After the recent death of one of my long-running Juniper EX-2200Cs, I needed to find a replacement. I decided to go with a Ruckus ICX 7150-C12P-2X10GR, which is a 12-port PoE switch with 2 10G SPF+ uplinks. It's basically a rebranded Brocade switch.

I'd been happy with the Juniper, right up until it lost its brain due to its non-replaceable battery going dead. With my entire fleet of four at home being about the same vintage, I decided to replace them all with the Ruckus.

On the Ebay market, there readily available, although take care if you want the 10G uplinks because they are not necessarily enabled with all licences. I found that the 7150-C12P-2X10GR model comes with those enabled and likely has a routing license as well.

Switches Compared

Both the Juniper and the Ruckus are high-quality, fanless switches with POE+ support and 12 downlink ports. The Juniper has 2 1G uplinks, while the Ruckus has 2 1G uplinks and 2 10G uplinks.

Both switches have sophisticated CLI-based management and both have available (and thankfully disable-able) web interfaces. Their CLIs are different, with the Juniper being the more traditional JunOS and the Ruckus being more like Cisco's IOS.

They have different ideas of the default VLAN, bringing home the need to avoid both "VLAN 0" and "VLAN 1" wherever possible, since the Juniper uses "VLAN 0" as the default and the Ruckus uses "VLAN 1".

Since I had a mix of switches while I'm replacing them, I had to be careful to ensure that the VLANs were consistent across the switches, and took the opportunity to standardize on specific non-default VLANs.

Software Upgrades

The Ruckus switches have a reasonably-available firmware download site and a clear upgrade path based on good documentation. The ones that I received were running the aging 8.0.65 firmware, which needed to be upgraded to 8.0.80 first in order to update to the new boot loader and UFI.

In all cases, I used switches that had been wiped to factory defaults, and was connected via a serial cable to my Mac running the Serial 2 app.

I did all my upgrades using USB, because my network components are sufficiently locked down as to not be compatible with the older firmware (new SSH key exchange algorithms, more modern SSL/TLS, etc.).

The only trick with the USB is to have the drive formatted to FAT32.

Upgrading to 8.0.80f

Upgrading to 8.0.80f requires upgrading both the boot loader and the image. If you don't upgrade the boot loader, you'll end up in a boot loop and will need to break out of it and then upgrade the boot loader before continuing (or boot back to the secondary image).

The basic steps to upgrade to 8.0.80f are:

• copy disk0 flash 08080f/ICX7150/Images/SPR08080f.bin primary
• copy disk0 flash 08080f/ICX7150/Boot/mnz10114.bin bootrom
• boot system flash primary yes
• Wait for PoE Firmware upgrade

The upgrade takes a few minutes, and you'll see the switch reboot a couple of times.

Once you're happy with this move, copy the primary to secondary image slot, so that you can boot from it if needed:

• copy flash flash secondary

Upgrading to 8.0.85n

The upgrade to 8.0.85n was straightforward and followed the same pattern, but didn't require the firmware upgrade.

The basic steps to upgrade to 8.0.85n are:

• copy disk0 flash 08095n/ICX7150/Images/SPR08095nufi.bin primary
• boot system flash primary yes
• Wait for PoE Firmware upgrade

Upgrading to 9.0.10j

Eventually, I decided to move to the "Technology Release" 9.0.10j, which adds support for Eliptic Curve SSH and updates a number of other protocols. So far, so good with this image.

Troubleshooting image upgrades

If you run into trouble where you have a seeming boot loop, you can break out of it by hitting b when the bootloader prompts each cycle.

In order to roll back to the previous version at that point, use boot_secondary to boot off older image.

Configuration

The configuration is relatively straightforward, but is more cisco-like in that configuration changes take effect immediately instead of needing to commit them, as with the Juniper. I prefer the commit-based approach, but spent enough time in Cisco land that I am comfortable with it, especially for switches. It does stand as a reminder of the value of OOB management.

Configuration is mostly in the conf t space, but for some reason, key-based authentication to the switch requires copying a file into the flash using the copy command. It's straightforward, but won't work over HTTP for some reason, so you'll need to use TFTP, SCP or USB. Also, these keys are in RFC4716 format, so you may need to covert them using:

ssh-keygen -e -f ~/.ssh/id_rsa.pub -m RFC4716 > id_rsa.pub.rfc4716