The Multi-Vendor Networking Forum and Resources
Brocade ICX Configuration

The intention of this page is to help people that are new to the Brocade ICX platform. The configuration examples below will help you get the switch up and running. Brocade has a ton of features in this platform that are not displayed here. For more extensive configuration please consult the ICX configuration guide for the version of software your ICX is running. Please click HERE to view the configuration guide, scroll to the bottom of the page and click "Documentation". You will be able to find the configuration guide there.
The below configuration is for LAYER 2 code, commands are based off of Version 8.

Management of the Switch

Hostname <GIVE IT A HOSTNAME>                          --> Gives the switch a name

vlan 1 name DEFAULT-VLAN by port                          --> How to add a VLAN
tagged eth 1/1/1                                                    --> Apply VLAN to a port (Must apply to a port before you issue the “Management-vlan” command)
spanning-tree 802-1w                                              --> Enables Rapid Spanning Tree (RSTP)
spanning-tree 802-1w priority <PRIORITY>                 --> Sets the RSTP priority
 management-vlan                                                   --> Tells the switch to use this vlan as the management vlan
 default-gateway <IP OF DEFAULT GATEWAY> 1        --> Sets the default gateway

ip address <IP ADDRESS> <SUBNET-MASK>               --> Configure the IP Address for the ICX Switch

General Global Configuration

ip dns domain-list <Domain Name>
ip dns server-address <DNS server IP>
logging host <IP of Logging Server>                          --> How to configure a syslog server
logging console                                                      
tacacs-server host <IP of TACACS (ACS) Server>       --> Yes, Brocade switches work well with Cisco ACS servers
tacacs-server key 2 <Secret Key>                            
tacacs-server timeout 2          
aaa authentication login default tacacs+ local
aaa authentication login privilege-mode
aaa authorization commands 0 default  tacacs+ none
aaa authorization exec default  tacacs+ none
aaa accounting commands 0 default start-stop  tacacs+ none
aaa accounting exec default start-stop  tacacs+ none
aaa accounting system default start-stop  tacacs+ none
enable aaa console                                                  --> Enables aaa on the console port                                

username <USERNAME> password <PASSWORD>      
enable super-user-password <PASSWORD>                 --> This is like the enable password on a Cisco device
enable user password-masking
enable telnet authentication                     
enable telnet password <PASSWORD>
console timeout 10
no telnet server                                                      --> This is how you Disable Telnet

crypto key generate rsa modulus 1024                       --> Generates the SSH key for SSH to work
ip ssh idle-time <Timeout Period in Minutes>                --> Disables a SSH session after X Minutes

jumbo                                                                    --> Enables Jumbo frames (Requires a reboot)

cdp run                                                                 --> Enables CDP on the switch (Depending on the Cisco device I found this doesn't always work well)
fdp run                                                                  --> Enables FDP on the switch (Similar to Cisco's CDP or LLD)
lldp run                                                                  --> Enables LLDP on the switch (Standard Discovery Protocol)
lldp tagged-packets process                                      --> Enables LLDP on tagged ports from other vendors
lldp med network-policy application voice tagged vlan 50 priority 3 dscp 22 port e 1/1/6 --> Applies LLDP Policy to e1/1/6 and adds the QOS markings to the packets
**If you are interested in more LLDP features, Please review the configuration guide for your version.
 server <NTP Server IP>
clock timezone us <TIME ZONE>                                --> You need to select the correct time zone for your locaion
clock summer-time                                                    --> Daylight Savings time (Global Config, not under NTP)

snmp-server community <COMMUNITY STRING RO|RW

sflow destination <SFLOW Collector IP>                      --> Sets the SFLOW collecotor IP address
sflow sample 512                                                      --> Sets sample rate, higher the number, less data is collected
sflow enable                                                            --> Enables SFLOW on the switch

Configure a Stack

**All switches need to be on the same software version
**The secondary switch will reboot after it syncs with the master
stack enable                                                             --> Enable Stacking

stack unit 1                                                               --> Optional to set the prioirty. It is recommended to have them all be the same priority
   priority <priority number>

Configure a VLAN and Apply it to an interface

VLAN configuration is configured under the VLAN, not under the interface.

vlan <VLAN Number> name <DATA-VLAN-NAME>     --> Creates VLAN and names it
 tagged ethe 1/1/5 to 1/1/6 ethe 1/2/2                   --> Creates a 802.1Q tagged port, or a Trunk port
 untagged eth 1/1/1 to 1/1/4                                 --> Creates an access port
 spanning-tree 802-1w                                           --> Enables 802-1W, Rapid Spanning Tree on the VLAN. (Standard spanning tree is available)
 spanning-tree 802-1w priority <Priority number>      --> Set the spanning tree priority

Interface configuration (End User Port)

interface ethernet 1/1/2                         --> Select the correct interface
port-name <Interface description>           --> Add a description to the interface
 dual-mode  <DATA-VLAN-NUMBER>        --> When connecting to an IP phone, VLAN listed is for the PC (Untagged)
 spanning-tree root-protect                     --> Protects the STP Root
 spanning-tree 802-1w admin-edge-port    --> Tells RSTP what type of link it is, Edge port to an end user device
 stp-bpdu-guard                                     --> Blocks STP BPDUs on this port
 inline power                                         --> Enables PoE on this port, Can modify command to limit amount of power
 voice-vlan <VOICE-VLAN-NUMBER>         --> Configures the voice VLAN on this port for use with an IP Phone
 no snmp-server enable traps link-change   --> Disables SNMP link up/down traps. I add this to end user ports
 ip access-group <Access List Name> in     --> Apply an access list to the interface, Can apply QOS markings
 sflow forwarding                                    --> Applies SFLOW to an interface

**When configuring a port for Voice and Data, tag both VLANs on the desired port.

Interface configuration (Uplink Port)

interface ethernet 1/2/2                                      
--> Select the correct interface port-name Uplink to IDF
 dual-mode                                                          --> Dual mode sets the Native vlan. If no VLAN is in the command the native is applied
 spanning-tree 802-1w admin-pt2pt-mac                  --> Tells  RSTP what type of link it is, Point to Point to another switch
 pvst-mode                                                          --> Use this command if you connect the switch to a Cisco switch
 trust dscp                                                          --> Trusts DSCP

Apply QOS markings to incoming packets

Step 1 - Create an access list.
              - I selected DSCP marking for voice and voice control packets.
              - I used to, you can configure ANY if you want

ip access-list extended QOS-MARKING-ACL
 remark RTP-ACL
 permit udp range 16384 32767 dscp-marking 46
 permit tcp range 2000 2002 dscp-marking 32
 permit tcp eq 1720 dscp-marking 32
 permit tcp range 11000 11999 dscp-marking 32
 permit udp eq 2427 dscp-marking 32

Step 2 - Apply the access list to an interface
              - Will mark packets as they enter the switch

interface ethernet 1/1/2
 ip access-group QOS-MARKING-ACL in

**Make sure you select the correct IPs, ports and DSCP markings for your company, my example may not work for you.

Link Aggregation 
(LACP, LAG, Etherchannel, Channel-group)


trunk ethernet 1/1/3 to 1/1/4                   --> Selects the ports for your LAG
 trunk deply                                            --> Enables the LAG

Dynamic LAG (LACP)

interface ethernet 1/1/3                           --> Select the interface you want in the LAG
 link-aggregate configure key 10000           --> 10000 is the unique identifier per LAG, each LAG is different
 link-aggregate active                               --> Activates the LAG
interface ethernet 1/1/4
                           --> Select the interface you want in the LAG
link-aggregate configure key 10000           --> 10000 is the unique identifier per LAG, each LAG is different
 link-aggregate active                               --> Activates the LAG