Upstream/lab-docu
1
0
Fork 0
mirror of https://github.com/Fohdeesha/lab-docu.git synced 2025-01-05 16:37:48 +01:00
Code Issues Projects Releases Wiki Activity

hopefully finished ICX7xxx adv page

Browse Source
This commit is contained in:
Jon Sands 2021-09-15 05:43:43 -04:00
parent f9e2303c8b
commit a952dd0dbb
1 changed files with 44 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
docs/icx7xxx-adv.md
View File

@ -34,7 +34,7 @@ web-management https
Once you get an `ssl-certificate creation is successful` message in the console, you'll be able to access the web UI via `https`.
### Optional: Changing the default user account
If you don't like the default `super` username that comes with the switch, you can remove it, and create your own user account instead. Just replace `customname` and `yourpasshere` with your own values:
If you don't like the default `super` username that comes with the switch, you can remove it and create your own user account instead. Just replace `customname` and `yourpasshere` with your own values:
```
username customname password yourpasshere
@ -48,7 +48,7 @@ no username super
```
You should now use this new user for all login duties.
#### OPTIONAL: Key Based SSH Access
### Optional: Key Based SSH Access
If you have followed the above to set up authentication, and also wish to disable password-based SSH login and set up a key pair instead, follow this section. If not, skip it. Enable key login, and disable password login:
```
ip ssh key-authentication yes
@ -71,14 +71,11 @@ Your switch now has a name, an IP address, and telnet or SSH access enabled. You
## Network Configuration
### Disable SmartZone Phone Home
We'll also disable the phone-home SmartZone functionality. If you want to integrate this switch to appear in the web UI of an Unleashed AP or SmartZone account in the future, skip this step:
### Disable SmartZone
By default, v8090 and above has SmartZone turned on by default, which phones home to Ruckus among other things for the centralized management features. It's typically a good idea to turn this off completely, unless you have a SmartZone setup you'll be using with the switch:
```
no sz registrar
sz disable
write mem
exit
```
### Default Route & DNS
@ -137,13 +134,7 @@ no hostname beefbox
This section will outline some of the more advanced configurations you may want to explore. If you use any of them, don't forget to `write mem` when done to actually save your changes.
### PoE
If you have a PoE enabled model you'll need to enable power on the ports you have PoE devices plugged into. For example, let's say you've plugged a PoE camera into port 5. Lets enable PoE power to turn it on:
```
interface ethernet 1/1/5
inline power
exit
```
That's it, now you should see the device power on. You can monitor PoE status such as power level, which ports are enabled, and how much power they're using by running the following:
If you have a PoE enabled model, note that v8080 and above has PoE enabled on all ports by default. This will not harm any non-PoE equipment as no power is delivered until PoE negotiation is performed. If you plug in a PoE device, it should just work. You can monitor PoE status such as power level, which ports are enabled, and how much power they're using by running the following:
```
show inline power
#or show even more details:
@ -151,16 +142,21 @@ show inline power detail
#or show details for just one port:
show inline power 1/1/5
```
ICX6xxx switches also have something called `legacy inline power` on by default, which detects and powers very old legacy PoE devices that rely on a specific resistance for detection. Devices like this are exceptionally rare and this can occasionally erroneously detect regular devices as legacy PoE units, so let's disable it:
If you need to disable PoE on a specific port for some reason, such as to power cycle a remote PoE device, just run the following:
```
stack unit 1
no legacy-inline-power
interface ethernet 1/1/5
no inline power
exit
```
To turn PoE power back on:
```
interface ethernet 1/1/5
inline power
exit
```
If you have a switch that does not support stacking like the ICX6430, you'll need to run `no legacy-inline-power` at the global configure terminal level instead. If you have a switch stack built, don't forget to run the above for stack unit 2 as well (or however many units you have).
### Link Aggregation (802.3ad LACP)
If you'd like to configure an LACP bond on the switch to aggregate 2 or more ports to a server for example, it's pretty easy under FastIron. First you need to meet some basic criteria before creating the bond:
If you'd like to configure an LACP bond on the switch to aggregate 2 or more ports to a server for example, it's been simplified in v8080 and above. First you need to meet some basic criteria before creating the bond:
* all switch ports in the bond must be the same port type / speed
* all switch ports being added to the bond cannot have an existing configuration on them (no IPs set etc)
@ -168,29 +164,19 @@ If you'd like to configure an LACP bond on the switch to aggregate 2 or more por
Now create the dynamic (802.3ad) lag, giving it a name of your choice:
```
lag freeNAS dynamic
lag FreeNAS dynamic id auto
```
Now you should be at the LAG configuration CLI level for this new LAG. Here's the important part, tell it what ports you want to be in the bond. In this example I'll add two of the 10gbE ports on an ICX6610. If you want more than two ports in the bond, add them to the `ports` command after the first two:
Now you should be at the LAG configuration CLI level for this new LAG. Here's the important part, tell it what ports you want to be in the bond. In this example I'll add two of the 10gbE ports on an ICX7250. If you want more than two ports in the bond, add them to the `ports` command after the first two:
```
ports ethernet 1/3/1 ethernet 1/3/2
```
Now we need to specify the primary port. This is the port member of the bond that will act as the single port that controls all bond members in your config. For instance, if your primary port is 1/3/1, then to add your LAG to a VLAN, you'd use `tag int eth 1/3/1` - the switch will then do the same for all the other bond members. Same with any port config, if you want to configure the LACP group, you use the primary port. This is almost always the first port in the LAG, but typically it doesn't matter:
```
primary-port 1/3/8
```
Lastly, we need to deploy the new LAG you've created and only needs to be ran once to enable it:
```
deploy
ports ethernet 1/2/1 ethernet 1/2/2
exit
write mem
```
Assuming the other end (server, other switch, etc) has been configured for LACP correctly, you should see them negotiate and enable all links. You can view the status of bonds using the following:
That's it, it will create a virtual lag interface representing this LACP bond and its member ports, and begin negotiating. Assuming the other end (server, other switch, etc) has been configured for LACP correctly, you should see them negotiate and enable all links. You can view the status of bonds using the following:
```
show lag
```
This is what a correctly negotiated LACP link will look like, the most important column typically being the last, with `Ope` meaning operational. If you have something else here like inactive, you have a configuration issue somewhere:
```
Deployment: HW Trunk ID 1
Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name
1/3/7 Up Forward Full 10G 2 Yes N/A 0 cc4e.24b8.d9d0 XEN-01-1
2/3/7 Up Forward Full 10G 2 Yes N/A 0 cc4e.24b8.d9d0 XEN-01-2
@ -201,17 +187,39 @@ Port [Sys P] [Port P] [ Key ] [Act][Tio][Agg][Syn][Col][Dis][Def][Exp][Ope
```
If you ever need to go back and edit the LAG properties, run the `lag` command again with the correct name:
```
lag freeNAS dynamic
lag freeNAS
```
Then if you want to add more ports to an existing bond for example, re-run the `ports` command, appending the new ports (don't forget to keep the existing ports in the command, or they will be removed). So, to add two more ports to our example bond:
```
ports ethernet 1/3/1 ethernet 1/3/2 ethernet 1/3/3 ethernet 1/3/4
deploy
exit
write mem
```
Whatever ports you add must have the same VLAN membership as the existing LAG, or you'll get an error about `tag type` not matching.
To manage the lag, such as add it to VLANs, apply an ACL to it, or any other port configuration options, you use the virtual lag interface. You need to know the ID of the lag you want to alter, an easy way to find it is to run: (mind the capital D)
```
show lag | inc Deployed
```
For example I get:
```
SSH@CHUNK#show lag | inc Deployed
=== LAG "6650-RACK6" ID 23 (dynamic Deployed) ===
=== LAG "COMPUTE-01" ID 5 (dynamic Deployed) ===
=== LAG "COMPUTE-02" ID 6 (dynamic Deployed) ===
```
Let's say I want to add the 6650-RACK6 link to VLAN 10, I can see its lag ID is 23. So I would do:
```
vlan 10
tagged lag 23
```
Or if I want to go into the interface config CLI level for the lag interface, and shut it down:
```
interface lag 23
disable
exit
```
### VLANs
Coming Soon
@ -277,7 +285,7 @@ show run
Brocade does not restrict the use of optics or DACs by manufacturer, they'll take anything given it's the right protocol. However by default, optical monitoring information is disabled unless it sees Brocade or Foundry optics.
So if you want to see information like this :
So if you want to see information like this:
```
telnet@Route2(config)#show optic 1/3/1