More large FCX and ICX64xx revisions

move icx64xx update process to bootloader for simplification, avoid needing to deal with switches shipping with L2 OS
2024-11-25 10:45:10 +01:00 · 2021-09-08 07:43:01 -04:00 · 2021-09-08 07:43:01 -04:00 · ba7fab7cc7
commit ba7fab7cc7
parent cf55b3494b
2 changed files with 35 additions and 72 deletions
--- a/docs/fcx.md
+++ b/docs/fcx.md
@ -63,6 +63,7 @@ configure terminal
 ```
 Now tell it to generate an RSA keypair - this enables SSH access:
 ```
 crypto key zeroize
 crypto key generate rsa modulus 2048
 ```
@ -98,7 +99,7 @@ The switch now has an IP. **Unplug your ethernet cable from the isolated managem
 If your switch is the PoE model, you need to update the PoE controller firmware. If it's a non-PoE model, skip this step. Assuming you completed the previous section and the switch now has in-band network access, just do the following:
 ```
 exit
-inline power install-firmware stack-unit 2 tftp 192.168.1.8 ICX6610-FCX/fcx_poeplus_02.1.0.b004.fw
+inline power install-firmware stack-unit 1 tftp 192.168.1.8 ICX6610-FCX/fcx_poeplus_02.1.0.b004.fw
 #after a few seconds, hit enter to return to cli
 #save changes you made from the previous section
 write memory
@ -114,7 +115,7 @@ configure terminal
 Now you have the latest PoE firmware, and can continue on.
 ## If Access Protection Is NOT Required
-If you do **not** want to password protect access to the switch (you're using it in a lab), follow this section. If you'd like to password protect it, skip to the next section.
+If you do **not** want to password protect access to the switch (you're using it in a lab), follow this section. If you'd like to password protect it, skip this section.
 Allow SSH login with no passwords configured:
 ```
@ -128,10 +129,9 @@ To secure the switch, we need to create an account - "root" can be any username
 ```
 username root password yourpasshere
 ```
-We also need to tell it to use our new local user account(s) to authorize attempts to log in, use the webpage, as well as attempts to enter the ```enable``` CLI level:
+We also need to tell it to use our new local user account(s) to authorize attempts to log in or access the web UI:
 ```
 aaa authentication login default local
 aaa authentication enable default local
 aaa authentication web default local
 ```
 If you wanted to use the WEB UI, you can now log into it using the credentials you created above.
--- a/docs/icx6450.md
+++ b/docs/icx6450.md
@ -3,9 +3,10 @@
 ## Preparation
 If you haven't already, visit the [Brocade Overview](brocade-overview.md) page to download the latest guide package and get it ready to be served via TFTP - this unified package includes all the latest firmware, licenses, and documentation.  
-**Connect** to the switches serial/console port on the front using a program like Putty (9600 8N1), and connect any of the normal switch ports to your network (do NOT use the dedicated management port).
+**Connect** to the serial/console port on the front using a program like Putty (9600 8N1), then connect the **management ethernet port** to your network (do NOT use any of the regular switch ports yet).
-Power on the switch while watching your serial terminal - start smashing the `b` key until you're dropped into the bootloader prompt, which looks like `ICX64XX-boot>>` . If you missed the prompt and it boots the OS instead, pull power and try again.
+
 Power on the switch while watching your serial terminal - start smashing the `b` key until you're dropped into the bootloader prompt, which looks like `ICX64XX-boot>` . If you missed the prompt and it boots the OS instead, pull power and try again.
 Now at the boot prompt, we tell the switch to clear all current configs and old keys, so it boots into a fresh state:
@ -14,33 +15,30 @@ factory set-default
 ```
 To confirm this action, you must send CAPITAL `Y` - sending a lowercase `y` will just make it abort.
-Now just tell the switch to reboot:
+Now we need to give the bootloader a temporary IP on your network, as well as supply the IP of your TFTP server where it can find your files. Replace the example IPs with your own. This IP is only going to be used temporarily by the bootloader. We'll also tell it the filename & path of the firmware image. You should not need to alter this:
 ```
 setenv ipaddr 192.168.1.50
 setenv netmask 255.255.255.0
 #tell the switch the IP of your tftp server:
 setenv serverip 192.168.1.8
 setenv image_name ICX64xx/ICX64R08030u.bin
 setenv uboot ICX64xx/kxz10105.bin
 ```
 Now we can tell it to flash the new OS and bootloader:
 ```
 update_primary
 update_uboot
 ```
 After a couple minutes, it should complete. Now we clear the temporary IP, then reboot the switch into the OS:
 ```
 setenv ipaddr
 saveenv
 reset
 ```
 It will boot into the full OS and you can continue to the next section.
-**Note:** If you get an error stating `factory set-default` is not a valid command, this means your switch has a very old bootloader. To clear the existing passworded config in this case, do the following:
+## Initial Configuration
 ```
 #only follow this section if factory set-default did not work
 no password
 boot
 #it will boot the OS. Once booted:
 enable
 erase startup-config
 reload
 #it will boot fresh with a clear config, then you can move to the next section
 ```
 **Note:** If your switch says that it is part of a stack even after doing the above, then you will need to unstack it before being able to configure and update it. You'll see several prompts when booting that it is a stack member and the command menu will show stack specific commands (ex: stack, simulate-non-stacking-unit). You can unstack your switch by running the following command:
 ```
 stack unconfigure clean
 # hit y at the prompt
 ```
 You can then continue on to the below.
 ## Initial Configuration & update
 Now that it's booted into the full OS you may get ***TFTP timed out*** errors in the console, this is normal. just hit enter until they go away. We'll fix that in the next section. Now to make any changes we must enter the enable level:
 ```
@ -53,24 +51,8 @@ configure terminal
 Now we turn off the DHCP client, so it doesn't automatically grab an IP and look for a TFTP config (the cause of the earlier timeout messages):
 ```
 ip dhcp-client disable
 write memory
 exit
 ```
->**Note:** If during the `ip dhcp-client disable` command you get an invalid input error, your switch probably came with the layer 2 only firmware loaded. In that case, just run `ip address 192.168.1.55/24` (replace the IP) - this will give it a temporary IP, so it can load the layer 3 firmware. Then skip down to the `Load The New Images` section below, and use those commands to copy in the latest layer 3 firmware and reload. Once the switch comes back up, **don't forget** to come back and follow this **Initial Configuration** section all the way through now that you have the proper firmware!
+Now we give the switch its permanent IP address. By default, all ports are in VLAN 1, so it will behave like a typical switch. First we need to give VLAN 1 its own virtual interface:
 Now just reload the switch so it comes back up without an IP assigned to a port via DHCP:
 ```
 reload
 ```
 Once it's back up, enter the configure level again:
 ```
 enable
 configure terminal
 ```
 We need to give it an IP so we can load the new firmware. By default, all ports are in VLAN 1, so it will behave like a typical switch. First we need to give VLAN 1 its own virtual interface:
 ```
 vlan 1
 router-interface ve 1
@ -83,44 +65,26 @@ ip address 192.168.1.55/24
 exit
 write mem
 ```
 Depending on your existing network configuration, you may need to set a default gateway now.
 ```
 ip route 0.0.0.0/0 192.168.1.1
 ```
 ## Load The New Images
 Now that the switch has an IP address, we can TFTP in the new images, then reload:
 ```
 exit
 copy tftp flash 192.168.1.8 ICX6450/kxz10105.bin bootrom
 copy tftp flash 192.168.1.8 ICX6450/ICX64R08030u.bin primary
 reload
 ```
 >Note: if you skipped to this section because your switch had layer 2 firmware on it and a note in the previous section instructed you to, go back above and go through the whole **Initial Configuration & update** section once the switch finishes rebooting.
 The switch will reload, loading the new software. Continue on to the **Configuration Details** section below.
 ## Configuration Details
-Your switch should now be freshly booted with the latest layer 3 firmware image and bootloader. First give the switch a name:
+Now your switch is set up for basic switching, and has an IP address you can use to manage the switch. **Note:** You should now unplug your ethernet connection from the dedicated management port, and instead connect it to any of the **regular switch ports**. Then continue below to give the switch a friendly name:
 ```
 enable
 configure terminal
 hostname intertubes
 ```
 Now tell it to generate an RSA keypair - this is the first step to enable SSH access:
 ```
 crypto key zeroize
 crypto key generate rsa modulus 2048
 ```
 ## Update PoE Firmware
- If your switch is the PoE model, you need to update the PoE controller firmware. If it's a non-PoE model, skip this step. Assuming you completed the previous section and the switch now has in-band network access, just do the following:
+ If your switch is the PoE model, you need to update the PoE controller firmware. If it's a non-PoE model, skip this section. Assuming you completed the previous section and the switch now has in-band network access, just do the following:
-**Note:** if you have the small C12 version of this switch, use the `icx64xxc12_poeplus_02.03.09.fw` file instead.
+**Note:** if you have the white mini C12 version of this switch, use the `icx64xxc12_poeplus_02.03.09.fw` file instead.
 ```
 exit
-inline power install-firmware stack-unit 1 tftp 192.168.1.8 ICX6450/icx64xx_poeplus_02.1.0.b004.fw
+inline power install-firmware stack-unit 1 tftp 192.168.1.8 ICX64xx/icx64xx_poeplus_02.1.0.b004.fw
 #after a few seconds, hit enter to return to cli
 #save changes you made from the previous section
 write memory
@ -136,7 +100,7 @@ configure terminal
 Now you have the latest PoE firmware, and can continue on.
 ## If Access Protection Is NOT Required
-If you do **not** want to password protect access to the switch (you're using it in a lab), follow this section. If you'd like to password protect it, skip to the next section.
+If you do **not** want to password protect access to the switch (you're using it in a lab), follow this section. If you'd like to password protect it, skip this section.
 Allow SSH login with no passwords configured:
 ```
@ -150,10 +114,9 @@ To secure the switch, we need to create an account - "root" can be any username
 ```
 username root password yourpasshere
 ```
-We also need to tell it to use our new local user account(s) to authorize attempts to log in, use the webpage, as well as attempts to enter the ```enable``` CLI level:
+We also need to tell it to use our new local user account(s) to authorize attempts to log in or access the web UI:
 ```
 aaa authentication login default local
 aaa authentication enable default local
 aaa authentication web default local
 ```
 If you wanted to use the WEB UI, you can now log into it using the credentials you created above.
@ -288,7 +251,7 @@ Brocade does not restrict the use of optics by manufacturer, they'll take anythi
 So if you want to see information like this :
 ```
-telnet@Route2(config)#sh optic 5
+telnet@Route2(config)#sh optic 1/2/1
 Port  Temperature   Tx Power     Rx Power       Tx Bias Current
 +----+-----------+--------------+--------------+---------------+
 5       32.7460 C  -002.6688 dBm -002.8091 dBm    5.472 mA