Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 8
Registered: ‎07-07-2017

icx 6430 firmware upgrade

We have a Brocade icx 6430 24 port switch and need to find the firmware to upgrade, however, the only firmware I can find is for icx 6430 POE.

 

Does anyone know what will happen if a none poe switch is upgraded with Poe firmware?

 

Will it still work or not?

 

Also if someone has a URL where I can get firmware please share.

 

Thanks in advance,

 

Miguel Cortes

Frequent Contributor
Posts: 120
Registered: ‎07-20-2015

Re: icx 6430 firmware upgrade

Good Morning:

 

You will want to download any firmware for Brocade devices direct from Brocade's website.  You need only sign in and click "Software Download."  From there, select Ethernet Switches.  That is the only, trusted/safe place to get genuine fimrware for Brocade devices.

 

 

As for the Brocade swithes, you mentioned, both the ICX6430 (regardless of port count) and with or without POE use the same firmware images.  Even the ICX 6450's use the same firmware.  Collectively they are all considered ICX 64XX devices on the download page.

 

 

Upgrading the POE micro-code itself is a completely different procedure only applicable to POE devices... Firmware installs like like this:

inline power install-firmware stack-unit 1 tftp 10.1.2.3 icx64xx_poeplus_02.1.0.b004.fw

 

You can check it with:

switch#show inline power detail

 

It is, of course, completely irrelevant to a non POE ICX-6430device.  Never tried it, but there is no way that you could install the POE firmware on a non-POE switch, so nothing dramatic should happen.  Most likely it would give you an error telling you that the switch does not have the POE feature.

 

As for sending upgraded FastIron firmware to your ICX6430 device regardless of whether it is POE or not, it would patch defects and change/add whatever new features are listed in the release notes.

 

Occasional Contributor
Posts: 8
Registered: ‎07-07-2017

Re: icx 6430 firmware upgrade

Hello NETWizz,

 

Thank you for taking the time to provide this great answer, you have cleared many of my doubts. However, I have been able to find none POE firmware for my ICX6430 switch, do you know of anywhere or site where this firmware be available for download for a none POE ICX 6430 switch?

 

Would really appreciate your help since any file that I have downloaded from brocade or ruckus has the firmware file for a POE switch.

 

Thanks,

 

Miguel

Frequent Contributor
Posts: 120
Registered: ‎07-20-2015

Re: icx 6430 firmware upgrade

[ Edited ]

I usually logon to Brocade.com and ultimaty go to My Brocade https://my.brocade.com/wps/myportal

 

From there, I click on "Software Download" and ultimately select "Ethernet Switches" from the Browse dropdown menu.

 

I hope that helps.  When you download the firmware, you will have a zip file such as 08030n.zip.

 

 

Once you have that and extract it, you would find the folder that corresponds to your switch and look for the appropriate firmware files within there.  NOT ALL FILES IN THE ZIP ARE APPLICABLE TO EVERY MODEL

 

In that zip file there are five files that interest me:

 

ICX64R08030n.bin (Layer-3 Firmware NOT supported on the ICX6430)

ICX64S08030n.bin  (Layer-2 Firmware.  This is the firmware that runs on the ICX6430 regardless of wheater or not it has POE)

 

icx64xx_poeplus_02.1.0.b004.fw (This is a spearate POE file that is only applicable to switches with that feature)

icx64xxc12_poeplus_02.03.09.fw (This is also a separate POE file only for the C12 switches like the ICX-6430-C12-PD)

 

kxz10105.bin (This is the bootrom applicable to this series)

 

 

***********************

 

Usually, on a switch I am upgrading, I will backup the current, running firmware.  (use "show version" or "sh ver" to figure out what firmware is running and what it booted from.)

 

Use "show boot" to verify which flash location it is booting the FastIron image from.  If it says "Default" that is primary though if there is something wrong, it would load the next image.

 

From there, you can check what flash you have available via "sh flash" or "show flash".  For example:

Stack unit 1:
Compressed Pri Code size = 8533104, Version:08.0.30mT311 (ICX64S08030mb.bin)
Compressed Sec Code size = 8500344, Version:08.0.30hT311 (ICX64S08030h.bin)
Compressed Boot-Monitor Image size = 786944, Version:10.1.05T310
Code Flash Free Space = 5636096

 

 

I usually back-up the current running version to the other flash slot such that if something goes wrong, I can interrupt the boot process going back to the previous running version.

 

SSH@SOMESWITCH#copy flash flash ?
primary Copy secondary to primary
secondary Copy primary to secondary
unit-id-pri Copy active primary image to unit specified by unit-id
unit-id-sec Copy active secondary image to unit specified by unit-id

 

Basically, I would do a "copy flash flash secondary" to backup the Primary Flash image to the Secondary.  I would use "show flash" to verify that.

 

 

After that, I would send the new flash file to the primary, verify it, and then schedule the switch to reload after-hours.

 

*******************

 

Here, I will just do one... dont' worry it is an ICX6430-48P  Your ICX6430-24 uses the same firmware!

 

SSH@SOMESWITCH#sh ver
Copyright (c) 1996-2016 Brocade Communications Systems, Inc. All rights reserved.
UNIT 1: compiled on Aug 19 2016 at 21:09:11 labeled as ICX64S08030j
(8524932 bytes) from Primary ICX64S08030j.bin
SW: Version 08.0.30jT311
Boot-Monitor Image size = 786944, Version:10.1.05T310 (kxz10105)
HW: Stackable ICX6430-48-HPOE
==========================================================================
UNIT 1: SL 1: ICX6430-48P POE 48-port Management Module
Serial #: BZPXXXXXXXXXX
License: BASE_SOFT_PACKAGE (LID: dbrHKFXXXXX)
P-ENGINE 0: type DF70, rev 01
P-ENGINE 1: type DF70, rev 01
==========================================================================
UNIT 1: SL 2: ICX6430-SFP 4port 4G Module
==========================================================================
500 MHz ARM processor ARMv5TE, 400 MHz bus
32768 KB flash memory
256 MB DRAM
STACKID 1 system uptime is 1 day(s) 19 hour(s) 3 minute(s) 22 second(s)
The system started at 18:44:34 Eastern Tue Jul 25 2017

The system : started=cold start

 

 

SSH@SOMESWITCHt#sh boot
Boot system preference(Configured):
    Use Default

Boot system preference(Default):
    Boot system flash primary
    Boot system flash secondary

 

 

SSH@SOMESWITCHt#show flash
Stack unit 1:
Compressed Pri Code size = 8524932, Version:08.0.30jT311 (ICX64S08030j.bin)
Compressed Sec Code size = 8500344, Version:08.0.30hT311 (ICX64S08030h.bin)
Compressed Boot-Monitor Image size = 786944, Version:10.1.05T310
Code Flash Free Space = 6905856

 

 

Backup my Primary to Secondary writing my running version "J" over the older "H":

 

SSH@SOMESWITCH#copy fl fl sec
SSH@SOMESWITCH#Load to buffer (8192 bytes per dot) .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
SYNCING IMAGE TO FLASH. DO NOT SWITCH OVER OR POWER DOWN THE UNIT(8192 bytes per dot)...
................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Copy Done.

 

Verify It Backed Up and the secondary has J in it.:


SSH@Museum3-2West#show flash
Stack unit 1:
Compressed Pri Code size = 8524932, Version:08.0.30jT311 (ICX64S08030j.bin)
Compressed Sec Code size = 8524932, Version:08.0.30jT311 (ICX64S08030j.bin)
Compressed Boot-Monitor Image size = 786944, Version:10.1.05T310
Code Flash Free Space = 6905856

 

Send/Install the Firmware:

 

SSH@SOMESWITCH#copy tftp flash 10.1.2.3 ICX64S08030mb.bin primary
SSH@SOMESWITCHt#Load to buffer (8192 bytes per dot)
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
SYNCING IMAGE TO FLASH. DO NOT SWITCH OVER OR POWER DOWN THE UNIT(8192 bytes per dot)...
.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
TFTP to Flash Done.

 

Verify Success:

 

SSH@Museum3-2West#sh flash
Stack unit 1:
Compressed Pri Code size = 8533104, Version:08.0.30mT311 (ICX64S08030mb.bin)
Compressed Sec Code size = 8524932, Version:08.0.30jT311 (ICX64S08030j.bin)
Compressed Boot-Monitor Image size = 786944, Version:10.1.05T310
Code Flash Free Space = 6905856

 

Verify the Actual FastIron Image Integrity:

 

SSH@SOMESWITCH#..................................................................................................................................Done
Size = 8533104, MD5 97d51339e9f023b5e3ddf255b93e2af1

 

 

It Matches :-)

 

 

SSH@SOMESWITCHt#sh clock
13:58:31.004 Eastern Thu Jul 27 2017

 

CLOCK TIME IS GOOD!

 

 

 

Schedule reboot for say 10:00 PM my time... and verify it!

 

 

SSH@SOMESWITCH#reload at 22:00:00 07-27-17
Warning: Console login authentication is enabled, Please make sure users are configured

 

SSH@SOMESWITCH#sh reload
Reload will start 0 days 8 hours 0 minutes 8 seconds from now

Occasional Contributor
Posts: 8
Registered: ‎07-07-2017

Re: icx 6430 firmware upgrade

Hello NETWizz,

 

Thank you for the nice example you provided, you have basically cleared all of my confusion with all the nice examples.

 

I was successful at upgrading boot rom and image, now I am trying to configure port security for only one port 1/1/7 and they want me to configure it so that it will only take one mac address and will shut down if another device is connected. However, they want me to do it without having to manually enter the mac address. They just want the port to learn a maximum of one and shut down when the violation occurs.

 

Below is the current configuration for port 7, I also have the command to autosave 15 minutes, the security violation is set to shut down but it does not show on the config for port 7.

 

max-acl-log-num 1
interface ethernet 1/1/7
port security
enable

 

Please provide some insight if this is something you have on your experience.

 

Really appreciate your help.

 

Frequent Contributor
Posts: 120
Registered: ‎07-20-2015

Re: icx 6430 firmware upgrade

[ Edited ]

Good Morning:

 

I have never personally configured these options, but let's try it out.  It appears you may have asked this one before here, and it is a bit awkward that you have to send "enable" before it enables the port security...

 

Here was your previous question...

 

http://community.brocade.com/t5/Ethernet-Switches-Routers/need-to-configure-port-security-on-a-Brocade-icx6430-24-port/m-p/93202/highlight/true#M6856

 

 

Let's try it:

 

 


SSH@SOMESWITCH#term mon
Syslog trace was turned ON

 

SSH@SOMESWITCH#conf t
SSH@SOMESWITCH(config)#int e 1/1/7


SSH@SOMESWITCH(config-if-e1000-1/1/7)#port ?
port Configure Port Security
port-name Assign alphanumeric port name

SSH@SOMESWITCH(config-if-e1000-1/1/7)#port security ?
<cr>

SSH@SOMESWITCH(config-if-e1000-1/1/7)#port security
SSH@SOMESWITCH(config-port-security-e1000-1/1/7)# ?
age Set secure MAC address age
autosave Enable/disable port security auto-save
clear Clear table/statistics/keys
enable Enable/disable port security
end End Configuration level and go to Privileged
level
exit Exit current level
maximum Set secure MAC capacity
no Undo/disable commands
quit Exit to User level
secure-mac-address Specify secure MAC address
show Show system information
violation Set port security violation action (shutdown |
restrict)
write Write running configuration to flash or terminal
<cr>

 

SSH@SOMESWITCH(config-port-security-e1000-1/1/7)#violation ?
restrict Drop the packet on policy violation
shutdown Shutdown the port on policy violation


SSH@SOMESWITCH(config-port-security-e1000-1/1/7)#violation shutdown

 

SSH@SOMESWITCH(config-port-security-e1000-1/1/7)#max?
maximum Set secure MAC capacity


SSH@SOMESWITCH(config-port-security-e1000-1/1/7)#maximum 1

 

SSH@SOMESWITCH(config-port-security-e1000-1/1/7)# en?
enable Enable/disable port security
end End Configuration level and go to Privileged
level


SSH@SOMESWITCH(config-port-security-e1000-1/1/7)# enable

 

 

Jul 28 08:59:02:WSmiley Frustratedecurity: Port Security violation at interface ethernet 1/1/7, address c057.bc26.fb61, vlan 201

Jul 28 08:59:02:ISmiley FrustratedTP: VLAN 201 Port 1/1/7 STP State -> DISABLED (PortDown)
Jul 28 08:59:02:ISmiley FrustratedTP: VLAN 201 Port 1/1/7 STP State -> FORWARDING (PortDown)
Jul 28 08:59:02:ISmiley FrustratedTP: VLAN 144 Port 1/1/7 STP State -> DISABLED (PortDown)
Jul 28 08:59:02:ISmiley FrustratedTP: VLAN 144 Port 1/1/7 STP State -> FORWARDING (PortDown)

Jul 28 08:59:02:WSmiley Frustratedecurity: Interface ethernet 1/1/7 was shutdown due to port security violation
Jul 28 08:59:02:ISmiley Frustratedystem: Interface ethernet 1/1/7, state down

 


SSH@SOMESWITCH(config-port-security-e1000-1/1/7)#exit
SSH@SOMESWITCH(config-if-e1000-1/1/7)#exit
SSH@SOMESWITCH(config)#sh run


Current configuration:

 

<truncated for brevity>

 

interface ethernet 1/1/7
dual-mode 144
disable
inline power
trust dscp
port security
enable
secure-mac-address d481.d708.02b2 144
!

 

Looks like it worked perfect... I have two (2) VLANS one for Voice #201 and another for data #144 (sent untagged i.e. native VLAN AKA dual-mode).  It learned the data MAC address then had a violation when it received a TAGGED .

 

 

The violation disabled the port working as expected.  I would need to do a maximum 2 for this to work in my setup with a VoIP phone and a PC attached to that.

 

 

Anyway, it is working for me and showing up in the config, too.

Occasional Contributor
Posts: 8
Registered: ‎07-07-2017

Re: icx 6430 firmware upgrade

Hello and thank you for such a nice example, I hope it will work the same way on our ICX6430.

 

Will try and let you know what happens.

Frequent Contributor
Posts: 120
Registered: ‎07-20-2015

Re: icx 6430 firmware upgrade

[ Edited ]

Did it work for you?

Occasional Contributor
Posts: 8
Registered: ‎07-07-2017

Re: icx 6430 firmware upgrade

Hello,

 

After following your instructions also realized that I had this configuration and the mac address of the connected pc is not showing up when I type the show port security mac.

 

max-acl-log-num 1
interface ethernet 1/1/7
port security
enable

 

What type of switch are you configuring?

Highlighted
Frequent Contributor
Posts: 120
Registered: ‎07-20-2015

Re: icx 6430 firmware upgrade

[ Edited ]

I was configuring a Brocade ICX6430-48P, which is the Layer-2 (stackable to 4 units) switch with 48 ports that support PoE+ and up to four (4) SFP module slots.

 

What were you running?  A plain, vanilla ICX6430-24 with the "N" version of the latest firmware?

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.