/1
router-interface ve 2
interface ve 2 ip address 192.168.2.2/24


vlan 3 Camera_Network
untagged ethe 1/1/2 to 1/1/24
router-interface ve 3
interface ve 3 ip address 192.168.3.2/24

#Block access to management VLAN
Code:
ip access-list extended "Block inbound to Management VLAN"
deny ip 192.168.3.0/24 192.168.2.0/24

interface ve 2 ip access-group "Block inbound to Management VLAN" in

Screen Shot 2021-12-05 at 1.54.17 PM.png
 
Last edited:

Nicklebon

Gawd
Joined
May 22, 2006
Messages
877
As previously stated you are much better off following standard practice using the pfsense box as a router on a stick. Doing what your wanting to do is for experience professionals that know what they are doing. Even then most would choose not to do so as it complicates troubleshooting problems later. Unless you have very good reason, read no other option, KISS. I'll refer you to master plumber Montgomery Scott:

 
Top