4.3 KiB
Hidden Brocade Dev Stuff
This is a collection of hidden tools, modes, and commands buried inside Brocade FastIron products.
Hidden Commands
All Fastiron platforms have hidden CLI commands, with the biggest one being dm
. The dm
command is available (but hidden) for diagnostic use. Type dm
and hit tab to see available options, like the below for example:
FCX3(config)#dm
HEX Number
802-1w show 802-1w internal information
aaa-acct-session
acl_tcam command for tcam manager
aging-loop Turn off/on system aging loop
allled Toggle -On/Off All LED
alt-diag Test only, off/on
app_vlan_debug App VLAN table (shadow)
auq-resync Sync Auq for a device
auq-status show auq status
badaddr Test only, will reboot
blink Show gig link changes due to PHY blink
buffer DMA CPU buffer related
cancel-flash-timeout set flash timeout to default
clear_boot_count Clear crash dump
cpld-reg-dump Dump the CPLD register
--More--
There's hundreds of options. These are low level debug commands, so if you don't know what they do you can easily break your switch.
Note: There's around ~700 commands that are completely hidden, they will not even show up using tab autocomplete like the above dm
commands do. Click here for a full list of these commands. Many of these might delete your config, your licenses, lock the switch up, etc.
Hidden OS Console
This only works over a serial connection. It will not work over telnet/ssh/etc. Connect to a FastIron device over serial, and once it's fully booted and running, press ctrl+y
, let go, then press m
. Then hit enter. It should drop you down to the OS console:
OS>
Note: This is mainly for the PowerPC architecture switches (FCX, ICX6610). The ARM switches (ICX6450, ICX7xxx) still have this hidden console available, but it only has ~5 commands. For a proper low level CLI on ARM switches, use the Accessing Linux section.
Press the question mark on your keyboard for a list of all available options:
OS>
clear Clear internal table
console Attach console to a process
copy Copy file
daw Set data address watchpoint
dbg Toggle debug mode
dq Display memory in 64-bit quad word
dd Display memory in 32-bit double word
del Delete flash file
dir List flash files
----trimmed----
You'll note the options are nearly identical to what's available in the bootloader, except while the switch is fully booted and running. There's a couple extra options here too that aren't available in just the bootloader. To exit this mode, just hit ctrl+z
.
Hidden Bootloader Modes
All the newer switches that run linux (ICX6450, ICX6650, ICX7xxx) use u-boot as the bootloader. However it runs in a very locked down mode with only a few commands available. Thankfully after contacting Arris (who own Ruckus, who now owns Brocade), they published their u-boot source code.
From analyzing their u-boot source, we are able to find some hidden routines that will force the switch to boot into fully unlocked u-boot. To do so, run the following in the bootloader:
ICX6430 & ICX6450
manufacturing_diag enable
reset
## it will reboot into fully unlocked u-boot
## be sure to stop it in the bootloader (smash b)
## set it back to normal
manufacturing_diag disable
reset
ICX6650 & ICX7150 & ICX7250 & ICX7450 & ICX7750
diagmode enable
reset
## it will reboot into fully unlocked u-boot
## be sure to stop it in the bootloader (smash b)
## set it back to normal
diagmode disable
reset
ICX7650 & ICX7850
setenv diag_mode_on 1
saveenv
reset
## it will reboot into fully unlocked u-boot
## be sure to stop it in the bootloader (smash b)
## set it back to normal
setenv diag_mode_on
saveenv
reset
ICX7550
Unknown, but most likely one of the above - just try each one until the command takes.