ExtremeXOS Concepts Guide

Software Version 12.3

Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com Published: August 2009 Part number: 100339-00 Rev. 02

AccessAdapt, Alpine, Altitude, BlackDiamond, EPICenter, ExtremeWorks Essentials, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, Go Purple Extreme Solution, ExtremeXOS ScreenPlay, ReachNXT, Sentriant, ServiceWatch, Summit, SummitStack, Triumph, Unified Access Architecture, Unified Access RF Manager, UniStack, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive logo, the Summit logos, and the Powered by ExtremeXOS logo are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries. sFlow is a registered trademark of InMon Corporation. Specifications are subject to change without notice. All other registered trademarks, trademarks, and service marks are property of their respective owners. © 2009 Extreme Networks, Inc. All Rights Reserved.

2

ExtremeXOS Concepts Guide, Software Version 12.3

Contents
Preface......................................................................................................................................... 31
Introduction .............................................................................................................................31 Terminology........................................................................................................................31 Conventions..............................................................................................................................31 Platform-Dependent Conventions ..........................................................................................32 Text Conventions.................................................................................................................32 Related Publications .................................................................................................................33 Using ExtremeXOS Publications Online .................................................................................33

Part 1: Using ExtremeXOS
Chapter 1: Getting Started.............................................................................................................. 37
Overview ..................................................................................................................................37 Software Required.....................................................................................................................38 Logging In to the Switch ............................................................................................................41 Understanding the Command Syntax...........................................................................................41 Syntax Helper .....................................................................................................................42 Command Shortcuts ............................................................................................................42 Names ...............................................................................................................................43 Symbols .............................................................................................................................43 Limits ................................................................................................................................44 Port Numbering ........................................................................................................................44 Stand-alone Switch Numerical Ranges ..................................................................................45 Modular Switch and SummitStack Numerical Ranges .............................................................45 Stacking Port Numerical Ranges...........................................................................................45 Line-Editing Keys......................................................................................................................46 Command History......................................................................................................................46 Common Commands..................................................................................................................46 Accessing the Switch for the First Time.......................................................................................49 Safe Defaults Setup Method.................................................................................................49 Configuring Management Access ................................................................................................50 Account Access Levels.........................................................................................................50 Configuring the Banner ........................................................................................................51 Startup Screen and Prompt Text ...........................................................................................51 Default Accounts.................................................................................................................53 Creating a Management Account...........................................................................................53 Failsafe Accounts ................................................................................................................54 Managing Passwords .................................................................................................................55 Applying a Password to the Default Account ..........................................................................55 Applying Security to Passwords.............................................................................................56 Displaying Passwords...........................................................................................................57 Access to Both MSM/MM Console Ports—Modular Switches Only ..................................................57 Access to an Active Node in a SummitStack ................................................................................57

ExtremeXOS Concepts Guide, Software Version 12.3

3

Contents Domain Name Service Client Services .........................................................................................57 Checking Basic Connectivity.......................................................................................................58 Ping...................................................................................................................................58 Traceroute ..........................................................................................................................59 Displaying Switch Information ....................................................................................................60

Chapter 2: Managing the Switch .................................................................................................... 61
Overview ..................................................................................................................................61 Understanding the ExtremeXOS Shell..........................................................................................62 Using the Console Interface .......................................................................................................62 Using the 10/100 Ethernet Management Port ..............................................................................63 Using EPICenter to Manage the Network .....................................................................................63 Authenticating Users .................................................................................................................64 RADIUS Client ....................................................................................................................64 TACACS+ ...........................................................................................................................64 Management Accounts.........................................................................................................64 Using Telnet .............................................................................................................................64 About the Telnet Client ........................................................................................................65 About the Telnet Server .......................................................................................................65 Connecting to Another Host Using Telnet...............................................................................66 Configuring Switch IP Parameters .........................................................................................66 Configuring Telnet Access to the Switch ................................................................................68 Disconnecting a Telnet Session ............................................................................................71 Using Secure Shell 2.................................................................................................................71 Using the Trivial File Transfer Protocol ........................................................................................72 Connecting to Another Host Using TFTP ................................................................................72 Understanding System Redundancy—Modular Switches and SummitStack Only .............................73 Node Election .....................................................................................................................74 Replicating Data Between Nodes ..........................................................................................75 Viewing Node Status............................................................................................................77 Understanding Hitless Failover Support—Modular Switches and SummitStack Only ........................78 Protocol Support for Hitless Failover .....................................................................................79 Platform Support for Hitless Failover.....................................................................................81 Hitless Failover Caveats .......................................................................................................83 Understanding Power Supply Management ..................................................................................85 Using Power Supplies—Modular Switches Only ......................................................................85 Using Power Supplies—Summit Family Switches Only............................................................88 Using Power Supplies - SummitStack Only ............................................................................88 Displaying Power Supply Information ....................................................................................88 Using the Simple Network Management Protocol .........................................................................89 Enabling and Disabling SNMPv1/v2c and SNMPv3 ................................................................89 Accessing Switch Agents......................................................................................................90 Supported MIBs ..................................................................................................................90 Configuring SNMPv1/v2c Settings ........................................................................................90 Displaying SNMP Settings....................................................................................................91 SNMPv3.............................................................................................................................92 Message Processing.............................................................................................................93 SNMPv3 Security ................................................................................................................93 SNMPv3 MIB Access Control ...............................................................................................96 SNMPv3 Notification...........................................................................................................97

4

ExtremeXOS Concepts Guide, Software Version 12.3

Contents Using the Simple Network Time Protocol...................................................................................100 Configuring and Using SNTP ..............................................................................................100 SNTP Example..................................................................................................................103

Chapter 3: Managing the ExtremeXOS Software............................................................................. 105
Overview ................................................................................................................................105 Using the ExtremeXOS File System ...........................................................................................106 Moving or Renaming Files on the Switch .............................................................................107 Copying Files on the Switch ...............................................................................................108 Displaying Files on the Switch ............................................................................................109 Transferring Files to and from the Switch ............................................................................110 Deleting Files from the Switch............................................................................................112 Managing the Configuration File ...............................................................................................113 Managing ExtremeXOS Processes .............................................................................................115 Displaying Process Information...........................................................................................115 Stopping a Process............................................................................................................116 Starting a Process .............................................................................................................117 Understanding Memory Protection ............................................................................................118 Monitoring CPU Utilization.......................................................................................................119 Disabling CPU Monitoring ..................................................................................................119 Enabling CPU Monitoring ...................................................................................................119 Displaying CPU Utilization History ......................................................................................119

Chapter 4: Configuring Stacked Switches ..................................................................................... 123
Overview ................................................................................................................................123 SummitStack Terms ..........................................................................................................124 SummitStack Compatible Switches.....................................................................................126 SummitStack Topologies....................................................................................................126 Stack Depth .....................................................................................................................130 Understanding SummitStack Configuration Parameters, Configuration Files, and Port Numbering ... 130 Understanding Stacking Link Overcommitment ....................................................................131 About SummitStack Logging Messages................................................................................131 About QoS in Stacking.......................................................................................................132 About Power Management and Power Over Ethernet on Stacking ...........................................133 About Stacking Node Roles, Redundancy, and Failover .........................................................134 About the Failsafe Account on SummitStack Nodes..............................................................135 Logging into a SummitStack ....................................................................................................135 Logging in Through the Console Port ...................................................................................136 Logging in from the Management Network ...........................................................................136 Logging Into a Node From Another Node .............................................................................136 Configuring a New Stack..........................................................................................................137 About Easy Setup..............................................................................................................138 Configuration Procedure.....................................................................................................138 Example: Deploying a New Stack ........................................................................................139 Converting a Standalone Node Deployment to a Stack ................................................................143 Configuration Tasks for SummitStack........................................................................................144 Enabling Summit X650 Stacking Ports................................................................................145 Enabling the Stack ............................................................................................................145 Verifying the Configuration .................................................................................................145

ExtremeXOS Concepts Guide, Software Version 12.3

5

Contents Setting the Command Prompt.............................................................................................148 Configuring Slot Numbers ..................................................................................................149 Configuring Node Priority ...................................................................................................149 Assigning a MAC Address for the Stack ...............................................................................150 Configuring Master-Capability.............................................................................................152 Configuring an Alternate IP Address and Gateway.................................................................153 Configuring the Failsafe Account on a Stack ........................................................................156 Disabling Stacking ............................................................................................................156 Saving the Configuration ....................................................................................................156 Managing an Operating SummitStack........................................................................................156 Managing Licenses on a SummitStack ................................................................................157 Stacking LEDs ..................................................................................................................160 Viewing the Alternate IP Address ........................................................................................160 Viewing Stacking Port Statistics..........................................................................................162 Adding a Node to a Stack...................................................................................................162 Replacing a Node with the Same Switch Type......................................................................165 Replacing a Node with a Different Switch Type ....................................................................166 Merging Two Stacks ..........................................................................................................166 Upgrading ExtremeXOS on a Stack......................................................................................173 Dismantling a Stack ..........................................................................................................174 Removing a Node from a Stack...........................................................................................174 Rebooting a Stack .............................................................................................................175 Troubleshooting a Stack...........................................................................................................175 Managing a Dual Master Situation ......................................................................................176 Setting Traps for Stacking ..................................................................................................179 Connecting to a SummitStack with No Master......................................................................179 Rescuing a Stack That Has No Master-Capable Node............................................................180 FAQs on SummitStack.............................................................................................................182

Chapter 5: Configuring Slots and Ports on a Switch....................................................................... 183
Overview ................................................................................................................................183 Details on I/O Ports ...........................................................................................................184 Disabling MSM-G8X I/O Ports...................................................................................................185 Configuring Ports on a Switch...................................................................................................186 Port Numbering ................................................................................................................187 Enabling and Disabling Switch Ports ...................................................................................188 Configuring Switch Port Speed and Duplex Setting ...............................................................188 WAN PHY OAM .................................................................................................................193 Configuring Switching Mode—Cut-through Switching............................................................195 Jumbo Frames ........................................................................................................................195 Guidelines for Jumbo Frames .............................................................................................196 Enabling Jumbo Frames per Port ........................................................................................196 Enabling Jumbo Frames.....................................................................................................197 Path MTU Discovery ..........................................................................................................198 IP Fragmentation with Jumbo Frames..................................................................................198 IP Fragmentation within a VLAN .........................................................................................199 Link Aggregation on the Switch ................................................................................................200 Link Aggregation Overview..................................................................................................200 Link Aggregation and Software-Controlled Redundant Ports...................................................201 Dynamic Versus Static Load Sharing ...................................................................................201 Load-Sharing Algorithms ....................................................................................................202

6

ExtremeXOS Concepts Guide, Software Version 12.3

Contents LACP ...............................................................................................................................207 Health Check Link Aggregation ...........................................................................................210 Guidelines for Load Sharing ...............................................................................................211 Configuring Switch Load Sharing ........................................................................................213 Load-Sharing Examples .....................................................................................................216 Displaying Switch Load Sharing ..........................................................................................218 Mirroring ................................................................................................................................218 Guidelines for Mirroring .....................................................................................................219 Mirroring Rules and Restrictions .........................................................................................224 Mirroring Examples ...........................................................................................................225 Verifying the Mirroring Configuration ...................................................................................227 Remote Mirroring ....................................................................................................................227 Configuration Details .........................................................................................................228 Guidelines ........................................................................................................................229 Use of Remote Mirroring with Redundancy Protocols ............................................................230 Remote Mirroring with EAPS ..............................................................................................230 Extreme Discovery Protocol ......................................................................................................233 Software-Controlled Redundant Port and Smart Redundancy .......................................................234 Guidelines for Software-Controlled Redundant Ports and Port Groups .....................................235 Configuring Software-Controlled Redundant Ports.................................................................235 Verifying Software-Controlled Redundant Port Configurations.................................................236 Configuring Automatic Failover for Combination Ports.................................................................236 Displaying Port Configuration Information..................................................................................238

Chapter 6: Universal Port............................................................................................................. 239
Overview ................................................................................................................................239 Profile Types.....................................................................................................................240 Dynamic Profile Trigger Types ............................................................................................242 How Device Detect Profiles Work ........................................................................................245 How User Authentication Profiles Work................................................................................245 Profile Configuration Guidelines..........................................................................................246 Collecting Information from Supplicants..............................................................................251 Supplicant Configuration Parameters ..................................................................................253 Universal Port Configuration Overview .................................................................................253 Using Universal Port in an LDAP or Active Directory Environment ..........................................255 Configuring Universal Port Profiles and Triggers .........................................................................255 Creating and Configuring New Profiles.................................................................................256 Editing an Existing Profile ..................................................................................................256 Configuring a Device Event Trigger......................................................................................257 Configuring a User Login or Logout Event Trigger .................................................................257 Configuring a Universal Port Timer......................................................................................257 Configuring a Timer Trigger ................................................................................................257 Creating an EMS Event Filter..............................................................................................258 Configuring an EMS Event Trigger.......................................................................................258 Enabling and Disabling an EMS Event Trigger ......................................................................258 Unconfiguring a User or Device Profile Trigger .....................................................................258 Unconfiguring a Timer .......................................................................................................258 Managing Profiles and Triggers.................................................................................................259 Manually Executing a Static or Dynamic Profile....................................................................259 Displaying a Profile ...........................................................................................................259 Displaying Timers..............................................................................................................259

ExtremeXOS Concepts Guide, Software Version 12.3

7

Contents Displaying Universal Port Events.........................................................................................260 Displaying Profile History ...................................................................................................260 Verifying a Universal Port Profile.........................................................................................260 Handling Profile Execution Errors .......................................................................................260 Disabling and Enabling a Profile .........................................................................................261 Deleting a Profile ..............................................................................................................261 Deleting a Timer ...............................................................................................................261 Deleting an EMS Event Trigger ...........................................................................................261 Sample Universal Port Configurations........................................................................................261 Sample MAC Tracking Profile .............................................................................................262 Universal Port Handset Provisioning Module Profiles ............................................................267 Sample Static Profiles .......................................................................................................271 Sample Configuration with Device-Triggered Profiles.............................................................274 Sample Configuration with User-Triggered Profiles ...............................................................276 Sample Timer-Triggered Profile ..........................................................................................279 Sample Profile with QoS Support ........................................................................................280 Sample Event Profile .........................................................................................................280 Sample Configuration for Generic VoIP LLDP .......................................................................282 Sample Configuration for Generic VoIP 802.1x ....................................................................283 Sample Configuration for Avaya VoIP 802.1x .......................................................................284 Sample Configuration for a Video Camera ............................................................................286

Chapter 7: Using CLI Scripting ..................................................................................................... 289
Overview ................................................................................................................................289 Setting Up Scripts...................................................................................................................289 Enabling and Disabling CLI Scripting ..................................................................................290 Creating Scripts ................................................................................................................290 Using Script Variables .......................................................................................................291 Using Special Characters in Scripts ....................................................................................292 Using Operators ................................................................................................................292 Using Control Structures in Scripts .....................................................................................293 Using Built-In Functions ....................................................................................................294 Controlling Script Configuration Persistence.........................................................................295 Saving, Retrieving, and Deleting Session Variables ...............................................................295 Executing Scripts ..............................................................................................................296 Configuring Error Handling .................................................................................................296 Displaying CLI Scripting Information.........................................................................................296 Viewing CLI Scripting Status ..............................................................................................297 Viewing CLI Scripting Variables ..........................................................................................298 Controlling CLI Script Output .............................................................................................298 CLI Scripting Examples ...........................................................................................................298

Chapter 8: LLDP .......................................................................................................................... 301
Overview ................................................................................................................................301 LLDP Packets .........................................................................................................................303 Transmitting LLDP Messages ...................................................................................................304 Receiving LLDP Messages........................................................................................................305 Managing LLDP ......................................................................................................................305 Supported TLVs ......................................................................................................................306 Mandatory TLVs ................................................................................................................309 Optional TLVs ...................................................................................................................310

8

ExtremeXOS Concepts Guide, Software Version 12.3

Contents Configuring LLDP....................................................................................................................315 Enabling and Disabling LLDP .............................................................................................315 Configuring the System Description TLV Advertisement.........................................................316 Configuring LLDP Timers ...................................................................................................316 Configuring SNMP for LLDP ...............................................................................................316 Configuring Optional TLV Advertisements ............................................................................317 Unconfiguring LLDP ..........................................................................................................321 Displaying LLDP Settings.........................................................................................................321 Displaying LLDP Port Configuration Information and Statistics ..............................................321 Displaying LLDP Information Detected from Neighboring Ports ..............................................321

Chapter 9: Ethernet OAM.............................................................................................................. 323
CFM ......................................................................................................................................323 Overview...........................................................................................................................323 Ping and Traceroute ..........................................................................................................327 Supported Instances for CFM .............................................................................................328 Configuring CFM ...............................................................................................................328 Displaying CFM.................................................................................................................332 CFM Example ...................................................................................................................332 Y.1731—Compliant Frame Delay and Delay Variance Measurement .............................................334 Frame Delay Measurement .................................................................................................335 Configuring a CFM Segment ...............................................................................................336 EFM OAM—Unidirectional Link Fault Management ....................................................................337 Unidirectional Link Fault Management ................................................................................338 Configuring Unidirectional Link Fault Management...............................................................339

Chapter 10: PoE .......................................................................................................................... 341
Overview ................................................................................................................................341 Extreme Networks PoE Devices.................................................................................................341 Summary of PoE Features ........................................................................................................343 Power Checking for PoE Module ...............................................................................................343 Power Delivery ........................................................................................................................343 Enabling PoE to the Switch ................................................................................................344 Power Reserve Budget .......................................................................................................344 PD Disconnect Precedence ................................................................................................345 Port Disconnect or Fault ....................................................................................................346 Port Power Reset...............................................................................................................347 PoE Usage Threshold.........................................................................................................347 Legacy Devices .................................................................................................................347 PoE Operator Limits ..........................................................................................................348 Configuring PoE ......................................................................................................................348 Enabling Inline Power........................................................................................................349 Reserving Power................................................................................................................349 Setting the Disconnect Precedence .....................................................................................350 Configuring the Usage Threshold ........................................................................................351 Configuring the Switch to Detect Legacy PDs .......................................................................352 Configuring the Operator Limit ...........................................................................................352 Configuring PoE Port Labels ...............................................................................................353 Power Cycling Connected PDs ............................................................................................353 Adding an S-PoE Daughter Card to an Existing Configuration.................................................353

ExtremeXOS Concepts Guide, Software Version 12.3

9

Contents Displaying PoE Settings and Statistics ......................................................................................355 Clearing Statistics .............................................................................................................355 Displaying System Power Information..................................................................................355 Displaying Slot PoE Information on Modular Switches...........................................................356 Displaying PoE Status and Statistics on Stand-alone Switches...............................................357 Displaying Port PoE Information .........................................................................................357

Chapter 11: Status Monitoring and Statistics ................................................................................ 361
Overview ................................................................................................................................361 Viewing Port Statistics .............................................................................................................361 Viewing Port Errors ..................................................................................................................362 Using the Port Monitoring Display Keys .....................................................................................364 Viewing VLAN Statistics...........................................................................................................364 Performing Switch Diagnostics .................................................................................................365 Running Diagnostics..........................................................................................................366 Observing LED Behavior During a Diagnostic Test.................................................................369 Displaying Diagnostic Test Results......................................................................................376 Using the System Health Checker .............................................................................................376 Understanding the System Health Checker ..........................................................................377 Enabling Diagnostic Packets on the Switch—Modular Switches Only......................................378 Configuring Diagnostic Packets on the Switch—Modular Switches Only ..................................379 Disabling Diagnostic Packets on the Switch—Modular Switches Only .....................................379 Displaying the System Health Check Setting—All Platforms ..................................................379 System Health Check Examples: Diagnostics—Modular Switches Only ...................................380 Setting the System Recovery Level............................................................................................382 Configuring Software Recovery............................................................................................383 Configuring Hardware Recovery—SummitStack and Summit Family Switches Only..................383 Configuring Module Recovery—Modular Switches Only .........................................................386 Using ELSM ...........................................................................................................................393 About ELSM .....................................................................................................................393 ELSM Hello Messages .......................................................................................................394 ELSM Port States..............................................................................................................394 Link States .......................................................................................................................395 ELSM Link States .............................................................................................................395 ELSM Timers ....................................................................................................................396 Configuring ELSM on a Switch ...........................................................................................397 Displaying ELSM Information .............................................................................................400 Using ELSM with Layer 2 Control Protocols .........................................................................402 ELSM Configuration Example .............................................................................................402 Viewing Fan Information ..........................................................................................................403 Viewing the System Temperature ..............................................................................................404 System Temperature Output ...............................................................................................404 Power Supply Temperature—Modular Switches Only.............................................................405 Fan Tray Temperature—BlackDiamond 10808 and BlackDiamond 20808 Switches Only ........406 Using the Event Management System/Logging ...........................................................................406 Sending Event Messages to Log Targets...............................................................................407 Filtering Events Sent to Targets ..........................................................................................408 Displaying Real-Time Log Messages ....................................................................................416 Displaying Event Logs........................................................................................................416 Uploading Event Logs ........................................................................................................417

10

ExtremeXOS Concepts Guide, Software Version 12.3

Contents Displaying Counts of Event Occurrences ..............................................................................417 Displaying Debug Information.............................................................................................418 Logging Configuration Changes...........................................................................................418 Using sFlow............................................................................................................................418 Sampling Mechanisms.......................................................................................................420 Configuring sFlow..............................................................................................................420 Additional sFlow Configuration Options ...............................................................................423 sFlow Configuration Example..............................................................................................424 Displaying sFlow Information..............................................................................................425 Using RMON ..........................................................................................................................425 About RMON ....................................................................................................................425 Supported RMON Groups of the Switch ...............................................................................426 Configuring RMON ............................................................................................................428 Event Actions ...................................................................................................................429 Displaying RMON Information ............................................................................................429 SMON..............................................................................................................................429

Chapter 12: VLANs ...................................................................................................................... 431
Overview ................................................................................................................................431 Benefits ...........................................................................................................................431 Virtual Routers and VLANs .................................................................................................432 Types of VLANs.......................................................................................................................432 Port-Based VLANs .............................................................................................................433 Tagged VLANs ..................................................................................................................435 Protocol-Based VLANs .......................................................................................................437 Precedence of Tagged Packets Over Protocol Filters .............................................................439 Default VLAN....................................................................................................................439 VLAN Names ..........................................................................................................................439 Renaming a VLAN .............................................................................................................440 Configuring VLANs on the Switch .............................................................................................440 Creating and Configuring VLANs .........................................................................................441 Enabling and Disabling VLANs ...........................................................................................442 VLAN Configuration Examples ............................................................................................442 Displaying Protocol Information ..........................................................................................444 Private VLANs.........................................................................................................................444 PVLAN Overview ...............................................................................................................445 Configuring PVLANs ..........................................................................................................453 Displaying PVLAN Information............................................................................................457 PVLAN Configuration Example 1.........................................................................................458 PVLAN Configuration Example 2.........................................................................................460 VLAN Translation ....................................................................................................................463 VLAN Translation Behavior .................................................................................................464 VLAN Translation Limitations .............................................................................................465 Configuring Translation VLANs ...........................................................................................466 Displaying Translation VLAN Information .............................................................................466 VLAN Translation Configuration Examples ...........................................................................467

Chapter 13: vMAN, PBB, and PBB-TE............................................................................................ 473
Overview ................................................................................................................................473 vMAN Configuration Options and Features ...........................................................................480

ExtremeXOS Concepts Guide, Software Version 12.3

11

Contents Configuration ..........................................................................................................................487 Configuring vMANs............................................................................................................487 Configuring PBB Networks .................................................................................................490 Configuring vMAN Options .................................................................................................494 Displaying Information.............................................................................................................499 Displaying vMAN Information .............................................................................................499 Displaying PBB Network Information...................................................................................499 Configuration Examples ...........................................................................................................500 vMAN Example, Black Diamond 8810.................................................................................500 vMAN Example, Black Diamond 10808...............................................................................501 LAG Port Selection Example...............................................................................................502 Multiple vMAN Ethertype Example......................................................................................503 Tag Translation Example Using ACLs Only ...........................................................................504 1:N Flooding Examples ......................................................................................................505 PBB Network Example .......................................................................................................507 PBB-TE Example...............................................................................................................510

Chapter 14: Web-Based Device Management................................................................................ 513
Overview ................................................................................................................................513 Setting Up ScreenPlay.............................................................................................................513 HTTP and HTTPS Setup ....................................................................................................514 Client Setup .....................................................................................................................514 Launching ScreenPlay .......................................................................................................515 ScreenPlay Dashboard .............................................................................................................516 ScreenPlay Common Functions...........................................................................................517 Dashboard Workspace........................................................................................................521 Configuration ..........................................................................................................................522 Configuration—Ports .........................................................................................................522 Configuration—VLANs .......................................................................................................526 Configuration—Stacking ....................................................................................................529 Configuration—SNMP........................................................................................................531 Configuration—Dynamic ACLs ............................................................................................533 Statistics and Monitoring .........................................................................................................536 Statistics & Monitoring—Event Log .....................................................................................536 Statistics & Monitoring—Ports............................................................................................537 Statistics & Monitoring—QoS .............................................................................................540 Administration ........................................................................................................................540 Administration—User Accounts ..........................................................................................541 Administration—User Sessions ...........................................................................................545 Administration—CLI Shell..................................................................................................546 Help ......................................................................................................................................547

Chapter 15: FDB .......................................................................................................................... 549
Overview ................................................................................................................................549 FDB Contents ...................................................................................................................549 How FDB Entries Get Added...............................................................................................550 FDB Entry Types ...............................................................................................................550 Managing the FDB ..................................................................................................................552 Adding a Permanent Static Entry ........................................................................................552 Configuring the FDB Aging Time.........................................................................................552

12

ExtremeXOS Concepts Guide, Software Version 12.3

Contents Clearing FDB Entries .........................................................................................................552 Managing Multiple Port FDB Entries ...................................................................................553 Supporting Remote Mirroring..............................................................................................553 Managing FDB MAC Address Tracking.................................................................................554 Displaying FDB Entries ............................................................................................................555 MAC-Based Security................................................................................................................556 Managing MAC Address Learning........................................................................................556 Managing Egress Flooding..................................................................................................557 Displaying Learning and Flooding Settings...........................................................................560 Creating Blackhole FDB Entries ..........................................................................................560 Multicast FDB with Multiport Entry ...........................................................................................561

Chapter 16: Virtual Routers.......................................................................................................... 563
Overview ................................................................................................................................563 Types of Virtual Routers .....................................................................................................564 User Virtual Router Configuration Domain............................................................................565 Managing Virtual Routers .........................................................................................................566 Creating User Virtual Routers .............................................................................................566 Adding Routing Protocols to a Virtual Router........................................................................566 Configuring Ports to Use One or More Virtual Routers ...........................................................567 Displaying Ports and Protocols............................................................................................568 Configuring the Routing Protocols and VLANs ......................................................................568 Virtual Router Configuration Example ........................................................................................569

Chapter 17: Policy Manager ........................................................................................................ 571
Overview ................................................................................................................................571 Creating and Editing Policies....................................................................................................571 Using the Edit Command ...................................................................................................572 Using a Separate Machine .................................................................................................572 Checking Policies ..............................................................................................................572 Refreshing Policies............................................................................................................573 Applying Policies ....................................................................................................................573 Applying ACL Policies........................................................................................................573 Applying Routing Policies ..................................................................................................574

Chapter 18: ACLs ........................................................................................................................ 575
Overview ................................................................................................................................575 ACL Rule Syntax .....................................................................................................................576 Matching All Egress Packets...............................................................................................577 Comments and Descriptions in ACL Policy Files ...................................................................578 Types of Rule Entries.........................................................................................................579 Match Conditions ..............................................................................................................580 Actions.............................................................................................................................580 Action Modifiers................................................................................................................581 ACL Rule Syntax Details ....................................................................................................583 IPv6 ACL Address Masks ...................................................................................................589 vMAN ACLs ............................................................................................................................590 vMAN Match Conditions ....................................................................................................590 vMAN ACL Actions ............................................................................................................591

ExtremeXOS Concepts Guide, Software Version 12.3

13

Contents vMAN ACL Action Modifiers ...............................................................................................592 vMAN ACL Examples .........................................................................................................593 Layer-2 Protocol Tunneling ACLs ..............................................................................................595 ACL Byte Counters ..................................................................................................................595 Dynamic ACLs ........................................................................................................................596 Creating the Dynamic ACL Rule ..........................................................................................597 Configuring the ACL Rule on the Interface ...........................................................................598 Configuring ACL Priority.....................................................................................................599 ACL Evaluation Precedence......................................................................................................603 BlackDiamond 10808, BlackDiamond 12800, and BlackDiamond 20808 Switches Only ........603 BlackDiamond 8800 Series Switches, SummitStack, and Summit Family Switches Only .........604 Applying ACL Policy Files ........................................................................................................606 Displaying and Clearing ACL Counters .................................................................................607 Example ACL Rule Entries .................................................................................................607 ACL Mechanisms ....................................................................................................................610 ACL Masks and Rules ........................................................................................................610 ACL Slices and Rules ........................................................................................................617 ACL Counters—Shared and Dedicated.................................................................................628 Policy-Based Routing ..............................................................................................................629 Layer 3 Policy-Based Redirect ............................................................................................629 Layer 2 Policy-Based Redirect ............................................................................................631 Policy-Based Redirection Redundancy.................................................................................633 ACL Troubleshooting ...............................................................................................................636 Unicast Reverse Path Forwarding with ACLs ..............................................................................637 uRPF Disabled on a Switch ................................................................................................637 uRPF Enabled on a Switch in Loose Mode ...........................................................................637 uRPF Enabled on a Switch in Strict Mode ...........................................................................638

Chapter 19: Routing Policies ....................................................................................................... 639
Overview ................................................................................................................................639 Routing Policy File Syntax........................................................................................................639 Policy Match Type .............................................................................................................640 Policy Match Conditions ....................................................................................................641 Policy Action Statements ...................................................................................................643 Applying Routing Policies ........................................................................................................644 Policy Examples......................................................................................................................644 Translating an access profile to a policy ..............................................................................644 Translating a Route Map to a Policy ....................................................................................646

Chapter 20: QoS and HQoS .......................................................................................................... 649
Overview ................................................................................................................................649 Applications and Types of QoS ...........................................................................................651 Traffic Groups...................................................................................................................653 Introduction to Rate Limiting, Rate Shaping, and Scheduling ................................................657 Meters .............................................................................................................................660 QoS Profiles .....................................................................................................................661 HQoS Traffic Queues .........................................................................................................665 Multicast Traffic Queues ....................................................................................................668 Egress Port Rate Limiting and Rate Shaping ........................................................................669

14

ExtremeXOS Concepts Guide, Software Version 12.3

Contents Configuring QoS and HQoS ......................................................................................................669 Platform Configuration Procedures ......................................................................................669 Selecting the QoS Scheduling Method.................................................................................678 Configuring the HQoS Scheduling Method ...........................................................................679 Configuring Queue Priority Levels for Strict Priority HQoS .....................................................680 Configuring Ingress QoS Profiles on BlackDiamond 10808 Switches ......................................681 Configuring 802.1p or DSCP Replacement ..........................................................................681 Configuring Egress QoS Profile Rate Shaping .......................................................................685 Configuring Egress Port Rate Limits ....................................................................................686 Configuring Traffic Groups .................................................................................................688 Creating and Managing Meters ...........................................................................................692 Configuring Traffic Queues.................................................................................................693 Adjusting the Byte Count Used to Calculate Traffic Rates......................................................696 Controlling Flooding, Multicast, and Broadcast Traffic on VLAN Egress Ports ..........................696 Controlling Flooding, Multicast, and Broadcast Traffic on vMAN Egress Ports..........................697 Displaying QoS and HQoS Configuration and Performance ..........................................................698 Displaying Traffic Group Configuration Data.........................................................................698 Displaying HQoS Configuration Controls ..............................................................................699 Displaying the Rate-Limiting and Rate-Shaping Configuration................................................700 Displaying Performance Statistics .......................................................................................701 HQoS Examples ......................................................................................................................703

Chapter 21: Network Login .......................................................................................................... 717
Overview ................................................................................................................................717 Web-Based, MAC-Based, and 802.1x Authentication............................................................718 Multiple Supplicant Support ..............................................................................................719 Campus and ISP Modes .....................................................................................................720 Network Login and Hitless Failover .....................................................................................720 Configuring Network Login .......................................................................................................722 Enabling or Disabling Network Login on the Switch ..............................................................722 Enabling or Disabling Network Login on a Specific Port ........................................................722 Configuring the Move Fail Action ........................................................................................722 Displaying Network Login Settings ......................................................................................723 Exclusions and Limitations.................................................................................................723 Authenticating Users ...............................................................................................................724 Local Database Authentication .................................................................................................724 802.1x Authentication.............................................................................................................728 Interoperability Requirements.............................................................................................728 Enabling and Disabling 802.1x Network Login .....................................................................729 802.1x Network Login Configuration Example......................................................................730 Configuring Guest VLANs ...................................................................................................731 Post-authentication VLAN Movement ..................................................................................734 802.1x Authentication and Network Access Protection .........................................................734 Web-Based Authentication .......................................................................................................738 Enabling and Disabling Web-Based Network Login ...............................................................738 Configuring the Base URL..................................................................................................738 Configuring the Redirect Page ............................................................................................739 Configuring Proxy Ports......................................................................................................739 Configuring Session Refresh ...............................................................................................739 Configuring Logout Privilege ...............................................................................................740 Configuring the Login Page ................................................................................................740

ExtremeXOS Concepts Guide, Software Version 12.3

15

Contents Customizable Authentication Failure Response ....................................................................742 Customizable Graphical Image in Logout Popup Window .......................................................742 Web-Based Network Login Configuration Example ................................................................742 Web-Based Authentication User Login.................................................................................744 MAC-Based Authentication ......................................................................................................745 Enabling and Disabling MAC-Based Network Login ...............................................................746 Associating a MAC Address to a Specific Port ......................................................................747 Adding and Deleting MAC Addresses...................................................................................747 Displaying the MAC Address List ........................................................................................747 Configuring Reauthentication Period ...................................................................................748 Secure MAC Configuration Example ....................................................................................748 MAC-Based Network Login Configuration Example................................................................749 Additional Network Login Configuration Details ..........................................................................749 Configuring Network Login MAC-Based VLANs .....................................................................750 Configuring Dynamic VLANs for Network Login.....................................................................752 Configuring Network Login Port Restart ...............................................................................754 Authentication Failure and Services Unavailable Handling ....................................................755

Chapter 22: Security ................................................................................................................... 759
Overview ................................................................................................................................759 Safe Defaults Mode .................................................................................................................761 MAC Security..........................................................................................................................761 Limiting Dynamic MAC Addresses.......................................................................................762 MAC Address Lockdown .....................................................................................................765 MAC Address Lockdown with Timeout .................................................................................765 DHCP Server ..........................................................................................................................770 Enabling and Disabling DHCP ............................................................................................770 Configuring the DHCP Server..............................................................................................770 Displaying DHCP Information .............................................................................................771 IP Security .............................................................................................................................771 DHCP Snooping and Trusted DHCP Server...........................................................................772 Source IP Lockdown ..........................................................................................................778 ARP Learning ...................................................................................................................780 Gratuitous ARP Protection..................................................................................................782 ARP Validation..................................................................................................................784 Denial of Service Protection .....................................................................................................785 Configuring Simulated Denial of Service Protection ..............................................................786 Configuring Denial of Service Protection ..............................................................................786 Protocol Anomaly Protection...............................................................................................787 Unicast Reverse Path Forwarding........................................................................................788 Authenticating Management Sessions Through the Local Database ..............................................793 Authenticating Management Sessions Through a TACACS+ Server ...............................................793 Configuring the TACACS+ Client for Authentication and Authorization ....................................794 Configuring the TACACS+ Client for Accounting ...................................................................796 Authenticating Management Sessions Through a RADIUS Server .................................................799 How Extreme Switches Work with RADIUS Servers ...............................................................799 Configuration Overview for Authenticating Management Sessions ...........................................801 Authenticating Network Login Users Through a RADIUS Server ...................................................801 How Network Login Authentication Differs from Management Session Authentication ..............802 Configuration Overview for Authenticating Network Login Users .............................................802

16

ExtremeXOS Concepts Guide, Software Version 12.3

Contents Configuring the RADIUS Client .................................................................................................802 Configuring the RADIUS Client for Authentication and Authorization ......................................803 Configuring the RADIUS Client for Accounting .....................................................................804 RADIUS Server Configuration Guidelines ...................................................................................806 Configuring User Authentication (Users File)........................................................................806 Configuring the Dictionary File ...........................................................................................815 Configuring Command Authorization (RADIUS Profiles).........................................................816 Additional RADIUS Configuration Examples .........................................................................818 Implementation Notes for Specific RADIUS Servers..............................................................822 Setting Up Open LDAP ......................................................................................................824 Configuring a Windows XP Supplicant for 802.1x Authentication.................................................829 Hyptertext Transfer Protocol .....................................................................................................829 Secure Shell 2........................................................................................................................830 Enabling SSH2 for Inbound Switch Access ..........................................................................830 Viewing SSH2 Information .................................................................................................832 Using ACLs to Control SSH2 Access ...................................................................................833 Using SCP2 from an External SSH2 Client ..........................................................................835 Understanding the SSH2 Client Functions on the Switch ......................................................835 Using SFTP from an External SSH2 Client ...........................................................................836 Secure Socket Layer ................................................................................................................838 Enabling and Disabling SSL ...............................................................................................838 Creating Certificates and Private Keys .................................................................................839 Displaying SSL Information ................................................................................................841

Chapter 23: CLEAR-Flow .............................................................................................................. 843
Overview ................................................................................................................................843 Configuring CLEAR-Flow ..........................................................................................................843 Displaying CLEAR-Flow Configuration and Activity................................................................844 Adding CLEAR-Flow Rules to ACLs ...........................................................................................844 CLEAR-Flow Rule Match Type ............................................................................................845 CLEAR-Flow Rule Match Conditions....................................................................................846 CLEAR-Flow Rule Actions ..................................................................................................852 CLEAR-Flow Rule Examples .....................................................................................................857 Count Expression Example .................................................................................................857 Delta Expression Example ..................................................................................................858 Ratio Expression Example ..................................................................................................858 Delta-Ratio Expression Example..........................................................................................859

Part 2: Using Switching and Routing Protocols
Chapter 24: EAPS........................................................................................................................ 863
Overview ................................................................................................................................863 EAPS Benefits ..................................................................................................................864 EAPS Single Ring Topology ................................................................................................864 EAPS Multiple Ring Topology .............................................................................................869 Fast Convergence ..............................................................................................................878 EAPS and Hitless Failover—Modular Switches and SummitStack Only ...................................878 EAPS Licensing ................................................................................................................879

ExtremeXOS Concepts Guide, Software Version 12.3

17

Contents Configuring EAPS....................................................................................................................879 Single Ring Configuration Tasks .........................................................................................879 Common Link Topology Configuration Tasks.........................................................................886 Clearing the EAPS Counters ...............................................................................................889 Displaying EAPS Information....................................................................................................889 Displaying Single Ring Status and Configuration Information.................................................890 Displaying Domain Counter Information...............................................................................892 Displaying Common Link Status and Configuration Information .............................................895 Displaying Common Link Counter Information ......................................................................897 Configuration Examples ...........................................................................................................899 Migrating from STP to EAPS ..............................................................................................899 Designing and Implementing a Highly Resilient Enterprise Network Using EAPS .....................903

Chapter 25: STP.......................................................................................................................... 927
Overview ................................................................................................................................927 Compatibility Between 802.1D-1998 and 802.1D-2004 STP Bridges ...................................928 Spanning Tree Domains ...........................................................................................................931 Member VLANs .................................................................................................................932 STPD Modes.....................................................................................................................933 Encapsulation Modes.........................................................................................................934 STP States .......................................................................................................................935 Binding Ports....................................................................................................................936 Rapid Root Failover ...........................................................................................................938 STPD BPDU Tunneling ......................................................................................................938 STP and Hitless Failover—Modular Switches Only ................................................................940 STP Configurations..................................................................................................................941 Basic STP Configuration ....................................................................................................942 Multiple STPDs on a Port ...................................................................................................944 VLANs Spanning Multiple STPDs........................................................................................944 EMISTP Deployment Constraints ........................................................................................945 Per VLAN Spanning Tree..........................................................................................................947 STPD VLAN Mapping.........................................................................................................947 Native VLAN .....................................................................................................................947 Rapid Spanning Tree Protocol ..................................................................................................947 RSTP Concepts .................................................................................................................948 RSTP Operation ................................................................................................................951 Multiple Spanning Tree Protocol...............................................................................................958 MSTP Concepts ................................................................................................................959 MSTP Operation................................................................................................................967 STP Rules and Restrictions ......................................................................................................969 Configuring STP on the Switch .................................................................................................970 STP Configuration Examples ..............................................................................................971 Displaying STP Settings...........................................................................................................976

Chapter 26: ESRP........................................................................................................................ 979
Overview ................................................................................................................................979 ESRP Modes of Operation ..................................................................................................979 ESRP and ELRP................................................................................................................980 Reasons to Use ESRP ........................................................................................................980

18

ExtremeXOS Concepts Guide, Software Version 12.3

Contents ESRP Concepts.......................................................................................................................980 ESRP-Aware Switches .......................................................................................................982 Standard and Extended ESRP ............................................................................................983 ESRP Domains .................................................................................................................984 Linking ESRP Switches......................................................................................................985 ESRP and Hitless Failover..................................................................................................985 Determining the ESRP Master ..................................................................................................987 Master Switch Behavior .....................................................................................................987 Pre-Master Switch Behavior................................................................................................987 Slave Switch Behavior .......................................................................................................988 Neutral Switch Behavior ....................................................................................................988 Electing the Master Switch.................................................................................................988 ESRP Failover Time...........................................................................................................989 ESRP Election Algorithms ..................................................................................................989 Configuring an ESRP Domain on a Switch .................................................................................991 Creating and Deleting an ESRP Domain...............................................................................992 Configuring the ESRP Domain ID........................................................................................992 Adding VLANs to an ESRP Domain .....................................................................................992 Enabling and Disabling an ESRP Domain ............................................................................993 Advanced ESRP Features.........................................................................................................994 ESRP Tracking..................................................................................................................994 ESRP Port Restart .............................................................................................................997 ESRP Host Attach .............................................................................................................998 ESRP Port Weight and Don’t Count .....................................................................................999 ESRP Groups ....................................................................................................................999 Selective Forwarding .......................................................................................................1000 Displaying ESRP Information .................................................................................................1002 Using ELRP with ESRP..........................................................................................................1003 Using ELRP with ESRP to Recover Loops ..........................................................................1003 Configuring ELRP............................................................................................................1004 Displaying ELRP Information............................................................................................1005 ESRP Examples ....................................................................................................................1006 Single Domain Using Layer 2 and Layer 3 Redundancy.......................................................1006 Multiple Domains Using Layer 2 and Layer 3 Redundancy ..................................................1007 ESRP Cautions .....................................................................................................................1009 Configuring ESRP and IP Multinetting...............................................................................1009 ESRP and STP................................................................................................................1010 ESRP and VRRP .............................................................................................................1010 ESRP Groups and Host Attach..........................................................................................1010 Port Configurations and ESRP ..........................................................................................1010

Chapter 27: VRRP...................................................................................................................... 1011
Overview ..............................................................................................................................1011 VRRP and Hitless Failover................................................................................................1011 Determining the VRRP Master ..........................................................................................1013 VRRP Guidelines.............................................................................................................1013 VRRP Configuration Parameters..............................................................................................1014 VRRP Tracking......................................................................................................................1015 VRRP Tracking Mode .......................................................................................................1015 VRRP VLAN Tracking.......................................................................................................1016

ExtremeXOS Concepts Guide, Software Version 12.3

19

Contents VRRP Route Table Tracking .............................................................................................1016 VRRP Ping Tracking ........................................................................................................1016 Displaying VRRP Tracking Information ..............................................................................1017 VRRP Configuration Examples ................................................................................................1017 Simple VRRP Network Configuration .................................................................................1017 Fully Redundant VRRP Network........................................................................................1018 VRRP Tracking................................................................................................................1020

Chapter 28: MPLS ..................................................................................................................... 1023
Overview ..............................................................................................................................1023 How MPLS Works............................................................................................................1024 MPLS Terms and Acronyms..............................................................................................1025 LDP Support...................................................................................................................1026 MPLS Routing ................................................................................................................1028 VPLS Overview ................................................................................................................1034 H-VPLS Overview ............................................................................................................1038 Protected VPLS and H-VPLS Access Overview ....................................................................1043 RSVP-TE Overview...........................................................................................................1047 Supporting Quality of Service Features ..............................................................................1060 Propagation of IP TTL ......................................................................................................1060 Configuring MPLS .................................................................................................................1060 Configuration Overview ....................................................................................................1061 Configuring the MPLS LSR ID ..........................................................................................1062 Adding MPLS Support to VLANs .......................................................................................1062 Enabling and Disabling MPLS on an LSR ..........................................................................1062 Enabling MPLS on a VLAN ...............................................................................................1062 Enabling LDP on the Switch .............................................................................................1063 Enabling and Disabling LDP on a VLAN.............................................................................1063 Creating Static LSPs........................................................................................................1063 Configuring Penultimate Hop Popping ...............................................................................1065 Configuring QoS Mappings ...............................................................................................1065 Mapping Dot1p to EXP Bits..............................................................................................1066 Enabling and Disabling LDP Loop Detection ......................................................................1067 Configuring an LDP Label Advertisement Filter ..................................................................1067 Configuring LDP Session Timers .......................................................................................1068 Clearing LDP Protocol Counters ........................................................................................1069 Resetting MPLS Configuration Parameter Values ................................................................1069 Displaying MPLS Configuration Information .............................................................................1069 Displaying MPLS Basic Configuration Information ..............................................................1070 Displaying LDP Basic Configuration Information.................................................................1070 Displaying MPLS Interface Information .............................................................................1071 Displaying LDP Interface Information ................................................................................1072 Displaying MPLS Label Information ..................................................................................1072 Displaying LDP Label Information .....................................................................................1073 Displaying MPLS Label Mapping Information .....................................................................1075 Displaying MPLS QoS Mapping Information .......................................................................1076 Displaying LDP Peer Session Information ..........................................................................1077 Displaying LDP Protocol Counters .....................................................................................1077 Displaying LDP LSP Forwarding Database..........................................................................1078 Displaying RSVP-TE LSP Configuration Information ............................................................1079 Displaying the RSVP-TE Paths..........................................................................................1079

20

ExtremeXOS Concepts Guide, Software Version 12.3

Contents Displaying the RSVP-TE Path Profile .................................................................................1079 Displaying the RSVP-TE LSP ............................................................................................1079 MPLS Configuration Example .................................................................................................1080 Configuring VPLS Layer-2 VPNs..............................................................................................1082 Configuring MPLS for Establishing VPLS Instances ............................................................1082 Creating a VPLS Domain ..................................................................................................1083 Deleting a VPLS Domain ..................................................................................................1083 Enabling a VPLS Domain .................................................................................................1083 Disabling a VPLS Domain.................................................................................................1083 Adding a VPLS Peer ........................................................................................................1084 Deleting a VPLS Peer.......................................................................................................1084 Adding a VPLS Service ....................................................................................................1084 Deleting a VPLS Service...................................................................................................1084 Enabling a VPLS Service ..................................................................................................1084 Disabling a VPLS Service .................................................................................................1085 Configuring VPLS Options ................................................................................................1085 Configuring VPLS MTU ....................................................................................................1085 Configuring VPLS FDB Aging Timer...................................................................................1086 Unconfiguring VPLS Options ............................................................................................1086 Displaying VPLS VPN Status ............................................................................................1086 VPLS VPN Configuration Examples .........................................................................................1086 Basic Point-to-Point VPLS Configuration Example ..............................................................1086 Multipoint Full Mesh VPLS Configuration Example .............................................................1087 VPLS with Redundant EAPS Configuration Example ...........................................................1089 Configuring H-VPLS ..............................................................................................................1093 Configuring H-VPLS Spoke Nodes .....................................................................................1093 Configuring H-VPLS Core Nodes .......................................................................................1093 Configuring the MAC Address Withdrawal Feature ..............................................................1094 Displaying H-VPLS Configuration Information.....................................................................1094 Configuring Protected VPLS ...................................................................................................1094 Configuring RSVP-TE.............................................................................................................1094 Enabling and Disabling RSVP-TE on the Switch .................................................................1095 Enabling and Disabling RSVP-TE on a VLAN ......................................................................1095 Configuring RSVP-TE Protocol Parameters .........................................................................1095 Creating or Deleting an RSVP-TE LSP ...............................................................................1096 Creating an RSVP-TE Path ...............................................................................................1096 Configuring an Explicit Route ...........................................................................................1097 Reserving Bandwidth for MPLS.........................................................................................1098 Creating and Deleting an RSVP-TE Profile .........................................................................1098 Configuring an RSVP-TE Profile ........................................................................................1099 Adding a Path to an RSVP-TE LSP ....................................................................................1099 Setting up Fast-Reroute Protection for an LSP ...................................................................1100 RSVP-TE Configuration Example.............................................................................................1101 Troubleshooting MPLS...........................................................................................................1103 Using LSP Ping...............................................................................................................1104 Using LSP Trace .............................................................................................................1104 Using the Health Check VCCV Feature...............................................................................1105

ExtremeXOS Concepts Guide, Software Version 12.3

21

Contents

Chapter 29: IPv4 Unicast Routing............................................................................................... 1107
Overview ..............................................................................................................................1107 Router Interfaces ............................................................................................................1108 Populating the Routing Tables..........................................................................................1109 Hardware Routing Table Management ...............................................................................1116 Configuring Unicast Routing...................................................................................................1119 Configuring Basic Unicast Routing....................................................................................1119 Adding a Default Route or Gateway ...................................................................................1120 Configuring Static Routes ................................................................................................1120 Configuring the Relative Route Priority ..............................................................................1121 Configuring Route Sharing ...............................................................................................1121 Configuring Hardware Routing Table Usage........................................................................1122 Configuring Route Compression ........................................................................................1122 Configuring Static Route Advertisement.............................................................................1123 Verifying the Routing Configuration.........................................................................................1123 Viewing IP Routes ...........................................................................................................1123 Viewing the IP ARP Table ................................................................................................1123 Viewing the IP Configuration for a VLAN ............................................................................1123 Viewing Compressed Routes .............................................................................................1123 Routing Configuration Example...............................................................................................1125 Proxy ARP ............................................................................................................................1127 ARP-Incapable Devices ....................................................................................................1127 Proxy ARP Between Subnets ............................................................................................1127 IPv4 Multinetting ..................................................................................................................1128 Multinetting Topology ......................................................................................................1128 How Multinetting Affects Other Features ...........................................................................1129 Configuring IPv4 Multinetting...........................................................................................1133 IP Multinetting Examples.................................................................................................1133 DHCP/BOOTP Relay ..............................................................................................................1134 Configuring the DHCP Relay Agent Option (Option 82) at Layer 3 ........................................1134 Verifying the DHCP/BOOTP Relay Configuration .................................................................1136 Broadcast UDP Packet Forwarding ..........................................................................................1136 Configuring UDP Forwarding ............................................................................................1136 UDP Echo Server ............................................................................................................1138 IP Broadcast Handling...........................................................................................................1138 IP Broadcast Handling Details ..........................................................................................1138 Command-line Support for IP Broadcast Handling ..............................................................1139 VLAN Aggregation .................................................................................................................1140 VLAN Aggregation Properties ............................................................................................1141 VLAN Aggregation Limitations ..........................................................................................1141 SubVLAN Address Range Checking ...................................................................................1141 Isolation Option for Communication Between SubVLANs .....................................................1142 VLAN Aggregation Example ..............................................................................................1142 Verifying the VLAN Aggregation Configuration ....................................................................1143

Chapter 30: IPv6 Unicast Routing............................................................................................... 1145
Overview ..............................................................................................................................1145 Router Interfaces ............................................................................................................1146 Specifying IPv6 Addresses ...............................................................................................1147

22

ExtremeXOS Concepts Guide, Software Version 12.3

Contents Neighbor Discovery Protocol .............................................................................................1149 Populating the Routing Table ...........................................................................................1151 Configuring IP Unicast Routing ..............................................................................................1153 Verifying the IP Unicast Routing Configuration ...................................................................1154 Configuring Route Sharing .....................................................................................................1154 Configuring Route Compression ..............................................................................................1155 IPv6 Forwarding Behavior ......................................................................................................1155 Hardware IPv6 Unicast Forwarding Support .......................................................................1156 Hardware Tunnel Support ................................................................................................1156 Routing Configuration Example...............................................................................................1156 Tunnel Configuration Examples ..............................................................................................1158 6in4 Tunnel Configuration Example ..................................................................................1158 6to4 Tunnel Configuration Example ..................................................................................1160

Chapter 31: RIP......................................................................................................................... 1163
Overview ..............................................................................................................................1163 RIP Versus OSPF and IS-IS ..............................................................................................1164 Advantages of RIP, OSPF, and IS-IS .................................................................................1164 Overview of RIP ....................................................................................................................1164 Routing Table .................................................................................................................1164 Split Horizon ..................................................................................................................1165 Poison Reverse ...............................................................................................................1165 Triggered Updates ...........................................................................................................1165 Route Advertisement of VLANs .........................................................................................1165 RIP Version 1 Versus RIP Version 2 ..................................................................................1165 Route Redistribution .............................................................................................................1166 Configuring Route Redistribution ......................................................................................1166 RIP Configuration Example ....................................................................................................1167

Chapter 32: RIPng ..................................................................................................................... 1169
Overview ..............................................................................................................................1169 RIPng Versus OSPFv3 and IS-IS .......................................................................................1169 Advantages of RIPng, OSPFv3, and IS-IS ..........................................................................1170 Overview of RIPng .................................................................................................................1170 Routing Table .................................................................................................................1170 Split Horizon ..................................................................................................................1171 Poison Reverse ...............................................................................................................1171 Triggered Updates ...........................................................................................................1171 Route Advertisement of VLANs .........................................................................................1171 Route Redistribution .............................................................................................................1171 Configuring Route Redistribution ......................................................................................1171 RIPng Configuration Example .................................................................................................1172

Chapter 33: OSPF ...................................................................................................................... 1175
Overview ..............................................................................................................................1175 OSPF Edge Mode ............................................................................................................1176 Link State Database ........................................................................................................1176 Graceful OSPF Restart .....................................................................................................1177

ExtremeXOS Concepts Guide, Software Version 12.3

23

Contents Areas .............................................................................................................................1178 Point-to-Point Support .....................................................................................................1181 Route Redistribution .............................................................................................................1182 Configuring Route Redistribution ......................................................................................1183 OSPF Timers and Authentication ......................................................................................1183 Configuring OSPF..................................................................................................................1184 Configuring OSPF Wait Interval.........................................................................................1184 OSPF Wait Interval Parameters .........................................................................................1184 OSPF Configuration Example..................................................................................................1185 Configuration for ABR1....................................................................................................1186 Configuration for IR1 .......................................................................................................1186 Displaying OSPF Settings.......................................................................................................1187

Chapter 34: OSPFv3 .................................................................................................................. 1189
Overview ..............................................................................................................................1189 Link State Database ........................................................................................................1189 Areas .............................................................................................................................1190 Link-Type Support...........................................................................................................1193 Route Redistribution .............................................................................................................1193 Configuring Route Redistribution ......................................................................................1194 OSPFv3 Timers ...............................................................................................................1195 OSPFv3 Configuration Example ..............................................................................................1195 Configuration for Router 1................................................................................................1196 Configuration for Router 2................................................................................................1196 Configuration for Router 3................................................................................................1196

Chapter 35: IS-IS ...................................................................................................................... 1197
Overview ..............................................................................................................................1197 Establishing Adjacencies .................................................................................................1198 IS-IS Hierarchy ...............................................................................................................1201 IS-IS and IP Routing .......................................................................................................1201 Authentication ................................................................................................................1202 Dynamic Hostname .........................................................................................................1202 Route Leaking.................................................................................................................1203 Metric Types...................................................................................................................1203 IS-IS Restart...................................................................................................................1203 IPv4 and IPv6 Topology Modes.........................................................................................1203 Route Redistribution .............................................................................................................1204 Configuring Route Redistribution ......................................................................................1205 Configuring IS-IS ..................................................................................................................1206 Configuring L1 Routers ....................................................................................................1206 Configuring L1/L2 Routers ...............................................................................................1207 Configuring L2 Routers ....................................................................................................1208 Configuring IS-IS Timers..................................................................................................1208 Configuring the Graceful Restart Feature ...........................................................................1209 Configuring Hello Padding................................................................................................1210 Configuring Interlevel Filters ............................................................................................1210 Configuring the Dynamic Hostname Feature.......................................................................1210 Configuring the Adjacency Check Feature ..........................................................................1210

24

ExtremeXOS Concepts Guide, Software Version 12.3

Contents Configuring an Import Policy ............................................................................................1211 Configuring the Multi-Topology Feature .............................................................................1211 Displaying IS-IS Configuration Information ..............................................................................1211 Displaying General Information for Global IS-IS..................................................................1211 Displaying Router-Specific Information..............................................................................1212 Displaying Router Summary Addresses ..............................................................................1212 Displaying IS-IS Interface Information...............................................................................1212 Displaying Link State Database Information .......................................................................1212 Displaying IPv4 and IPv6 Topology Information..................................................................1212 Displaying IS-IS Neighbors...............................................................................................1212 Displaying IS-IS Counter Data ..........................................................................................1212 Managing IS-IS .....................................................................................................................1212 Configuring Password Security..........................................................................................1213 Managing Transit Traffic with the Overload Bit ...................................................................1213 Clearing the IS-IS Counters ..............................................................................................1214 Originating an L2 Default Route .......................................................................................1214 Managing IP Summary Addresses .....................................................................................1214 Managing an IS-IS Area Address.......................................................................................1215 Managing VLAN Interfaces ...............................................................................................1215 Managing IS-IS Routers ...................................................................................................1217 Configuration Example...........................................................................................................1218

Chapter 36: BGP........................................................................................................................ 1221
Overview ..............................................................................................................................1221 BGP Attributes................................................................................................................1222 BGP Community Attributes ..............................................................................................1222 Extended Community Attributes........................................................................................1223 Multiprotocol BGP...........................................................................................................1226 BGP Features .......................................................................................................................1226 Route Reflectors .............................................................................................................1227 Route Confederations ......................................................................................................1228 Route Aggregation ...........................................................................................................1231 Inactive Route Advertisement ...........................................................................................1232 Default Route Origination and Advertisement .....................................................................1232 Using the Loopback Interface ...........................................................................................1234 Looped AS_Path Attribute ................................................................................................1234 BGP Peer Groups ............................................................................................................1234 BGP Route Flap Dampening .............................................................................................1235 BGP Route Selection .......................................................................................................1237 Stripping Out Private AS Numbers from Route Updates ......................................................1237 Route Redistribution .......................................................................................................1238 BGP ECMP .....................................................................................................................1238 BGP Static Network.........................................................................................................1239 Graceful BGP Restart ......................................................................................................1239 Cease Subcodes ..............................................................................................................1241 Fast External Fallover ......................................................................................................1242 Capability Negotiation .....................................................................................................1243 Route Refresh.................................................................................................................1243

Chapter 37: Multicast Routing and Switching.............................................................................. 1245
Overview ..............................................................................................................................1245 Multicast Routing Table and RPF Overview ..............................................................................1246

ExtremeXOS Concepts Guide, Software Version 12.3

25

Contents PIM Overview........................................................................................................................1246 PIM Edge Mode ..............................................................................................................1247 PIM Dense Mode.............................................................................................................1247 PIM Sparse Mode............................................................................................................1247 PIM Mode Interoperation .................................................................................................1248 PIM Source Specific Multicast .........................................................................................1248 PIM Snooping .................................................................................................................1249 IGMP Overview .....................................................................................................................1252 IGMP Snooping...............................................................................................................1252 Static IGMP....................................................................................................................1253 IGMP Snooping Filters.....................................................................................................1254 Limiting the Number of Multicast Sessions on a Port ..........................................................1255 Enabling and Disabling IGMP Snooping Fast Leave ............................................................1255 Using IGMP-SSM Mapping...............................................................................................1255 Configuring IP Multicast Routing ............................................................................................1257 Enabling Multicast Forwarding..........................................................................................1257 Configuring PIM ..............................................................................................................1257 Configuring Multicast Static Routes ..................................................................................1257 Configuring EAPS Support for Multicast Traffic ..................................................................1258 PIM Configuration Examples ............................................................................................1258 Multicast VLAN Registration...................................................................................................1265 Basic MVR Deployment....................................................................................................1266 Inter-Multicast VLAN Forwarding ......................................................................................1269 MVR Configurations.........................................................................................................1270 Displaying Multicast Information ............................................................................................1275 Displaying the Multicast Routing Table..............................................................................1276 Displaying the Multicast Cache.........................................................................................1276 Looking Up a Multicast Route ..........................................................................................1276 Looking Up the RPF for a Multicast Source........................................................................1276 Displaying the PIM Snooping Configuration........................................................................1276

Chapter 38: IPv6 Multicast ........................................................................................................ 1277
Overview ..............................................................................................................................1277 Managing MLD .....................................................................................................................1277 Enabling and Disabling MLD on a VLAN ............................................................................1278 Configuring MLD .............................................................................................................1278 Clearing MLD Group Registration ......................................................................................1278 Configuring Static MLD Groups and Routers ......................................................................1278 Displaying MLD Information .............................................................................................1278

Chapter 39: MSDP..................................................................................................................... 1281
Overview ..............................................................................................................................1281 Supported Platforms........................................................................................................1282 Limitations .....................................................................................................................1282 PIM Border Configuration.......................................................................................................1282 MSDP Peers .........................................................................................................................1282 MSDP Default Peers ........................................................................................................1283 Peer Authentication.........................................................................................................1283 Policy Filters...................................................................................................................1284 SA Request Processing ....................................................................................................1284

26

ExtremeXOS Concepts Guide, Software Version 12.3

Contents MSDP Mesh-Groups ..............................................................................................................1284 Anycast RP...........................................................................................................................1285 SA Cache .............................................................................................................................1287 Maximum SA Cache Entry Limit .......................................................................................1288 Redundancy .........................................................................................................................1288 Scaling Limits ......................................................................................................................1288 SNMP MIBs .........................................................................................................................1289 Configuration Examples .........................................................................................................1289 Configuring MSDP...........................................................................................................1289 Configuring an MSDP Mesh-Group ....................................................................................1290 Configuring Anycast RP ...................................................................................................1292

Part 3: Appendixes
Appendix A: ExtremeXOS Software Licenses ............................................................................... 1299
Overview ..............................................................................................................................1299 Switch License Features ........................................................................................................1300 L2 Edge License Features ................................................................................................1300 Edge License Features.....................................................................................................1305 Advanced Edge License Features ......................................................................................1306 Core License Features......................................................................................................1307 Feature Packs .................................................................................................................1308 Managing Licenses................................................................................................................1310 Displaying Software Licenses and Feature Packs ................................................................1311 Obtaining a License Voucher ............................................................................................1311 Enabling and Verifying Licenses .......................................................................................1311 Security Licensing...........................................................................................................1312 Obtaining and Enabling Feature Packs ..............................................................................1312

Appendix B: Software Upgrade and Boot Options......................................................................... 1315
Downloading a New Image .....................................................................................................1315 Image Filename Prefixes ..................................................................................................1316 Understanding the Image Version String ............................................................................1316 Software Signatures.........................................................................................................1317 Selecting a Primary or a Secondary Image .........................................................................1317 Installing a Core Image ....................................................................................................1318 Installing a Modular Software Package ..............................................................................1320 Rebooting the Switch ......................................................................................................1323 Rebooting the Management Module—Modular Switches Only ..............................................1323 Rebooting a Node in a SummitStack .................................................................................1324 Understanding Hitless Upgrade—Modular Switches Only ..........................................................1324 Understanding the I/O Version Number..............................................................................1325 Performing a Hitless Upgrade ...........................................................................................1326 Hitless Upgrade Examples................................................................................................1330 Configuration Changes...........................................................................................................1332 Viewing a Configuration ...................................................................................................1333 Returning to Factory Defaults ...........................................................................................1333 ASCII-Formatted Configuration Files .................................................................................1334 Using TFTP to Upload the Configuration..................................................................................1336 Using TFTP to Download the Configuration ..............................................................................1337

ExtremeXOS Concepts Guide, Software Version 12.3

27

Contents Synchronizing Nodes—Modular Switches and SummitStack Only ..............................................1338 Additional Behavior on the BlackDiamond 8800 Series Switches Only .................................1339 Automatic Synchronization of Configuration Files ...............................................................1340 Accessing the Bootloader .......................................................................................................1340 Upgrading the BootROM ........................................................................................................1341 BlackDiamond 10808 and 20808 Switches Only ...............................................................1341 Summit Family Switches and SummitStack Only................................................................1341 Upgrading the Firmware.........................................................................................................1342 Displaying the BootROM and Firmware Versions.......................................................................1345

Appendix C: Troubleshooting ..................................................................................................... 1347
Troubleshooting Checklists.....................................................................................................1348 Layer 1 ..........................................................................................................................1348 Layer 2 ..........................................................................................................................1348 Layer 3 ..........................................................................................................................1349 LEDs....................................................................................................................................1351 Using the Command Line Interface .........................................................................................1352 General Tips and Recommendations .................................................................................1353 The Summit switch displays only the "(pending-AAA) login: " prompt (SummitStack only): .....1354 MSM Prompt—Modular Switches Only ..............................................................................1355 Node Prompt—SummitStack Only ....................................................................................1355 Command Prompt ...........................................................................................................1355 Port Configuration ...........................................................................................................1356 Software License Error Messages ......................................................................................1357 VLANs............................................................................................................................1357 STP ...............................................................................................................................1358 ESRP .............................................................................................................................1358 VRRP .............................................................................................................................1359 Using Standalone ELRP to Perform Loop Tests ........................................................................1359 About Standalone ELRP...................................................................................................1360 Configuring Standalone ELRP...........................................................................................1361 Displaying Standalone ELRP Information...........................................................................1361 Using the Rescue Software Image—Modular Switches Only.......................................................1362 Obtaining the Rescue Image from a TFTP Server ................................................................1363 Obtaining the Rescue Image from an External Compact Flash Memory Card..........................1364 Rescuing a Node in a SummitStack ..................................................................................1365 Debug Mode .........................................................................................................................1366 Saving Debug Information ......................................................................................................1366 Enabling the Switch to Send Debug Information to the Memory Card ...................................1367 Copying Debug Information to an External Memory Card—Modular Switches Only .................1367 Copying Debug Information to a TFTP Server .....................................................................1368 Managing Debug Files .....................................................................................................1368 Evaluation Precedence for ACLs .............................................................................................1372 TOP Command......................................................................................................................1373 TFTP Server Requirements.....................................................................................................1373 System Odometer..................................................................................................................1373 Monitored Components ....................................................................................................1373 Recorded Statistics .........................................................................................................1374 Temperature Operating Range ................................................................................................1375 Unsupported Module Type .....................................................................................................1375

28

ExtremeXOS Concepts Guide, Software Version 12.3

Contents Corrupted BootROM on BlackDiamond 8800 Series Switches....................................................1376 Inserting Powered Devices in the PoE Module ..........................................................................1376 Modifying the Hardware Table Hash Algorithm .........................................................................1376 Configuring the Hash Algorithm ........................................................................................1377 Viewing the Hash Algorithm Setting ..................................................................................1378 Untagged Frames on the 10 Gbps Module ...............................................................................1378 Understanding the Error Reading Diagnostics Message .............................................................1378 Running MSM/MM Diagnostics from the Bootloader .................................................................1379 Contacting Extreme Networks Technical Support......................................................................1379

Appendix D: CNA Agent.............................................................................................................. 1381
Overview ..............................................................................................................................1381 Redundancy ...................................................................................................................1382 Downloading the CNA Agent Software Module..........................................................................1382 Running the Tests .................................................................................................................1382 Configuring the CNA Agent ....................................................................................................1383 Enabling the CNA Agent ..................................................................................................1383 Connecting to the CNA Server ..........................................................................................1383 Configuring the Interface .................................................................................................1384 Clearing the Counters ......................................................................................................1384 Displaying CNA Agent Information ....................................................................................1384 Troubleshooting ..............................................................................................................1384

Appendix E: Supported Protocols, MIBs, and Standards............................................................... 1385
MIB Support Details ..............................................................................................................1388 Standard MIBs................................................................................................................1389 Extreme Networks Proprietary MIBs ..................................................................................1409

Appendix F: Open Source Licenses............................................................................................. 1425
GNU General Public License (GPL) .........................................................................................1426 MIT License .........................................................................................................................1430 BSD.....................................................................................................................................1430 The NetBSD Foundation, Inc..................................................................................................1431 GNU Lesser General Public License (LGPL) .............................................................................1432 Net-SNMP............................................................................................................................1438 OpenSSL..............................................................................................................................1442 Original SSLeay License ........................................................................................................1443 Tcl/Tk ..................................................................................................................................1444 Mozilla Public License Version 1.1 .........................................................................................1444 xinetd ..................................................................................................................................1452

Index of Commands ................................................................................................................... 1453 Glossary ................................................................................................................................... 1463 Index ........................................................................................................................................ 1491

ExtremeXOS Concepts Guide, Software Version 12.3

29

Contents

30

ExtremeXOS Concepts Guide, Software Version 12.3

follow the release notes.3 31 . describes the conventions used in the guide. and working knowledge of the following is assumed: ● ● ● ● ● ● Local area networks (LANs) Ethernet concepts Ethernet switching and bridging concepts Routing concepts Internet Protocol (IP) concepts Routing Information Protocol (RIP). Open Shortest Path First (OSPF). and lists other publications that might be useful. functionality.” Conventions This section describes conventions used in the documentation: ● ● Platform-Dependent Conventions on page 32 Text Conventions on page 32 ExtremeXOS Concepts Guide. the family name is used.Preface This chapter provides an overview of this guide. This guide is intended for use by network administrators who are responsible for installing and setting up network equipment. Introduction This guide provides the required information to configure ExtremeXOS™ software in the currently supported versions running on switches from Extreme Networks®. Explanations about features and operations that are the same across all product families simply refer to the product as the “switch. or operation is specific to a switch family. and Intermediate SystemIntermediate System (IS-IS) Border Gateway Protocol (BGP-4) concepts IP multicast concepts Protocol Independent Multicast (PIM) concepts Simple Network Management Protocol (SNMP) NOTE ● ● ● ● If the information in the release notes shipped with your switch differs from the information in this guide. Terminology When features. Software Version 12.

all information applies to all platforms supported by ExtremeXOS software.. Warning Risk of severe personal injury. Caution Risk of personal injury.. as shown below: NOTE This is a note.Preface Platform-Dependent Conventions Unless otherwise noted. Finally. the specific platform is noted in the heading for the section describing that implementation. 32 ExtremeXOS Concepts Guide.3 . Important features or instructions. or loss of data. Text Conventions Table 1 and Table 2 list conventions that are used throughout this guide. minor differences in platform implementations are called out in a note. system damage. which are the following: ● ● ● ● ● ● ● BlackDiamond® 8800 series of switches BlackDiamond 10808 switch BlackDiamond 12800 series switches BlackDiamond 12800 R-series switch BlackDiamond 20808 switch Summit® family switches SummitStack™ When a feature or feature implementation applies to specific platforms. Table 1: Notice Icons Icon Notice Type Note Alerts you to. Software Version 12.

extremenetworks. Do not press the Return or Enter key when an instruction simply says “type.Related Publications Table 2: Text Conventions Convention Screen displays The words “enter” and “type” [Key] names Description This typeface indicates command syntax.3 33 . and then press the Return or Enter key.” Key names are written with brackets. the key names are linked with a plus sign (+). When you see the word “enter” in this guide. Example: Press [Ctrl]+[Alt]+[Del]. (Italics are also used when referring to publication titles. If you must press two or more keys simultaneously. The concepts guide PDF file provides links that connect you directly to relevant command information in the command reference guide PDF file. Displaying or printing PDF files requires that your computer be equipped with Adobe Reader® software. or represents information as it appears on the screen. Software Version 12. such as [Return] or [Esc].com/ Using ExtremeXOS Publications Online You can access ExtremeXOS publications by downloading them from the Extreme Networks World Wide Web location or from the ExtremeXOS Technical Documentation CD. ExtremeXOS Concepts Guide. Words in italicized type Italics emphasize a point or denote new terms at the place where they are defined in the text. you must type something. Publications are provided in Adobe® Portable Document Format (PDF). which is available free of charge from Adobe Systems Incorporated. This quick-referencing capability enables you to easily find detailed information in the command reference guide for any command mentioned in the concepts guide.) Related Publications The publications related to this one are: ● ● ● ● ● ● ● ● ● ExtremeXOS Command Reference Guide ExtremeXOS Release Notes BlackDiamond 8800 Series Switches Hardware Installation Guide BlackDiamond 10808 Switch Hardware Installation Guide BlackDiamond 12800 Series Switches Hardware Installation Guide BlackDiamond 20808 Switch Hardware Installation Guide BlackDiamond 20808 Switch Hardware Installation Guide Summit Family Switches Hardware Installation Guide Extreme Networks Pluggable Interface Installation Guide Documentation for Extreme Networks products is available on the World Wide Web at the following location: http://www.

you keep both files open concurrently on your computer desktop. open both PDF files before using the link.3 . 2 You may open one or both PDF files. NOTE If you activate a cross-referencing link from the concepts guide PDF file to the command reference PDF file when the command reference PDF file is closed (that is. 34 ExtremeXOS Concepts Guide. All of these documents are available in Adobe PDF format. not currently open on your computer desktop).Preface To ensure that the quick-referencing feature functions properly: 1 Download both the concepts guide PDF file and the command reference guide PDF file to the same destination directory on your computer. To enable cross-referenced linking between the concepts guide and command reference guide. Software Version 12.0 or later to use the cross-reference linking feature from the ExtremeXOS Concepts Guide to the ExtremeXOS Command Reference Guide. it is recommended that for ease of use. the system will close the concepts guide PDF file and open the command reference PDF file. To keep both PDF files open when you activate a cross-reference link. You must have Acrobat Reader 6.0 or later to properly open the documents. You must have Acrobat Reader 5. however.

1 Using ExtremeXOS .

.

1 Getting Started This chapter includes the following sections: ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Overview on page 37 Software Required on page 38 Logging In to the Switch on page 41 Understanding the Command Syntax on page 41 Port Numbering on page 44 Line-Editing Keys on page 46 Command History on page 46 Common Commands on page 46 Accessing the Switch for the First Time on page 49 Configuring Management Access on page 50 Managing Passwords on page 55 Access to Both MSM/MM Console Ports—Modular Switches Only on page 57 Domain Name Service Client Services on page 57 Checking Basic Connectivity on page 58 Displaying Switch Information on page 60 Overview Table 3 lists the Extreme Networks products that run ExtremeXOS software. Table 3: ExtremeXOS Switches Switch Series BlackDiamond 8800 Series BlackDiamond 10808 Switch BlackDiamond 12800 Series BlackDiamond 20808 Switch Summit X150 Series Switches BlackDiamond 8810 BlackDiamond 8806 BlackDiamond 10808 BlackDiamond 12802 BlackDiamond 12804 BlackDiamond 20808 Summit X150-24p Summit X150-24t Summit X150-48t Summit Summit Summit Summit Summit Summit Summit Summit X250e-24p X250e-24t X250e-24tDC X250e-24x X250e-24xDC X250e-48p X250e-48t X250e-48tDC Summit X250e Series ExtremeXOS Concepts Guide. Software Version 12.3 37 .

6 12. Software Required The tables in this section describe the software version required for each switch that runs ExtremeXOS software.3. NOTE The features available on each switch are determined by the installed feature license and optional feature packs. For more information.1 12. This chapter describes how to get started using ExtremeXOS software on the switches listed in Table 3. except the Summit X150 and Summit X350 series. Software Version 12. “ExtremeXOS Software Licenses. Table 4: BlackDiamond 8800 Series Switch Modules and Required Software Module Series Name BlackDiamond 8806 Switch MSMs Modules — 8500-MSM24 MSM-G8X MSM-48 MSM-48c 8900-MSM128 G48T G48P G24X 10G4X Minimum ExtremeXOS Software Version ExtremeXOS 11.” Table 4 lists the BlackDiamond 8800 series switch modules and the ExtremeXOS software version required to support each module.3 .1 38 ExtremeXOS Concepts Guide.1 ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS 12.3 11.3 Original-series ExtremeXOS 11.Getting Started Table 3: ExtremeXOS Switches (Continued) Switch Series Summit X350 Series Summit X450 Series Summit X450a Series Switches Summit X350-24t Summit X350-48t Summit X450-24t Summit X450-24x Summit Summit Summit Summit Summit Summit X450a-24t X450a-24tDC X450a-24x X450a-24xDC X450a-48t X450a-48tDC Summit X450e Series Summit X650 Series SummitStack Summit X450e-24p Summit X450e-48p Summit X650-24t Summit X650-24x All Summit family switches. see Appendix A.1 11.

● ● Table 5 lists the MSMs supported and the minimum ExtremeXOS software versions for the BlackDiamond 10808 and BlackDiamond 12800 series switches.5 11.6 12.5 The following guidelines provide additional information on the BlackDiamond 8000 series modules described in Table 4: ● The term BlackDiamond 8000 series modules refers to all BlackDiamond 8500. Software Version 12.0 c-series ExtremeXOS 12. MSM-5R Minimum ExtremeXOS Software Version ExtremeXOS 10.Software Required Table 4: BlackDiamond 8800 Series Switch Modules and Required Software (Continued) Module Series Name a-series Modules G48Ta G48Xa 10G4Xa 10G4Ca 10G1Xc G8Xc G24Xc G48Xc 10G4Xc 10G8Xc G48Tc 8900-G96T-c 8900-10G24X-c e-series 8500-G24X-e 8500-G48T-e G48Te G48Te2 G48Pe Minimum ExtremeXOS Software Version ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS 11.3 11. Module names that are not preceded with 8500 or 8900 are BlackDiamond 8800 series modules.4. MSM-5R MSM-5.1 ExtremeXOS 12. c-series. and 8900 series modules. and e-series names are used to distinguish between groups of modules that support different feature sets. the system returns an error message.3 39 . If you attempt to mix these. a-series. Table 5: BlackDiamond 10808 and 12800 Series Modules and Required Software Switch Series BlackDiamond 10808 Switch BlackDiamond 12800 Series Switches BlackDiamond 10808 BlackDiamond 12802 BlackDiamond 12804 Modules MSM-1.1 11. MSM-1XL MSM-5. The original-series. 8800.0 ExtremeXOS 11. Table 6 lists the BlackDiamond 20808 modules and the ExtremeXOS software version required to support each module.1 ExtremeXOS 12.3 ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS 12.1 CAUTION You cannot mix BlackDiamond 12800 R-series modules with non-R-series modules in a BlackDiamond 12800 series chassis.5 11.5 12. ExtremeXOS Concepts Guide.3 12.

0 12.5 11. Table 7: Summit Family Switches and Required Software Switch Series Summit X150 Series Switches Summit X150-24t Summit X150-24p Summit X150-48t Summit Summit Summit Summit Summit Summit Summit Summit X250e-24t X250e-24tDC X250e-48t X250e-48tDC X250e-24p X250e-48p X250e-24x X250e-24xDC Minimum ExtremeXOS Software Version ExtremeXOS 12.6 11.2 Table 7 lists the Summit family switches that run ExtremeXOS software and the minimum ExtremeXOS software version required.6 Summit X450e Series Summit X650 Series SummitStack Summit X450e-24p Summit X450e-48p Summit X650-24t Summit X650-24x Summit family switches except the Summit X150 and Summit X350 series ExtremeXOS 11.3 .1 Summit X350 Series Summit X450 Series Summit X450a Series Summit X350-24t Summit X350-48t Summit X450-24t Summit X450-24x Summit Summit Summit Summit Summit Summit X450a-24x X450a-24xDC X450a-24t X450a-24tDC X450a-48t X450a-48tDC ExtremeXOS 12. Software Version 12.1 ExtremeXOS 11. 40 ExtremeXOS Concepts Guide.5 11.0 Summit X250e Series ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS 12.2.2.0 A SummitStack is a combination of up to eight Summit family switches (excluding the Summit X150 and the Summit X350 series) that are connected together with stacking cables.1 12.2 ExtremeXOS 12.0 12.2 ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS ExtremeXOS 11.0 12.6 ExtremeXOS 12.1 ExtremeXOS 12.0 12.Getting Started Table 6: BlackDiamond 20808 Modules and Required Software Switch Series BlackDiamond 20808 Switch Switches BlackDiamond 20808 Modules MM XFM-1 XM-8XB GM-40XB GM-40XA Minimum ExtremeXOS Software Version ExtremeXOS 12.0 12.6 11.5 11.5 ExtremeXOS 11.1 12.2.

However. refer to “Failsafe Accounts” on page 54. not configuration commands. 2 If the command includes a parameter. Values include numerics. and in some cases only a subset of the options that a command supports. Most configuration commands require you to have the administrator privilege level. As you are booting up. The value part of the command specifies how you want the parameter to be set. once you see the above message you can perform a normal login. the failsafe account is now available. Some commands are also described in this concepts guide in order to describe how to use the features of the ExtremeXOS software. the # prompt is displayed. When you now press the [Enter] key. At this point. ExtremeXOS command syntax is described in detail in the ExtremeXOS Command Reference Guide. The ExtremeXOS Command Reference Guide should be considered the definitive source for information on ExtremeXOS commands. You may enter configuration commands at the # prompt. When you log in as user (which has only read access). ExtremeXOS Concepts Guide. you may see the > command prompt. or addresses.) Understanding the Command Syntax This section describes the steps to take when entering a command. (For additional information on using the failsafe account. only a subset of commands are described here. the following prompt appears: login Whether or not you press the [Enter] key. For more information on setting CLI privilege levels. Refer to the sections that follow for detailed information on using the command line interface (CLI). 3 After entering the complete command. When you log in as administrator (which has read and write access). see the ExtremeXOS Command Reference Guide. you see the # prompt. At the > prompt. continue to step 2. (See “Default Accounts” on page 53. To use the CLI: 1 Enter the command name.Logging In to the Switch Logging In to the Switch The initial login prompt appears as follows: (Pending-AAA) login: At this point. When the bootup process is complete. you will see the > prompt. skip to step 3. ensure that you have the appropriate privilege level. you may enter only monitoring commands. but the normal AAA login security is not. enter the parameter name and values. the normal AAA login security is available. When entering a command at the prompt. press [Return]. If the command does not include a parameter or values.) Wait for the following message to appear: Authentication Service (AAA) on the master node is now available for login. depending on the parameter. strings.3 41 . Software Version 12. If the command requires more information.

access profile. If you enter an invalid command. the syntax helper lists only one line of names. the syntax helper also lists any currently configured names that might be used as the next option.3 .. followed by an ellipses (. ready for the next option. to create a VLAN. Typically. or route map). this is the first three letters of the command. If you do not enter enough letters to allow the switch to determine which command you mean. you must enter enough characters to make the command unambiguous and distinguishable to the switch. The syntax helper also provides assistance if you have entered an incorrect command. If you are unsure of the complete syntax for a particular command. enter as much of the command as possible and press [Tab] or [?]. In situations where this list is very long. NOTE When using abbreviated syntax. When you enter a command to configure a named component. you do not need to use the keyword of the component.” This section describes the following topics: ● ● ● ● ● Syntax Helper on page 42 Command Shortcuts on page 42 Names on page 43 Symbols on page 43 Limits on page 44 Syntax Helper The CLI has a built-in syntax helper. If the command is one where the next option is a named component (such as a VLAN.. Abbreviated Syntax Abbreviated syntax is the shortest unambiguous allowable abbreviation of a command or parameter. The syntax helper provides a list of options for the remainder of the command and places the cursor at the end of the command you have entered so far. see Appendix B. “Software Upgrade and Boot Options. enter a VLAN name: create vlan engineering 42 ExtremeXOS Concepts Guide. For example. For more information on saving configuration changes. it indicates that you have outstanding configuration changes that have not been saved.) to indicate that there are more names that can be displayed. the syntax helper provides a list of the options based on the portion of the command you have entered. Command Shortcuts Components are typically named using the create command. Software Version 12. the syntax helper notifies you of your error and indicates where the error is located.Getting Started NOTE If an asterisk (*) appears in front of the command line prompt.

such as vlan. Symbols You may see a variety of symbols shown as part of the command syntax. or right angle bracket (>). However. and you do not type them as part of the command itself. it generates a message requesting that you clarify the object you specified. These symbols explain how to enter the command. instead of entering the modular switch command: configure vlan engineering delete port 1:3. must have a unique name. STPD and VLAN names). such as VLAN.4:6 Although it is helpful to have unique names for system components. Names must begin with an alphabetical character and cannot contain any spaces. the system may return an error message. NOTE If you use the same name across categories (for example. you can then eliminate the keyword vlan from all other commands that require the name to be entered.3 43 . left angle bracket (<). this is not a requirement. NOTE If you use the same name across categories (for example. The maximum length for a name is 32 characters.Understanding the Command Syntax After you have created the name for the VLAN. Software Version 12. Table 8 summarizes command syntax symbols. Names may contain alphanumeric characters and underscores (_) and cannot be keywords. and so on. NOTE ExtremeXOS software does not support the ampersand (&). ExtremeXOS Concepts Guide. Names All named components within a category of the switch configuration. STPD and VLAN names). For example. because they are reserved characters with special meaning in XML. Extreme Networks recommends that you specify the identifying keyword as well as the actual name. names can be re-used across categories. Extreme Networks recommends that you specify the identifying keyword as well as the actual name. the system may return an error message. stp. If you do not use the keyword. If you do not use the keyword.4:6 you could enter the following shortcut: configure engineering delete port 1:3. If the software encounters any ambiguity in the components within your command.

For example. Do not type the square brackets.) Do not type the braces. vertical bar | Separates mutually exclusive items in a list. braces { } Enclose an optional value or a list of optional arguments. You must specify the variable or value. the command will prompt. asking if you want to reboot the switch now. it continues on all ports even if one port in the sequence fails. For example. if you do not specify an argument. one of which must be entered. 44 ExtremeXOS Concepts Guide. If you attempt to enter more than 4500 characters. (In this command. and the port numbering scheme is slightly different on each. One or more values or arguments can be specified. in the syntax configure vlan <vlan_name> ipaddress <ipaddress> you must supply a VLAN name for <vlan_name> and an address for <ipaddress> when entering the command. Do not type the vertical bar.3 . in the syntax reboot {time <month> <day> <year> <hour> <min> <sec>} {cancel} {msm <slot_id>} {slot <slot-number> | node-address <nodeaddress> | stack-topology {as-standby} } You can specify either a particular date and time combination. in the syntax disable port [<port_list> | all] you must specify either specific ports or all for all ports when entering the command. however. in the syntax configure snmp add community [readonly | readwrite] <alphanumeric_string> you must specify either the read or write community string in the command. the switch emits an audible “beep” and will not accept any further input. Software Version 12. The first 4500 characters are processed. One or more values or arguments can be specified. Port Numbering The ExtremeXOS software runs on both stand-alone and modular switches. including spaces. This section describes the following topics: ● ● ● Stand-alone Switch Numerical Ranges on page 45 Modular Switch and SummitStack Numerical Ranges on page 45 Stacking Port Numerical Ranges on page 45 NOTE The keyword all acts on all possible ports. square brackets [ ] Enclose a required value or list of required arguments.Getting Started Table 8: Command Syntax Symbols Symbol angle brackets < > Description Enclose a variable or value. or the keyword cancel to cancel a previously scheduled reboot. For example. Do not type the angle brackets. For example. Limits The command line can process up to 4500 characters.

a. for example. a XGM2-2xn option card are considered front-panel ports in this context). For example. slota:x-slotb:y—Specifies a contiguous series of ports that begin on one I/O module or SummitStack node and end on another node. the following ports are valid: ● ● ● ● 2:1 2:2 2:3 2:4 You can also use wildcard combinations (*) to specify multiple modular slot and port combinations. x. the stacking port 2:1 is a 10Gb port on the rear panel of the X450a-24t that has been marked as “Stacking Port 1". ExtremeXOS Concepts Guide. port 2:1 refers to a front-panel port on the Summit family switch (the 10Gb ports on. slot:x-y—Specifies a contiguous series of ports on a particular I/O module. x-y. if an I/O module that has a total of four ports is installed in slot 2 of the chassis. When no context is given. Modular Switch and SummitStack Numerical Ranges On a modular switch. a stacking port number is a combination of the slot number and the stacking port number shown near the connector on the back of the Summit family switch: slot:port These numbers are context-specific. while the front-panel port 2:1 on a Summit X450a-24t is a 10/100/1000 Ethernet port. such as the BlackDiamond 10808 or a SummitStack. and separate the numbers by a comma to enter a range of noncontiguous numbers: ● ● ● x-y—Specifies a contiguous series of ports on a stand-alone switch.3 45 . The use of wildcards and ranges for stacking ports is the same as described in "Modular Switch and SummitStack Numerical Ranges". the port number is simply noted by the physical port number. slot:x-slot:y—Specifies a contiguous series of ports on a particular I/O module.y—Specifies a noncontiguous series of ports on a stand-alone switch. The nomenclature for the port number is as follows: slot:port For example.Port Numbering Stand-alone Switch Numerical Ranges On Summit family switches. Software Version 12. as shown below: 5 Separate the port numbers by a dash to enter a range of contiguous numbers. The following wildcard combinations are allowed: ● ● ● ● slot:*—Specifies all ports on a particular I/O module.d—Specifies a contiguous series of ports and a noncontiguous series of ports on a stand-alone switch. the port number is a combination of the slot number and the port number. Stacking Port Numerical Ranges On a SummitStack.

Deletes character to left of cursor and shifts remainder of line to left. Configures a user account password. Software Version 12. Command History The ExtremeXOS software stores the commands you enter. Deletes character under cursor and shifts remainder of line to left. Moves the cursor one character to the right. Moves cursor to first character in line. Deletes characters from under cursor to end of line. see the ExtremeXOS Command Reference Guide. When toggled on.3 . inserts text and shifts previous text to right. Commands specific to a particular feature may also be described in other chapters of this guide. You can display a list of these commands by using the following command: history Common Commands Table 10 describes some of the common commands used to manage the switch. Clears all characters typed from cursor to beginning of line. Deletes previous word. Clears screen and movers cursor to beginning of line. user names are not case sensitive. Table 10: Common Commands Command clear session [history | <sessId> | all] configure account [all | <name>] Description Terminates a Telnet or SSH2 session from the switch. Toggles on and off. Displays next command in command history buffer and places cursor at end of command. 46 ExtremeXOS Concepts Guide. For a detailed description of the commands and their options. Passwords are casesensitive. Interrupts the current CLI command execution. Passwords can have a minimum of 0 character and can have a maximum of 32 characters. Moves cursor to last character in line. Displays previous command in command history buffer and places cursor at end of command. Table 9: Line-Editing Keys Key(s) Left arrow or [Ctrl] + B Right arrow or [Ctrl] + F [Ctrl] + H or Backspace Delete or [Ctrl] + D [Ctrl] + K Insert [Ctrl] + A [Ctrl] + E [Ctrl] + L [Ctrl] + P or Up Arrow [Ctrl] + N or Down Arrow [Ctrl] + U [Ctrl] + W [Ctrl] + C Description Moves the cursor one character to the left.Getting Started Line-Editing Keys Table 9 describes the line-editing keys available using the CLI.

SSH2 sessions time out after 61 minutes of inactivity. This command is available to admin-level users and to users with RADIUS command authorization. press [Return] at the beginning of the first line. To clear the banner. Disables BOOTP for one or more VLANs. Configures a slot for a particular I/O module card. Disables one or more ports on the switch. NOTE: This command is available only on modular switches. The format is as follows: mm dd yyyy hh mm ss The time uses a 24-hour clock format. Configures the system date and time.3 47 . You can enter up to 24 rows of 79-column text that is displayed before the login prompt of each session. Creates a VLAN. the password is between 0 and 32 characters. Manually configures the port speed and duplex setting of one or more ports on a switch. The autodst and noautodst options enable and disable automatic Daylight Saving Time change based on the North American standard. You cannot set the year earlier than 2003 or past 2036. create vlan <vlan_name> {vr <vr-name>} delete account <name> delete vlan <vlan_name> disable bootp vlan [<vlan> | all] disable cli-config-logging disable clipaging disable idletimeout disable port [<port_list> | all] ExtremeXOS Concepts Guide. configure sys-recovery-level [all | none] configure time <month> <day> <year> <hour> <min> <sec> Configures a recovery option for instances where an exception occurs in ExtremeXOS software. Software Version 12. Generates the SSH2 host key. Additional options are described in the ExtremeXOS Command Reference Guide. You must install the SSH software module in addition to the base image to run SSH. Disables the timer that disconnects all sessions. Configures an IP address and subnet mask for a VLAN. Disables logging of CLI commands to the Syslog. Telnet sessions remain open until you close the Telnet client. The format of GMT_offset is +/minutes from GMT time. Deletes a VLAN. Press [Return] at the beginning of a line to terminate the command and apply the banner. console sessions remain open until the switch is rebooted or until you log off. configure ports <port_list> auto off speed [10 | 100 | 1000 | 10000] duplex [half | full] configure slot <slot> module <module_type> configure ssh2 key {pregenerated} Creates a user account. configure timezone {name <tz_name>} <GMT_offset> {autodst {name <dst_timezone_ID>} {<dst_offset>} {begins [every <floatingday> | on <absoluteday>] {at <time_of_day>} {ends [every <floatingday> | on <absoluteday>] {at <time_of_day>}}} | noautodst} configure {vlan} <vlan_name> ipaddress [<ipaddress> {<ipNetmask>} | ipv6link-local | {eui64} <ipv6_address_mask>] create account [admin | user] <account-name> {encrypted <password>} Configures the time zone information to the configured offset from GMT time. Disables pausing of the screen display when a show command output reaches the end of the page. After being disabled. The username is between 1 and 32 characters. Deletes a user account.Common Commands Table 10: Common Commands Command configure banner Description Configures the banner string.

By default. The default setting is enabled. Software Version 12. Displays the user-configured banner. By default. the switch erases the currently selected configuration image in flash memory and reboots. When enabled. Enables BOOTP for one or more VLANs. Displays the commands entered on the switch. and date and time information) to the factory defaults. Enables pausing of the screen display when show command output reaches the end of the page. enable ssh2 {access-profile [<access_profile> | none]} {port <tcp_port_number>} {vr [<vr_name> | all | default]} enable telnet history show banner unconfigure switch {all} Enables SSH2 sessions. SSH2 uses TCP port number 22. As a result. This license cannot be disabled once it is enabled on the switch. You must install the SSH2 software module in addition to the base image to run SSH. SSH2 is disabled. disable telnet enable bootp vlan [<vlan> | all] enable cli-config-logging Disables Telnet access to the switch. You must install the SSH2 software module in addition to the base image to run SSH. enable clipaging enable idletimeout enable license {software} <key> 48 ExtremeXOS Concepts Guide. and console) after 20 minutes of inactivity. Enables Telnet access to the switch. The default setting is enabled. Enables a particular software feature license. Telnet uses TCP port number 23. Specify <license_key> as an integer. The command unconfigure switch {all} does not clear licensing information. all parameters are reset to default settings.Getting Started Table 10: Common Commands Command disable ssh2 Description Disables SSH2 Telnet access to the switch. If you specify the keyword all. Enables a timer that disconnects all sessions (Telnet. SSH2.3 . Enables the logging of CLI configuration commands to the Syslog for auditing purposes. The default setting is enabled. Resets all switch parameters (with the exception of defined user accounts.

it maybe more desirable for the ports to be turned off. or Telnet access by using the interactive script (refer to “Safe Defaults Setup Method” on page 49). or after you issue the unconfigure switch all or configure safe-default-script CLI command. This is called the safe defaults mode.3 49 . SNMPv3 can be configured to eliminate this problem. Telnet is unencrypted and has been the target of security exploits in the past. In some secure applications. Would you like to change the failsafe account username and password now? [y/N]: Would you like to permit failsafe account access via the management port? [y/N]: Since you have chosen less secure management methods. Would you like to disable SNMP? [y/N]: All ports are enabled by default. If you choose to do so. In addition. After you connect to the console and log in to the switch.Accessing the Switch for the First Time Accessing the Switch for the First Time When you take your switch from the box and set it up for the first time. Would you like to disable Telnet? [y/N]: SNMP access is enabled by default. All ports are enabled in the factory default setting. Software Version 12. You disable SNMP. Please answer these questions about the security settings you would like to use. you can choose to have all unconfigured ports disabled on reboot using the interactive questions. the screen displays several interactive questions that lead you through configuring the management access that you want. Would you like unconfigured ports to be turned off by default? [y/N]: Changing the default failsafe account username and password is highly recommended. please remember the username and password as this information cannot be recovered by Extreme Networks. SNMP uses no encryption. the system returns the following interactive script: This switch currently has all management methods enabled for convenience reasons. you can return to the safe defaults mode by issuing the following commands: ● ● unconfigure switch all configure safe-default-script Safe Defaults Setup Method After you connect to the console port of the switch. please remember to increase the security of your network by taking the following actions: * change your admin password * change your failsafe account username and password ExtremeXOS Concepts Guide. Telnet is enabled by default. you must connect to the console to access the switch. You are prompted with an interactive script that specifically asks if you want to disable Telnet and SNMP. so these will not be available on your switch at next reboot.

you can optionally use an external RADIUS server to provide CLI command authorization checking for each command. if you save the setting.2 > 50 ExtremeXOS Concepts Guide. If you want to change the management access: ● Use the configure safe-default-script command which maintains your configuration and reruns the script. If you have logged on with user capabilities.” User Account A user-level account has viewing access to all manageable parameters. see Chapter 22. For more information on RADIUS. Use the unconfigure switch all command which resets your switch to the default factory setting and reruns this script. “Security.3 . with the exception of: ● ● User account database SNMP community strings A person with a user-level account can use the ping command to test device reachability and change the password assigned to the account name.Getting Started * change your SNMP public and private strings * consider using SNMPv3 to secure network management traffic You see this interactive script only under the following conditions: ● ● ● At initial login (when you use the switch the first time) After the command unconfigure switch all After the command configure safe-default-script All the changes you make using this interactive script can be saved through switch reboots. For example: BD-1. ● Configuring Management Access This section discusses the following topics: ● ● ● ● ● ● Account Access Levels on page 50 Configuring the Banner on page 51 Startup Screen and Prompt Text on page 51 Default Accounts on page 53 Creating a Management Account on page 53 Failsafe Accounts on page 54 Account Access Levels ExtremeXOS software supports the following two levels of management: ● ● User Administrator In addition to the management levels. Software Version 12. the command line prompt ends with a (>) sign.

6. With this level.705.977.Configuring Management Access Administrator Account A person with an administrator-level account can view and change all switch parameters.3 51 . before the login prompt. 6.700. 6. The administrator can disconnect a management session that has been established by way of a Telnet connection.981.248. Software Version 12. 6.482. All rights reserved. Startup Screen and Prompt Text Once you log into the switch. use the unconfigure switch all command).550.01 2.18 # Configuring the Banner You can configure a banner that displays as soon as you power-up the switch. 7.980.1 # You must have an administrator-level account to change the text of the prompt. which forces the user to press a key before the login screen displays.891. 6.034. use the following command: configure banner {acknowledge) Using the acknowledge parameter prompts the user with the following message after the banner appears and before the login prompt: Hit any key to accept these provisions.438. the command line prompt ends with a (#) sign.436. To add a banner to your switch. ============================================================================== Press the <tab> or '?' key at any time for completions. The prompt text is taken from the SNMP sysname setting. as follows: login: admin password: blue7 ExtremeXOS Copyright (C) 2000-2006 Extreme Networks.003.592. as well as change the password associated with any account name (to erase the password. * <switchname>. the system displays the startup screen. 6. 7.957.618. Remember to save your configuration changes. If you have logged on with administrator capabilities.912. 6.388. To disable the acknowledgement feature.954. If this happens.174.678. the user logged on by way of the Telnet connection is notified that the session has been terminated. The number that follows the period after the switch name indicates the sequential line of the specific command or line for this CLI session. ExtremeXOS Concepts Guide.082. 6.104.859. 6. 6. Protected by US Patent Nos: 6.766. use the configure banner command omitting the acknowledge parameter. you can also add and delete users. For example: BD-1.

For example: BD-1. The I/O modules in the following slots are shut down: 1.034.034.3 .2 > Using the system recovery commands (refer to Chapter 11.954. 7.104. The message is slightly different. 6. ============================================================================== Press the <tab> or '?' key at any time for completions.436.859.592.550. 7. 6.980.705. “Status Monitoring and Statistics.174. you can configure either one or more specified slots on a modular switch or the entire stand-alone switch to shut down in case of an error.700. the command line prompt ends with a (>) sign.859. 6.1 # When an exclamation point (!) appears in front of the command line prompt. 6.18 # If you have logged on with user capabilities.891.912. 6.082. 6. Protected by US Patent Nos: 6. 6. 7.678. 6.438. For example: BD-1.957. 6. 6.3 Use the "clear sys-recovery-level" command to restore I/O modules ! BD-8810. 6.981. it indicates that you have outstanding configuration changes that have not been saved.Getting Started If an asterisk (*) appears in front of the command line prompt.438.388. 6. The following sample shows the startup screen if any of the slots in a modular switch are shut down as a result of the system recovery configuration: login: admin password: ExtremeXOS Copyright (C) 2000-2006 Extreme Networks.248. All rights reserved. 52 ExtremeXOS Concepts Guide. “Status Monitoring and Statistics.705.01 2. Protected by US Patent Nos: 6. 6.766.104. For example: * BD-1. depending on whether you are working on a modular switch or a stand-alone switch.) The following sample shows the startup screen if a stand-alone switch is shut down as a result of the system recovery configuration: login: admin password: ExtremeXOS Copyright (C) 2000-2006 Extreme Networks.980.977.19 # If you have logged on with administrator capabilities.618.912.550.082.174. Remember to save your configuration changes. the command line prompt ends with a (#) sign. (Refer to Chapter 11. 6. All rights reserved. 6. 6.618.482.954.003. 6.436.981.248. 6.766. If you have configured this feature and a hardware error is detected.482.977.891. 6.” for information on system recovery). it indicates that one or more slots or the entire stand-alone switch are shut down as a result of your system recovery configuration and a switch error.01 2.678. the system displays an explanatory message on the startup screen. Software Version 12.” for complete information on system recovery and system health check features. 6.388. 7.003.700.957.592.

• This user cannot view the SNMP community strings. 2 At the password prompt. you must have administrator privileges. press [Return]. You can use the default names (admin and user). you are prompted for one. All switch ports have been shut down.3 53 . with the following exceptions: • This user cannot view the user account database. ! SummitX450-24x. If you do not want a password associated with the specified account. To create a new account: 1 Log in to the switch as admin. To see the accounts. Remember to save your configuration changes. use the following command: show accounts ExtremeXOS Concepts Guide. Viewing Accounts To view the accounts that have been created. Passwords can have a minimum of 0 characters and a maximum of 32 characters. This user can view (but not change) all manageable parameters. To change the password on the default account. Creating a Management Account The switch can have a total of 16 management accounts. Software Version 12. see “Applying a Password to the Default Account” on page 55. as shown in Table 11. the switch is configured with two accounts. 3 Add a new user by using the following command: create account [admin | user] <account-name> {encrypted <password>} If you do not specify a password or the keyword “encrypted”. press [Enter] twice.1 # Default Accounts By default. Use the "clear sys-recovery-level" command to restore all ports. the user may not delete all admin accounts. or enter the password that you have configured for the admin account. However. Table 11: Default Accounts Account Name admin user Access Level This user can access and change all manageable parameters.Configuring Management Access ============================================================================== Press the <tab> or '?' key at any time for completions. or you can create new names and passwords for the accounts.

the failsafe account is saved in the NVRAM of every node in the active topology. This account is never displayed by the show accounts command. On a SummitStack. when the synchronize stacking {node-address <node-address> | slot <slotnumber>} command is used. For example: BD-10808. the failsafe account is transferred from the current node to the specified nodes in the stack topology. you are prompted for the failsafe account name and prompted twice to specify the password for the account. but it is always present on the switch.3 . To configure the account name and password for the failsafe account. NOTE The information that you use to configure the failsafe account cannot be recovered by Extreme Networks.2 When you use the command with the permit or deny parameter. Software Version 12. use the following command: delete account <name> Failsafe Accounts The failsafe account is the account of last resort to access your switch.1 # configure failsafe-account enter failsafe user name: blue5green enter failsafe password: enter password again: BD-10808. NOTE On a SummitStack.1 # configure failsafe-account deny all BD-8810. On a modular switch. the connection-type access restrictions are altered as specified. You need not provide the existing failsafe account information to change it. Protect this information carefully. To delete an account. For example: BD-8810. use the following command: configure failsafe-account {[deny | permit] [all | control | serial | ssh {vr <vrname>} | telnet {vr <vr-name>}]} When you use the command with no parameters. Technical support cannot retrieve passwords or account names for this account. you must have administrator privileges. 54 ExtremeXOS Concepts Guide.2 # configure failsafe-account permit serial The failsafe account is immediately saved to NVRAM.Getting Started Deleting an Account To delete an account. To display whether the user configured a username and password for the failsafe account or to show the configured connection-type access restrictions use the following command: show failsafe-account The failsafe account has admin access level. the failsafe account is saved to both MSM/MMs' NVRAMs if both are present.

) NOTE Passwords are case-sensitive. prevent a user from employing a previously used password. enter the password. Passwords can have a minimum of 0 and a maximum of 32 characters.Managing Passwords To access your switch using the failsafe account: 1 Connect to the switch using one of the (configured) permitted connection types. the minimum is 8 characters. (If you specify the format of passwords using the configure account password-policy char-validation command. 3 When prompted. 2 At the password prompt. 2 At the password prompt. and lock users out of the account after three consecutive failed login attempts. Software Version 12. In that case. To add a password to the default admin account: 1 Log in to the switch using the name admin. you have a default account. You configure a password for your default account. If you enter an erroneous account name. The software allows you to apply additional security to the passwords. Managing Passwords When you first access the switch. press [Enter]. ExtremeXOS Concepts Guide. you cannot re-enter the correct name. user names are not case-sensitive. carefully enter the failsafe account name. You can enforce a specific format and minimum length for the password. or enter the password that you have configured for the user account. you can age out the password. 3 Add a default admin password of green by entering the following command: configure account admin green To add a password to the default user account: 1 Log in to the switch using the name user.3 55 . 2 At the switch login prompt. You can change the password to an encrypted password after you create an account. Additionally. As you create other accounts (see “Creating a Management Account” on page 53). you configure passwords for those accounts. press [Enter] until you get a login prompt and then try again. press [Enter]. This section describes the following topics: ● ● ● Applying a Password to the Default Account on page 55 Applying Security to Passwords on page 56 Displaying Passwords on page 57 Applying a Password to the Default Account Default accounts do not have passwords assigned to them.

which will make it more difficult for unauthorized users to access your system. (. To use this feature. #. the system terminates a session after the user has three consecutive failed login attempts. %. $. after which the password will not be accepted. The user may then launch another session (which again would terminate after three consecutive failed login attempts). *. ) To set this format for the password. Software Version 12. (This command also sets the number of failed logins that terminate the particular session. To increase security. using the configure cli max-failed-logins <num-of-logins> command. you can lock users out of the system entirely after three failed consecutive login attempts. use the following command: configure account [all | <name>] password-policy min-length [<num_characters> | none] To age out the password after a specified time. use the following command: configure account [all | <name>] password-policy char-validation [none | all-chargroups] You can enforce a minimum length for the password and set a maximum time limit. ^. You can specify that each password must include at least two characters of each of the following four character types: ● ● ● ● Upper-case A-Z Lower-case a-z 0-9 !. use the following command: configure account [all | <name>] password-policy max-age [<num_days> | none] You can block users from employing previously used passwords by issuing the command: configure account [all | <name>] password-policy history [<num_passwords> | none] By default. you can configure the number of failed logins that trigger lockout.Getting Started 3 Add a default user password of blue by entering the following command: configure account user blue NOTE If you forget your password while logged out of the CLI. To set a minimum length for the password.3 . you can use the bootloader to reinstall a default switch configuration. Note that this process reconfigures all switch settings back to the initial default configuration. @. Applying Security to Passwords You can increase the security of your system by enforcing password restrictions.) 56 ExtremeXOS Concepts Guide. use the following command: configure account [all | <name>] password-policy lockout-on-login-failures [on | off] NOTE If you are not working on SSH. which allows access to the switch without a password.

use the following command: clear account [all | <name>] lockout Selecting the all option affects the setting of all existing and future new accounts. Use the following command: telnet msm [a | b] Access to an Active Node in a SummitStack You can access any active node in a SummitStack from any other active node in the active topology. use the following command: show accounts password-policy You can also display which accounts may be locked out by issuing the following command: show accounts Access to Both MSM/MM Console Ports—Modular Switches Only You can access either the primary or the backup MSM/MM regardless of which console port you are connected to. Software Version 12. it must be specifically re-enabled by an administrator. Displaying Passwords To display the accounts and any applied password security. Use the following command: telnet slot <slot-number> Domain Name Service Client Services The Domain Name Service (DNS) client in ExtremeXOS software augments the following commands to allow them to accept either IP addresses or host names: ● ● ● telnet download bootrom download image ExtremeXOS Concepts Guide.Access to Both MSM/MM Console Ports—Modular Switches Only After the user’s account is locked out (using the configure account password-policy lockout-onlogin-failures command). no matter how many consecutive failed login attempts. NOTE The default admin account and failsafe accounts are never locked out. To re-enable a locked-out account.3 57 .

and 20808 series switches. if you specify the domain xyz-inc.com as the default domain.Getting Started ● ● ● ● ● ping traceroute configure radius server configure tacacs server create cfm domain dns md-level In addition. then a command such as ping accounting1 will be taken as if it had been entered ping accounting1. Specifies an end size for packets to be sent. This option can be interrupted by pressing [Ctrl] + C. You can ping an IPv6 address. Table 12: Ping Command Parameters Parameter count start-size continuous end-size Description Specifies the number of ping requests to send. of the packet to be sent.) You can specify up to eight DNS servers for use by the DNS client using the following command: configure dns-client add You can specify a default domain for use when a host name is used without a domain. (This command is available only on the default virtual router (VR) on the BlackDiamond 10808. the nslookup utility can be used to return the IP address of a hostname.com. or the starting size if incremental packets are to be sent. Specifies that UDP or ICMP echo messages are to be sent continuously. in bytes. The ping command syntax is: ping {count <count> {start-size <start-size>} | continuous {start-size <start-size>} | {start-size <start-size> {end-size <end-size>}}} {udp} {dont-fragment} {ttl <ttl>} {tos <tos>} {interval <interval>} {vr <vrid>} {ipv4 <host> | ipv6 <host>} {from} {with record-route} Options for the ping command are described in Table 12.3 . 58 ExtremeXOS Concepts Guide. Use the following command: configure dns-client default-domain For example. Specifies the size.xyz-inc. 12800. Software Version 12. The ping command is available for both the user and administrator privilege level. Checking Basic Connectivity The switch offers the following commands for checking basic connectivity: ● ● ping traceroute Ping The ping command enables you to send Internet Control Message Protocol (ICMP) echo messages to a remote IP device.

ipv4/ipv6 is the transport. from uses the specified source address in the ICMP packet. To use the hostname. If not specified. ttl configures the switch to trace the hops until the time-to-live has been exceeded for the switch. The traceroute command syntax is: traceroute {vr <vrid>} {ipv4 <host>} {ipv6 <host>} {ttl <number>} {from <from>} {[port <port>] | icmp} Where: ● ● ● vr is the name of the virtual router. NOTE: If you are contacting an IPv6 link local address. you must specify the VLAN you are sending the message from: ping <ipv6> <link-local address> %<vlan_name> <host>. the address of the transmitting interface is used. port uses the specified UDP port number. the address of the transmitting interface is used. Sets the IP to not fragment the bit. Specifies the virtual router name to use for sending out the echo message. host from with record-route Specifies a host name or IP address (either v4 or v6). host is the host of the destination endstation. Uses the specified source address. Press [Ctrl] + C to interrupt a ping request earlier. NOTE: User-created VRs are supported only on the platforms listed for this feature in Appendix A. Software Version 12. you must specify the VLAN you are sending the message from. icmp uses ICMP echo messages to trace the routed path. ● ● ● ● ExtremeXOS Concepts Guide. “ExtremeXOS Software Licenses. The statistics are tabulated after the ping is interrupted or stops. Sets the time interval between sending out ping requests. Sets the traceroute information.” ipv4 ipv6 Specifies IPv4 transport. the switch stops sending the request after three attempts. If not specified. you must first configure DNS.Checking Basic Connectivity Table 12: Ping Command Parameters (Continued) Parameter udp dont-fragment ttl tos interval vr Description Specifies that the ping request should use UDP instead of ICMP. Specifies IPv6 transport. If not specified. as shown in the following example (you must include the % sign): ping <ipv6> <link-local address> %<vlan_name> <host>. Sets the TTL value. If you are contacting an IPv6 link local address.3 59 . VR-Default is used. Traceroute The traceroute command enables you to trace the routed path between the switch and a destination endstation. Sets the TOS value. If a ping request fails. You use the ipv6 variable to ping an IPv6 host by generating an ICMPv6 echo request message and sending the message to the specified address.

you must specify the target’s IPv6 address to use this command.Getting Started Beginning with ExtremeXOS software.3 . you can trace the route between the switch and an IPv6 address. Displaying Switch Information To display basic information about the switch. use the following command: show switch 60 ExtremeXOS Concepts Guide. However. Software Version 12.

2 Managing the Switch This chapter includes the following sections: ● ● ● ● ● ● ● ● ● ● ● ● ● ● Overview on page 61 Understanding the ExtremeXOS Shell on page 62 Using the Console Interface on page 62 Using the 10/100 Ethernet Management Port on page 63 Using EPICenter to Manage the Network on page 63 Authenticating Users on page 64 Using Telnet on page 64 Using Secure Shell 2 on page 71 Using the Trivial File Transfer Protocol on page 72 Understanding System Redundancy—Modular Switches and SummitStack Only on page 73 Understanding Hitless Failover Support—Modular Switches and SummitStack Only on page 78 Understanding Power Supply Management on page 85 Using the Simple Network Management Protocol on page 89 Using the Simple Network Time Protocol on page 100 Overview Using ExtremeXOS. ● Download software updates and upgrades.3 61 . Simple Network Management Protocol (SNMP) access using EPICenter or another SNMP manager. see Appendix B.” The switch supports up to the following number of concurrent user sessions: ● One console session ■ Two console sessions are available if two management modules are installed. “Software Upgrade and Boot Options. Access the switch remotely using TCP/IP through one of the switch ports or through the dedicated 10/100 unshielded twisted pair (UTP) Ethernet management port. For more information. ● ● ● ● Eight shell sessions Eight Telnet sessions Eight Trivial File Transfer Protocol (TFTP) sessions Eight SSH2 sessions ExtremeXOS Concepts Guide. Software Version 12. you can manage the switch using the following methods: ● Access the command line interface (CLI) by connecting a terminal (or workstation with terminalemulation software) to the console port. Remote access includes: ■ ■ ■ ● Telnet using the CLI interface. Secure Shell (SSH2) using the CLI interface.

NOTE For more information on the console port pinouts. you input the commands to be executed on the switch. see “Line-Editing Keys” on page 46. On a stand-alone switch. however. If you configure a new limit. active shell sessions supported by the switch. After the switch processes and executes a command. the switch refuses only new incoming connections until the number of shell session drops below the new limit. and XTERM terminal emulation and adjusts to the correct terminal type and window size. you see the switch prompt and you can log in. the shell supports UNIX-style page view for page-by-page command output capability. 62 ExtremeXOS Concepts Guide. VT100. the console port is located on the front of the management module (MSM/MM). If you decrease the limit and the current number of sessions already exceeds the new maximum. Already connected shell sessions are not disconnected as a result of decreasing the limit. Software Version 12. the results are relayed to and displayed on your terminal. Using the Console Interface The CLI built into the switch is accessible by way of the 9-pin. up to eight active shell sessions can access the switch concurrently. At the prompt. use the following command: configure cli max-sessions For more information about the line-editing keys that you can use with the XOS shell. By default. To configure the number of shell sessions accepted by the switch. see the hardware installation guide that shipped with your switch. The shell supports ANSI. If only eight active shell sessions can access the switch. RS-232 port labeled console. After the connection has been established. only new incoming shell sessions are affected. In addition. On a modular switch. no one else can access the switch until a connection is terminated or you access the switch via the console. a combination of eight Telnet and SSH connections can access the switch even though Telnet and SSH each support eight connections. For example.Managing the Switch Understanding the ExtremeXOS Shell When you log in to ExtremeXOS from a terminal. you enter the shell with a shell prompt displayed. You can configure up to 16 active shell sessions.3 . Configurable shell sessions include both Telnet and SSH connections (not console CLI connections). the console port is located on the front panel. if you have six Telnet sessions and two SSH sessions. you can change the number of simultaneous.

Software Version 12. The VLAN mgmt comes preconfigured with only the management port as a member. go to: http://www.168. For more information about the EPICenter management software available from Extreme Networks. this address gets assigned to the primary MSM/MM.3 63 . not for switching or routing. or from a workstation configured with a web browser and the Java plug-in. the backup MSM/MM takes over.168.1: configure vlan mgmt ipaddress 192.50/25 configure iproute add default 192.1. The management port on the backup MSM/MM is available only when failover occurs. This port provides dedicated remote access to the switch using TCP/IP. When you configure the IP address for the VLAN mgmt.com/services/softwareuserguide.extremenetworks. and the VLAN mgmt on the new primary MSM/MM acquires the IP address of the previous primary MSM/ MM.aspx.1. You can also directly access any node in the stack using its alternate IP address if the node's management port is connected to your network. and configures the gateway to use 192.1 vr vr-mgmt On a SummitStack. The primary IP address is acquired by the backup node when it becomes the master node due to a failover. Using EPICenter to Manage the Network EPICenter is a powerful yet easy-to-use application suite that facilitates the management of a network of Extreme Networks switches.168. The management port is a member of the virtual router VR-Mgmt.50.168. You can connect to the management port on the primary MSM/MM for any switch configuration.com. the primary MSM/MM relinquishes its role. It supports the following management methods: ● ● Telnet/SSH2 using the CLI interface SNMP access using EPICenter or another SNMP manager The switch uses the Ethernet management port only for host operation. EPICenter offers a comprehensive set of network management tools that are easy to use from a client workstation running EPICenter client software. use the following command: configure iproute add default <gateway> {<metric>} {multicast | multicast-only | unicast | unicast-only} {vr <vrname>} The following example configuration sets the management port IP address to 192. mask length of 25. ExtremeXOS Concepts Guide. To review the EPICenter documentation. The TCP/IP configuration for the management port is done using the same syntax as used for virtual LAN (VLAN) configuration. as well as selected third-party switches. To configure the IP address and subnet mask for the VLAN mgmt.1.1. go to: http://www. the master node is accessed using the management port primary IP address as shown above for other platforms. At that time. For more information see “Logging into a SummitStack” on page 135. use the following command: configure vlan mgmt ipaddress <ip_address>/<subnet_mask> To configure the default gateway (you must specify VR-Mgmt for the management port and VLAN mgmt).extremenetworks.Using the 10/100 Ethernet Management Port Using the 10/100 Ethernet Management Port The management module or Summit family switches provide a dedicated 10/100 Mbps Ethernet management port.

3 . An administrator level account can view and change all manageable parameters. TACACS+ is used to communicate between the switch and an authentication database. with the exception of the user account database and SNMP community strings. 64 ExtremeXOS Concepts Guide. For detailed information about RADIUS and configuring a RADIUS client. authorization. For detailed information about configuring management accounts. “Security. and accounting on a central server. see Chapter 22.” TACACS+ Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing authentication. see Chapter 1. RFC 2138) is a mechanism for authenticating and centrally administrating access to network nodes. ExtremeXOS uses Telnet to connect to other devices from the switch (client) and to allow incoming connections for switch management using the CLI (server). “Security. The ExtremeXOS version of TACACS+ is used to authenticate prospective users who are attempting to administer the switch. For detailed information about TACACS+ and configuring TACACS+.” Using Telnet ExtremeXOS supports the Telnet Protocol based on RFC 854.” Management Accounts ExtremeXOS supports two levels of management accounts (local database of accounts and passwords): User and Administrator.Managing the Switch Authenticating Users ExtremeXOS provides three methods to authenticate users who log in to the switch: ● ● ● RADIUS client TACACS+ Local database of accounts and passwords NOTE You cannot configure RADIUS and TACACS+ at the same time. see Chapter 22. similar in function to the RADIUS client. Software Version 12. A user level account can view but not change all manageable parameters. “Getting Started. The ExtremeXOS RADIUS client implementation allows authentication for Telnet or console access to the switch. Telnet allows interactive remote access to a device and is based on a client/server model. RADIUS Client Remote Authentication Dial In User Service (RADIUS.

see the following sections: ● ● Configuring Telnet Access to the Switch on page 68 Disconnecting a Telnet Session on page 71 ExtremeXOS Concepts Guide. you must specify the IP address or host name of the device that you want to connect to. you must specify the IP address or host name of the device that you want to connect to. If you use Telnet to establish a connection to the switch. you may log in. see “Connecting to Another Host Using Telnet” on page 66. The switch accepts IPv6 connections. The same is true if you use the switch to connect to another host. For information about the Telnet server on the switch. NOTE Maximize the Telnet screen so that automatically updating screens display correctly. Up to eight active Telnet sessions can access the switch concurrently. Check the user manual supplied with the Telnet facility if you are unsure of how to do this. Software Version 12.Using Telnet This section describes the following topics: ● ● ● ● ● ● About the Telnet Client on page 65 About the Telnet Server on page 65 Connecting to Another Host Using Telnet on page 66 Configuring Switch IP Parameters on page 66 Configuring Telnet Access to the Switch on page 68 Disconnecting a Telnet Session on page 71 About the Telnet Client Before you can start an outgoing Telnet session on the switch. If the host is accessible and you are allowed access. After the connection is established. About the Telnet Server Any workstation with a Telnet facility should be able to communicate with the switch over a TCP/IP network using VT100 terminal emulation. the switch terminates the session within two hours. If a connection to a Telnet session is lost inadvertently. For more information about using the Telnet client on the switch.3 65 . you must set up the IP parameters described in “Configuring Switch IP Parameters” on page 66. the Telnet connection times out after 20 minutes of inactivity by default. you see the switch prompt and you can log in. If you enable the idle timer using the enable idletimeout command. From the CLI. Telnet is enabled and uses VR-Mgmt by default.

“Getting Started. the Telnet session defaults to port 23. you must configure the IP address of the VLAN using the CLI or Telnet. Software Version 12. You can use Telnet to access either the primary or the backup MSM/MM regardless of which console port you are connected to. even if the configuration has been saved.Managing the Switch Connecting to Another Host Using Telnet You can Telnet from the current CLI session to another host using the following command: telnet {vr <vr_name>} [<host_name> | <remote_ip>] {<port>} NOTE User-created VRs are supported only on the platforms listed for this feature in Appendix A. If the virtual router name is not specified. you can find it on the rear label of the switch. This is more likely to be desirable on the switch's VLAN mgmt than it is on any other VLANs. Note that all VLANs configured to use BOOTP or DHCP use the same MAC 66 ExtremeXOS Concepts Guide.” If the TCP port number is not specified. Using a BOOTP or DHCP Server If you are using IP and you have a Bootstrap Protocol (BOOTP) server set up correctly on your network. Only VT100 emulation is supported. you must provide the following information to the BOOTP server: ● ● ● Switch Media Access Control (MAC) address. If you need the switch's MAC address to configure your BOOTP or DHCP server. you must first configure the switch IP parameters. use the following command: show dhcp-client state The switch does not retain IP addresses assigned by BOOTP or DHCP through a power cycle. You can enable the BOOTP or DHCP client per VLAN by using the following commands: enable bootp vlan [<vlan> | all] enable dhcp vlan [<vlan_name> | all] You can disable the BOOTP or DHCP client per VLAN by using the following commands: disable bootp vlan [<vlan> | all] disable dhcp vlan [<vlan_name> | all] To view the current state of the BOOTP or DHCP client. “ExtremeXOS Software Licenses. To retain the IP address through a power cycle. so if you have a BOOTP or DHCP server in your IP network.” Configuring Switch IP Parameters To manage the switch by way of a Telnet connection or by using an SNMP Network Manager. found on the rear label of the switch IP address Subnet address mask (optional) The switch contains a BOOTP and Dynamic Host Configuration Protocol (DHCP) client. For more information see Chapter 1. the Telnet session defaults to VR-Mgmt. you can have it assign IP addresses to the switch.3 .

so you cannot configure the BOOTP or DHCP server to assign multiple specific IP addresses to a switch depending solely on the MAC address. The switch can be assigned multiple IP addresses (one for each VLAN).255. when configuring any IP addresses for the switch. “VLANs.Using Telnet address to get their IP address.0 The changes take effect immediately.8 255. For example: login: admin Administrator capabilities enable you to access all switch functions. you must have at least one VLAN on the switch. 2 At your terminal. use the default user name admin to log in with administrator privileges. NOTE For information on creating and configuring VLANs. Note that they are both case-sensitive. Software Version 12. NOTE As a general rule. enter them at the login prompt. and that VLAN must be assigned an IP address and subnet mask. as detailed in “Using the Console Interface” on page 62. To use Telnet or an SNMP Network Manager. The switch comes configured with a default VLAN named default. IP addresses are always assigned to each VLAN. ■ If you have been assigned a user name and password with administrator privileges. you must perform the following tasks: ● ● Log in to the switch with administrator privileges using the console interface. ■ If you are logging in for the first time. 5 Assign an IP address and subnetwork mask for the default VLAN by using the following command: configure {vlan} <vlan_name> ipaddress [<ipaddress> {<ipNetmask>} | ipv6-linklocal | {eui64} <ipv6_address_mask>] For example: configure vlan default ipaddress 123. enter the password and press [Return]. To assign IP parameters to the switch. you can express a subnet mask by using dotted decimal notation or by using classless inter domain routing notation (CIDR).3 67 . see Chapter 12. 4 At the password prompt. Manually Configuring the IP Settings If you are using IP without a BOOTP server. 3 At the login prompt. enter your user name and password. Assign an IP address and subnet mask to a VLAN. CIDR uses a forward slash ExtremeXOS Concepts Guide. The default user names have no passwords assigned. Ensure that you have entered a user name and password with administrator privileges. press [Return] one or more times until you see the login prompt. you must enter the IP parameters for the switch in order for the SNMP Network Manager or Telnet software to communicate with the device.” To manually configure the IP settings: 1 Connect a terminal or workstation running terminal emulation software to the console port. the command line prompt displays the name of the switch.67. When you have successfully logged in to the switch.45.255.

Telnet. To configure the virtual router from which you receive a Telnet request. and switch ports. please remember to increase the security of your network by taking the following actions: * change your admin password * change your SNMP public and private strings * consider using SNMPv3 to secure network management traffic For more detailed information about safe defaults mode. Telnet services are enabled on the switch and all virtual routers listen for incoming Telnet requests. the command identical to the previous example is: configure vlan default ipaddress 123.8/24 6 Configure the default route for the switch using the following command: configure iproute add default <gateway> {<metric>} {multicast | multicast-only | unicast | unicast-only} {vr <vrname>} For example: configure iproute add default 123. If you want to save your changes to an existing or new configuration file.3 . The switch accepts IPv6 connections. NOTE User-created VRs are supported only on the platforms listed for this feature in Appendix A. see “Safe Defaults Setup Method” on page 49.45.67.” The safe defaults mode runs an interactive script that allows you to enable or disable SNMP.Managing the Switch plus the number of bits in the subnet mask. When you set up your switch for the first time.1 7 Save your configuration changes so that they will be in effect after the next switch reboot. you must connect to the console port to access the switch. Although SNMP. Telnet. ■ If you want to save your changes to the currently booted configuration. After logging in to the switch.45. use the following command: configure telnet port [<portno> | default] 68 ExtremeXOS Concepts Guide. use the following command: configure telnet vr [all | default | <vr_name>] To change the default TCP port number. Software Version 12. use the following command: save configuration [<existing-config> | <new-config>] 8 When you are finished using the facility. log out of the switch by typing: logout or quit Configuring Telnet Access to the Switch By default.67. and switch ports are enabled by default. you enter safe defaults mode. the script prompts you to confirm those settings. Using CIDR notation. use the following command: save ■ ExtremeXOS allows you to select or create a configuration file name of your choice to save the configuration to. “ExtremeXOS Software Licenses. If you choose to keep the default setting for Telnet—the default setting is enabled—the switch returns the following interactive script: Since you have chosen less secure management methods.

” Sample ACL Policies.0 /24. “Policy Manager.203. see Chapter 17.133.203.0/24 or 10. The following TCP port numbers are reserved and cannot be used for Telnet connections: 22. } then { permit. You can create the policy directly on the switch. There are two methods to load ACL policies to the switch: ● Use the edit policy command to launch a VI-like editor on the switch. Telnet services are enabled on the switch. } } ExtremeXOS Concepts Guide.3 69 .0/24 and denies connections from all other addresses: MyAccessProfile.Using Telnet The range for the port number is 1 through 65535. the switch permits connections from the subnets 10.133.135.133.0 /24.0/24 but accepts connections from all other addresses: MyAccessProfile_2.203. the switch displays an error message. ● For more information about creating and implementing ACLs and policies.0/24 and denies connections from all other addresses: MyAccessProfile.0 /24. } then { permit. You configure an ACL policy to permit or deny a specific list of IP addresses and subnet masks for the Telnet port. Using ACLs to Control Telnet Access By default. If you attempt to configure a reserved port.133.pol entry AllowTheseSubnets { if match any { source-address 10.133.pol entry dontAllowTheseSubnets { if { source-address 10.” and Chapter 18. You can restrict Telnet access by using an access control list (ACL) and implementing an ACL policy.pol.203. Use the tftp command to transfer a policy that you created using a text editor on another system to the switch. source-address 10.pol.203. In the following example named MyAccessProfile.203. and 1023. } } In the following example named MyAccessProfile.135.pol entry AllowTheseSubnets { if { source-address 10. 80. Software Version 12.203. } then { deny. the switch permits connections from the subnet 10.pol.203. The following are sample policies that you can apply to restrict Telnet access. “ACLs. } } In the following example named MyAccessProfile_2.133.0 /24. the switch does not permit connections from the subnet 10.

Managing the Switch entry AllowTheRest { if { . “ACLs.” To configure Telnet to use an ACL policy to restrict Telnet access.135.203.0/24 but accepts connections from all other addresses: MyAccessProfile_2. use the following command: configure telnet access-profile [<access_profile> | none] Use the none option to remove a previously configured ACL.0/24 or 10. and whether ACLs are controlling Telnet access. “Policy Manager. source-address 10. #none specified } then { permit.203.pol. } then { deny. the virtual router used to establish a Telnet session.133.133. } } entry if AllowTheRest { { .pol entry dontAllowTheseSubnets { if match any { source-address 10. Applying a policy to both an access profile and an access list is neither necessary nor recommended. For more information about creating and implementing ACLs and policies. including the current TCP port. Viewing Telnet Information To display the status of Telnet.203.135. see Chapter 17. use the following command: show management Disabling and Enabling Telnet You can choose to disable Telnet by using the following command: disable telnet 70 ExtremeXOS Concepts Guide.203. the switch does not permit connections from the subnets 10. } } Configuring Telnet to Use ACL Policies.” and Chapter 18. } } In the following example named MyAccessProfile_2. Software Version 12.0 /24. #none specified } then { permit. NOTE Do not also apply the policy to the access list.0 /24. This section assumes that you have already loaded the policy on the switch.3 .

x or later) from SSH Communication Security. If this happens. Configuration.3 71 . 2 Determine the session number of the session you want to terminate by using the following command: show session {{detail} {<sessID>}} {history} 3 Terminate the session by using the following command: clear session [history | <sessId> | all] Using Secure Shell 2 Secure Shell 2 (SSH2) is a feature of the ExtremeXOS software that allows you to encrypt session data between a network administrator using SSH2 client software and the switch or send encrypted data from the switch to an SSH2 client on a remote system. Disconnecting a Telnet Session A person with an administrator level account can disconnect a Telnet management session. If you enable the idle timer using the enable idletimeout command. image. the SSH2 connection times out after 61 minutes of inactivity.Using Secure Shell 2 To re-enable Telnet on the switch. public key. Up to eight active SSH2 sessions can run on the switch concurrently. The ExtremeXOS SSH2 switch application works with the following clients: Putty. and policy files can be transferred to the switch using the Secure Copy Protocol 2 (SCP2) or the Secure File Transfer Protocol (SFTP). If you disable the idle timer using the disable idletimeout command. the user logged in by way of the Telnet connection is notified that the session has been terminated. Software Version 12. For detailed information about SSH2. SSH2 (version 2. You can use OpenSSH SFTP instead.” ExtremeXOS Concepts Guide. and OpenSSH (version 2. see Chapter 22.5 or later). the SSH2 connection times out after 20 minutes of inactivity by default. To terminate a Telnet session: 1 Log in to the switch with administrator privileges. OpenSSH SCP does not work with the ExtremeXOS SSH implementation. If a connection to an SSH2 session is lost inadvertently. OpenSSH uses the RCP protocol. the switch terminates the session within 61 minutes. which has been disabled from the ExtremeXOS software for security reasons. “Security. The switch accepts IPv6 connections. use the following command: enable telnet You must be logged in as an administrator to configure the virtual router(s) used by Telnet and to enable or disable Telnet. Therefore.

“ExtremeXOS Software Licenses.123. VR-Mgmt is used. enter the ls command at the command prompt.Managing the Switch Using the Trivial File Transfer Protocol ExtremeXOS supports the Trivial File Transfer Protocol (TFTP) based on RFC 1350. TFTP is a method used to transfer files from one network device to another. TFTP Blocksize Option).” If configured. For additional information about TFTP.” For information about downloading ACL (and other) policy files.” The TFTP session defaults to port 69. Software Version 12. to enable faster file downloads and larger file downloads. To view the files you retrieved. If the switch detects a backup MSM/MM in the running state. “Managing the ExtremeXOS Software. ● ● ● Connecting to Another Host Using TFTP You can TFTP from the current CLI session to another host to transfer files using the following command: tftp [<host-name> | <ip-address>] {-v <vr_name>} [-g | -p] [{-l [internal-memory <local-file-internal> | memorycard <local-file-memcard> | <local-file>} {-r <remotefile>} | {-r <remote-file>} {-l [internal-memory <local-file-internal> | memorycard <local-file-memcard> | <local-file>]}] NOTE User-created VRs are supported only on the platforms listed for this feature in Appendix A. BootROM files. “Policy Manager.cfg When you “get” the file via TFTP. “Troubleshooting. 72 ExtremeXOS Concepts Guide. see the following chapters: ● For information about downloading software image files. use the following command: tftp 10.45. You can install a removable external compact flash card in only a modular switch. ExtremeXOS uses TFTP to download software image files. and ACLs from a server on the network to the switch. see Chapter 17.67 and “get” or retrieve an ExtremeXOS configuration file named XOS1.45.67 -g -r XOS1. the switch saves the file to the primary MSM/MM. and switch configurations. to connect to a remote TFTP server with an IP address of 10. the file is replicated to the backup MSM/MM. The ExtremeXOS TFTP client is a command line application used to contact an external TFTP server on the network. switch configuration files. you can transfer core dump (debug) files from either the internal memory card or the removable external compact flash card. “Software Upgrade and Boot Options.cfg from that host.3 . see Appendix C. Up to eight active TFTP sessions can run on the switch concurrently. For example. If you do not specify a virtual router.” For information about using TFTP to transfer files to and from the switch. Extreme Networks recommends using a TFTP server that supports blocksize negotiation (as described in RFC 2348.” For information about configuring core dump files and managing the core dump files stored on your switch.123. see Chapter 3. For example. see Appendix B.

● tftp put [<host-name> | <ip-address>] {-vr <vr_name>} [{[internal-memory <localfile-internal> | memorycard <local-file-memcard> | <local_file>} {<remote_file>} | {<remote_file>} {[internal-memory <local-file-internal> | memorycard <local-filememcard> | <local_file>]}] NOTE User-created VRs are supported only on the platforms listed for this feature in Appendix A.” By default. the following two commands are available for transferring files to and from the switch: ● tftp get [<host-name> | <ip-address>] {-vr <vr_name>} [{[internal-memory <localfile-internal> | memorycard <local-file-memcard> | <local_file>} {<remote_file>} | {<remote_file>} {[internal-memory <local-file-internal> | memorycard <local-filememcard> | <local_file>]}] {force-overwrite} NOTE User-created VRs are supported only on the platforms listed for this feature in Appendix A. or if you configure two master-capable nodes in a SummitStack. “ExtremeXOS Software Licenses. the switch prompts you to overwrite the existing file. a node can be a redundant primary node if it has been configured to be mastercapable.3 73 . For SummitStack. use one of the following commands: ● ● configure stacking [node-address <node-address> | slot <slot-number>] mastercapability [on | off] configure stacking redundancy [none | minimal | maximal] This section describes the following topics: ● ● ● Node Election on page 74 Replicating Data Between Nodes on page 75 Viewing Node Status on page 77 ExtremeXOS Concepts Guide. To configure master capability on one or all nodes in a SummitStack. The primary MSM/MM or node also synchronizes the backup MSM/MM or node in case it needs to take over the management functions if the primary MSM/MM or node fails. and configuring the switch. see the tftp get command in the ExtremeXOS Command Reference Guide. “ExtremeXOS Software Licenses. The primary MSM/MM or node provides all of the switch management functions including bringing up and programming the I/O modules.” Understanding System Redundancy—Modular Switches and SummitStack Only If you install two MSMs/MM or nodes in the chassis. For more information. running the bridging and routing protocols. one assumes the role of primary (also called "master") and the other assumes the role of backup. Software Version 12.Understanding System Redundancy—Modular Switches and SummitStack Only In addition to the tftp command. if you transfer a file with a name that already exists on the system.

use the following command: configure stacking {node-address <node-address> | slot <slot-number>} priority [<nodepri> | automatic] If you do not configure any priorities. Configuring the Node Priority on a SummitStack To configure the priority of a node in a SummitStack. the higher the priority. the MSM/MM installed in slot A or the SummitStack node in slot 1 has primary status. Enter a number from 1 through 8 for the slot-number. and so forth. enter A for the MSM/MM installed in slot A or B for the MSM/MM installed in slot B.Managing the Switch Node Election Node election is based on leader election between the MSMs/MMs installed in the chassis. Nodes exchange their node role election priorities. All other nodes (if any) remain in STANDBY state. The primary node runs the switch management functions. For more information about the node states. see “Viewing Node Status” on page 77.3 . Standby nodes configured to be master-capable elect a new backup node from among themselves after a failover has occurred. and the node with the second highest node role election priority becomes the backup node. Software Version 12. and the backup node is fully prepared to become the primary node if the primary fails. Determining the Primary Node The following parameters determine the primary node: ● Node state—The node state must be STANDBY to participate in leader election and be selected as primary. DOWN. such as power supplies. In SummitStack. Health of secondary hardware components—This represents the health of the switch components. MSM-A has a higher priority than MSM-B. or the slot number configured on a stack node. and so forth in order of increasing slot number. For the slot_id parameter. or FAIL states. slot 1 has the highest priority. it cannot participate in leader election. The configured priority is compared only after the node meets the minimum thresholds in each category for it to be healthy. slot 2 the second highest priority. use the following command: configure node slot <slot_id> priority <node_pri> If you do not configure any priorities. fans. Required processes and devices must not fail. By default. Each node uses health information about itself together with a user configured priority value to compute its node role election priority. Configuration priority—This is a user assigned priority. nodes that remain in STANDBY state (called Standby nodes) program their port hardware based on instructions received from the primary. Slot ID—The MSM/MM slot where the node is installed (MSM-A or MSM-B). or mastercapable nodes present in a SummitStack. You may also use the factory assigned MAC address as the node-address value. the node with the highest node role election priority becomes the master or primary node. By default. The higher the value. Software health—This represents the percent of processes available. If the node is in the INIT. By default the priority 74 ExtremeXOS Concepts Guide. During the node election process. ● ● ● ● Configuring the Node Priority on a Modular Switch To configure the priority of an MSM/MM node. the priority is 0 and the node priority range is 1 through 100.

which allows for state recovery if the primary fails. review the section “Synchronizing Nodes— Modular Switches and SummitStack Only” on page 1338 to confirm that your platform and both installed MSMs/MMs or master-capable nodes are running software that supports the synchronize command. If the nodes are synchronized. proceed to step 3. The backup node then becomes the primary node and the original primary node reboots. ● 2 If the nodes are not synchronized because of incompatible software. Replicating data consists of the following three steps: 1 Configuration synchronization—Relays current and saved configuration information from the primary to the backup 2 Bulk checkpoint—Ensures that each individual application running on the system is synchronized with the backup 3 Dynamic checkpoint—Checkpoints any new state changes from the primary to the backup ExtremeXOS Concepts Guide. The synchronize command: ● ● ● ● Reboots the backup node to prepare it for synchronizing with the primary node Copies both the primary and secondary software images Copies both the primary and secondary configurations Reboots the backup node after replication is complete After you confirm the nodes are synchronized. Replicating Data Between Nodes ExtremeXOS replicates configuration and run-time information between the primary node and the backup node so that the system can recover if the primary fails. with the primary node showing MASTER and the backup node showing BACKUP (InSync). To cause the failover: 1 Use the show switch {detail} command on the primary or the backup node to confirm that the nodes are synchronized and have identical software and switch configurations before failover. use the run failover {force} command to initiate failover from the primary node to the backup node. Software Version 12. or the backup is down. incompatible software is running on the primary and backup. 3 If the nodes are synchronized.3 75 . The output displays the status of the nodes. A node may not be synchronized because checkpointing did not occur.Understanding System Redundancy—Modular Switches and SummitStack Only is "automatic" and the node-pri value is any number between 1 and 100. Checkpointing is the process of automatically copying the active state from the primary to the backup. use the synchronize command to ensure that the backup has the same software in flash as the primary. Relinquishing Primary Status Before relinquishing primary status and initiating failover. This method of replicating data is known as checkpointing. ● If the nodes are not synchronized and both nodes are running a version of ExtremeXOS that supports synchronization. The higher the value. You can cause the primary to failover to the backup. thereby relinquishing its primary status. the higher the priority. proceed to step 2. proceed to step 3.

Relaying Configuration Information To facilitate a failover from the primary node to the backup node. the primary transfers its active configuration to the backup. issue the save command after you make any changes. to see if the backup node is fully synchronized (In Sync) with the primary node. failover is possible without a switch or SummitStack reboot. To see if bulk checkpointing is complete.Managing the Switch To monitor the checkpointing status. Because the backup always uses the primary’s active configuration. the switch prompts you to save your changes. that is. the save configuration command will normally save the primary node's configuration file to all active nodes in the SummitStack. During the initial switch boot-up. any configuration change you make to the primary is relayed to the backup and incorporated into the backup’s configuration copy. After the primary and backup nodes are synchronized. NOTE If you issue the reboot command before you save your configuration changes. Bulk Checkpointing Bulk checkpointing causes the primary and backup run-time states to be synchronized. After the primary and backup nodes have been elected. the switch or SummitStack reboots. its configuration is read from the local flash. use the show checkpoint-data {<process>} command. the primary’s configuration takes effect. NOTE To ensure that all of the configuration commands in the backup’s flash are updated. Software Version 12. However. the next application proceeds with its bulk checkpointing. once bulk checkpointing is complete. the backup node continues to use the primary’s active configuration. To keep your configuration changes. During the initialization of a node. Relaying configuration information is the first level of checkpointing. the primary transfers its current active configuration to the backup. 76 ExtremeXOS Concepts Guide. save them before you reboot the switch. an application starts checkpointing only after all of the applications it depends on have transferred their run-time states to the backup MSM/MM node.3 . Data is not replicated from the primary to the standby nodes. use the show checkpoint-data {<process>} command. Since ExtremeXOS runs a series of applications. If a failover occurs. the active configuration remains in effect regardless of the number of failovers. To monitor the checkpointing status. On a SummitStack. use the show switch {detail} command. If the backup determines that it does not have the primary’s active configuration because a run-time synchronization did not happen. If a failover occurs before bulk checkpointing is complete. After one application completes bulk checkpointing. the switch or SummitStack reboots.

This command displays. Examples of user actions are: • Upgrading the software • Rebooting the system using the reboot command • Initiating an MSM/MM failover using the run msm-failover command • Synchronizing the MSM/MM software and configuration in non-volatile storage using the synchronize command FAIL INIT In the fail state. the node is not available to participate in leader election. MASTER ExtremeXOS Concepts Guide. Software Version 12. the node is being initialized. the node is responsible for all switch management functions. or stackable switch in a SummitStack installed in your system is self-sufficient and runs the ExtremeXOS management applications. To view node status. This ensures that the backup has the most up-to-date and accurate information. Viewing Node Status ExtremeXOS allows you to view node statistical information. Each node in a modular switch. Table 13: Node States Node State BACKUP DOWN Description In the backup state. In the primary (master) state. you can see the general health of the system along with other node parameters. The node enters this state during any user action. Being fully initialized means that all of the hardware has been initialized correctly and there are no diagnostic faults. In the down state. The node reaches this state if the system has a hardware or software failure. the amount of copying completed by each process and the traffic statistics between the process on both the primary and the backup nodes. in percentages. Viewing Checkpoint Statistics To view and check the status of one or more processes being copied from the primary to the backup node. dynamic checkpointing requires that any new configuration information or state changes that occur on the primary be immediately relayed to the backup. Table 13 lists the node status collected by the switch. In the initial state. the node has failed and needs to be restarted or repaired.Understanding System Redundancy—Modular Switches and SummitStack Only Dynamic Checkpointing After an application transfers its saved state to the backup node. use the following command: show checkpoint-data {<process>} This command is also helpful in debugging synchronization problems that occur at run time.3 77 . use the following command: show node {detail} In a SummitStack. that makes the node unavailable for management. A node stays in this state when it is coming up and remains in this state until it has been fully initialized. the "show stacking" command will show the node roles of active nodes. By reviewing this output. this node becomes the primary node if the primary fails or enters the DOWN state. The backup node also receives the checkpoint state data from the primary. other than a failure.

Aside from this difference. NOTE The BlackDiamond 12802 switch does not support hitless failover. “Understanding System Redundancy—Modular Switches and SummitStack Only” on page 73. As described in the section. Static Layer 3 configurations and routes are hitless. However. so all ports continue to function. running the bridging and routing protocols. 78 ExtremeXOS Concepts Guide. hitless failover is the same on modular chassis and SummitStack. In SummitStack. The configuration is one of the most important pieces of information checkpointed to the backup node. the new primary node removes and re-adds the routes. there can be more than two master-capable nodes. On a modular chassis. Not all protocols support hitless failover. The primary node provides all of the switch management functions including bringing up and programming the I/O modules or other (Standby) nodes in the SummitStack. All such nodes that do not get elected either Master or Backup remain in Standby state. The remaining SummitStack nodes' ports continue to function normally. one assumes the role of primary and the other assumes the role of backup. “BGP.” and for more information about BGP. The priority of the node is only significant in the standby state. a SummitStack node has customer ports that are under the control of its single central processor. if you install two MSMs/MMs (nodes) in a chassis or if you configure at least two master-capable nodes in a SummitStack. such ports are directly controlled by separate processors. Each component of the system needs to checkpoint whatever runtime data is necessary to allow the backup node to take over as the primary node if a failover occurs. but subsequent behavior depends on the routing protocols used. The primary node also synchronizes the backup node in case it needs to take over the management functions if the primary node fails. When a modular chassis MSM/MM failover occurs.3 . You must configure OSPF graceful restart for OSPF routes to be maintained. all of the ports in the chassis are under the control of separate processors which can communicate with the backup MSM/MM. see Chapter 36. see Chapter 33. “OSPF. Understanding Hitless Failover Support—Modular Switches and SummitStack Only The term "hitless failover" has slightly different meanings on a modular chassis and a SummitStack.Managing the Switch Table 13: Node States (Continued) Node State STANDBY Description In the standby state. Software Version 12. For more information about checkpointing data and relaying configuration information. leader election occurs—the primary and backup nodes are elected. and you must configure BGP graceful restart for BGP routes to be maintained. MSMs/MMs do not directly control customer ports. For more information about OSPF. Layer 3 forwarding tables are maintained for pre-existing flows. and configuring the switch. including the protocols and the hardware dependent layers.” For routing protocols that do not support hitless failover. see Table 14 for a detailed list of protocols and their support. see “Replicating Data Between Nodes” on page 75. failure of the primary node results in all ports that require that node's processor for normal operation going down. In a SummitStack.

If you use ELRP as a standalone tool. is as follows: RMEP Expiry Time = elapsed expiry time on the master node + 3. By knowing the state of the EAPS domain. Although there is no hitless failover support in ELRP itself. see Chapter 21. If the backup node becomes the primary node. additional information is also available in that particular chapter. However. the route manager deletes all BGP routes 1 second after the failover occurs. Extreme Discovery Protocol (EDP) EDP does not checkpoint protocol data units (PDUs) or states. Unless otherwise noted.3 79 . by default the route manager does not delete BGP routes until 120 seconds after failover occurs. Ethernet Automatic Protection Switching (EAPS) The primary node replicates all EAPS BPDUs to the backup. after BGP comes up after restart. RMEP expiry time on the new master node in case of double failures. ELRP does not affect the network behavior if a failover occurs. Although both primary and backup nodes receive EAPS BPDUs. only the primary transmits EAPS BPDUs to neighboring switches and actively participates in EAPS. Replicating the protocol packets from an active MSM/MM to a backup may be a huge overhead if CCMs are to be initiated/received in the CPU and if the CCM interval is in the order of milliseconds. If a protocol indicates support for hitless failover. the EAPS process running on the backup node can quickly recover after a primary node failover. hitless failover support is not needed since the you initiate the loop detection. This causes an increase in control traffic onto the network. Software Version 12. each node maintains equivalent EAPS states. for information about network login support of hitless failover. There is no traffic interruption. No Yes Yes Hitless Yes Extreme Loop Recovery Protocol (ELRP) No ExtremeXOS Concepts Guide.5 * ccmIntervaltime + MSM convergence time. the behavior is the same for all modular switches. Since both primary and backup nodes receive EAPS BPDUs. If you use ELRP in conjunction with ESRP. “Network Login. RMEP timeout does not occur on a remote node during the hitless failover. which results in a traffic interruption in addition to the increased control traffic. and starts receiving PDUs. ELRP does not interfere with the hitless failover support provided by ESRP. For example. when the REMP expiry timer is already in progress.Understanding Hitless Failover Support—Modular Switches and SummitStack Only Protocol Support for Hitless Failover Table 14 summarizes the protocol support for hitless failover.” Table 14: Protocol Support for Hitless Failover Protocol Border Gateway Protocol (BGP) Behavior If you configure BGP graceful restart.1ag) An ExtremeXOS process running on the active MSM/MM should continuously send the MEP state changes to the backup. Connectivity Fault Management (IEEE 802. so the backup node does not have the neighbor’s information. BGP re-establishes sessions with its neighbors and relearns routes from all of them. which allows the backup to be aware of the state of the EAPS domain. If you do not configure graceful restart. the new primary learns about its neighbors.

which results in a traffic interruption and increased control traffic. the SLAVE timeouts after a certain time interval and resumes normal processing. Network Login Continued Web-Based Authentication Web-based Netlogin users continue to be authenticated after a failover.1x Authentication Authenticated clients continue to remain authenticated after failover. (If no packet is received with the HOLD bit reset. After a failover. However. the authentication process is very short with only a single packet being sent to the switch so it is expected to be transparent to the client stations. If the active MSM/MM fails. Link Aggregation Control Protocol (LACP) Link Layer Discovery Protocol (LLDP) If the backup node becomes the primary node. However. it sends another hello with the HOLD bit reset. In the case of MAC-Based authentication. The SLAVE switch resumes normal processing. 802. after ISIS comes up after restart. LLDP is similar to EDP. the MSDP process loses all state information and the standby MSM/MM becomes active. so it is not a hitless failover. the route manager deletes all ISIS routes 1 second after the failover occurs. Since LLDP is more of a tool than a protocol. Yes Yes IS-IS (IPv4) Yes IS-IS (IPv6) No Hitless Yes Yes No Multicast Source Discovery Protocol (MSDP) Network Login No Yes 80 ExtremeXOS Concepts Guide. If you do not configure graceful restart. The MASTER switch keeps sending hellos with the HOLD bit set on every hello interval. it takes 30 seconds or greater before the MIB database is fully populated again. 1 second after failover.Managing the Switch Table 14: Protocol Support for Hitless Failover (Continued) Protocol Extreme Standby Router Protocol (ESRP) Behavior If failover occurs on the ESRP MASTER switch. there is no traffic interruption. the ESRP SLAVE switch freezes all further state transitions. there is no hitless failover support. Information about unauthenticated clients is not checkpointed so any such clients that were in the process of being authenticated at the instant of failover must go through the authentication process again from the beginning after failover. On receiving this packet. Software Version 12. When the MASTER is done with its failover. but there is also a MIB interface to query the information learned. all authenticated clients are forced to reauthenticate themselves. the failover from the active MSM/MM to the standby MSM/MM causes MSDP to lose all state information and dynamic data. there is no traffic disruption.3 . Information about unauthenticated clients is not checkpointed so any such clients that were in the process of being authenticated at the instant of failover must go through the authentication process again from the beginning after failover. This causes an increase in network control traffic. ISIS for IPv6 does not support hitless restart.) Failover on the ESRP SLAVE switch is of no importance because it is the SLAVE switch. ISIS re-establishes sessions with its neighbors and relearns Link State Packets (LSPs) from all of the neighbors. it sends a hello packet with the HOLD bit set. However. Intermediate SystemIntermediate System (IS-IS) If you configure IS-IS graceful restart. Network Login Continued MAC-Based Authentication Authenticated clients continue to remain authenticated after failover so the failover is transparent to them.

as described in Table 14. if you have a BlackDiamond 10808 switch running ExtremeXOS 11. For example. so the route manager deletes all RIPng routes 1 second after the failover occurs. This causes an increase in control traffic onto the network. Power over Ethernet (PoE) The PoE configuration is checkpointed to the backup node. This behavior is applicable only on the BlackDiamond 8800 series switches and SummitStack. This causes an increase in control traffic onto the network. so the route manager deletes all OSPFv3 routes 1 second after the failover occurs. all ports currently powered stay powered after the failover and the configured power policies are still in place.4. all hardware and software caches are cleared and learning from the hardware is restarted. RIPng does not support graceful restart. This results in a traffic interruption as well as an increase in control traffic as RIP re-establishes its database. This causes a traffic interruption since it is the same as if the switch rebooted for all Layer 3 multicast traffic. so the route manager deletes all RIP routes 1 second after the failover occurs. If you are running an earlier version of ExtremeXOS than that listed in the ExtremeXOS version column. OSPF re-establishes sessions with its neighbors and relearns Link State Advertisements (LSAs) from all of the neighbors. it relearns the routes from its neighbors. which allows the primary and backup nodes to run VRRP in parallel. VRRP supports hitless failover.3 81 . Protocol Independent Multicast (PIM) Routing Information Protocol (RIP) After a failover. This causes an increase in control traffic onto the network. after OSPF comes up after restart. After RIPng comes up on the new primary node. there is no traffic interruption. Yes No Yes No Hitless Yes No Routing Information Protocol next generation (RIPng) No Virtual Router Redundancy Protocol (VRRP) Yes Platform Support for Hitless Failover Table 15 lists when each platform and management module began supporting hitless failover for a specific protocol. Spanning Tree Protocol (STP) STP supports hitless failover including catastrophic failure of the primary node without interruption. Remember. which results in a traffic interruption in addition to the increased control traffic. the route manager deletes all OSPF routes 1 second after the failover occurs. ExtremeXOS Concepts Guide. This results in a traffic interruption. RIP does not support graceful restart. If you do not configure graceful restart. Software Version 12. the switch does not support hitless failover for that protocol. This ensures that if the backup takes over. only the primary transmits VRRP PDUs to neighboring switches and participates in VRRP. not all protocols support hitless failover. Hitless failover requires a switch with two MSMs/MMs installed. There should be no discernible network event external to the switch. The primary node replicates VRRP PDUs to the backup. The protocol runs in lock step on both master and backup nodes and the backup node is a hot spare that can take over at any time with no impact on the network. After OSPFv3 comes up on the new primary node. Open Shortest Path First v3 (OSPFv3) OSPFv3 does not support graceful restart. the switch does not support VRRP hitless failover. This results in a traffic interruption.Understanding Hitless Failover Support—Modular Switches and SummitStack Only Table 14: Protocol Support for Hitless Failover (Continued) Protocol Open Shortest Path First (OSPF) Behavior If you configure OSPF graceful restart. Although both nodes receive VRRP PDUs. However. it relearns the routes from its neighbors.

1 12.6 12.6 11.4 11.3 11.4 11.4 11.0 11.6 12.1 11.4 11.6 11.3 11.Managing the Switch Table 15: Platform Support for Hitless Failover Platform BlackDiamond 10808 switch Management Module MSM-1 and MSM-1XL Protocol BGP graceful restart EAPS ESRP LACP Network login OSPF graceful restart STP VRRP IS-IS graceful restart BlackDiamond 8800 series switches MSM-G8X BGP graceful restart EAPS ESRP LACP Network login OSPF graceful restart PoE STP VRRP IS-IS graceful restart MSM-48 BGP graceful restart EAPS ESRP LACP Network login OSPF graceful restart PoE STP VRRP IS-IS graceful restart MSM-48c BGP graceful restart EAPS ESRP LACP Network login OSPF graceful restart PoE STP VRRP IS-IS graceful restart ExtremeXOS Version 11.0 11.1 12.4 11.6 12.1 12.1 12.1 82 ExtremeXOS Concepts Guide.3 .1 12.6 11.6 11.6 11.3 11.6 11.4 11.3 11.3 11.1 12.3 11.6 11. Software Version 12.6 11.1 11.1 12.1 12.1 12.3 11.1 12.

4 11.4 11.4 11. (features available depend on license level) Protocol BGP graceful restart ExtremeXOS Version 12.2 12.0 12.0 12.2 12.2 BlackDiamond 12804 switch MSM-5 and MSM-5R BGP graceful restart EAPS ESRP LACP Network login OSPF graceful restart STP VRRP IS-IS graceful restart BlackDiamond 20808 switch MM BGP graceful restart EAPS ESRP LACP OSPF graceful restart STP VRRP IS-IS graceful restart Hitless Failover Caveats This section describes the caveats for hitless failover.4 11.0 12.0 12.2.2 12.2 12.Understanding Hitless Failover Support—Modular Switches and SummitStack Only Table 15: Platform Support for Hitless Failover (Continued) Platform SummitStack Management Module Any Summit family switch except the Summit X150 and X350 series.2.4 11.2.1 11.0 12.2.0 12. Caveat for All Modular Switches The following summary describes the hitless failover caveats for all modular switches: ● A brief traffic interruption (less than 1/2 of a second) can occur when the failover happens due to reprogramming of the I/O modules to bypass the original primary MSM/MM switch chips.2.2.4 11.2. ExtremeXOS Concepts Guide.2 12. Check the latest version of the ExtremeXOS release notes for additional information.2 12.2.0 EAPS ESRP LACP Network login OSPF graceful restart STP VRRP IS-IS graceful restart 12.0 12.1 12. Software Version 12.3 83 .2 12.4 11.6 12.

” for a description of OSPF and the graceful restart function.3 . 84 ExtremeXOS Concepts Guide. See Chapter 33. it deletes any previous updates it received from the restarting speaker (the SummitStack) before the restart occurred. Software Version 12. the SummitStack successfully restores the BGP routing table only if the BGP network remains stable during the restart period. reconvergence occurs in the BGP network due to the failover. it is possible to immediately elect a new backup node. If a receiving speaker detected the need for a routing change due to the failure of links on the failed primary node. If a new backup node is elected. the SummitStack continues to be identified with this address. Caveat for the BlackDiamond 8800 Series Switches Only The following summary describes the hitless failover caveats for the BlackDiamond 8800 series switches: ● I/O modules not yet in the Operational state are powered off and the card state machine is restarted to bring them to the Operational state. If the failed primary node provided interfaces to OSPF networks. the stack becomes a daisy chain until the failed node restarts or is replaced. To simulate the behavior of a chassis. This results in a delay in the I/O module becoming Operational. A brief traffic interruption (less than 50 milliseconds) can occur when the traffic on the ring is rerouted because the active topology becomes a daisy chain. See Chapter 36.” for a description of BGP and its graceful restart function. Consequently. it will become a standby node. “OSPF. Caveat for the BlackDiamond 12804 Switch Only The following summary describes the hitless failover caveats for the BlackDiamond 12804 switch: ● There is only one active link to the backplane during a failover. a MAC address of one of the nodes is designated as the seed to form a "stack MAC address". In the recommended stack ring configuration. When a failover occurs. ● ● ● ● ● Caveat for the BlackDiamond 10808 Switch and BlackDiamond 8800 Series Switches Only The following summary describes the hitless failover caveats for the BlackDiamond 10808 switch and the BlackDiamond 8800 series switches: ● There is a 50% reduction in backplane bandwidth during a failover. the SummitStack successfully restores the original link state database only if the OSPF network remains stable during the restart period. the link state database restoration is prematurely terminated. During a BGP graceful restart. Since the SummitStack can contain more than two master-capable nodes. and reconvergence occurs in the OSPF network due to the failover. “BGP.Managing the Switch Caveats for SummitStack The following describes the hitless failover caveats for the SummitStack: ● All customer ports and the stacking links connected to the failed primary node will go down. During an OSPF graceful restart. when the original primary node restarts.

display a warning message in the log. ExtremeXOS Concepts Guide. If this occurs. the power controller disables the PSU if an unsafe condition arises. For more detailed information about PoE.Understanding Power Supply Management Understanding Power Supply Management This section describes how ExtremeXOS manages power consumption on the switch: ● ● ● ● Using Power Supplies—Modular Switches Only on page 85 Using Power Supplies—Summit Family Switches Only on page 88 Using Power Supplies . You can mix existing 700/1200 W AC PSUs and 600/900 W AC PSUs in the same chassis.6 or later to support the 600/900 W AC PSUs. you must be running ExtremeXOS 11. including power budget. Software Version 12.” ExtremeXOS includes support for the 600/900 W AC PSU for the BlackDiamond 8806 switch. “PoE. and temperature of the PSU. there are specific power budget requirements and configurations associated with PoE that are not described in this section. To determine the health of the PSU. The power management capability of ExtremeXOS: ● ● ● ● ● ● Protects the system from overload conditions Monitors all installed PSUs. ExtremeXOS provides enough power to boot-up the chassis. When you first power on the switch. all 700/1200 W AC PSUs are budgeted “down” to match the lower powered 600/900 W AC output values to avoid PSU shutdown. If you install the 600/900 W AC PSU in a chassis other than the BlackDiamond 8806. the power supply controllers enable a PSU. For more information about the power supply controller. refer to the hardware documentation which is listed in the Preface. see Chapter 10. ExtremeXOS checks the voltage. current. If you have a BlackDiamond 8000 series Power over Ethernet (PoE) G48P module installed in a BlackDiamond 8800 series switch. total available power. As part of the power management function. and disable the PSU.Warning>MSM-A:Power supply in slot 6 is not supported and is being disabled. For more information about the 600/ 900 W AC PSU. you see a message similar to the following: <Warn:HAL.SummitStack Only on page 88 Displaying Power Supply Information on page 88 Using Power Supplies—Modular Switches Only ExtremeXOS monitors and manages power consumption on the switch by periodically checking the power supply units (PSUs) and testing them for failures. redundancy.3 85 . however. and so on Detects and isolates faulty PSUs The switch includes two power supply controllers that collect data from the installed PSUs and report the results to the MSM/MM modules. even installed PSUs that are disabled Enables and disables PSUs as required Powers up or down I/O modules based on available power and required power resources Logs power resource changes. refer to the hardware documentation which is listed in the Preface.Sys. When a combination of 700/1200 W AC PSUs and 600/900 W AC PSUs are powered on in the same BlackDiamond 8806 chassis.

If the system does not have enough power. Insufficient—One or more modules are not powered up due to a shortfall of available power. the removal of one PSU. some I/O modules are not powered up. ExtremeXOS considers the I/O modules for power up from the lowest numbered slot to the highest numbered slot. but not redundant—Power from a single PSU is lost. and one or more I/O modules are powered down. it reads and analyzes the installed I/O modules. In this scenario. N is the minimum number of power supplies needed to keep the system fully powered and the system has N+1 PSUs powered. ■ ■ By reading the PSU information. Software Version 12. Sufficient. including PoE requirements for the BlackDiamond 8000 series PoE I/O module. or a degradation of input voltage results in insufficient power to keep all of the I/O modules powered up. Power Redundancy In simple terms. if the output of one PSU is lost for any reason. Calculates the current power surplus or shortfall. the system remains fully powered. If the system power status is not redundant. Logs and sends SNMP traps for transitions in the overall system power status. For example. Checks for PSU failures. ExtremeXOS determines the power status and the total amount of power available to the system. The total power available determines which I/O modules can be powered up. Calculates the number of I/O modules to power up based on the available power budget and the power requirements of each I/O module. With redundancy. including whether the available amount of power is: ■ ● ● ● ● ● ● Redundant or N+1—Power from a single PSU can be lost and no I/O modules are powered down.Managing the Switch This section describes the following power management topics: ● ● ● ● Initial System Boot-Up on page 86 Power Redundancy on page 86 Power Management Guidelines on page 87 Overriding Automatic Power Supply Management on page 88 Initial System Boot-Up When ExtremeXOS boots up.3 . based on their power requirements and the available system power. If there is not enough power. ExtremeXOS powers down the I/O modules from the highest numbered slot to the lowest numbered slot until the switch has enough power to continue operation. the loss of power to one PSU. power redundancy (N+1) protects the system from shutting down. ExtremeXOS: ● Collects information about the PSUs installed to determine how many are running and how much power each can supply. Reserves the amount of power required to power up a second MSM/MM if only one MSM/MM is installed. Reserves the amount of power required to power all fans and chassis components. 86 ExtremeXOS Concepts Guide.

Table 16 lists combinations where ExtremeXOS maximizes system power by disabling the PSUs with 110V AC inputs. including a change in the total available power. Whenever the system experiences a change in power redundancy. based on the I/O module’s power requirements. Software Version 12. Table 16: PSU Combinations Where 110V PSUs Are Disabled Number of PSUs with 220V AC Inputs 2 3 3 4 4 5 Number of PSUs with 110V AC Inputs 1 1 2 1 2 1 For all other combinations of 220V AC and 110V AC PSUs.1 and mix PSUs with 110V and 220V AC inputs. or a return to redundant power. Power Management Guidelines The following list describes some key issues to remember when identifying your power needs and installing PSUs: ● If you disable a slot. NOTE If you are running ExtremeXOS 11. ExtremeXOS Concepts Guide. degraded input voltage.2 or 11. BlackDiamond 8806 switch only—When a combination of 700/1200 W AC PSUs and 600/900 W AC PSUs are powered on in the same BlackDiamond 8806 chassis. the switch sends messages to the syslog. If the PSUs with 110V AC inputs are disabled. OR ■ ExtremeXOS computes the total available power using both methods and automatically uses the PSU configuration that provides the greatest amount of power to the switch. ExtremeXOS maximizes system power by enabling all PSUs and budgeting each PSU at 110V AC.Understanding Power Supply Management If you install or provide power to a new PSU. the I/O module installed in that slot is always powered down regardless of the number of PSUs installed. all 700/1200 W AC PSUs are budgeted “down” to match the lower powered 600/900 W AC output values to avoid PSU shutdown. then the PSUs with 220V AC inputs can be budgeted with a higher output per PSU. ExtremeXOS maximizes system power by automatically taking one of two possible actions: ■ ● If all PSUs are enabled then all PSUs must be budgeted at 110V AC to prevent overload of PSUs with 110V AC inputs.3 87 . the switch budgets all PSUs as if they have 110V AC inputs. If a switch has PSUs with a mix of both 220V AC and 110V AC inputs. I/O modules powered down due to earlier insufficient power are considered for power up from the lowest slot number to the highest slot number.

The PoE Summit switches respond to internal and external PSU failures based on your PoE configurations. if you experience an internal PSU failure and do not have an external PSU installed. “PoE. Using Power Supplies . use the configure power supply <ps_num> auto command. The Summit family switches support an internal power supply with a range of 90V to 240V AC power as well as an external redundant power supply. Using Power Supplies—Summit Family Switches Only On Summit family switches. If the combination of AC inputs represents one of those listed in Table 16. there are specific power budget requirements and configurations associated with PoE that are not described in this section. see Chapter 10. Software Version 12. use the show power and show power budget commands. you may reduce the available power and cause one or more I/O modules to power down. For more information about configuring PoE on the Summit X450e-24p and X450e-48p switches. The Extreme Networks External Power System (EPS) allows you to add a redundant power supply to the Summit family switches to protect against a power supply failure. If you experience a PSU failure and have an external PSU installed. the switch uses the external PSU to maintain power to the switch. On non-PoE Summit switches. management is the same as it is for standalone Summit family switches. The EPS consists of a tray or module that holds the EPS power supplies. To display power supply status and power budget information. Displaying Power Supply Information To display the status of the currently installed power supplies on all switches.” For more information about Summit family switches and EPS. The only difference is that the power management commands have been centralized so that they can be issued from the primary node. use the following command: show power {<ps_num>} {detail} 88 ExtremeXOS Concepts Guide.Managing the Switch Overriding Automatic Power Supply Management You can override automatic power supply management to enable a PSU with 110V AC inputs that ExtremeXOS disables if the need arises. you can turn on a disabled PSU using the following command: configure power supply <ps_num> on NOTE If you override automatic power supply management.3 .SummitStack Only Since the nodes have their own power supplies and since they cannot be shared. To resume using automatic power supply management on a PSU. On PoE Summit switches. the switch powers down. such as for a planned maintenance of 220V AC circuits. refer to the hardware documentation which is listed in the “Preface” chapter. ExtremeXOS reports when the PSU has power or has failed. The setting for each PSU is stored as part of the switch configuration.

provided the Management Information Base (MIB) is installed correctly on the management station. Software Version 12. The following sections describe how to get started if you want to use an SNMP manager. the following commands provide additional power supply information. or no SNMP access. use the following command: show power controller {<num>} Using the Simple Network Management Protocol Any network manager program running the Simple Network Management Protocol (SNMP) can manage the switch. use the create and go operation. Rose ISBN 0-13-8121611-9 Published by Prentice Hall.Using the Simple Network Management Protocol On modular switches. To allow support for all SNMP access. use the following command: show power budget To display the status of the currently installed power supply controllers on modular switches. It assumes you are already familiar with SNMP management.3 89 . To view the system power status and the amount of available and required power. This section describes the following SNMP topics: ● ● ● ● ● ● ● ● ● ● Enabling and Disabling SNMPv1/v2c and SNMPv3 on page 89 Accessing Switch Agents on page 90 Supported MIBs on page 90 Configuring SNMPv1/v2c Settings on page 90 Displaying SNMP Settings on page 91 SNMPv3 on page 92 Message Processing on page 93 SNMPv3 Security on page 93 SNMPv3 MIB Access Control on page 96 SNMPv3 Notification on page 97 Enabling and Disabling SNMPv1/v2c and SNMPv3 ExtremeXOS can concurrently support SNMPv1/v2c and SNMPv3. The default is both types of SNMP enabled. when using a network manager program to create a VLAN. use the following command: enable snmp access {snmp-v1v2c | snmpv3} ExtremeXOS Concepts Guide. To create a VLAN with SNMP. or SNMPv1/v2c access only. Extreme Networks does not support the SNMP create and wait operation. or SNMPv3 access only. Network managers can access the device with either SNMPv1/v2c methods or SNMPv3. If not. refer to the following publication: The Simple Book by Marshall T. Note. Each network manager program provides its own user interface to the management facilities.

the switch supports the standard MIBs listed in Appendix E. the script prompts you to confirm those settings. you enter safe defaults mode. use the following command: disable snmp access {snmp-v1v2c | snmpv3} Most of the commands that support SNMPv1/v2c use the keyword snmp. After a switch reboot. most of the commands that support SNMPv3 use the keyword snmpv3. and switch ports. You can specify a community string and UDP port individually for each trap receiver. or vice versa. The switch sends SNMPv1/v2c traps to all configured trap receivers. you must connect to the console port to access the switch. To verify the current state of the slot. Supported MIBs In addition to private MIBs. Telnet. After logging in to the switch. Accessing Switch Agents To access the SNMP agent residing in the switch. By default. Understanding Safe Defaults Mode and SNMP The safe defaults mode runs an interactive script that allows you to enable or disable SNMP.” Configuring SNMPv1/v2c Settings The following SNMPv1/v2c parameters can be configured on the switch: ● Authorized trap receivers—An authorized trap receiver can be one or more network management stations on your network. SNMP access and SNMPv1/v2c traps are enabled. use the show slot command. SNMP access and SNMP traps can be disabled and enabled independently—you can disable SNMP access but still allow SNMP traps to be sent. Although SNMP. 90 ExtremeXOS Concepts Guide. see “Safe Defaults Setup Method” on page 49. “Supported Protocols. and Standards.Managing the Switch To prevent support for all SNMP access. If you choose to keep the default setting for SNMP—the default setting is enabled—the switch returns the following interactive script: Since you have chosen less secure management methods. When you set up your switch for the first time. all slots must be in the “Operational” state before SNMP can manage and access the slots. Telnet. or SNMPv3 access only. or SNMPv1/v2c access only.3 . All community strings must also be added to the switch using the configure snmp add community command. Software Version 12. please remember to increase the security of your network by taking the following actions: * change your admin password * change your SNMP public and private strings * consider using SNMPv3 to secure network management traffic For more detailed information about safe defaults mode. MIBs. and switch ports are enabled by default. at least one VLAN must have an assigned IP address.

use the following command: configure snmp add trapreceiver <ip_address> community [[hex <hex_community_name>] | <community_name>] {port <port_number>} {from <src_ip_address>} {vr <vr_name>} {mode <trap_mode>} To delete a trap receiver on a switch. There are four subcommands for enacting access control: ■ To configure SNMP to use an ACL policy.2). use the following command: configure snmp access-profile <profile_name> By default. System name (optional)—The system name enables you to enter a name that you have assigned to this switch.and-write access to the switch. use the following command: configure snmp access-profile <profile_name> readonly ■ To configure SNMP to use an ACL policy and support the read/write option explicitly. System location (optional)—Using the system location field. ● ● Displaying SNMP Settings To display the SNMP settings configured on the switch. modified. The administrator can configure an ACL policy to either permit or deny a specific list of IP address and subnet masks. ■ To configure SNMP to remove a previously configured ACL policy. ● SNMP access control—This feature allows the administrator to restrict SNMP access by using the access control list (ACL) and implementing an ACL policy. and deleted using the RMON2 trapDestTable MIB table. use the following command: configure snmp access-profile <profile_name> readwrite ● Community strings—The community strings allow a simple method of authentication between the switch and the remote network manager. Software Version 12.3 91 . use the following command: configure snmp delete trapreceiver Entries in the trap receiver list can also be created. use the following command: show management This command displays the following information: ● ● Enable/disable state for Telnet and SNMP access Login statistics ■ Enable/disable state for idle timeouts ExtremeXOS Concepts Guide.Using the Simple Network Management Protocol To configure a trap receiver on a switch. SNMP supports the read/write option. The default read-only community string is public. use the following command: configure snmp access-profile none ■ To configure SNMP to use an ACL policy and support the read-only option. as described in RFC 2021. ■ ● System contact (optional)—The system contact is a text field that enables you to enter the name of the person(s) responsible for managing the switch. you can enter the location of the switch. Read-write community strings provide read. The default name is the model name of the switch (for example. BD-1. The default readwrite community string is private. There are two types of community strings on the switch: ■ Read community strings provide read-only access to the switch.

and an access control subsystem. An Architecture for Describing SNMP Management Frameworks. The User-Based Security Model for Version 3 of the Simple Network Management Protocol (SNMPv3). provided no privacy and little security. especially the architecture for security and administration. The following RFCs provide the foundation for the Extreme Networks implementation of SNMPv3: ● RFC 3410. RFC 3415. talks about SNMP architecture. talks about the message processing models and dispatching that can be a part of an SNMP engine. and SNMPv2c. provides an overview of SNMPv3. The MP layer helps in implementing a multilingual agent. SNMPv3 Applications. SNMPv1. so that various versions of SNMP can coexist simultaneously in the same network. RFC 3412. describes the User-Based Security Model (USM). talks about VACM as a way to access the MIB. SNMPv3 is designed to be secure against: ● Modification of information. AES 192 and AES 256 bit encryption are proprietary implementations and may not work with some SNMP Managers. a security subsystem. RFC 3413. The security subsystem features the use of various authentication and privacy protocols with various timeliness checking and engine clock synchronization schemes. RFC 3411.Managing the Switch ■ ● ● ● ● ● Maximum number of CLI sessions SNMP community strings SNMP trap receiver list SNMP trap receiver source IP address SNMP statistics counter Enable/disable state for Remote Monitoring (RMON) SNMPv3 SNMPv3 is an enhanced standard for SNMP that improves the security and privacy of SNMP access to managed devices and provides sophisticated control of access to the device MIB. RFC 3414. RFC 3826 . talks about the different types of applications that can be associated with an SNMPv3 engine.3 . which are the packets used by SNMP for communication. where an in-transit message is altered 92 ExtremeXOS Concepts Guide. The SNMPv3 standards for network management were driven primarily by the need for greater security and access control.The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model NOTE ● ● ● ● ● ● 3DES. The new standards use a modular design and model management information by cleanly defining a message processing (MP) subsystem. View-based Access Control Model (V ACM) for the Simple Network Management Protocol (SNMP). The prior standard versions of SNMP. Message Processing and Dispatching for the Simple Network Management Protocol (SNMP). Software Version 12. Introduction to version 3 of the Internet-standard Network Management Framework. The MP subsystem helps identify the MP model to be used when processing a received Protocol Data Unit (PDU).

ExtremeXOS Concepts Guide. By default. identified by its snmpEngineID. SNMPv3 objects are stored in non-volatile memory unless specifically assigned to volatile storage. The selection of the MP model is configured with the mp-model keyword in the following command: configure snmpv3 add target-params [[hex <hex_param_name>] | <param_name>] user [[hex <hex_user_name>] | <user_name>] mp-model [snmpv1 | snmpv2c | snmpv3] sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth | authnopriv | priv]} {volatile} SNMPv3 Security In SNMPv3 the User-Based Security Model (USM) for SNMP was introduced. use the keyword hex in the command. and defining users and their various access security levels. which represents the Extreme Networks vendor ID. This standard also encompasses protection against message delay and message replay. you can use either a character string. SNMPv2c. Every SNMPv3 engine necessarily maintains two objects: SNMPEngineBoots. which is the local time since the engine reboot. many objects can be identified by a human-readable string or by a string of hexadecimal octets. The choice of the SNMPv1. The engine has a local copy of these objects and the latestReceivedEngineTime for every authoritative engine it wants to communicate with. the additional octets for the snmpEngineID are generated from the device MAC address. or SNMPv3 MP model can be configured for each network manager as its target address is configured. The first four octets are fixed to 80:00:07:7C. and multiple security levels. USM deals with security related aspects like authentication. which is the number of reboots the agent has experienced and SNMPEngineTime. Comparing these objects with the values received in messages and then applying certain rules to decide upon the message validity accomplish protection against message delay or message replay. Objects defined as permanent cannot be deleted. NOTE In SNMPv3. where packets are delayed and/or replayed Disclosure.Using the Simple Network Management Protocol ● ● ● Masquerades. In many commands. the SNMPv3 target and notification MIBs provide a more procedural approach for generating and filtering of notifications. where packet exchanges are sniffed (examined) and information is learned about the contents The access control subsystem provides the ability to configure whether access to a managed object in a local MIB is allowed for a remote principal. In addition. USM Timeliness Mechanisms An Extreme Networks switch has one SNMPv3 engine. To indicate hexadecimal octets. or a colon-separated string of hexadecimal octets to specify objects. Software Version 12.3 93 . The access control scheme allows you to define access policies based on MIB views. encryption of SNMP messages. where an unauthorized entity assumes the identity of an authorized entity Message stream modification. Message Processing A particular network manager may require messages that conform to a particular version of SNMP. groups.

Before using the AES. SNMPEngineBoots can be set to any desired value but will latch on its maximum. permanent users are initially available. the end-user is not able to access the switch/MIBs using SNMPv3 default-user. and/or privacy (DES. initialmd5Priv. use the following command: show snmpv3 user {[[hex <hex_user_name>] | <user_name>]} Enabling the SNMPv3 default-user access allows an end user to access the MIBs using SNMPv3 defaultuser. Depending on whether the user will be using authentication and/or privacy. no privacy.Managing the Switch In a chassis. use the following command: enable snmpv3 default-user By disabling default-users access. 2147483647. In a SummitStack. To enable default-user. The default user names are: admin. For the other default users. Users are created by specifying a user name. use the following command: disable snmpv3 default-user To delete a user. default users revert back to their original passwords/keys.3 . and Security SNMPv3 controls access and security using the concepts of users. or all users. initialshaPriv. 3DES. but when the snmpEngineID is changed. Users. To create a user. AES) password or key. To disable default-user. use the following command: configure snmpv3 add user [[hex <hex_user_name>] | <user_name>] {authentication [md5 | sha] [hex <hex_auth_password> | <auth_password>]} {privacy {des | 3des | aes {128 | 192 | 256}} [[hex <hex_priv_password>] | <priv_password>]} }{volatile} A number of default. Software Version 12. use the following command: configure snmpv3 delete user [all-non-defaults | [[hex <hex_user_name>] | <user_name>]] 94 ExtremeXOS Concepts Guide. The snmpEngineID can be configured from the command line. initialmd5. and non-default users are reset to the security level of no authorization. the snmpEngineID is generated using the MAC address of the MSM/MM with which the switch boots first. groups. use the following command: configure snmpv3 engine-id <hex_engine_id> SNMPEngineBoots can also be configured from the command line. the MAC address chosen for the snmpEngineID is the configured stack MAC address. To display information about a user. the default password is the user name. To set the SNMPEngineBoots. 3DES users. The default password for admin is password. use the following command: configure snmpv3 engine-boots <(1-2147483647)> Users. you must install the SSH module and restart the snmpMaster process. you would also specify an authentication protocol (MD5 or SHA) with password or key. To set the snmpEngineID. initialsha. security models. Refer to “Installing a Modular Software Package” on page 1320 for information on installing the SSH module and activating SSL functionality. Groups. initial. and security levels.

To underscore the access function of groups. use the following command: show snmpv3 group {[[hex <hex_group_name>] | <group_name>] {user [[hex <hex_user_name>] | <user_name>]}} To delete a group. You use groups to define the security model. To display information about the access configuration of a group or all groups. MIB views are discussed in “SNMPv3 MIB Access Control” on page 96. The read view defines the subtree that can be read. To delete the association between a user and a group. A number of default (permanent) groups are already defined.3 95 . use the following command: disable snmpv3 default-group Users are associated with groups using the following command: configure snmpv3 add group [[hex <hex_group_name>] | <group_name>] user [[hex <hex_user_name>] | <user_name>] {sec-model [snmpv1| snmpv2c | usm]} {volatile} To show which users are associated with a group.Using the Simple Network Management Protocol NOTE The SNMPv3 specifications describe the concept of a security name. initial. use the following command: configure snmpv3 delete group {[[hex <hex_group_name>] | <group_name>]} user [all-nondefaults | {[[hex <hex_user_name>] | <user_name>] {sec-model [snmpv1|snmpv2c|usm]}}] ExtremeXOS Concepts Guide. Groups. both terms are used to refer to the same thing. v1v2c_rw. v1v2c_ro. write view defines the subtree that can be written to. Software Version 12. use the following command: show snmpv3 access {[[hex <hex_group_name>] | <group_name>]} Enabling SNMPv3 default-group access activates the access to an SNMPv3 default group and the usercreated SNMPv3-user part of default group. the security level. In this manual. you do not remove the association between the group and users of the group. use the following command: enable snmpv3 default-group Disabling SNMPv3 default-group access removes access to default-users and user-created users who are part of the default-group. The view names associated with a group define a subset of the MIB (subtree) that can be accessed by members of the group. To enable default-group. groups are defined using the following command: configure snmpv3 add access [[hex <hex_group_name>] | <group_name>] {sec-model [snmpv1 | snmpv2c | usm]} {sec-level [noauth | authnopriv | priv]} {read-view [[hex <hex_read_view_name>] | <read_view_name>]} {write-view [[hex <hex_write_view_name>]] | <write_view_name>]} {notify-view [[hex <hex_notify_view_name]] | <notify_view_name>]} {volatile} The security model and security level are discussed in “Security Models and Levels” on page 96. Groups are used to manage access for the MIB. The user-created authenticated SNMPv3 users (who are part of a user-created group) are able to access the switch. and notify view defines the subtree that notifications can originate from. In the ExtremeXOS implementation. use the following command: configure snmpv3 delete access [all-non-defaults | {[[hex <hex_group_name>] | <group_name>] {sec-model [snmpv1 | snmpv2c | usm] sec-level [noauth | authnopriv | priv]}}] When you delete a group. the user name and security name are identical. and the portion of the MIB that members of the group can read or write. To disable a default-group. These groups are: admin.

To define a MIB view which includes only the System group.2. or receive notifications from the part of the MIB defined in the MIB view as configured in the access group.6. no privacy. Access to read.3.1. AuthnoPriv—Authentication.1.2. The Object Identifier (OID) for MIB-2 is 1.1. the user can select any one of the following supported privacy protocols: DES. DES uses bytes 1-7 to make a 56 bit key.1. This key (encrypted itself) is placed in msgPrivacyParameters of SNMPv3 PDUs when the security level is specified as AuthPriv. an authentication method is selected.3. This represents the highest level of security and requires every message exchange to pass the authentication and encryption tests.3. The three security levels supported by USM are: ● ● ● noAuthnoPriv—No authentication.Managing the Switch Security Models and Levels. and the System group is defined as MIB-2. and an inclusion or exclusion define every MIB view. to write. 3DES. use the following subtree/mask combination: 1.1.1. which generates a 128-bit authorization code.0 The mask can also be expressed in hex notation (this is used for the ExtremeXOS CLI): 1. a 16-octet key is provided as input to DES-CBS encryption protocol which generates an encrypted PDU to be transmitted.1. write.3.1/fe 96 ExtremeXOS Concepts Guide.1/1.1. or directly as 1. When MD5 authentication is specified. In the case of DES.2.1. A view name. They are used to define a subset of the information in the MIB. You can select the security model based on the network manager in your network. Specifying SHA authentication uses the HMAC-SHA protocol with a 20-octet key for authentication.2. MIB views represent the basic building blocks of VACM. privacy.1.6. This is the case with existing SNMPv1/v2c agents. AES 128/192/256. For compatibility. SNMPv3 supports three security models: ● ● ● SNMPv1—no security SNMPv2c—community strings based security SNMPv3—USM security The default is USM. no privacy. and the authentication and privacy passwords or keys are entered.1.1. Software Version 12. This is referred to as the View-Based Access Control Model (VACM). Messages are tested only for authentication. When a user is created. there is a System group defined under the MIB-2 tree.3 .1.6. This authorization code is inserted in the msgAuthenticationParameters field of SNMPv3 PDUs when the security level is specified as either AuthnoPriv or AuthPriv.1. The users of the access group can then read.1. HMAC-MD5-96 is used to achieve authentication with a 16-octet key. For privacy. AuthPriv—Authentication.1. For example. and to generate notifications is based on the relationship between a MIB view and an access group.6. SNMPv3 MIB Access Control SNMPv3 provides a fine-grained mechanism for defining which parts of the MIB can be accessed. a MIB subtree/mask.

6. you configure a target address for the target that receives the notification.1.3 97 . SNMPv3 Notification SNMPv3 can use either SNMPv1 traps or SNMPv2c notifications to send information from an agent to the network manager. in the CLI.1.1. a target parameters name. use the following command: configure snmpv3 delete mib-view [all-non-defaults | {[[hex <hex_view_name>] | <view_name>] {subtree <object_identifier>}}] MIB views that are used by security groups cannot be deleted. there are three default views.1.1.3. The terms trap and notification are used interchangeably in this context.1/f8 When you create the MIB view.1. These default views are of storage type permanent and cannot be deleted. The target parameters specify the security and MP models to use for the notifications to the target. With SNMPv3. Finally. The target parameters name also points to the filter profile used to filter the notifications. but they can be modified.6. use the following command: show snmpv3 mib-view {[[hex <hex_view_name>] | <view_name>] {subtree <object_identifier>}} To delete a MIB view.1.3.Using the Simple Network Management Protocol To define a view that includes the entire MIB-2. typically in response to some state change on the agent system.1/1. use the following subtree/mask: 1. you can choose to include the MIB subtree/mask or to exclude the MIB subtree/mask. and a list of notification tags.0. Target Addresses A target address is similar to the earlier concept of a trap receiver. you can define precisely which traps you want sent. Software Version 12. to which receiver by defining filter profiles to use for the notification receivers. The default views are: defaultUserView. use the following command: configure snmpv3 add mib-view [[hex <hex_view_name>] | <view_name>] subtree <object_identifier> {/<subtree_mask>} {type [included | excluded]} {volatile} After the view has been created.2.0 which. the notification tags are added to a notification table so that any target addresses using that tag will receive notifications. To configure a target address. defaultAdminView. you can repeatedly use the configure snmpv3 add mib-view command to include and/or exclude MIB subtree/mask combinations to precisely define the items you want to control access to. and defaultNotifyView. To configure notifications. use the following command: configure snmpv3 add target-addr [[hex <hex_addr_name>] | <addr_name>] param [[hex <hex_param_name>] | <param_name>] ipaddress [ <ip_address> | <ip_and_tmask> ] {transport-port <port_number>} {from <src_ip_address>} {vr <vr_name>} {tag-list <tag_list>} {volatile} ExtremeXOS Concepts Guide.1. In addition to the user-created MIB views. To show MIB views. Notifications are messages sent from an agent to the network manager.0.2. is: 1. To create a MIB view.

the target parameter name used for a target address points to a filter profile used to filter notifications. security model. A filter is defined by a MIB subtree and mask and by whether that subtree and mask is included or excluded from notification. and user name (security name) used for messages sent to the target address. use the following command: configure snmpv3 delete target-addr [{[[hex <hex_addr_name>] | <addr_name>]} | all] Target Parameters Target parameters specify the MP model. and Security” on page 94 for more details on these topics. The filters that make up the profile are created and associated with the profile using a different command. use the following command: show snmpv3 target-addr {[[hex <hex_addr_name>] | <addr_name>]} To delete a single target address or all target addresses. so you must create different target parameter names if you use different filters for different target addresses. When you create a filter profile. use the following command: configure snmpv3 delete target-params [{[[hex <hex_param_name>] | <param_name>]} | all] Filter Profiles and Filters A filter profile is a collection of filters that specifies which notifications should be sent to a target address. The target parameters is discussed in “Target Parameters” next. To create a target parameter name and to set the message processing and security settings associated with it. When you specify a filter profile. See “Message Processing” on page 93 and “Users.3 . security level. use the following command: show snmpv3 target-params {[[hex <hex_target_params>] | <target_params>]} To delete one or all the target parameters. you associate it with a parameter name. The tag defaultNotify is set by default. you are associating only a filter profile name with a target parameter name. Groups. To create a filter profile. Tags are discussed in the section “Notification Tags”. use the following command: configure snmpv3 add filter-profile [[hex <hex_profile_name>] | <profile_name>] param [[hex <hex_param_name>]] | <param_name>] {volatile} 98 ExtremeXOS Concepts Guide. Software Version 12. To display target addresses. a parameters name that indicates the MP model and security for the messages sent to that target address. use the following command: configure snmpv3 add target-params [[hex <hex_param_name>] | <param_name>] user [[hex <hex_user_name>] | <user_name>] mp-model [snmpv1 | snmpv2c | snmpv3] sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth | authnopriv | priv]} {volatile} To display the options associated with a target parameters name or all target parameters names. In addition. The from option sets the source IP address in the notification packets. The tag-list option allows you to associate a list of tags with the target address.Managing the Switch In configuring the target address you supply an address name that identifies the target address. The parameters name also is used to indicate the filter profile used for notifications. and the IP address and port for the receiver.

based on the filter profile associated with the target. only those targets associated with tags currently in the standard MIB table. so any targets configured with the defaultNotify tag will always receive notifications consistent with any filter profile specified. To display the association between parameter names and filter profiles. Software Version 12. use the following command: show snmpv3 filter {[[hex <hex_profile_name>] | <profile_name>] {{subtree} <object_identifier>} To delete a filter or all filters from a filter profile. use the following command: configure snmpv3 delete notify [{[[hex <hex_notify_name>] | <notify_name>]} | all-nondefaults] You cannot delete the default entry from the table. are notified. use the following command: configure snmpv3 add notify [[hex <hex_notify_name>] | <notify_name>] tag [[hex <hex_tag>] | <tag>] {volatile} Any targets associated with tags in the snmpNotifyTable are notified. You can add filters together. called snmpNotifyTable.3 99 . you associate filters with it using the following command: configure snmpv3 add filter [[hex <hex_profile_name>] | <profile_name>] subtree <object_identifier> {/<subtree_mask>} type [included | excluded] {volatile} The MIB subtree and mask are discussed in “SNMPv3 MIB Access Control” on page 96. including and excluding different subtrees of the MIB until your filter meets your needs. as filters are closely related to MIB views. To display the notifications that are set.Using the Simple Network Management Protocol After the profile name has been created. use the following command: show snmpv3 filter-profile {[[hex <hex_profile_name>] | <profile_name>]} {param [[hex <hex_param_name>] | <param_name>]} To display the filters that belong a filter profile. use the following command: configure snmpv3 delete filter [all | [[hex <hex_profile_name>] | <profile_name>] {subtree <object_identifier>}]] To remove the association of a filter profile or all filter profiles with a parameter name. either you associate a list of notification tags with the target or by default. When the system generates notifications. use the following command: show snmpv3 notify {[[hex <hex_notify_name>] | <notify_name>]} To delete an entry from the snmpNotifyTable. ExtremeXOS Concepts Guide. To add an entry to the table. the defaultNotify tag is associated with the target. use the following command: configure snmpv3 delete filter-profile [all |[[hex <hex_profile_name>] | <profile_name>] {param [[hex <hex_param_name>] | <param_name>}]] Notification Tags When you create a target address.

as shown in the following command: configure timezone name NZST 720 autodst name NZDT 60 begins every first sunday october at 2 00 ends on 3 16 2004 at 2 00 100 ExtremeXOS Concepts Guide. The command syntax to configure GMT offset and usage of Daylight Saving Time is as follows: configure timezone {name <tz_name>} <GMT_offset> {autodst {name <dst_timezone_ID>} {<dst_offset>} {begins [every <floatingday> | on <absoluteday>] {at <time_of_day_hour> <time_of_day_minutes>} {ends [every <floatingday> | on <absoluteday>] {at <time_of_day_hour> <time_of_day_minutes>}}} By default beginning in 2007. as follows: configure timezone name MET 60 autodst name MDT begins every last sunday march at 1 30 ends every last sunday october at 1 30 You can also specify a specific date and time. and end the first Sunday in November at 2:00 AM and to be offset from standard time by one hour. and any necessary notification tags. the switch sends out a periodic query to the indicated NTP server. You must identify the method that should be used for the switch being configured. Daylight Saving Time is assumed to begin on the second Sunday in March at 2:00 AM.3 . Using the Simple Network Time Protocol ExtremeXOS supports the client portion of the Simple Network Time Protocol (SNTP) Version 3 based on RFC1769. Configuring and Using SNTP To use SNTP: 1 Identify the host(s) that are configured as NTP server(s). You can then configure the target address. After SNTP has been enabled. the switch supports the configured setting for Greenwich Mean time (GMT) offset and the use of Daylight Saving Time. configure the target parameter name entry first. In addition. If this is the case in your time zone. Therefore. identify the preferred method for obtaining NTP updates. A combination of both methods is possible. The options are for the NTP server to send out broadcasts or for switches using NTP to query the NTP server(s) directly. an ExtremeXOS buffer can stack only four SNMP queries at anytime. Software Version 12.Managing the Switch Configuring Notifications Because the target parameters name points to a number of objects used for notifications. SNTP can be used by the switch to update and synchronize its internal clock from a Network Time Protocol (NTP) server. submit queries in groups of no more than four at a time and wait for a response before requesting the next set. Additionally. 2 Configure the Greenwich Mean Time (GMT) offset and Daylight Saving Time preference. NOTE By design. or the switch listens to broadcast NTP updates. filter profiles and filters. you can set up automatic daylight saving adjustment with the command: configure timezone <GMT_offset> autodst If your time zone uses starting and ending dates and times that differ from the default. you can specify the starting and ending date and time in terms of a floating day.

Format is: <month> <day> <year> where: • <month> is specified as 1-12 • <day> is specified as 1-31 • <year> is specified as 1970 . Specifies an offset from standard time. Enables automatic Daylight Saving Time. Automatic Daylight Saving Time changes can be enabled or disabled. use the command: configure timezone {name <tz_name>} <GMT_offset> noautodst 3 Enable the SNTP client using the following command: enable sntp-client After SNTP has been enabled. May be specified as a minute (0-59). 4 If you would like this switch to use a directed query to the NTP server. Value is in the range of 1 to 60. Table 17 describes the command options in detail. Specify the minute to begin or end Daylight Saving Time.minutes. configure the switch to use the NTP server(s). Specifies a Greenwich Mean Time (GMT) offset. May be up to six characters in length. default for ending is first sunday november. The network time information is automatically saved into the onboard real-time clock.Using the Simple Network Time Protocol The optional time zone IDs are used to identify the time zone in display commands such as show switch {detail}. the switch sends out a periodic query to the NTP servers defined in step 4 (if configured) or listens to broadcast NTP updates from the network. Software Version 12. May be specified as an hour (0-23). and month of the year to begin or end Daylight Saving Time each year. skip this step. Format is: <week> <day> <month> where: • <week> is specified as [first | second | third | fourth | last] • <day> is specified as [sunday | monday | tuesday | wednesday | thursday | friday | saturday] • <month> is specified as [january | february | march | april | may | june | july | august | september | october | november | december] Default for beginning is second sunday march. week. Default is 60 minutes. The default setting is enabled. in + or .2035 The year must be the same for the begin and end dates. If the switch listens to NTP broadcasts. time_of_day_hour time_of_day_minut es noautodst Specifies the time of day to begin or end Daylight Saving Time. in minutes.3 101 . absoluteday Specifies a specific day of a specific year on which to begin or end DST. To configure the switch to use a directed query. use the following command: configure sntp-client [primary | secondary] <host-name-or-ip> {vr <vr_name>} ExtremeXOS Concepts Guide. Specifies an optional name for this Daylight Saving Time specification. Default is 2. To disable automatic Daylight Saving Time. May be up to six characters in length. Specifies the day. Table 17: Time Zone Configuration Command Options tz_name GMT_offset autodst dst_timezone_ID dst_offset floatingday Specifies an optional name for this timezone specification. The default is an empty string. Disables automatic Daylight Saving Time. The default is an empty string.

Brazil.Western European Cities London. MI USA Mexico City. Casablanca. Otherwise. NY. Reykjavik. WA USA -11:00 -12:00 -660 -720 NT .Pacific Standard YST . La Paz Bogota. Table 18 lists GMT offsets.Eastern Standard CST .Universal (Coordinated) WET . Buenos Aires. To properly display the local time in logs and other timestamp information. Lisbon. Lima.Atlantic Standard EST . or if it is not synchronized. CA.Yukon Standard AHST .Central Alaska HST . 6 You can verify the configuration using the following commands: ■ show sntp-client This command provides configuration and statistics associated with SNTP and its connectivity to the NTP server. ■ show switch {detail} This command indicates the GMT offset. Scotland.Nome IDLW . Columbia. the Daylight Saving Time configuration and status. Argentina. If the switch cannot obtain the time. NTP updates are distributed using GMT time.Central Standard MST . Canada Los Angeles.Managing the Switch NTP queries are first sent to the primary server. Table 18: Greenwich Mean Time Offsets GMT Offset in Hours +0:00 GMT Offset in Minutes +0 Common Time Zone References GMT . Seattle.Mountain Standard PST . Software Version 12.West Africa AT . the switch waits for the sntp-client update interval before querying again. and the current local time.International Date Line West 102 ExtremeXOS Concepts Guide. 5 Optionally. Portugal. Morocco Cape Verde Islands Azores Brasilia.3 . Dublin. Edinburgh. the switch should be configured with the appropriate offset to GMT based on geographical location. New York.Hawaii Standard Caracas. CA. If the primary server does not respond within 1 second. the interval for which the SNTP client updates the real-time clock of the switch can be changed using the following command: configure sntp-client update-interval <update-interval> The default sntp-client update-interval value is 64 seconds. Santa Clara. England. Iceland. it restarts the query process. Peru. Guyana -1:00 -2:00 -3:00 -4:00 -5:00 -6:00 -7:00 -8:00 -9:00 -10:00 -60 -120 -180 -240 -300 -360 -420 -480 -540 -600 WAT . Mexico Saskatchewan. Trevor City. the switch queries the secondary server (if one is configured).Azores AST . Ireland.Alaska-Hawaii Standard CAT . Georgetown.Greenwich Mean UT or UTC .

Using the Simple Network Time Protocol

Table 18: Greenwich Mean Time Offsets (Continued)
GMT Offset in Hours +1:00 GMT Offset in Minutes +60

Common Time Zone References CET - Central European FWT - French Winter MET - Middle European MEWT - Middle European Winter SWT - Swedish Winter

Cities Paris France; Berlin, Germany; Amsterdam, The Netherlands; Brussels, Belgium; Vienna, Austria; Madrid, Spain; Rome, Italy; Bern, Switzerland; Stockholm, Sweden; Oslo, Norway

+ 2:00

+120

EET - Eastern European, Russia Zone 1

Athens, Greece; Helsinki, Finland; Istanbul, Turkey; Jerusalem, Israel; Harare, Zimbabwe Kuwait; Nairobi, Kenya; Riyadh, Saudi Arabia; Moscow, Russia; Tehran, Iran Abu Dhabi, UAE; Muscat; Tblisi; Volgograd; Kabul New Delhi, Pune, Allahabad, India

+3:00 +4:00 +5:00 +5:30 +6:00 +7:00 +8:00 +9:00 +10:00

+180 +240 +300 +330 +360 +420 +480 +540 +600

BT - Baghdad, Russia Zone 2 ZP4 - Russia Zone 3 ZP5 - Russia Zone 4 IST - India Standard Time ZP6 - Russia Zone 5 WAST - West Australian Standard CCT - China Coast, Russia Zone 7 JST - Japan Standard, Russia Zone 8 EAST - East Australian Standard GST - Guam Standard Russia Zone 9

+11:00 +12:00

+660 +720 IDLE - International Date Line East NZST - New Zealand Standard NZT - New Zealand Wellington, New Zealand; Fiji, Marshall Islands

SNTP Example
In this example, the switch queries a specific NTP server and a backup NTP server. The switch is located in Cupertino, California, and an update occurs every 20 minutes. The commands to configure the switch are as follows:
configure timezone -480 autodst configure sntp-client update-interval 1200 enable sntp-client configure sntp-client primary 10.0.1.1 configure sntp-client secondary 10.0.1.2

ExtremeXOS Concepts Guide, Software Version 12.3

103

Managing the Switch

104

ExtremeXOS Concepts Guide, Software Version 12.3

3

Managing the ExtremeXOS Software

This chapter includes the following sections:
● ● ● ● ● ●

Overview on page 105 Using the ExtremeXOS File System on page 106 Managing the Configuration File on page 113 Managing ExtremeXOS Processes on page 115 Understanding Memory Protection on page 118 Monitoring CPU Utilization on page 119

Overview
The ExtremeXOS software platform is a distributed software architecture. The distributed architecture consists of separate binary images organized into discreet software modules with messaging between them. The software and system infrastructure subsystem form the basic framework of how the ExtremeXOS applications interact with each other, including the system startup sequence, memory allocation, and error events handling. Redundancy and data replication is a built-in mechanism of ExtremeXOS. The system infrastructure provides basic redundancy support and libraries for all of the ExtremeXOS applications. NOTE
For information about downloading and upgrading a new software image, saving configuration changes, and upgrading the BootROM, see Appendix B, “Software Upgrade and Boot Options.”

Like any advanced operating system, ExtremeXOS gives you the tools to manage your switch and create your network configurations. With the introduction of ExtremeXOS, the following enhancements and functionality have been added to the switch operating system:
● ● ● ● ●

File system administration Configuration file management Process control Memory protection CPU monitoring

File system administration—With the enhanced file system, you can move, copy, and delete files from the switch. The file system structure allows you to keep, save, rename, and maintain multiple copies of configuration files on the switch. In addition, you can manage other entities of the switch such as policies and access control lists (ACLs). Configuration file management—With the enhanced configuration file management, you can oversee and manage multiple configuration files on your switch. In addition, you can upload, download, modify, and name configuration files used by the switch.

ExtremeXOS Concepts Guide, Software Version 12.3

105

Managing the ExtremeXOS Software Process control—With process control, you can stop and start processes, restart failed processes, and update the software for a specific process or set of processes. Memory protection—With memory protection, each function can be bundled into a single application module running as a memory protected process under real-time scheduling. In essence, ExtremeXOS protects each process from every other process in the system. If one process experiences a memory fault, that process cannot affect the memory space of another process. CPU monitoring—With CPU monitoring, you can monitor CPU utilization for Management Modules (MSMs/MMs) or Summit family switches whether or not the switches are included in a SummitStack, and the individual processes running on the switch. Monitoring the workload of the CPU allows you to troubleshoot and identify suspect processes. The following sections describe in more detail how to manage the ExtremeXOS software.

Using the ExtremeXOS File System
The file system in ExtremeXOS is the structure by which files are organized, stored, and named. The switch can store multiple user-defined configuration and policy files, each with its own name. Using a series of commands, you can manage the files on your system. For example, you can rename or copy a configuration file on the switch, display a comprehensive list of the configuration and policy files on the switch, or delete a policy file from the switch.

NOTE
Filenames are case-sensitive. For information on filename restrictions, refer to the specific command in the ExtremeXOS Command Reference Guide.

You can also download configuration and policy files from the switch to a network Trivial File Transfer Protocol (TFTP) server using TFTP. For detailed information about downloading switch configurations, see Appendix B, “Software Upgrade and Boot Options.” For detailed information about downloading policies and ACLs, see Chapter 17, “Policy Manager.” With guidance from Extreme Networks Technical Support personnel, you can configure the switch to capture core dump files, which contain debugging information that is useful in troubleshooting situations. For more information about configuring core dump files and managing the core dump files stored on your switch, see Appendix C, “Troubleshooting.” This section describes the following file management topics:
● ● ● ● ●

Moving or Renaming Files on the Switch on page 107 Copying Files on the Switch on page 108 Displaying Files on the Switch on page 109 Transferring Files to and from the Switch on page 110 Deleting Files from the Switch on page 112

106

ExtremeXOS Concepts Guide, Software Version 12.3

Using the ExtremeXOS File System

Moving or Renaming Files on the Switch
To move or rename an existing configuration, policy, or if configured, core dump file in the system, use the following command:
mv [internal-memory <old-name-internal> internal-memory <new-name-internal> | internal-memory <old-name-internal> memorycard <new-name-memorycard> | memorycard <old-name-memorycard> memorycard <new-name-memorycard> | memorycard <new-namememorycard> <new-name> | <old-name> memorycard <new-name-memorycard> | <old-name> <new-name>]

Where the following is true:

internal-memory—Specifies the internal memory card. Specify internal-memory if you configured core dumps and are sending debug files to the internal memory. old-name-internal—Specifies the current name of the core dump file located on the internal

memory card.

new-name-internal—Specifies the new name of the core dump file located on the internal memory

card.

memorycard—Specifies the removable external compact flash memory card. (This parameter is

available only on modular switches.)

old-name-memorycard—Specifies the current name of the file located on the external compact flash memory card. Depending on your switch configuration, you can have configuration, policy, or core dump files stored in this card. (This parameter is available only on modular switches.) new-name-memorycard—Specifies the new name of the file located on the external compact flash memory card. (This parameter is available only on modular switches.) old-name—Specifies the current name of the configuration or policy file. new-name—Specifies the new name of the configuration or policy file.

● ●

XML-formatted configuration files have a .cfg file extension. The switch runs only .cfg files. ASCIIformatted configuration files have an .xsf file extension. See “ASCII-Formatted Configuration Files” on page 1334 for more information. Policy files have a .pol file extension. When you rename a file, make sure the renamed file uses the same file extension as the original file. If you change the file extensions, the file may be unrecognized by the system. For example, if you have an existing configuration file named test.cfg, the new filename must include the .cfg file extension. When you rename a file on the switch, a message similar to the following appears:
Rename config test.cfg to config megtest.cfg on switch? (y/n)

Enter y to rename the file on your system. Enter n to cancel this process and keep the existing filename. If you attempt to rename an active configuration file (the configuration currently selected the boot the switch), the switch displays an error similar to the following:
Error: Cannot rename current selected active configuration.

For more information about configuring core dump files and managing the core dump files stored on your switch, see Appendix C, “Troubleshooting.”

Modular Switches and SummitStack Only
This command also replicates the action from the primary node to the backup node. For example, if you rename a file on the primary node, the same file on the backup node is renamed.

ExtremeXOS Concepts Guide, Software Version 12.3

107

Managing the ExtremeXOS Software For the memorycard option, this command can move files between the external memory card and the switch. If you use the memorycard option for both the old-name and the new-name, this command only renames a file on the external memory card.

Examples
The following example renames the configuration file named Test.cfg to Final.cfg:
mv Test.cfg Final.cfg

On a modular switch, the following command moves the configuration file named test1.cfg from the switch to the external memory card:
mv test1.cfg memorycard test1.cfg

Copying Files on the Switch
The copy function allows you to make a copy of an existing file before you alter or edit the file. By making a copy, you can easily go back to the original file if needed. To copy an existing configuration or policy file on your switch, use the following command:
cp [internal-memory <old-name-internal> internal-memory <new-name-internal> | internal-memory <old-name-internal> memorycard <new-name-memorycard> | memorycard <old-name-memorycard> memorycard <new-name-memorycard> | memorycard <old-namememorycard> <new-name> | <old-name> memorycard <new-name-memorycard> | <old-name> <new-name>]

Where the following is true:

internal-memory—Specifies the internal memory card. Specify internal-memory if you configured core dumps and are sending debug files to the internal memory. old-name-internal—Specifies the name of the core dump file located on the internal memory card that you want to copy. new-name-internal—Specifies the name of the newly copied core dump file located on the internal

memory card.

memorycard—Specifies the removable external compact flash memory card. (This parameter is

available only on modular switches.)

old-name-memorycard—Specifies the name of the file located on the external compact flash memory card that you want to copy. Depending on your switch configuration, you can have configuration, policy, or core dump files stored in this card. (This parameter is available only on modular switches.) new-name-memorycard—Specifies the name of the newly copied file located on the external compact flash memory card. (This parameter is available only on modular switches.) old-name—Specifies the name of the configuration or policy file that you want to copy. new-name—Specifies the name of the copied configuration or policy file.

● ●

XML-formatted configuration files have a .cfg file extension. The switch runs .cfg files only. ASCIIformatted configuration files have an .xsf file extension. See “ASCII-Formatted Configuration Files” on page 1334 for more information. Policy files have a .pol file extension. When you copy a configuration or policy file from the system, make sure you specify the appropriate file extension. For example, if you want to copy a policy file, specify the filename and .pol.

108

ExtremeXOS Concepts Guide, Software Version 12.3

Using the ExtremeXOS File System When you copy a file on the switch, a message similar to the following appears:
Copy config test.cfg to config test1.cfg on switch? (y/n)

Enter y to copy the file. Enter n to cancel this process and not copy the file. When you enter y, the switch copies the file with the new name and keeps a backup of the original file with the original name. After the switch copies the file, use the ls command to display a complete list of files. For more information about configuring core dump files and managing the core dump files stored on your switch, see Appendix C, “Troubleshooting.”

Modular Switches and SummitStack Only
This command also replicates the action from the primary node to the backup node. For example, when you copy a file on the primary node, the same file is copied to the backup node. For the memorycard option, the source and/or destination is the memorycard. You must mount the memory card for this operation to succeed. This command copies a file from the switch to the external memory card or a file already on the card. If you copy a file from the switch to the external memory card, and the new filename is identical to the source file, you do not need to re-enter the filename.

Example
The following example copies an existing configuration file named test.cfg and names the copied configuration file test_rev2.cfg:
cp test.cfg test_rev2.cfg

On a modular switch, the following command makes a copy of a configuration file named primary.cfg from the switch to the external memory card with the same name, primary.cfg:
cp primary.cfg memorycard

Displaying Files on the Switch
To display a list of the configuration, policy, or if configured, core dump files stored on your switch, use the following command:
ls {[internal-memory | memorycard]} {<file-name>}

Where the following is true:

internal-memory—Lists the core dump files that are present and saved in the internal memory card.

If the switch is not configured to save debug files or has not saved any debug files, no files are displayed.

memorycard—Lists all files that are stored in the external compact flash memory card. (This

parameter is available only on modular switches.)

file-name—Lists all the files that match the wildcard.

When you do not specify a parameter, this command lists all of the files stored on your switch. Output from this command includes the file size, date and time the file was last modified, and the file name.

ExtremeXOS Concepts Guide, Software Version 12.3

109

Managing the ExtremeXOS Software For more information about configuring core dump files and managing the core dump files stored on your switch, see Appendix C, “Troubleshooting.”

Example
The following command displays all of the configuration and policy files stored on your switch:
ls

The following is sample output from this command:
total 424 -rw-r--r--rw-r--r--rw-r--r--rw-r--r--rw-r--r--rw-r--r-1 1 1 1 1 1 root root root root root root root root root root root root 50 94256 100980 35 100980 94256 Jul Jul Sep Jun Sep Jun 30 23 23 29 23 30 14:19 14:26 09:16 06:42 09:17 17:10 hugh.pol hughtest.cfg megtest.cfg newpolicy.pol primary.cfg roytest.cfg

On a modular switch, the following command displays all of the configuration and policy files stored on the external memory card:
ls memorycard

The following is sample output from this command:
-rwxr-xr-x -rwxr-xr-x -rwxr-xr-x -rwxr-xr-x -rwxr-xr-x 1 1 1 1 1 root root root root root 0 0 0 0 0 15401865 10 10 10 223599 Mar Mar Apr Mar Mar 30 31 4 31 31 00:03 09:41 09:15 09:41 10:02 bd10K-11.2.0.13.xos test-1.pol test.pol test_1.pol v11_1_3.cfg

Transferring Files to and from the Switch
TFTP allows you to transfer files to and from the switch, internal memory card, and on a modular switch, the external memory card. This section describes the commands used to transfer files to and from the switch. To transfer a configuration or policy file from a TFTP server, internal memory card, or external memory card to the switch, use the tftp and tftp get commands:

tftp [<host-name> | <ip-address>] {-v <vr_name>} [-g | -p] [{-l [internal-memory <local-file-internal> | memorycard <local-file-memcard> | <local-file>} {-r <remote-file>} | {-r <remote-file>} {-l [internal-memory <local-file-internal> | memorycard <local-file-memcard> | <local-file>]}] tftp get [<host-name> | <ip-address>] {-vr <vr_name>} [{[internal-memory <localfile-internal> | memorycard <local-file-memcard> | <local_file>} {<remote_file>} | {<remote_file>} {[internal-memory <local-file-internal> | memorycard <local-filememcard> | <local_file>]}] {force-overwrite}

Where the following is true:
● ● ●

host-name—Specifies the name of the remote host on the network. ip-address—Specifies the IP address of the TFTP server on the network. vr_name—Specifies the name of the virtual router.

110

ExtremeXOS Concepts Guide, Software Version 12.3

Using the ExtremeXOS File System

NOTE
User-created VRs are supported only on the platforms listed for this feature in Appendix A, “ExtremeXOS Software Licenses.”

-g—Gets the specified file from the TFTP server and copies it to the local host. (This parameter is available only on the tftp command.) get—Gets the specified file from the TFTP server and copies it to the local host. (This is part of the tftp get command.) internal-memory—Specifies the internal memory card. local-file-internal—Specifies the name of the core dump file located on the internal memory

● ●

card.

memorycard—Specifies the removable external compact flash memory card. (This parameter is

available only on modular switches.)

local-file-memcard—Specifies the name of the file on the external compact flash memory card. (This parameter is available only on modular switches.) local-file—Specifies the name of the file (configuration file, policy file) on the local host. remote-file—Specifies the name of the file on the remote host. force-overwrite—Specifies the switch to automatically overwrite an existing file. (This parameter is available only on the tftp get command.)

● ● ●

NOTE
By default, if you transfer a file with a name that already exists on the system, the switch prompts you to overwrite the existing file. For more information, see the tftp get command in the ExtremeXOS Command Reference Guide.

To transfer a configuration or policy file from the switch to a TFTP server, internal memory card, or external memory card, use the tftp and tftp put commands:

tftp [<host-name> | <ip-address>] {-v <vr_name>} [-g | -p] [{-l [internal-memory <local-file-internal> | memorycard <local-file-memcard> | <local-file>} {-r <remote-file>} | {-r <remote-file>} {-l [internal-memory <local-file-internal> | memorycard <local-file-memcard> | <local-file>]}] tftp put [<host-name> | <ip-address>] {-vr <vr_name>} [{[internal-memory <localfile-internal> | memorycard <local-file-memcard> | <local_file>} {<remote_file>} | {<remote_file>} {[internal-memory <local-file-internal> | memorycard <local-filememcard> | <local_file>]}]

Where the following is true:
● ● ●

host-name—Specifies the name of the remote host on the network. ip-address—Specifies the IP address of the TFTP server on the network. vr_name—Specifies the name of the virtual router.

NOTE
User-created VRs are supported only on the platforms listed for this feature in Appendix A, “ExtremeXOS Software Licenses.”

-p—Puts the specified file from the local host and copies it to the TFTP server. (This parameter is available only on the tftp command.)

ExtremeXOS Concepts Guide, Software Version 12.3

111

Managing the ExtremeXOS Software

put—Puts the specified file from the local host and copies it to the TFTP server. (This is part of the tftp put command.) internal-memory—Specifies the internal memory card. local-file-internal—Specifies the name of the core dump file located on the internal memory

● ●

card.

memorycard—Specifies the removable external compact flash memory card. (This parameter is

available only on modular switches.)

local-file-memcard—Specifies the name of the file on the external compact flash memory card. (This parameter is available only on modular switches.) local-file—Specifies the name of the file (configuration file, policy file) on the local host. remote-file—Specifies the name of the file on the remote host.

● ●

For more information about TFTP, see Chapter 2, “Managing the Switch.” For detailed information about downloading software image files, BootROM files, and switch configurations, see Appendix B, “Software Upgrade and Boot Options.” For more information about configuring core dump files and managing the core dump files stored on your switch, see Appendix C, “Troubleshooting.”

Modular Switches Only
For the memorycard option, this command transfers an existing file to or from the external compact flash memory card.

Example
The following example uses the tftp command to download the configuration file named XOS1.cfg from the TFTP server:
tftp 10.123.45.67 -g -r XOS1.cfg

The following example uses the tftp get command to download the configuration file from the TFTP server:
tftp get 10.123.45.67 XOS1.cfg

The following example uses the tftp put command to upload the configuration file from the switch to the TFTP server:
tftp put 10.123.45.67 XOS1.cfg

NOTE
On a modular switch, you can transfer files to and from the switch and an installed external compact flash memory card.

Deleting Files from the Switch
To delete a configuration, policy, or if configured, core dump file from your system, use the following command:
rm {internal-memory | memorycard} <file-name>

112

ExtremeXOS Concepts Guide, Software Version 12.3

Managing the Configuration File Where the following is true:
● ●

internal-memory—Specifies the internal memory card. memorycard—Specifies the removable external compact flash memory card. (This parameter is

available only on modular switches.)

file-name—Specifies the name of the configuration or policy file to delete.

When you delete a configuration or policy file from the system, make sure you specify the appropriate file extension. For example, when you want to delete a policy file, specify the filename and .pol. After you delete a file, it is unavailable to the system. When you delete a file from the switch, a message similar to the following appears:
Remove testpolicy.pol from switch? (y/n)

Enter y to remove the file from your system. Enter n to cancel the process and keep the file on your system. If you attempt to delete an active configuration file (the configuration currently selected to boot the switch), the switch displays an error similar to the following:
Error: Cannot remove current selected active configuration.

For more information about configuring core dump files and managing the core dump files stored on your switch, see Appendix C, “Troubleshooting.”

Modular Switches and SummitStack Only
This command also replicates the action from the primary node to the backup node. For example, when you delete a file on the primary node, the same file on the backup node is deleted. Modular Switches only. For the memorycard option, this command removes/deletes an existing file on the external memory card.

Example
The following example removes the policy file named newpolicy.pol from the system:
rm newpolicy.pol

On a modular switch with an external memory card installed, the following command removes the policy file named test.pol from the external memory card:
rm memorycard test.pol

Managing the Configuration File
The configuration is the customized set of parameters that you have selected to run on the switch. Table 19 describes some of the key areas of configuration file management in ExtremeXOS.

ExtremeXOS Concepts Guide, Software Version 12.3

113

Managing the ExtremeXOS Software

Table 19: Configuration File Management
Task Configuration file database Behavior ExtremeXOS supports saving a configuration file into any named file and supports more than two saved configurations. For example, you can download a configuration file from a network TFTP server and save that file as primary, secondary, or with a user-defined name. You also select where to save the configuration: primary or secondary partition, or another space. The file names primary and secondary exist for backward compatibility with ExtremeWare. Downloading configuration files ExtremeXOS uses the tftp and tftp get commands to download configuration files from the network TFTP server to the switch. For more information about downloading configuration files, see “Using TFTP to Download the Configuration” on page 1337. Uploading configuration files ExtremeXOS uses the tftp and tftp put commands to upload configuration files from the switch to the network TFTP server. For more information about uploading configuration files, see “Using TFTP to Upload the Configuration” on page 1336. Managing configuration files, including listing, copying, deleting, and renaming The following commands allow you to manage configuration files: • ls—Lists all of the configuration files in the system • cp—Makes a copy of an existing configuration file in the system • rm—Removes/deletes an existing configuration file from the system • mv—Renames an existing configuration file Configuration file type ExtremeXOS configuration files are saved in Extensible Markup Language (XML) format. Use the show configuration command to view on the CLI your currently running switch configuration. You can upload your current configuration in ASCII format to a network TFTP server. The uploaded ASCII file retains the CLI format. To view your configuration in ASCII format, save the configuration with the .xsf file extension (known as the XOS CLI script file). This saves the XMLbased configuration in an ASCII format readable by a text editor. ExtremeXOS uses the upload configuration command to upload the ASCII-formatted configuration file from the switch to the network TFTP server. ExtremeXOS uses the tftp and tftp get commands to download configuration files from the network TFTP server to the switch. For more information about ASCII-formatted configuration files, see “ASCIIFormatted Configuration Files” on page 1334. XML configuration mode Displaying configuration files Indicated by (xml) at the front of the switch prompt. Do not use. Use the command disable xml-mode to disable this mode. You can also see a complete list of configuration files by entering the ls command followed by the Tab key.

ASCII-formatted configuration file

For more information about saving, uploading, and downloading configuration files, see “Saving the Configuration” on page 1335.

114

ExtremeXOS Concepts Guide, Software Version 12.3

Managing ExtremeXOS Processes

Managing ExtremeXOS Processes
ExtremeXOS consists of a number of cooperating processes running on the switch. With process control, under certain conditions, you can stop and start processes, restart failed processes, examine information about the processes, and update the software for a specific process or set of processes. This section describes the following topics:
● ● ●

Displaying Process Information on page 115 Stopping a Process on page 116 Starting a Process on page 117

Displaying Process Information
To display information about the processes in the system, use the following command:
show process {<name>} {detail} {description} {slot <slotid>}

Where the following is true:
● ●

name—Specifies the name of the process. detail—Specifies more detailed process information, including memory usage statistics, process ID

information, and process statistics.

description—Describes the name of all of the processes or the specified process running on the

switch.

slotid—On a modular chassis, specifies the slot number of the MSM/MM. A specifies the MSM/

MM installed in slot A. B specifies the MSM/MM installed in slot B. On a SummitStack, specifies the target node's slot number. The number is a value from 1 to 8. (This parameter is available only on modular switches and SummitStack.) The show process and show process slot <slotid> commands display the following information in a tabular format:
● ● ●

Card—The name of the module where the process is running (modular switches only). Process Name—The name of the process. Version—The version number of the process. Options are:

Version number—A series of numbers that identify the version number of the process. This is helpful to ensure that you have version-compatible processes and if you experience a problem. Not Started—The process has not been started. This can be caused by not having the appropriate license or for not starting the process.

Restart—The number of times the process has been restarted. This number increments by one each time a process stops and restarts. State—The current state of the process. Options are:

No License—The process requires a license level that you do not have. For example, you have not upgraded to that license, or the license is not available for your platform. Ready—The process is running. Stopped—The process has been stopped.

■ ■

ExtremeXOS Concepts Guide, Software Version 12.3

115

Managing the ExtremeXOS Software

Start Time—The current start time of the process. Options are:

Day/Month/Date/Time/Year—The date and time the process began. If a process terminates and restarts, the start time is also updated. Not Started—The process has not been started. This can be caused by not having the appropriate license or for not starting the process.

When you specify the detail keyword, more specific and detailed process information is displayed. The show process detail and show process slot <slotid> detail commands display the following information in a multi-tabular format:
● ● ● ● ●

Detailed process information Memory usage configurations Recovery policies Process statistics Resource usage

Stopping a Process
If recommended by Extreme Networks Technical Support personnel, you can stop a running process. To stop a running process, use the following command:
terminate process <name> [forceful | graceful] {msm <slot>}

In a SummitStack:
terminate process <name> [forceful | graceful] {slot <slot>}

Where the following is true:
● ●

name—Specifies the name of the process. forceful—Specifies that the software quickly terminate a process. Unlike the graceful option, the process is immediately shutdown without any of the normal process cleanup. graceful—Specifies that the process shutdown gracefully by closing all opened connections,

notifying peers on the network, and other types of process cleanup.

slot—For a modular chassis, specifies the slot number of the MSM/MM. A specifies the MSM/MM installed in slot A. B specifies the MSM/MM installed in slot B. On a SummitStack, specifies the target node's slot number. The number is a value from 1 to 8. (This parameter is available only on modular switches and SummitStack.)

NOTE
Do not terminate a process that was installed since the last reboot unless you have saved your configuration. If you have installed a software module and you terminate the newly installed process without saving your configuration, your module may not be loaded when you attempt to restart the process with the start process command. To preserve a process’s configuration during a terminate and (re)start cycle, save your switch configuration before terminating the process. Do not save the configuration or change the configuration during the process terminate and re(start) cycle. If you save the configuration after terminating a process, and before the process (re)starts, the configuration for that process is lost.

You can also use a single command to stop and restart a running process during a software upgrade on the switch. By using the single command, there is less process disruption and it takes less time to stop

116

ExtremeXOS Concepts Guide, Software Version 12.3

Managing ExtremeXOS Processes and restart the process. To stop and restart a process during a software upgrade, use the following command:
restart process [class <cname> | <name> {msm <slot>}]

Where the following is true:

cname—Specifies that the software terminates and restarts all instances of the process associated with

a specific routing protocol on all VRs.

name—Specifies the name of the process.

Starting a Process
To start a process, use the following command:
start process <name> {msm <slot>}

In a SummitStack:
start process <name> {slot <slot>}

Where the following is true:
● ●

name—Specifies the name of the process. slot—For a modular chassis, specifies the slot number of the MSM/MM. A specifies the MSM/MM installed in slot A. B specifies the MSM/MM installed in slot B. On a SummitStack, specifies the slot number of the target node. The number is a value from 1 to 8. (This parameter is available only on modular switches and SummitStack.)

You are unable to start a process that is already running. If you try to start a currently running process, for example telnetd, an error message similar to the following appears:
Error: Process telnetd already exists!

NOTE
After you stop a process, do not change the configuration on the switch until you start the process again. A new process loads the configuration that was saved prior to stopping the process. Changes made between a process termination and a process start are lost. Else, error messages can result when you start the new process.

As described in the section, “Stopping a Process” on page 116, you can use a single command, rather than multiple commands, to stop and restart a running process. To stop and restart a process during a software upgrade, use the following command:
restart process [class <cname> | <name> {msm <slot>}]

In a SummitStack:
restart process [class <cname> | <name> {slot <slot>}]

For more detailed information, see the previous section or the ExtremeXOS Command Reference Guide.omm

ExtremeXOS Concepts Guide, Software Version 12.3

117

Managing the ExtremeXOS Software

Understanding Memory Protection
ExtremeXOS provides memory management capabilities. With ExtremeXOS, each process runs in a protected memory space. This infrastructure prevents one process from overwriting or corrupting the memory space of another process. For example, if one process experiences a loop condition, is under some type of attack, or is experiencing some type of problem, that process cannot take over or overwrite another processes’ memory space. Memory protection increases the robustness of the system. By isolating and having separate memory space for each individual process, you can more easily identify the process or processes that experience a problem. To display the current system memory and that of the specified process, use the following command:
show memory process <name> {slot <slotid>}

Where the following is true:
● ●

name—Specifies the name of the process. slot—On a modular chassis, specifies the slot number of the MSM/MM. A specifies the MSM/MM installed in slot A. B specifies the MSM/MM installed in slot B. On a SummitStack, specifies the slot number of the target node. The number is a value from 1 to 8. (This parameter is available only on modular switches and SummitStack.)

The show memory process command displays the following information in a tabular format:
● ●

System memory information (both total and free) Current memory used by the individual processes

The current memory statistics for the individual process also includes the following:
● ●

The module (MSM A or MSM B) and the slot number of the MSM/MM (modular switches only) The name of the process

You can also use the show memory {slot [slotid | a | b]} command to view the system memory and the memory used by the individual processes, even for all processes on all MSMs/MMs installed in modular switches. The slot parameter is available only on modular switches and SummitStack. In general, the free memory count for an MSM/MM or Summit family switch decreases when one or more running processes experiences an increase in memory usage. If you have not made any system configuration changes, and you observe a continued decrease in free memory, this might indicate a memory leak. The information from these commands may be useful for your technical support representative if you experience a problem.

118

ExtremeXOS Concepts Guide, Software Version 12.3

Monitoring CPU Utilization

Monitoring CPU Utilization
You can monitor the CPU utilization and history for all of the processes running on the switch. By viewing this history on a regular basis, you can see trends emerging and identify processes with peak utilization. Monitoring the workload of the CPU allows you to troubleshoot and identify suspect processes before they become a problem. By default, the switch monitors CPU utilization every 5 seconds. In addition, when CPU utilization of a process exceeds 90% of the regular operating basis, the switch logs an error message specifying the process name and the current CPU utilization for the process.

Disabling CPU Monitoring
To disable CPU monitoring, use the following command:
disable cpu-monitoring

This command disables CPU monitoring on the switch; however, it does not clear the monitoring interval. Therefore, if you altered the monitoring interval, this command does not return the monitoring interval to 5 seconds. The next time you enable CPU monitoring, the switch uses the existing configured interval.

Enabling CPU Monitoring
To enable CPU monitoring, use the following command:
enable cpu-monitoring {interval <seconds>} {threshold <percent>}

Where the following is true:

seconds—Specifies the monitoring interval. The default interval is 5 seconds, and the range is 5 to

60 seconds. Extreme Networks recommends the default setting for most network environments.

threshold—Specifies the CPU threshold value. CPU usage is measured in percentages. The default is 90%, and the range is 0% to 100%.

By default, CPU monitoring is enabled and occurs every 5 seconds. The default CPU threshold value is 90%.

Displaying CPU Utilization History
To display the CPU utilization history of one or more processes, use the following command:
show cpu-monitoring {process <name>} {slot <slotid>}

Where the following is true:
● ●

name—Specifies the name of the process. slot—For a modular chassis, specifies the slot number of the MSM/MM. A specifies the MSM installed in slot A. B specifies the MSM installed in slot B. On a SummitStack, specifies the slot number of the target node. The number is a value from 1 to 8. (This parameter is available only on modular switches and SummitStack.)

Output from this command includes the following information:

Card—The location (MSM A or MSM B) where the process is running on a modular switch.

ExtremeXOS Concepts Guide, Software Version 12.3

119

Managing the ExtremeXOS Software
● ●

Process—The name of the process. Range of time (5 seconds, 10 seconds, and so forth)—The CPU utilization history of the process or the system. The CPU utilization history goes back only 1 hour. Total User/System CPU Usage—The amount of time recorded in seconds that the process spends occupying CPU resources. The values are cumulative meaning that the values are displayed as long as the system is running. You can use this information for debugging purposes to see where the process spends the most amount of time: user context or system context.

The following is sample truncated output from a modular switch:
show cpu-monitoring CPU Utilization Statistics - Monitored every 5 seconds ------------------------------------------------------------------------------Card 5 10 30 1 5 30 1 Max Total secs secs secs min mins mins hour User/System util util util util util util util util CPU Usage (%) (%) (%) (%) (%) (%) (%) (%) (secs) ------------------------------------------------------------------------------MSM-A MSM-B MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A MSM-A ... System System GNSS_cpuif GNSS_ctrlif GNSS_esmi GNSS_fabric GNSS_mac_10g GNSS_pbusmux GNSS_pktengine GNSS_pktif GNSS_switch aaa acl bgp cfgmgr cli devmgr dirser dosprotect eaps edp elrp ems epm esrp etmon 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 1.9 0.0 0.0 0.0 0.0 0.0 0.9 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.9 0.0 0.0 0.0 0.0 0.9 0.0 0.0 0.0 0.0 0.0 0.4 0.1 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.3 0.0 0.0 0.0 0.0 0.4 0.0 0.0 0.0 0.0 0.0 0.6 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 3.7 48.3 0.9 0.0 0.0 0.0 0.0 0.0 0.0 0.9 0.0 1.2 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 1.2 9.6 0.3 0.0 0.0 0.0 0.0 0.0 0.0 0.1 0.0 1.1 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 1.2 2.5 0.2 0.0 0.0 0.0 0.0 0.0 0.0 0.2 0.0 1.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 1.3 2.1 0.2 0.0 0.0 0.0 0.0 0.0 0.0 0.2 0.0 1.0 0.9 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 8.4 7.5 5.2 27.3 48.3 17.1 9.5 3.8 8.4 10.2 8.4 12.2 4.7 7.5 23.3 Process

0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.82 0.37 0.27 7.70 0.51 2.22 0.0 0.20 2.40 0.99 0.44 1.1 2.6 0.44 21.84

0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.56 0.33 0.42 7.84 0.37 2.50 0.0 0.26 1.40 0.47 0.28 1.16 4.18 0.36 7.24

120

ExtremeXOS Concepts Guide, Software Version 12.3

Monitoring CPU Utilization The following is sample truncated output from a Summit family switch:
CPU Utilization Statistics - Monitored every 25 seconds ----------------------------------------------------------------------Process 5 10 30 1 5 30 1 Max Total secs secs secs min mins mins hour User/System util util util util util util util util CPU Usage (%) (%) (%) (%) (%) (%) (%) (%) (secs) ----------------------------------------------------------------------System aaa acl bgp cfgmgr cli devmgr dirser dosprotect eaps edp elrp ems epm esrp etmon ... n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.9 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.1 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.2 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.5 0.0 0.0 0.0 0.8 0.0 0.0 0.0 0.0 0.1 0.0 0.0 0.0 0.0 0.0 0.5 34.6 1.8 0.0 12.6 39.8 0.0 19.5 0.0 0.0 5.5 11.1 0.0 0.0 30.7 2.7 30.5

1.72 0.40 11.18 4743.92 0.59 74.44 0.0 0.8 36.40 10.92 0.49 1.19 48.74 0.82 4865.78

0.78 0.24 2.21 3575.79 0.42 24.52 0.0 0.12 15.41 3.97 0.44 1.29 32.93 0.45 873.87

ExtremeXOS Concepts Guide, Software Version 12.3

121

Managing the ExtremeXOS Software

122

ExtremeXOS Concepts Guide, Software Version 12.3

4

Configuring Stacked Switches

This chapter includes the following sections:
● ● ● ● ● ● ● ●

Overview on page 123 Logging into a SummitStack on page 135 Configuring a New Stack on page 137 Converting a Standalone Node Deployment to a Stack on page 143 Configuration Tasks for SummitStack on page 144 Managing an Operating SummitStack Troubleshooting a Stack on page 175 FAQs on SummitStack on page 182

Overview
SummitStack allows you to physically connect up to eight individual Summit switches together as a single logical unit. This logical unit behaves as a single switch with a single IP address and a single point of authentication. In ExtremeXOS, a stack is controlled by a master switch, called the master. The master switch runs full ExtremeXOS and is responsible for maintaining all of the software tables for all the switches in the stack. There can only be one master switch in a stack of switches. All switches in the stack, including the master switch, are called nodes. A SummitStack can be thought of as a virtual chassis. Each node acts as if it was occupying a slot in a chassis and is controlled by the master. The high-speed stacking links function like the backplane links of a chassis. The master switch stores any configuration information for the stack in its primary and secondary flash memory. Since the master switch has the knowledge of the state and the configuration of all the other switches in the stack, it can respond to all external requests for those switches. For example, the master switch can respond to a request for SNMP information from all ports within the stack.

NOTE
SummitStack features are supported only on the platforms listed for this feature in the license tables in Appendix A, “ExtremeXOS Software Licenses.” All participants in a stack must run the same image version.

This section introduces the following SummitStack topics:
● ● ● ●

SummitStack Terms on page 124 SummitStack Compatible Switches on page 126 SummitStack Topologies on page 126 Stack Depth on page 130

ExtremeXOS Concepts Guide, Software Version 12.3

123

Configuring Stacked Switches

Understanding SummitStack Configuration Parameters, Configuration Files, and Port Numbering on page 130 Understanding Stacking Link Overcommitment on page 131 About SummitStack Logging Messages on page 131 About QoS in Stacking on page 132 About Power Management and Power Over Ethernet on Stacking on page 133 About Stacking Node Roles, Redundancy, and Failover on page 134 About the Failsafe Account on SummitStack Nodes on page 135

● ● ● ● ● ●

SummitStack Terms
Table 20 describes the terms used in SummitStack. These terms are listed in the recommended reading sequence.

Table 20: List of Stacking Terms
Term Stackable Switch Stacking Port Description A Summit family switch that provides two stacking ports and can participate in a stack. A physical interface of a stackable switch that is used to allow the connection of a stacking link. Stacking ports are point-to-point links that are dedicated for the purpose of forming a stack. A wire that connects a stacking port of one stackable switch to a stacking port of another stackable switch, plus the stacking ports themselves. A node is a stackable switch that runs the ExtremeXOS operating system. The terms node and stackable switch are used interchangeably in this chapter. A stack is a set of stackable switches and their connected stacking links made with the intentions that: (1) all switches are reachable through their common connections; (2) a single stackable switch can manage the entire stack; and (3) configurable entities such as VLANs and link trunk groups can have members on multiple stackable switches. A stack consists of all connected nodes regardless of the state of these nodes. A contiguously connected set of nodes in a stack that are currently communicating with one another. All nodes that appear in the show stacking command display are present in the stack topology. A data path that is formed over the stacking links for the purpose of determining the set of nodes that are present in the stack topology and their locations in the stack. Every node is always present in a stack path whether or not stacking is enabled on the node. A data path that is formed over the stacking links that is dedicated to carrying control traffic, such as commands to program hardware or software image data for software upgrade. A node must join the control path to fully operate in the stack. A node that is disabled for stacking does not join the control path, but does communicate over the stack path. A node that has joined the control path. The active node can forward the control path messages or can process the control path messages. It can also forward data traffic. Only an active node can appear as a card inserted into a slot when the show slot {<slot> {detail} | detail } command is executed on the master node of the stack.

Stacking Link Node Stack

Stack Topology

Stack Path

Control Path

Active Node

124

ExtremeXOS Concepts Guide, Software Version 12.3

Overview

Table 20: List of Stacking Terms (Continued)
Term Active Topology Description A contiguous set of active nodes in a stack topology plus the set of stacking links that connect them form the active topology. When an active topology consists of more than one node, each node in the active topology is directly and physically connected to at least one other node in the active topology. Thus, the active topology is a set of physically contiguous active nodes within a stack topology.

NOTE
A node in the stack topology may not necessarily be a member of the active topology. Candidate Node A node that is a potential member of an active topology is called a candidate node. An active node is also a candidate node. Unlike an active node, a candidate node may not have joined the control path. A node in the active topology plays a role in the stack. There are three node roles: master (or primary), backup, and standby. A node that is elected as the master (or primary) runs all of the configured control protocols such as OSPF, RIP, Spanning Tree, EAPS, and so forth. The master node controls all data ports on itself, the backup node, and all standby nodes. The master node issues specific programming commands over the control path to the backup or standby nodes to accomplish this purpose. Backup Node Role The node that is operating in the Backup node role takes over the master node role if the master node fails. The master node keeps the backup node databases in synchronization with its own database in preparation for this event. Upon transfer of role, the backup node becomes the master node and begins operating with the databases it has previously received. This allows all other nodes in the stack to continue operating even after the master node fails. A node that is executing the standby node role is prepared to become a backup node in the event that the backup node becomes the master node. When becoming a backup node, the new master node synchronizes all of its databases to the new backup node. As a standby node, most databases are not synchronized, except for those few that directly relate to hardware programming. A standby or backup node is normally acquired by a master node. This means the master node has used its databases to program the hardware of the standby or backup node. The standby or backup node has acted as a hardware programming proxy, accepting the instructions of the master node to do so. An acquired standby node does not maintain the databases needed to reflect why the hardware is programmed as it is; however, a backup node does. An acquired node can only be re-acquired (without a reboot) by the backup node when that backup node becomes a master node, and only if both the backup and standby nodes were already acquired by the same master node at the time of its failure. This is the set of ports provided by a stackable switch that are available to you for connection to your data networks. Such ports can be members of a user configured VLAN or trunk group, and can be used for layer 2 and 3 forwarding of user data traffic or for mirroring, or other features you can configure. This term does not refer to stacking ports. When a node that is executing the master node role in a stack fails, a failover is initiated. If there is a node that is executing the backup node role, and if the node has completed its initial synchronization with the master node before it failed, the backup node takes on the master node role. The standby nodes continue their operation, and their data ports do not fail.

Node Role Master Node Role

Standby Node Role

Acquired Node

Data Ports

Failover

ExtremeXOS Concepts Guide, Software Version 12.3

125

Configuring Stacked Switches

Table 20: List of Stacking Terms (Continued)
Term Hitless Failover Hitless Upgrade Description A failover whereby all data ports in the stack, except those of the failing master node, continue normal operation when the master node fails. This is an operation where an upgrade of the software image and the commencement of the new image execution is possible without interrupting data traffic or forcing any network reconvergence. This version of SummitStack does not support hitless upgrade. Stacking nodes are uniquely identified by their node address. This is actually the MAC address that was factory assigned to each node. This is the process that determines the role for each node. The election takes place during initial stack startup and elects a master and a backup node. An election also takes place after a master node failover, when a new backup node is elected from the remaining standby nodes. For each node, the stack computes a priority to be used in node role election. The node with the highest node role election priority during a role election becomes the master node. The node with the second highest node role election priority becomes the backup. This is a node that has achieved operational state as a card in a slot. The operational state can be displayed using the show slot {<slot> {detail} | detail } command. This is the amount of time that has passed since a stack first elected a master node after the stack last rebooted. The time can be displayed on a master node by entering the show switch {detail} command. This is a collection of nodes that form a stack topology. The term is useful when a stack is severed. Each severed portion of the stack is referred to as a stack segment. A state assigned by the stack to a node. This can be displayed using the command show stacking. Easy-setup is a procedure that configures the essential stack parameters of every node for initial stack deployment, and automatically reboots the stack to put the parameters into effect. The choice to run easy-setup is offered when the enable stacking {node-address <node-address>} command is run and the essential stacking parameters are unconfigured or inconsistent. It can also be invoked directly by running the configure stacking easysetup command.

Node Address Node Role Election

Node Role Election Priority

Operational Node

System UpTime

Stack Segment

Stack State Easy-Setup

SummitStack Compatible Switches
Appendix A, “ExtremeXOS Software Licenses,” lists the platforms that are supported by the SummitStack feature.

SummitStack Topologies
Figure 1 presents a graphical representation of a stack and some of the terms that describe stack conditions.

126

ExtremeXOS Concepts Guide, Software Version 12.3

Overview

Figure 1: Stack and Topologies

Switch 1

Active topology

Switch 2

Switch 3 Stack topology Stack Switch 4 Failed node Switch 5 SummitStack disabled Switch 6 SummitStack disabled Switch 7 No power Switch 8
BD_162

A stack is the collection of all nodes that are cabled together in a stack. A stack topology is the set of contiguous nodes that are powered up and communicating with each other. Switch 8 is not part of the stack topology in Figure 1 because it is not powered up. An active topology is the set of contiguous nodes that are active. An active node is powered up, configured for SummitStack operation, and communicating with the other active nodes. Switch 5 in Figure 1 has failed, and stacking is disabled on Switch 6 and Switch 7. Switch 8 has no power, so the active topology includes switches: Switch 1, Switch 2, Switch 3, and Switch 4. For more information on SummitStack terminology, see “SummitStack Terms” on page 124. This section introduces the following topologies and topics:
● ● ●

Ring Topology on page 127 Daisy Chain Topology on page 129 Stack Depth on page 130

Ring Topology
SummitStack nodes should be connected to each other in a ring topology. In a ring topology, one link is used to connect to a node and the other link is used to connect to another node. The result forms a

ExtremeXOS Concepts Guide, Software Version 12.3

127

Configuring Stacked Switches physical ring connection. This topology is highly recommended for normal operation. Figure 2 shows a maximal ring topology of eight active nodes.

Figure 2: Graphical Representation of a Ring Topology

BD_163

While a physical ring connection may be present, a ring active topology only exists if all nodes in the stack are active nodes.

Figure 3: Summit X450 Series in a Ring Topology

BD_159A

128

ExtremeXOS Concepts Guide, Software Version 12.3

Overview

Daisy Chain Topology
The stackable switches may be connected in a daisy-chain topology. This is a ring topology with one of the links disconnected, inoperative, or disabled. A daisy chain can be created when a link fails or a node reboots in a ring topology, but the daisy chain topology is not recommended for normal operation. In Figure 4, the nodes delineated as the active topology are operating in a daisy-chain configuration, even though there is physically a ring connection in the stack. NOTE
The daisy chain topology is not recommended for normal operation.

Figure 4: X250 Series in Daisy-Chain Topology

BD_153A

You might need to use a daisy chain topology while adding a new node, removing a node, or while joining two stacks. If you are using a daisy chain topology, the possibility of a dual master situation increases. So before you create a daisy chain topology, read “Managing a Dual Master Situation” on page 176.

ExtremeXOS Concepts Guide, Software Version 12.3

129

Configuring Stacked Switches

NOTE
The maximum cable length supported by ExtremeXOS is 5 m.

Stack Depth
A maximum of eight (8) nodes are supported in the active topology. The slot number configuration assigns only numbers from one (1) to eight (8). The stack tolerates an accidental connection of up to 17 nodes. Because only eight nodes can join an active topology, there should never be an accidental connection of two stacks resulting in more than 16 nodes. If you have more than 17 nodes in a stack topology, all nodes enter an overflow state and all stacking links enter a link overflow state. While in an overflow state, the active topology does not function. All slots containing active nodes show a Failed state. The overflow state is maintained until the overflow is cleared by manually disconnecting a sufficient number of nodes. After the overflow is cleared, all nodes in the stack topology reboot. To see all the nodes in a stack topology, use the show stacking command.

Understanding SummitStack Configuration Parameters, Configuration Files, and Port Numbering
The stacking configurations are stored in the NVRAM of each node. Some of these configurations take effect only during the next node restart.

Table 21: Stacking Configuration Items, Time of Effect and Default Value
Configuration Item Stacking Mode Slot Number Master-Capable License Restriction Priority Alternate IP Address Stack MAC Takes Effect at boot time at boot time at boot time at boot time at the next master election immediately at boot time Default Value Disabled 1 Yes Not configured Automatic Not configured Not configured

Stacking parameters, such as mode, slot number, etc., can be configured from a single unit in the stack topology. You can change the stacking-specific configuration even when a node is not in stacking mode but is connected to the stack. The target node for the configuration must be powered on and running a version of ExtremeXOS that supports stacking. Further, the node need not be in stacking mode and can be in any node role. Most ExtremeXOS configuration parameters are not stored in NVRAM, but are instead stored in a configuration file. Configurations stored in NVRAM are those that are needed when the configuration file is not available. The configuration file chosen for the stack is the one selected on the master node that is first elected after a stack restart.

130

ExtremeXOS Concepts Guide, Software Version 12.3

Overview The data (non-stacking) port numbers, in the existing configuration files (which were created when not in stacking mode), are simple integer quantities. On a stack, the data port numbers are expressed as slot:port; where the slot is an integer representing the slot and port is an integer representing the port. For example: 1:2. The configuration file contains an indication that it was created on a stackable switch in stacking mode. The indication is the stacking platform ID. Thus when in stacking mode, the ports are referenced in the configuration file with the slot:port notation and when not in stacking mode, the ports are referenced as simple integers. When the stack restarts, if a switch becomes the master and its selected configuration file was not created in stacking mode, the configuration file is de-selected, and the stack completes its restart using a default configuration. In addition, if the previously selected file was named with one of the default names (primary.cfg or secondary.cfg), the file is renamed to old_non_stack.cfg. Similarly, if a switch is configured not to operate in stacking mode and the selected configuration file was created in stacking mode, the configuration file is de-selected, and the switch boots with a default configuration. In addition, if the file was named with one of the default names (primary.cfg or secondary.cfg), the file is renamed to old_stack.cfg. The renamed file replaces any file that exists with the same name; the existing file is deleted.

Understanding Stacking Link Overcommitment
The stack is formed by each node supplying a pair of full-duplex 10Gbps stacking ports. Each node can operate on a stack with up to 20 Gbps full duplex throughput. Even though two links are available, the links might not be fully utilized. For example, suppose there is a ring of eight nodes and the nodes are numbered clockwise from 1 to 8. Suppose node 1 wants to send 10Gbps of unicast traffic to each of node 2 and node 3. The shortest path topology forces all traffic from node 1 over the link to node 2. Traffic from node 1 to node 3 passes through node 2. Thus, there is only 10Gbps available. However, if node 1 wanted to send 10Gbps to node 2 and node 8, there would be 20Gbps available because both links connected to node 1 would be used. In a ring of eight nodes, between any two nodes (with one exception), only one link is used. If the devices provide 48 1Gbps Ethernet ports, the overcommitment ratio between two such nodes is approximately 5:1. The exception is if there is an equal distance between the nodes. In this case, if both nodes are 48-port nodes, the nodes are grouped into two groups of 24 ports (by the hardware architecture), and thus it is possible to use both directions around the stack.

About SummitStack Logging Messages
Each node might generate log messages through the usual logging mechanism. On backup and standby nodes, a log target and related filter is automatically installed. The log target is the master node. The filter allows all messages that have a log level of warning, error, or critical to be saved in the log file of the master node. If the master node changes, the log target is updated on all the remaining nodes. You can also log in to any node in the active topology and see the complete log of the node.

ExtremeXOS Concepts Guide, Software Version 12.3

131

Configuring Stacked Switches

About QoS in Stacking
Each SummitStack uses QoS on the stacking links to prioritize the following traffic within the stack:
● ● ●

Stack topology control packets ExtremeXOS control packets Data packets

For stack performance and reliability, the priority of control packets is elevated over that of data packets. This is done to prevent control packet loss and avoid the timed retries that can lower performance. It is also done to prevent unneeded stack topology changes that can occur if enough stack topology information packets are lost. For these reasons, SummitStack reserves one QoS profile to provide higher priority to control packets. The following sections describe the differences in QoS while using it in SummitStack:
● ● ● ● ● ●

QoS Profile Restrictions on page 132 QoS Scheduler Operation on page 132 Processing of Packets Received With 802.1p Priority 6 on page 133 Effects on 802.1p Examination on page 133 Effects on DiffServ Examination on page 133 Effects on Port QoS and VLAN QoS on page 133

QoS Profile Restrictions
In stacking mode, CoS level 6 (which is hardware queue 6) is reserved for stacking, so you cannot create quality profile QP7. Because QP7 cannot be created, you cannot use hardware queue 6 to assign CoS level 6 to a packet. However, you can assign CoS level 6 to an egress packet using the technique described in “Processing of Packets Received With 802.1p Priority 6” on page 133. NOTE
This restriction is applicable only when the stackable switch is operating in stacking mode.

QoS Scheduler Operation
In stacking mode, the QoS scheduler operation is different for the stacking ports and the front panel data ports. The scheduler for front panel data ports operates the same as for standalone Summit family switches and is managed with the following command:
configure qosscheduler [strict-priority | weighted-round-robin]

The scheduler for the stacking ports is defined by the software when the stack is configured, and it cannot be modified. For all switches except the Summit X450-24t and X450-24x switches, the scheduler is set to strict-priority for the stacking ports, and meters are used to elevate the queue 6 priority above the priority of the other queues. This is the preferred scheduling method for SummitStack switches. For the Summit X450-24t and X450-24x switches, the scheduler is set to weighted-round-robin for the stacking ports, and queue weights are used to elevate the queue 6 priority above the priority of the other queues. The Summit X450-24t and X450-24x switches cannot support the preferred scheduling method. If you experience problems with dropped data packets, you might want to replace these types of switches with other Summit family switches.

132

ExtremeXOS Concepts Guide, Software Version 12.3

Software Version 12.1p egress value to 6 without affecting the QoS profile assignment as shown in the example below: entry VoIPinSummitStack { if { IP-TOS 46. 802. Each X450e-XXp or X250e-XXp switch is equipped with its own independent power supply that provides power for the PoE ports on that switch.1p priority level 6 remains on at the lowered precedence. You can create other QoS profiles and can change this mapping as needed. the examination happens at a lower precedence than that of all other traffic groupings. the 802.1p priority examination performed when 802.1p examination is turned on. The actual priority levels that are used for such packets are the defaults (QP1).1p Examination You can turn off 802. Power is not shared with other switches in the stack. and priorities 6 through 0 are mapped to QoS profile QP1.1p examination.1p Examination feature is turned off.1p examination for packets arriving at 802. } then { replace-dot1p-value 6.1p examination always maps packets with priority 6 to other CoS levels. In addition.1p examination is disabled when the feature is turned off. About Power Management and Power Over Ethernet on Stacking The power management for Power over Ethernet (PoE) is applicable only if there are one or more X450e-XXp or X250e-XXp switches on the stack. } } NOTE This ACL rule entry is not supported on Summit X450-24t and X450-24x switches. The mapping you have configured for priority 6 remains in effect. or the values last configured using the configure dot1p type <dot1p_priority> {qosprofile} <qosprofile> command. 802.Overview Processing of Packets Received With 802. Effects on DiffServ Examination When DiffServ Examination and 802. ExtremeXOS Concepts Guide. the examination is adjusted to apply to all packets. Since you cannot create QP7 in stacking mode. and changes accordingly if you subsequently change the mapping. Priority 7 is mapped to QoS profile QP8. Effects on Port QoS and VLAN QoS Port QoS and VLAN QoS has a higher precedence than the 802. and is therefore unaffected. However.1p Priority 6 By default. Effects on 802. you can use an ACL rule entry to set the 802.1p Examination are both turned off. When stacking is enabled. the examination remains turned on for priority 6.3 133 . When stacking is not enabled. However. all 802.

134 ExtremeXOS Concepts Guide. Redundancy. and Failover ExtremeXOS supports control plane redundancy and hitless failover. the backup node becomes the master node. About Stacking Node Roles. it reboots. At failover time. Hitless failover is supported to the extent that the failing master node and all of its ports are operationally lost. The following stacking CLI commands are applicable only to Summit X450e-48p: ● ● ● ● ● ● configure inline-power budget <num_watts> {slot <slot>} configure inline-power disconnect-precedence [deny-port | lowest-priority] configure inline-power priority [critical | high | low] ports <port_list> unconfigure inline-power disconnect-precedence unconfigure inline-power priority ports [all | <port_list>] show power slot These commands are available in stacking mode and only function on a slot that contains an X450e-48p. When a standby node is acquired by a master node. A master node that detects the loss of an acquired standby node indicates that the slot the standby node occupied is now Empty and flushes its dynamic databases of all information previously learned about the lost standby node.4 watts per PoE port for all 24 ports.Configuring Stacked Switches PoE configuration and status are maintained on the master node. When a backup node transitions to the master node role. a new backup node is selected from the remaining standby nodes that are configured to be master capable. the PoE capability of the X450e-48p varies depending on the number of power modules present. After the failover. but all other nodes and their provided ports continue to operate. including the loss of supplied power on any PoE ports that the node provided. Status is gathered on the master by querying the PoE hardware on each switch. the standby node learns the identity of its backup node. it activates the Management IP interface that is common to the whole stack. the IP address remains reachable. The following power management CLI commands are not supported on a X450e-24p: ● ● configure inline-power priority [critical | high | low] ports <port_list> configure inline-power disconnect-precedence [deny-port | lowest-priority] The X450e-48p contains an optional external modular Power Supply Unit (PSU) that can provide redundant PoE power or full PoE power to all ports depending on the EPS-C/EPS600LS configuration.3 . When using the EPS-C/EPS600LS. A stack supports control plane redundancy and hitless failover. This can be seen using the show switch {detail} command on the master node and noting that the new backup node is In Sync. The master node synchronizes a minimal subset of its databases with the standby nodes. Configuration information is sent by the master to the hardware on each PoE capable switch to be controlled by the local PoE hardware on that switch. If you have correctly configured an alternate management IP address. Software Version 12. The power supply for each X450e-24p switch is capable of providing a full 15. All operational databases are then synchronized from the new master node to the new backup node. When a standby node loses contact with both its acquiring master and backup nodes. Another hitless failover is possible only after the initial synchronization to the new backup node has completed.

When a non-master node fails. When a backup node transitions to the master node role and detects that the master node has not already synchronized a minimal subset of its databases with a standby node. and all show stacking commands show correct data.3 135 . most show commands do not show correct data for the current stack operation. If a node is connected to the stack and stacking is not enabled. a node that reboots or is power cycled loses all of its connections to all networks for the duration of the reboot cycle. On backup nodes. ● ● ● The login security that is configured on the master node applies when logging into any node in the active topology. The failsafe account functions even when there is no master node in the stack. a standby node configured as master-capable is elected as the new backup. and stacking configuration commands work on any node. the standby node is restarted. The failsafe account cannot be deleted. About the Failsafe Account on SummitStack Nodes The failsafe account is a special user account that is set up in the default configuration (see “Failsafe Accounts” on page 54). That new backup node is then synchronized to the databases of the master node. However you can control more stack features when you log into the master. A node that is disabled for stacking is its own master. However. All other nodes exclude the failed node from the control path and any customer-configured VLANs. Any PoE ports that were providing power prior to the event do not supply power. but you can modify the user ID and password (see “Configuring the Failsafe Account on a Stack” on page 156). the failsafe account can only be accessed through the console port of a node. ExtremeXOS Concepts Guide. For example.Logging into a SummitStack A backup node restarts if the backup node has not completed its initial synchronization with the master node before the master node is lost. However. Logging into a SummitStack You can log into any node in a SummitStack. show vlan {detail {ipv4 | ipv6} | <vlan_name> {ipv4 | ipv6} | virtual-router <vrrouter> | <vlan_name> stpd | security} shows all configured VLANs. the master node marks the related slot as Empty. Reboot or Failure of a Non-Master Node If a backup node fails. most of the configuration commands are rejected. This includes any active node that is present in a slot. and so forth. mirroring ports. The following guidelines describe the options available to you when you log into different nodes: ● ● On master nodes. most show commands show correct data for the active stack. For all non-master nodes. By default. On standby nodes. enable license. On all non-master nodes. show licenses. and uses its own security configuration. trunk group ports. Software Version 12. the failsafe account. the show switch {detail}. you can still configure stacking features on that node. all features supported by the switch license operate correctly.

If you do not know the slot number of the node to which you want to connect. You have the most control over the stack when you log in to the master. see “Logging Into a Node From Another Node” on page 136). To determine which node is the master. you can use the telnet feature to connect to another node and manage that node as if you were connected to it (see “Logging Into a Node From Another Node” on page 136). If you connect to the master node. see “Configuring an Alternate IP Address and Gateway” on page 153. The alternate management IP addresses allow you to connect to individual nodes from your management network. After you log in to a master or standby node through the management network. Software Version 12. you can configure and manage the stack.3 . you can connect to the node through the its console port or management port. For more information. For more information. if the stack is split. you connect to the stack using the primary management IP address. you can telnet to any other node and control that node as if you were directly connected to it. Logging in from the Management Network The management network is an Ethernet network to which the management port of each switch connects. Logging Into a Node From Another Node You may log into any node in the active topology from any other node in the same active topology. enter the show slot command. NOTE If the node to which you want to connect does not appear in the show slot {<slot> {detail} | detail } command display. However. If you connect to a non-master node. you can use the alternate management IP address to connect to the other half of the stack. The primary management IP address is assigned to the master node. you can view node status and configure only a few options from the node to which you are connected. use the command show stacking. enter the command: telnet slot <slot-number> 136 ExtremeXOS Concepts Guide. You can use a terminal emulation program and this IP address to connect to the master for configuration and management. To telnet to another node. You can telnet to any switch that appears in the show slot command display.Configuring Stacked Switches You can log in to a SummitStack node using the following methods: ● ● ● ● Console connection to any node Management connection to the master Management connection to a standby node Telnet session over the stack from any active node to any other node in the same active topology Logging in Through the Console Port You can use the console port on any switch to manage the SummitStack. However. During normal operation.

image upgrade from the stack is possible only if the same image is selected on all nodes. However. You can physically connect the stack to your networks before the nodes are configured. Extreme Networks recommends that you use the same image partition on all nodes.3 137 . When first powered on. Use stacking cables to interconnect the stack nodes into a ring topology (see “SummitStack Topologies” on page 126). possibly resulting in network loops. The switches must be active in the stack for this command to function. When the telnet program accepts a connection from another node in the stack. For more information. You can configure the SummitStack by logging into the master or any of the other nodes. If any of the nodes do not have the right version. install the correct version on that switch. refer to the hardware documentation. Only include the nodes that are intended to be active in the stack. The telnet slot <slot-number> command accepts a slot number in stacking mode. A basic stack configuration can be achieved by using the procedure described in “About Easy Setup” on page 138. and plan to directly connect these nodes to each other so that ExtremeXOS application synchronization traffic is localized to a single stack link. regardless of the node into which you are attempting to establish a login. However. see “Logging into a SummitStack” on page 135. If you intend to deploy new units that might be part of a stack in the future. The master node validates all login security information (except for the failsafe account). Physically locate the intended master and backup nodes adjacent to each other. most non-stacking configuration commands take effect immediately and require no restart. it performs security validation. the switch acts as a layer 2 switch. Make sure all nodes support the SummitStack feature (see Appendix A. log in normally. You need to decide the number and type of stackable switches in the stack and how the stack ports will be connected to the network. The only disadvantages of stacking mode are the loss of the two QoS profiles QP6 and QP7 and the reservation of some of the packet buffer space for stacking control traffic. ● ● ● ● ● ● ● ● ● ExtremeXOS Concepts Guide. “ExtremeXOS Software Licenses”) and are running the same ExtremeXOS software version. the default configuration on a non-stacking mode switch assumes a default untagged VLAN that contains all switch ports. If you are not able to log in using your user credentials. consider the following guidelines: ● Plan to use the stack as if it were a single multi-slot switch.Configuring a New Stack When prompted. To see the recommended procedures for installing and interconnecting a stack. If the stackable switches have different purchased license levels. Most stacking specific configurations are effective only after a restart (see Table 21). To view the ExtremeXOS software version on a node. Software Version 12. Configuring a New Stack Before deploying a new stack. use the failsafe account to log in. restart the node and run the command show version {detail | process <name> | images {partition <partition>} {slot <slotid>} }. you might need to configure license level restrictions on some nodes before those nodes can join the stack (see “Managing Licenses on a SummitStack” on page 157). you might want to turn on stacking mode during initial deployment to avoid a future restart. Once stacking is enabled.

Otherwise. if needed. 4 Log in to any of the nodes through the console port. before invoking Easy Setup. The Easy Setup procedure creates a stack with a master and a backup. Easy Setup provides you an easy way to configure the required stacking parameters for all nodes. 3 If the stack contains any Summit X650 switches. preferably the one you want to use as the master. You can also start Easy Setup by entering the configure stacking easy-setup command. 138 ExtremeXOS Concepts Guide. The following sections provide information on configuring a new stack: ● ● ● About Easy Setup on page 138 Configuration Procedure on page 138 Example: Deploying a New Stack on page 139 About Easy Setup Using Easy Setup. Instructions for setting up the stacking hardware are provided in the hardware documentation. log into the intended master node. 5 Run the show stacking command to verify the stack. or any Layer 2 redundancy protocol is not running on the network. The remaining nodes are configured with the master capability disabled. Spanning Tree.3 . Easy Setup instead designates the node at the beginning of the chain as the master. you can configure a stack without entering many of the stacking CLI commands. The configuration procedure described in the next section starts Easy Setup. and executes the command configure stacking redundancy none. Extreme Networks recommends that you configure the stacking license restriction (see “Managing Licenses on a SummitStack” on page 157). 2 Power on the nodes. you need to make sure that your network connections do not form a network loop.Configuring Stacked Switches NOTE If EAPS. the default parameters are in effect. Configuration Procedure To configure a new stack: 1 Physically connect the nodes using the stacking ports. All nodes are in a disabled state and all nodes appear as master nodes. Software Version 12. If the stack is a new stack. configure those switches to use the stacking ports as described in “Enabling Summit X650 Stacking Ports” on page 145. Easy Setup performs the functions of the following five commands required to configure and activate the stack: enable stacking configure stacking slot-number automatic configure stacking mac-address configure stacking redundancy minimal reboot stack-topology In a daisy chain topology (which is not recommended). If you plan to use Easy Setup. an additional stack reboot might be needed. The show stacking command should display all nodes in the stack.

If the stack configuration is successful: ● ● ● ● All nodes are visible in the stack. All nodes move to the active state. Example: Deploying a New Stack This section provides an example of deploying a new stack with 8 nodes. 17 Configure other normal parameters such as VLANs. 18 Save the configuration (see “Saving the Configuration” on page 156). Some time after the nodes become active. Node 1 is assigned to slot 1 and becomes the master. After the roles are finalized. Node 3 to Node 8 are assigned slots 3 to 8. By default. you can see one master node. log in to the nodes and get the following information if you do not already have it: ● The software release installed on the node (show version {detail | process <name> | images {partition <partition>} {slot <slotid>} } command) The image selected (all nodes need to be operating from the same selected image). each node is present in the configured slot. Software Version 12. configure a license level restriction (see “Managing Licenses on a SummitStack” on page 157). and that node 8 has a purchased license level of Edge. show slot. so all previously entered configuration information (except for the NVRAM-based stacking parameters. which is described in “About Easy Setup” on page 138. 15 (Optional) Configure an alternate management IP address on each node (see “Configuring an Alternate IP Address and Gateway” on page 153).Configuring a New Stack 6 If necessary. Before you begin the configuration. 13 Log in to the intended master node and verify the stack using show stacking. This command presents you the option of using the Easy Setup procedure. The purchased license information (show licenses command) ● ● For this example. 11 (Optional) Disable the master capability on selected nodes (see “Configuring Master-Capability” on page 152). and failsafe account information) is not available. 10 (Optional) Configure node priorities on each slot (see “Configuring Node Priority” on page 149). skip steps 7-11. 16 Configure a management IP network. run the command enable stacking from the master. 12 Restart the stack using the command reboot stack-topology. 7 Enable stacking on all nodes.3 139 . To enable stacking on all nodes. 8 Assign slot numbers to all nodes (see “Configuring Slot Numbers” on page 149). 9 Assign a MAC address to the stack (see “Assigning a MAC Address for the Stack” on page 150). and show stacking configuration commands. selected image. If you choose this option. new nodes have the primary image selected. respectively. and become standby nodes. trunk groups. The configuration is set to default values while entering the stacking mode. assume that all nodes except node 8 have a purchased Advanced Edge license level. one backup. IP subnetworks. 14 Verify that the master node is the one you intended to be the master. ExtremeXOS Concepts Guide. Node 2 is assigned to slot 2 and becomes the backup node. and a set of standby nodes. and so forth. which are numbered Node 1 through Node 8.

--*00:04:96:26:6c:df 1 Auto <none> <none> -c----.-----------------. 2 Log in to Node 1.------. (e) Stacking is configured Enabled.---.-00:04:96:26:6d:1f 1 Auto <none> <none> -c----.---. (A) Active Node (O) node may be in Other active topology * X450a-24x.3 # Since this example uses new nodes. or (E) Edge in use. indicates the node to which you have logged in. or (e) Edge configured.--*00:04:96:26:6c:df Disabled Master --00:04:96:26:6c:e3 Disabled Master --00:04:96:26:6b:e4 Disabled Master --00:04:96:26:6b:f7 Disabled Master --00:04:96:26:6b:ed Disabled Master --00:04:96:26:6b:ec Disabled Master --00:04:96:26:6d:1f Disabled Master --00:04:96:26:6a:e9 Disabled Master --* . (c) master-capable is configured.Configuring Stacked Switches To deploy the stack: 1 Power up all nodes. (c) Core.2 # show stacking configuration Stack MAC in use: <none> Node Slot Alternate Alternate MAC Address Cfg Cur Prio Mgmt IP / Mask Gateway Flags Lic -----------------.------. (i) Stack MACs configured and in use are not the same or unknown.-00:04:96:26:6b:e4 1 Auto <none> <none> -c----. 3 Run the show stacking command.-00:04:96:26:6c:e3 1 Auto <none> <none> -c----.2 # The stack topology is a ring and all the nodes are present in the stack. * X450a-24x.3 .----------.1 # show stacking Stack Topology is a Ring This node is not in an Active Topology Node MAC Address Slot Stack State Role Flags -----------------. The safe-default-script may be displayed at this time. The asterisk (*) before a node in the above display.-00:04:96:26:6b:f7 1 Auto <none> <none> -c----.Indicates this node Flags: (C) Candidate for this active topology. accept the default answer to each question. (a) Advanced edge. (E) Stacking is currently Enabled. (M) Stack MAC in use.--.--.Indicates this node Flags: (C) master-Capable in use. if you have not already done so. 140 ExtremeXOS Concepts Guide. (m) Stack MACs configured and in use are the same.-* . Software Version 12.-00:04:96:26:6b:ec 1 Auto <none> <none> -c----.-00:04:96:26:6b:ed 1 Auto <none> <none> -c----.-00:04:96:26:6a:e9 1 Auto <none> <none> -c----. (-) Not in use or not configured License Level Restrictions: (C) Core. for now. the factory defaults are displayed. (A) Advanced edge. 4 Display a summary of the configurations of all nodes in the stack using the command show stacking configuration: * X450a-24x.--------------. (-) Not in use or not configured * X450a-24x. If so. Node 1 is at the top and Node 8 at the bottom.

You may configure the failsafe account now. 6 From the master.Indicates this node Flags: (C) Candidate for this active topology.configure a stack MAC address . * X450a-24x.. and other related values are saved in non-volatile storage in all active nodes.---. Software Version 12.----------.. 8 Run the show stacking and show stacking configuration commands to verify the configuration.7 # configure stacking license-level edge This command will take effect at the next reboot of the specified node(s). Select the values for normal operation. this command will alter that configuration.Configuring a New Stack 5 Configure a license restriction of Edge so that node 8 can come up in the stack.------.configure redundancy to minimal (slot 1 will be the master node) Upon completion. Note that it is preferable to upgrade the license of node 8 instead of restricting the license level of the entire stack as is shown here. Warning: If stacking is already configured. For every node in the 8-node stack. * Slot-1 Stack. The safe-default-script starts.. 7 Log in to Node 1. this command will: . * X450a-24x. At this time.enable stacking . (A) Active Node (O) node may be in Other active topology ExtremeXOS Concepts Guide.choose and configure a slot number (this node will be assigned to slot 1) .1 # show stacking Stack Topology is a Ring Active Topology is a Ring Node MAC Address Slot Stack State Role Flags -----------------. Rebooting.. Do you wish to proceed? (y/N) Yes Stacking configuration is complete. the normal login security information is set to the defaults. use the Easy Setup option to enable stacking on all nodes.3 141 . password.3 # enable stacking You have not yet configured all required stacking parameters. After a time the following message appears: Authentication Service (AAA) on the master node is now available for login. so use the default admin account with no password to log in. the stack will automatically be rebooted into the new configuration. The failsafe account user id.--*00:04:96:26:6c:df 1 Active Master CA00:04:96:26:6c:e3 2 Active Backup CA00:04:96:26:6b:e4 3 Active Standby CA00:04:96:26:6b:f7 4 Active Standby CA00:04:96:26:6b:ed 5 Active Standby CA00:04:96:26:6b:ec 6 Active Standby CA00:04:96:26:6d:1f 7 Active Standby CA00:04:96:26:6a:e9 8 Active Standby CA* . Would you like to perform an easy setup for stacking operation? (y/N) Yes Executing "configure stacking easy-setup" command.

(i) Stack MACs configured and in use are not the same or unknown.Ee 00:04:96:26:6d:1f 7 7 Auto <none> <none> --EeMm. or (E) Edge in use.Ee 00:04:96:26:6b:ec 6 6 Auto <none> <none> --EeMm. * X450a-24x. (e) Stacking is configured Enabled.13.13. Also notice that the platform has changed from X450a-24x to Stack.------.4 # 10 Configure a block of IP addresses and a gateway for the alternate management IP functionality. (m) Stack MACs configured and in use are the same.66.---. 142 ExtremeXOS Concepts Guide.-----------------.3 # show slot Slots Type Configured State Ports -------------------------------------------------------------------Slot-1 X450a-24x Operational 26 Slot-2 X450a-24xdc Operational 26 Slot-3 X450a-24tdc Operational 26 Slot-4 X450a-24tdc Operational 26 Slot-5 X450a-24tdc Operational 26 Slot-6 X450a-24tdc Operational 26 Slot-7 X450a-24xdc Operational 26 Slot-8 X450e-48p Operational 50 * Slot-1 Stack.8 # config stacking alternate-ip-address 10. run the command show slot on the master: * Slot-1 Stack.3 # The user prompt contains the slot number on which the console session is running. or (e) Edge configured. (c) master-capable is configured.66. (M) Stack MAC in use.Ee 00:04:96:26:6c:e3 2 2 Auto <none> <none> CcEeMm.Ee 00:04:96:26:6b:ed 5 5 Auto <none> <none> --EeMm.--.1 automatic Choose the block as a subset of addresses in the intended primary management subnet that will be configured later.Indicates this node Flags: (C) master-Capable in use.Ee 00:04:96:26:6b:f7 4 4 Auto <none> <none> --EeMm. Arrange the stack so that the alternate IP addresses assigned to each node are easily calculated so you can easily find the address to use when you need to log into a severed stack segment.200/24 10. The nodes in the stack have become Active and have been assigned node roles.--. (c) Core. The configured slot numbers have become current.Ee 00:04:96:26:6a:e9 8 8 Auto <none> <none> --EeMm. (E) Stacking is currently Enabled. (-) Not in use or not configured * Slot-1 Stack. 9 To see the ExtremeXOS state of each node.--------------. (A) Advanced edge. and the other stacking parameters have also taken effect.Configuring Stacked Switches * Slot-1 Stack.--*00:04:96:26:6c:df 1 1 Auto <none> <none> CcEeMm. (a) Advanced edge. Software Version 12. (-) Not in use or not configured License Level Restrictions: (C) Core.Ee * .3 .2 # show stacking configuration Stack MAC in use: 02:04:96:26:6c:df Node Slot Alternate Alternate MAC Address Cfg Cur Prio Mgmt IP / Mask Gateway Flags Lic -----------------.Ee 00:04:96:26:6b:e4 3 3 Auto <none> <none> --EeMm.

4. 4 If necessary. subnetwork. 6 Enable stacking on both nodes by using the command enable stacking. and 10. use the upload configuration [<hostname> | <ipaddress>] <filename> {vr <vr-name>} command to retrieve the configuration in the CLI command format.73.73. Software Version 12.73. Both the nodes must be running the same ExtremeXOS release. 5 (Optional) Configure the master node priority (see “Configuring Node Priority” on page 149). For example. and if there are three master-capable nodes in the stack. ■ 11 Configure the management IP address. If you choose Easy Setup. 3 Log into Node 1 (which becomes the master node and slot 1 in the stack). The file may be used to restore the ExtremeXOS configuration to the stack after the stacking configuration is complete. configure the stacking license level restriction (see “Restricting a Switch License Level” on page 159). You can configure non stacking parameters such as security information. You can power on Node 2 before.4.10 is the Mgmt VLAN address.73. and routing protocols now. (Only for nodes on which you have not yet deployed SummitStack) If you want to preserve the ExtremeXOS configuration in use on Node 1.4. if 10. or after the connection. VLANs. if the Mgmt VLAN is configured with the address 10. ● ● To convert a standalone node to a stack: 1 Connect the stacking ports of the two nodes together to form a ring topology. Use the show licenses command to verify that the purchased license levels of both nodes meets your requirements (see “Managing Licenses on a SummitStack” on page 157). 2 If the stack contains any Summit X650 switches. during. Use configured Mgmt VLAN address and the slot number to form the alternate IP address. For example.73.4.3 143 .4.9.10. load aggregation. and Node 2 is the new node to be used to form a stack of two nodes.18.0 or later. and we are configuring the alternate IP address for slot 1. 10.Converting a Standalone Node Deployment to a Stack There are two methods you can follow: ■ Choose the stack IP address. then their alternate IP addresses could be 10. the alternate IP address could be 10. Converting a Standalone Node Deployment to a Stack This section explains how to add a node to a currently deployed standalone (non-stacking) node for adding ports and centralizing management.4. skip steps 6-9 below.4. ExtremeXOS Concepts Guide.11 and for slot 8 it could be 10. and then allocate a consecutive block of addresses that immediately follow the stack IP address. and gateway (VLAN Mgmt). configure those switches to use the stacking ports as described in “Enabling Summit X650 Stacking Ports” on page 145.73. Before you begin: ● Verify that the ExtremeXOS version running on both stackable switches is version 12. The choice to run Easy Setup is offered. Node 1 is the currently deployed node. spanning tree.11.73. 12 Save the configuration.8.

Software Version 12.Configuring Stacked Switches 7 Assign slot numbers to the nodes (see “Configuring Slot Numbers” on page 149). Use the save configuration {primary | secondary | <existing-config> | <new-config>} command. Use the load script <filename> {arg1} {arg2} . 10 Restart the stack using the command reboot stack-topology. ● You can specify a number for each node manually. you should turn on stacking mode during initial deployment. {arg9} command to run the commands in the file. If so. If a new node is subsequently added. Configuration Tasks for SummitStack This section describes how to perform the following configuration tasks: ● ● ● ● ● ● ● Enabling Summit X650 Stacking Ports on page 145 Enabling the Stack on page 145 Verifying the Configuration on page 145 Setting the Command Prompt on page 148 Configuring Slot Numbers on page 149 Configuring Node Priority on page 149 Assigning a MAC Address for the Stack on page 150 144 ExtremeXOS Concepts Guide.. Or You can use the automatic slot number assignment. The only disadvantages of deployment in stacking mode are the inability to use QoS profiles QP6 and QP7 for your traffic and the reservation of some of the packet buffer space for stacking control traffic. 9 (Optional) Configure stacking redundancy or master-capability as desired (see “Configuring MasterCapability” on page 152). 13 Use the show stacking and show stacking configuration commands to confirm that the stack is now configured and operating as expected. you can: ● ● ● Make sure the file has the extension . there is no need to edit the configuration file. ● 8 Assign a MAC address to the stack (see “Assigning a MAC Address for the Stack” on page 150). Use TFTP to get the file onto the master node.3 . the user ID is admin and there is no password. by default. 12 Configure the desired safe-default-script parameters when prompted. consider whether or not you want to eventually use them in a stack before you deploy them. there is no need to switch the existing node to stacking mode. 14 (Optional) Configure an alternate management IP address on each node (see “Configuring an Alternate IP Address and Gateway” on page 153). ● If you intend to deploy new units that are not to be stacked. At this time. To restore the ExtremeXOS configuration. Once the file is ready.. you must first edit the file created during configuration upload.xsf (rename if necessary). All port numbers in the file are simple numeric values. log in to the console port of the master node. and since the existing stacking configuration uses the slot:port numbering format. The failsafe account parameter configuration is pushed to the nonvolatile memories of both nodes. 11 After the stack reboots. You must replace the port number with slot:port format with slot number set to one (1).

it then negotiates a node role with the other nodes in the stack and becomes an operational node in the stack according to its role. The default configuration selects standalone operation (no stacking). A node that is booted with stacking enabled is said to be running in stacking mode. Verifying the Configuration The clear slot and show stacking commands contain stacking configuration information. ExtremeXOS Concepts Guide. Before you can use a Summit X650 in a SummitStack. the VIM1-SummitStack VIM must be installed.Configuration Tasks for SummitStack ● ● ● ● ● Configuring Master-Capability on page 152 Configuring an Alternate IP Address and Gateway on page 153 Configuring the Failsafe Account on a Stack on page 156 Disabling Stacking on page 156 Saving the Configuration on page 156 Enabling Summit X650 Stacking Ports The Summit X650 stacking ports on the VIM1-SummitStack Versatile Interface Module (VIM) share internal hardware with front panel data ports 23 and 24. including the state of the slot. stacking is enabled on all nodes in the stack topology. ports 23 and 24 are disabled. These commands are also helpful when debugging stacking problems. If the node-address parameter is present. ● Use the show stacking configuration command to see the current configuration of this parameter as well as the value currently in use. When the stacking ports are enabled. with ports 23 and 24 enabled for data communications. The enable stacking command takes effect only after you restart the node.3 145 . and you must configure the switch to use the stacking ports using the command: enable stacking-support Enabling the Stack You can enable stacking through the command line interface (CLI). This is the MAC address assigned to the stackable switch by the factory. stacking is enabled on the node with the specified nodeaddress. Software Version 12. The master node's configuration is applied to the node. A node that is running in stacking mode attempts to join the active topology. If successful. Use the following command to enable SummitStack on a node: enable stacking {node-address <node-address>} ● ● If no parameters are specified.

25 # show slot Slots Type Configured State Ports -------------------------------------------------------------------Slot-1 X450e-24p X450e-24p Operational 26 Slot-2 X450a-24t X450a-24t Operational 26 Slot-3 X450a-24tDC X450a-24tDC Operational 26 Slot-4 X450a-48t X450a-48t Operational 50 Slot-5 X450a-24x X450a-24x Operational 26 Slot-6 X450a-24xDC X450a-24xDC Operational 26 Slot-7 X450e-48p X450e-48p Operational 50 Slot-8 X450-24t X450-24t Operational 26 Slot-1 Stack. the node role indicates <none>.----------. Software Version 12. a change in configured value alone does not cause a change to the slot number in use. Use the show slot command and Table 22 to determine a slot state: Slot-1 Stack.26 # * Slot-1 Stack. the active topology could be a daisy chain because it does not contain every node in the stack topology.Configuring Stacked Switches The show slot command shows the states of the nodes as they move from the empty to operational state.1 # show stacking Stack Topology is a Ring Active Topology is a Ring Node MAC Address Slot Stack State Role Flags -----------------. the line: Active Topology is a ___ is replaced by the line: This node is not in an Active Topology. In a daisy chain. the ends of the daisy chain are the first and last nodes displayed.Indicates this node Flags: (C) Candidate for this active topology. If the node on which this command is being executed is not active.3 . The slot number shown is the number currently in use by the related node. 146 ExtremeXOS Concepts Guide. Since slot number configuration only takes effect during node initialization. (A) Active Node (O) node may be in Other active topology The asterisk (*) that precedes the node MAC address indicates the node to which you are logged in. In a ring topology.------.---. the node on which this command is executed is always the first node displayed. If a node role has not yet been determined. The node MAC address is the address that is factory assigned to the stackable switch.--*00:04:96:26:60:DD 1 Active Master CA00:04:96:26:60:EE 2 Active Backup CA00:04:96:26:60:FF 3 Active Standby CA00:04:96:26:60:AA 4 Active Standby CA00:04:96:26:60:88 5 Active Standby CA00:04:96:26:60:99 6 Active Standby CA00:04:96:26:60:BB 7 Active Standby CA00:04:96:26:60:CC 8 Active Standby CA* . Even though the stack topology could be a ring.

(i) Stack MACs configured and in use are not the same or unknown.130.168. (m) Stack MACs configured and in use are the same.Ee 00:04:96:26:60:88 5 5 Auto 192.Ee 00:04:96:26:60:FF 3 3 Auto 192.130.1 --EeMm.130.130.Ee 00:04:96:26:60:99 6 6 Auto 192.130.1 CcEeMm.130.130.168.1 --EeMm.168.168.Ee 00:04:96:26:60:EE 2 2 Auto 192.168.1 --EeMm.Ee 00:04:96:26:60:AA 4 4 Auto 192. (M) Stack MAC in use.130.1 CcEeMm.102/24 192.130.168.168. Software Version 12.Indicates this node Flags: (C) master-Capable in use.168. (-) Not in use or not configured Use the show stacking {node-address <node-address> | slot <slot-number>} detail command to get a full report from the stacking database: Slot-1 Stack.--------------. (e) Stacking is configured Enabled.Ee 00:04:96:26:60:BB 7 7 Auto 192.168.168.168.1 --EeMm.107/24 192. (A) Advanced edge. (c) Core. (a) Advanced edge.--.168.130.1 --EeMm.168.1 Stack port 1: State : Operational Blocked? : No Control path active? : Yes ExtremeXOS Concepts Guide. or (e) Edge configured.168.130.104/24 192.---.Ee * .168.--.168.130. (c) master-capable is configured. Use the show stacking configuration command to get a summary of the stacking configuration for all nodes in the stack: Slot-1 Stack.33 # show stacking configuration Stack MAC in use: 02:04:96:26:60:DD Node Slot Alternate Alternate MAC Address Cfg Cur Prio Mgmt IP / Mask Gateway Flags Lic -----------------.130.3 147 .101/24 Alternate gateway : 192.130.106/24 192.1 --EeMm.130.168.Ee 00:04:96:26:60:CC 8 8 Auto 192.-----------------.168.--*00:04:96:26:60:DD 1 1 Auto 192.101/24 192.Configuration Tasks for SummitStack NOTE It is possible for a node to be in Stabilizing or Waiting state and still be in the active topology.130. (E) Stacking is currently Enabled.33 # show stacking slot 1 detail Stacking Node Slot 1 information: Current: Stacking : Enabled Role : Master Priority : Auto Slot number : 1 Stack state : Active Master capable : Yes License level restriction : Edge In active topology? : Yes Factory MAC address : 00:04:96:26:60:DD Stack MAC address : 00:04:96:26:60:DD Alternate IP address : 192.------.108/24 192. or (E) Edge in use.130.130. (-) Not in use or not configured License level restrictions: (C) Core.103/24 192.105/24 192.

The node-address parameter is always available. The backup and the standby nodes show > instead of #.34 # : Operational : No : Yes : : : : : Enabled Yes 1 00:04:96:26:60:DD Edge If you do not specify any node. Backup. When stacking is enabled. The slot parameter is available only in stacking mode. an error message appears. or Core. If the specified node does not exist.21 # The * indicates a changed and unsaved ExtremeXOS configuration. The command to be executed is the 21st command entered since login. The configure snmp sysname command affects the command prompt. Slot-6 indicates that the node is in stacking mode and is currently using slot number 6 in the active topology. 148 ExtremeXOS Concepts Guide. To discover the identities of the master and backup nodes.23 > If you have configured a sysName for the stack. The system name is the default Stack. the current slot number is appended to the string. Standby. License level restrictions are Edge. each node in the active topology displays the configured sysName in its command prompt. Software Version 12. Configured information is that which takes effect at node reboot only. The roles values are Master. the output is generated for all nodes in the stack topology. Setting the Command Prompt When stacking is enabled. and the sysname is defaulted to Stack. Use the show slot command to verify the local switch type. For example: * Slot-6 Stack. To verify the stack port states of each node in the stack topology use the command show stacking stack-ports.Configuring Stacked Switches Stack port 2: State Blocked? Control path active? Configured: Stacking Master capable Slot number Stack MAC address License level restriction Slot-1 Stack. the nodes inherit the SNMP sysname from the master. Advanced Edge. and you have logged in as the administrator on the master node (#). and <none>. The command prompt looks similar to: * Slot-6 Stack. use the show switch {detail} or show stacking command. There is no specific prompt to indicate the node role. The default setting on this command assigns the model name to the command prompt.3 . Current information represents stacking states and configured values that are currently in effect.

Configuring Node Priority The node priority configuration influences the node role election priority. the first node in the display is the intended master node into which you have logged in. During subsequent node role elections that occur when a master node fails. Node priority configuration takes effect at the next node role election.Configuration Tasks for SummitStack Configuring Slot Numbers Each node in a stack must be assigned a slot number. To configure the system to choose slot numbers for all nodes. the unit continues to operate with the slot number with which it was last restarted. use the command configure stacking [node-address <node-address> | slot <slot-number>] alternate-ip-address [<ipaddress> <netmask> | <ipNetmask>] <gateway>. If you change a slot number. that node retains the master node role until it fails or loses a dual master resolution. To manually add a slot number to a node.3 149 . NOTE A node that boots in standalone mode does not use a slot number. Automatic algorithm . You can specify a slot number for each node manually. the node priority configuration helps determine the node that becomes the replacement backup node. In the case of a ring topology. Software Version 12. NOTE Slot numbers take effect only after a restart. and the node with the second highest node role election priority becomes the backup node. A change in node priority configuration does not cause a new election. Once an active topology has elected a master node. ExtremeXOS Concepts Guide. The available slot numbers are 1 through 8.If all nodes participating in node role election have the automatic priority value configured. You can assign the slot number only through configuration. The stack does not dynamically assign a slot number. All other nodes become standby nodes. Automatic slot number assignment is performed in the order of appearance of the nodes in the show stacking display. The node with the highest node role election priority becomes the master as a result of the first node role election. enter the command configure stacking slot-number automatic.If any node has a numeric priority value configured. You can configure one of the following election priority algorithms: ● ● Priority algorithm . or you can have the system assign the slot numbers using a single command. The slot number must be unique to each node. Use the show stacking or show stacking configuration command to view the ordering and the assigned slot numbers.

In both algorithms. When the master node fails over to the backup node. You can specify an integer priority value between 1 and 100. if the highest computed node role election priority is shared among multiple nodes.Configuring Stacked Switches The priority algorithm is selected if any node has a numeric priority value configured. and not automatic.3 . maintenance level of ExtremeXOS. and so forth. The automatic algorithm is selected if no node participating in a role election has a numeric priority value configured. all nodes receive and store this formed MAC address in their own NVRAM. the chosen node’s factory assigned MAC address is converted to a locally administered MAC address. no stack MAC address is configured. Before being stored as the stack MAC address. In automatic mode. the slot number is used to adjust the node role election priority. Each stackable switch is assigned a single unique MAC address during production. The easiest way to do this is to use the synchronize stacking {node-address <node-address> | slot <slotnumber>} command. you should configure every node with the same priority value. A node configured with the automatic algorithm uses a priority value of zero (the lowest priority) in the priority algorithm if another node has a priority value configured. This prevents duplicate MAC address problems which 150 ExtremeXOS Concepts Guide. Instead it uses the oldest time that a node became a master in the current active topology. If you wish to use the slot number as the sole determining factor in node role election priority calculation. NOTE If new nodes are added to the stack. one of the stackable switches is designated as the node whose factory assigned MAC address is used to form the stack MAC address. A numerically lower slot number results in a higher role election priority than a numerically higher slot number. You can choose any node to supply its factory assigned MAC address to form the stack MAC address. the stack determines the highest role election priority based on factors such as available processing power. this MAC address is used. the greater the node role election priority. A dual master resolution does not use the configured node priority in most cases. Once this is done. Priority configuration is not relevant on such nodes. Software Version 12. When you assign a MAC address to a stack. Nodes that are configured as not master-capable do not participate in node role election. NOTE Extreme Networks may change the behavior of the automatic priority algorithm in future ExtremeXOS releases. regardless of which node is the master node. the new nodes must be configured with the stack MAC address. Use the following command to set the stacking node priority: configure stacking {node-address <node-address> | slot <slot-number>} priority [<nodepri> | automatic] Assigning a MAC Address for the Stack The stack must use a single MAC address. The higher the value. If any node participating in a role election has a priority value configured. By default. Whenever the stack boots up. the backup node must continue to use the same MAC address that the master node was using. all nodes use the priority algorithm.

(c) Core. but no gratuitous ARP requests are sent. the stack MAC of the original stack must be reconfigured to prevent a duplicate MAC address in the network.127. (i) Stack MACs configured and in use are not the same or unknown.127.4.139/24 10.4.133/24 10.254 CcEe--. If the flags read ---.135/24 10. the stack MAC address needs to be configured. In this case.4.Ee 00:04:96:26:5f:4f 4 4 4 10.4. the stack MAC configuration is displayed with the letters capital M.Ee 00:04:96:26:6c:92 8 8 Auto 10.127.-----------------.Ee 00:04:96:27:c8:c7 3 3 Auto 10. (A) Advanced edge.127. the address is inconsistent with the addresses programmed into the packet forwarding hardware. or (e) Edge configured.--.Configuration Tasks for SummitStack lead to dual master situations.Ee 00:04:96:1f:a5:43 5 5 Auto 10.--. and lower-case i.127.3 # show stacking configuration Stack MAC in use: <none> Node Slot Alternate Alternate MAC Address Cfg Cur Prio Mgmt IP / Mask Gateway Flags Lic -----------------.4. If the flags read Mm-.Ee 00:04:96:20:b2:5c 7 7 Auto 10.132/24 10.4.--*00:04:96:26:6a:f1 1 1 11 10. it takes some time for hosts on the management network to flush the related ARP entry. The MAC address related to the management IP address changes to the one in use by the new master. a warning message appears in the log. Software Version 12.4. If the address needs to be changed on a single node. If you do not configure the stack MAC address or it is not the same on all nodes. ExtremeXOS Concepts Guide. (e) Stacking is configured Enabled.254 CcEe--.127. Each node operates with whatever address is available (the configured stack MAC address or the node’s factory assigned MAC address). (-) Not in use or not configured The MAC Address column displays the factory MAC address for the node.4. rebooting that node results in usage of the same address stack-wide.254 CcEe--.136/24 10.Ee * .4. The chosen MAC address is put into effect only at node boot time.127.131/24 10.4. Slot-1 stack.127.------.3 151 . use the following procedure: 1 Use the show stacking configuration command to display the stack MAC address configuration.254 CcEe--.Ee 00:04:96:28:01:8f 6 6 6 10.127. (m) Stack MACs configured and in use are the same.138/24 10.127.4. lower-case m.4. the stack MAC address is already configured and in use.Indicates this node Flags: (C) master-Capable in use. If a master node fails over to the backup node. (E) Stacking is currently Enabled. (c) master-capable is configured. As shown in the key at the bottom of the command display.127. (M) Stack MAC in use. and the backup node’s address is different than the one the former master node was using.254 CcEe--. (-) Not in use or not configured License Level Restrictions: (C) Core. and that node is selected to supply the stack MAC in its new stack.---. The stack MAC address configuration information appears in the last three positions of the Flags column. NOTE If the node whose MAC address is chosen is removed from the stack with the intention of using the node elsewhere in the network.127.4.Ee 00:04:96:26:6c:93 2 2 Auto 10.254 CcEe--. To assign a MAC address to the stack. or (E) Edge in use.127.--------------.4.127.4.127.254 CcEe--.137/24 10.4. (a) Advanced edge.254 CcEe--.127.

254 CcEeMm.4.139/24 10.Ee 00:04:96:27:c8:c7 3 3 Auto 10.133/24 10.Ee 00:04:96:28:01:8f 6 6 6 10. The following example is based on the previous example: Slot-1 stack.4.4.127.127.--------------. (c) Core. If you enter the show stacking command now.127. A mastercapability configuration change takes effect at the next restart.------.135/24 10. Software Version 12.4.127. or (E) Edge in use.254 CcEeMm. (i) Stack MACs configured and in use are not the same or unknown.4.131/24 10. (c) master-capable is configured. 3 To configure the stack to use a MAC address from a non-master node. enter the show stacking {nodeaddress <node-address> | slot <slot-number>} detail command and compare all configured stack MAC addresses for equality.Ee 00:04:96:20:b2:5c 7 7 Auto 10. (-) Not in use or not configured Configuring Master-Capability Each node is configurable to be master-capable or not.127.4. they should be equal. log in to the master console and enter the configure stacking {node-address <node-address> | slot <slot-number>} mac-address command.--.254 CcEeMm. The default is that a node can take on any role.Ee 00:04:96:26:5f:4f 4 4 4 10. 5 Verify the new stack mac address using the show stacking configuration command. (-) Not in use or not configured License Level Restrictions: (C) Core. After you restart the stack.3 # show stacking configuration Stack MAC in use: 02:04:96:26:6c:93 Node Slot Alternate Alternate MAC Address Cfg Cur Prio Mgmt IP / Mask Gateway Flags Lic -----------------.132/24 10. log in to the master console and enter the configure stacking mac-address command.4.4.--*00:04:96:26:6a:f1 1 1 11 10. the i disappears from the Flags column.4.--. indicating that the stack MAC is configured and is not in use. This means that a node can either be allowed to take on any node role.127.254 CcEeMm. or (e) Edge configured.127.4 # configure stacking slot 2 mac-address This command will take effect at the next reboot of the specified node(s). (A) Advanced edge.Ee 00:04:96:1f:a5:43 5 5 Auto 10. For example: Slot-1 stack. (a) Advanced edge.127. You can use any of the following commands to configure the master-capability: ● ● configure stacking [node-address <node-address> | slot <slot-number>] mastercapability [on | off] configure stacking redundancy [none | minimal | maximal] 152 ExtremeXOS Concepts Guide.Indicates this node Flags: (C) master-Capable in use.4. 4 Reboot the stack.Configuring Stacked Switches 2 To configure the stack to use the MAC address of the master. or be restricted to executing the standby node role only.127.137/24 10. (M) Stack MAC in use.254 CcEeMm.127. To see if the stack MAC is consistently configured. In this case.127.4.138/24 10.---. For example: Slot-1 stack.127.Ee 00:04:96:26:6c:92 8 8 Auto 10.4. the stack MAC flags show --i.4. (m) Stack MACs configured and in use are the same.254 CcEeMm.4.127.Ee * . (E) Stacking is currently Enabled.254 CcEeMm.127.Ee 00:04:96:26:6c:93 2 2 Auto 10.-----------------.127.43 # configure stacking mac-address This command will take effect at the next reboot of the specified node(s).136/24 10.3 .127. The restriction is used to avoid the dual master condition.4. (e) Stacking is configured Enabled.254 CcEeMm.4.

In either case.3 153 . Because of the above behavior. The VLAN used is the management VLAN (VID 4095) and is untagged. The backup and master nodes have the ability to verify the configured alternate IP address. and default gateway. For each node in the stack. the stackable switch supplies its factory assigned MAC address and not the stack MAC address. subnetwork mask. The master and backup nodes compare the primary IP subnetwork information to the alternate IP subnetwork. and thus the alternate IP subnetwork must exactly match the primary IP management subnetwork. Any node on the ExtremeXOS Concepts Guide. When an ARP request for the alternate IP address is satisfied. NOTE If the entire stack is restarted in stacking mode without any node having master capability.2/24 are an exact subnetwork match (i. Only the master node installs the primary IP address.e.12. expecting that primary management routes are configured or will be configured. See “Rescuing a Stack That Has No Master-Capable Node” on page 180.1/24 and 10. and it is possible to use telnet or ssh to reach any node. the alternate IP addresses and associated MAC addresses are unique.12. you might need to rescue the stack. A standby node does not have the ability to verify whether the configured alternate IP address matches the primary management IP subnetwork of the stack. If a dual master situation occurs because of a stack severance. An ARP request for the configured management IP address returns the configured stacking MAC address. you need to know the failsafe account and password to log into any node in the stack.0/24). the alternate gateway is not used. Each node in the stack normally installs its alternate IP address on the management subnetwork. and there may also be static or default routes associated to it.Configuration Tasks for SummitStack Using these commands. In this case..12. 10. if the alternate IP subnetwork does not match the configured management subnetwork. both represent the subnet 10. the alternate IP address is not installed on the management interface. Once the primary IP subnetwork is installed. The alternate gateway is only installed on a master or backup node when the primary management IP subnetwork is not configured. A subnetwork match is exact if the subnetwork portion of the IP addresses match exactly.11. Software Version 12. Configuring an Alternate IP Address and Gateway The stack has a primary IP address and subnetwork that is configured with the configure vlan mgmt ipaddress command. all nodes are reachable over their management ports even during a dual master situation. The alternate gateway is always installed on a standby node. you can configure one or more nodes to be allowed to operate either as a master or a backup. the backup node installs the primary IP management subnetwork’s default routes and installs only the alternate management IP address (not the primary IP address). If you do not know the failsafe account information. the alternate gateway is removed. If there is a match. while configure stacking redundancy allows you to set the master-capability on all nodes in the stack. The master node installs both the configured management subnetwork with specific IP address and the alternate IP address. you can configure an alternate management IP address. The alternate IP address is restricted to being a member of the primary IP subnetwork that is configured on the management VLAN. The commands do not allow you to disable master-capability on all nodes in a stack topology. For example.11. Standby nodes always install their configured alternate management IP address and gateway on the management interface.11. The configure stacking master-capability command allows you to set the master-capability of specific nodes.

134/24 00:04:96:1f:a5:43 5 5 Auto 10.Ee 00:04:96:20:b2:5c 7 7 Auto <none> <none> CcEeMm.---.127. NOTE Only IPv4 alternate management IP addresses are supported in this release.4.127.--.--*00:04:96:26:6a:f1 1 1 11 <none> <none> CcEeMm.Ee 00:04:96:27:c8:c7 3 3 Auto <none> <none> CcEeMm. (a) Advanced edge.127.254 10. (E) Stacking is currently Enabled. (c) master-capable is configured. (-) Not in use or not configured License Level Restrictions: (C) Core.------.127.Ee 00:04:96:1f:a5:43 5 5 Auto <none> <none> CcEeMm.4. or (e) Edge configured.127. no alternate IP address or alternate gateway is configured.4.133/24 00:04:96:26:5f:4f 4 4 4 10.131/24 00:04:96:26:6c:93 2 2 Auto 10.13 # show stacking configuration Stack MAC in use: 02:04:96:26:6c:92 Node Slot Alternate Alternate MAC Address Cfg Cur Prio Mgmt IP / Mask Gateway Flags Lic -----------------. the alternate management IP address configuration takes effect immediately.127.-----------------*00:04:96:26:6a:f1 1 1 11 10.4. If a node is operating in stacking mode. For example: Slot-1 Stack.14 # configure stacking alternate-ip-address 10.127.135/24 00:04:96:28:01:8f 6 6 6 10. (i) Stack MACs configured and in use are not the same or unknown.254 10.3 . To configure an alternate IP address and gateway.254 automatic Slot-1 Stack.254 10. (c) Core. (e) Stacking is configured Enabled.4.Ee 00:04:96:26:5f:4f 4 4 4 <none> <none> CcEeMm.Indicates this node Flags: (C) master-Capable in use.---. 2 If you have a continuous block of IP addresses to assign to the stack. (-) Not in use or not configured In the example above.254 10.4.--. (A) Advanced edge.254 10.254 Flags ------CcEeMmCcEeMmCcEeMmCcEeMmCcEeMmCcEeMm- Lic --Ee Ee Ee Ee Ee Ee 154 ExtremeXOS Concepts Guide.4.127.4.127.4.-----------------.--.127.Ee 00:04:96:26:6c:92 8 8 Auto <none> <none> CcEeMm.131/24 10. use the following procedure: 1 View the alternate IP address configuration using the show stacking configuration command: Slot-1 stacK.Ee * . (m) Stack MACs configured and in use are the same.4.Ee 00:04:96:26:6c:93 2 2 Auto <none> <none> CcEeMm.15 # show stacking configuration Stack MAC in use: 02:04:96:26:6c:92 Node Slot Alternate MAC Address Cfg Cur Prio Mgmt IP / Mask -----------------.Ee 00:04:96:28:01:8f 6 6 6 <none> <none> CcEeMm.127.132/24 00:04:96:27:c8:c7 3 3 Auto 10.4.136/24 Alternate Gateway --------------10. (M) Stack MAC in use.4.127. Software Version 12.4. or (E) Edge in use.--. enter the configure stacking alternate-ip-address [<ipaddress> <netmask> | <ipNetmask>] <gateway> automatic command.4.127.--------------.Configuring Stacked Switches segment with the incorrect master can then be used to reboot the entire stack segment into standby mode if you want to rejoin the stack segments later.127.

3 155 .19 # show stacking configuration Stack MAC in use: 02:04:96:26:6c:92 Node Slot Alternate Alternate MAC Address Cfg Cur Prio Mgmt IP / Mask Gateway Flags Lic -----------------.4.254 CcEeMm.Indicates this node Flags: (C) master-Capable in use.4.136/24 10.4.4.4.254 CcEeMm. To remove an existing configuration so you can change the alternate IP address and gateway.135/24 10.4.137/24 10.4.4. (E) Stacking is currently Enabled.4.254 CcEeMm.Ee 00:04:96:20:b2:5c 7 7 Auto 10. (M) Stack MAC in use.Ee 00:04:96:27:c8:c7 3 3 Auto 10.127.127.254 CcEeMm. (M) Stack MAC in use.Ee 00:04:96:26:6c:92 8 8 Auto 10.254 CcEeMm.Ee 00:04:96:28:01:8f 6 6 6 10. (c) master-capable is configured.Ee 00:04:96:26:6c:93 2 2 Auto 10. (a) Advanced edge. (-) Not in use or not configured 3 If you do not have a continuous block of IP addresses for the stack.127.4.133/24 10. (A) Advanced edge. (c) Core.4.4. (a) Advanced edge. (c) master-capable is configured.4.138/24 10.--.127. assign an alternate IP address and gateway to each node using the configure stacking [node-address <node-address> | slot <slot-number>] alternate-ip-address [<ipaddress> <netmask> | <ipNetmask>] <gateway> command. (e) Stacking is configured Enabled.132/24 10.4.139/24 10. (-) Not in use or not configured License Level Restrictions: (C) Core.-----------------.Ee 00:04:96:26:6c:92 8 8 Auto 10.127.127.254 CcEeMm. (c) Core.4.4. (m) Stack MACs configured and in use are the same.4. 4 Enter the show stacking configuration command to verify that the alternate IP address and gateway is configured as intended for each node. Slot-1 Stack.127.--------------.127.18 # configure stacking slot 4 alternate-ip-address 10.Ee * . (i) Stack MACs configured and in use are not the same or unknown.127. (A) Advanced edge.127. or (e) Edge configured.131/24 10. or (e) Edge configured.127.Configuration Tasks for SummitStack 00:04:96:20:b2:5c 7 7 Auto 10.127.127. (-) Not in use or not configured License Level Restrictions: (C) Core. (i) Stack MACs configured and in use are not the same or unknown.254 NOTE If you try to assign an alternate IP address and gateway to a node that is already configured with these parameters. (E) Stacking is currently Enabled.127.--.127.127.127. (m) Stack MACs configured and in use are the same. an error message appears.---.Ee 00:04:96:26:5f:4f 4 4 4 10. or (E) Edge in use.4.138/24 10.139/24 10.--*00:04:96:26:6a:f1 1 1 11 10.4.Indicates this node Flags: (C) master-Capable in use. (-) Not in use or not configured ExtremeXOS Concepts Guide.127.254 CcEeMm.------.127.4.Ee * . or (E) Edge in use. Software Version 12. For example: Slot-1 Stack.127.127.254 CcEeMm.254 CcEeMm.4.137/24 10. enter the unconfigure stacking {node-address <node-address> | slot <slot-number>} alternate-ip-address command.4.Ee 00:04:96:1f:a5:43 5 5 Auto 10. (e) Stacking is configured Enabled.127.254 CcEeMm.

By default. use the command configure failsafe-account {[deny | permit] [all | control | serial | ssh {vr <vr-name>} | telnet {vr <vr-name>}]} from the master node. Managing an Operating SummitStack This section describes the following topics and tasks: ● ● ● ● ● ● ● ● ● Managing Licenses on a SummitStack on page 157 Stacking LEDs on page 160 Viewing the Alternate IP Address on page 160 Viewing Stacking Port Statistics on page 162 Adding a Node to a Stack on page 162 Replacing a Node with the Same Switch Type on page 165 Replacing a Node with a Different Switch Type on page 166 Merging Two Stacks on page 166 Upgrading ExtremeXOS on a Stack on page 173 156 ExtremeXOS Concepts Guide.Configuring Stacked Switches Configuring the Failsafe Account on a Stack The failsafe account information is stored in each node's local NVRAM. Software Version 12. The stacking specific configuration parameters for a node are saved in the NVRAM of the node when you run the configuration commands. stacking is disabled on all nodes. If a new node is added later.3 . A node that is running in standalone mode becomes its own master and processes its own configuration. Stacking configuration parameters are not saved in the ExtremeXOS configuration file. To change the failsafe account. This command changes the account information in the NVRAM of every active node in the same active topology. use the following command: disable stacking {node-address <node-address>} Rebooting the node with stacking disabled causes it to run in standalone mode. Saving the Configuration The ExtremeXOS configuration file is saved to every active node when you use the save configuration {primary | secondary | <existing-config> | <new-config>} command on the master. you can use the synchronize stacking {node-address <node-address> | slot <slot-number>} command to copy the failsafe account information from the master to the new node. Disabling Stacking To disable stacking on a member of stack.

all nodes in the stack must use the same license level.Managing an Operating SummitStack ● ● ● Dismantling a Stack on page 174 Removing a Node from a Stack on page 174 Rebooting a Stack on page 175 Managing Licenses on a SummitStack The SummitStack feature is not licensed separately.1 # show licenses Enabled License Level: Advanced Edge Enabled Feature Packs: None ExtremeXOS Concepts Guide. The rules for licensing are: ● ● At startup. once the license level is adopted for the stack. log into that node and enter the show licenses command. the node fails with a license mismatch. the stack operating license level changes to the effective license level of the new master. Software Version 12. If nodes of different license levels are operational in the stack and there is a failover to a backup node that has a level that is greater than that of the failed master. The command display is similar to the following: Slot-1 Stack. NOTE For successful operation. the license level the stack uses is the effective license level of the elected master node. The backup node additionally prepares to be the master node at failover time. Nodes with higher licenses levels than other nodes can be restricted to operate at a lower or effective license level. If any other node is using an effective license level that is less than that of the new master. The stack must operate on one license level because the master node runs all of the licensed software while all other nodes only assist the master node in controlling their hardware. You can use the SummitStack feature with an Edge license. Although the stack must operate at one license level. ● The following sections describe license management in a SummitStack: ● ● ● ● Viewing Switch Licenses and License Restrictions on page 157 Enabling a Switch License on page 158 Restricting a Switch License Level on page 159 Upgrading Stack Licenses on page 159 Viewing Switch Licenses and License Restrictions To view the current license information for a node. the node does not become operational and shows as Failed with a License Mismatch reason when using the show slot {<slot> {detail} | detail } command. If the stack is using the Advanced Edge license and you attempt to add a node that is using an Edge license. Regardless of the configured license level of the backup node. the backup node must use this license level if the master node fails and the backup becomes the master node. License mismatch detection is continually checked. nodes with different license levels are supported in the same stack.3 157 .

The Effective License Level is the operating license level.130. (m) Stack MACs configured and in use are the same.130. The license level restriction in use appears first. (i) Stack MACs configured and in use are not the same or unknown.Ee * .------.130.105/24 192.168.104/24 192.168. To view the license level restrictions configured for all nodes in a stack.168.33 # show stacking configuration Stack MAC in use: 02:04:96:26:60:DD Node Slot Alternate Alternate MAC Address Cfg Cur Prio Mgmt IP / Mask Gateway Flags Lic -----------------.2 # The Enabled License Level is the purchased license level. log in to the master node and enter the show stacking configuration command: Slot-1 Stack.1 --EeMm.Ee 00:04:96:26:60:AA 4 4 Auto 192.130.1 --EeMm. see “Enabling and Verifying Licenses” on page 1311.Ee 00:04:96:26:60:EE 2 2 Auto 192. Extreme Networks recommends that all nodes operate at the same Enabled License Level. (E) Stacking is currently Enabled. NOTE All nodes must have a purchased license level at least equal to the license level of the master node in order to become operational in the stack.130. When the letters in the Lic column are different.103/24 192.168. or (E) Edge in use. the node is configured with a different license level restriction than the one that is currently in use.-----------------. To enable a license on a node.1 --EeMm. for example Ae.106/24 192.130. 158 ExtremeXOS Concepts Guide.1 CcEeMm.Ee 00:04:96:26:60:CC 8 8 Auto 192.130. (a) Advanced edge. (A) Advanced edge.130.168.130. Software Version 12.1 --EeMm.168.Indicates this node Flags: (C) master-Capable in use. To put the configured license level restriction into effect. the Effective License Level may be lower than the Enabled License Level.168.130.168.130.Ee 00:04:96:26:60:99 6 6 Auto 192.101/24 192. represented by a lower-case letter. Enabling a Switch License The purchased license level of a node can be enabled only after you log in to that node (see “Logging Into a Node From Another Node” on page 136). represented by a capital letter as shown in the display legend.108/24 192. or (e) Edge configured.168. (-) Not in use or not configured License level restrictions appear in the Lic column.130. If a license level restriction is configured for this node.168.---.Configuring Stacked Switches Effective License Level: Advanced Edge Slot-1 Stack. (M) Stack MAC in use.130.168.--.168.130. The configured license level restriction appears second. (-) Not in use or not configured License level restrictions: (C) Core.Ee 00:04:96:26:60:BB 7 7 Auto 192.3 . (e) Stacking is configured Enabled.168.168.--*00:04:96:26:60:DD 1 1 Auto 192.107/24 192. you must reboot the node. (c) master-capable is configured.168.168.102/24 192.1 --EeMm.1 CcEeMm.Ee 00:04:96:26:60:FF 3 3 Auto 192.1 --EeMm.Ee 00:04:96:26:60:88 5 5 Auto 192. This is the maximum level at which this node can operate without purchasing a license level upgrade.--. (c) Core.130.--------------.130.

All Summit family switches in a SummitStack must run the same license level. if you want to upgrade to the core license.” for information on which switches support which licenses. Use the following procedure to upgrade switch licenses: 1 Log in to the master node. Upgrading Stack Licenses You can purchase license level upgrades for Summit family switches. The specified license level must be less than or equal to the level of the switch with the lowest purchased level. If the license you want to run is not available for a specific Summit switch. It forces the node to reduce its license level below its purchased level at node restart time for the life of the restart. To avoid stack reboots when future license level upgrades are purchased. This appendix also lists which switches support the SummitStack feature.Managing an Operating SummitStack Restricting a Switch License Level If the nodes in a SummitStack have different license levels and you want to operate a stack at the minimum license level. or standby) of each node in the stack. node 7 is restricted to operate at the Edge license level: * X450a-24x. This reduced license level is called the effective license level and can be displayed by entering the show licenses command on the node you want to evaluate. To restrict a node to operate at a license level that is lower than the one purchased for the node. NOTE See Appendix A. Software Version 12. use the command: configure stacking {node-address <node-address> | slot <slot-number>} license-level [core | advanced-edge | edge] In the following example. “ExtremeXOS Software Licenses. you can apply a license level restriction. your SummitStack can only use Summit family switches that support the core license. you cannot use that switch and that license level in the same SummitStack. You must reboot the specified nodes for the command to take effect. during initial deployment you should purchase the same license level for every node in the stack. For example. ExtremeXOS Concepts Guide.3 159 . 3 Enter the show stacking configuration command and note any nodes that are configured with a license level restriction (see “Viewing Switch Licenses and License Restrictions” on page 157). backup. 2 Enter the show stacking command and note the role (master. 5 Use the commands in Step 4 to install the required license level on the backup node. 4 Install the required license level in each standby node by logging into each node (telnet slot <slot-number>) and entering the command: enable license {software} <key> Enter the license key given to you by Extreme Networks when you purchased the upgrade. 6 Use the commands in Step 4 to install the required license level on the master node. The command restricts the specified node(s) to operate at the specified license level.7 # configure stacking slot 7 license-level edge This command will take effect at the next reboot of the specified node(s). and the license level restriction should not be configured. The restriction is stored in the NVRAM of each node.

To do this. If no slot shows as Failed. use the show licenses command and show slot {<slot> {detail} | detail } command on the master node. you can use the following commands: ● ● show vlan mgmt show ipconfig Mgmt 160 ExtremeXOS Concepts Guide.3 . then all slots are operating at (at least) the effective license level shown for the master node.Configuring Stacked Switches 7 If any nodes are configured with a license level restriction that is lower than the intended operating license level of the stack. even if the unit is not in a stacking mode. Table 22: Stacking LED States State Description Off Solid Green Flickering Green No signal Signal present Traffic through the port While in a stack. top half blinking—Stack master Slot number displayed. reboot the stack to put the license level restriction removal into effect using the command: reboot {[time <mon> <day> <year> <hour> <min> <sec>] | cancel} {slot <slotnumber> | node-address <node-address> | stack-topology {as-standby}} 9 Verify that all nodes are operating at the intended license level. The stacking ports have LEDs that behave the same as the data port LEDs. 8 If you removed a license level restriction in Step 7. bottom half blinking—Stack backup Slot number display solid—Standby node When in stacking mode. PSU-I. Software Version 12. log into the master node and remove the stack license level restriction using the command: unconfigure stacking license-level This command removes the restriction on all nodes. the slot number is displayed shortly after the node begins initializing and remains in the display until a restart occurs. The stacking port LEDs can be in the following states. Stacking LEDs All stackable switches have a seven segment LED which behaves as follows: ● ● ● ● LED dark—Stackable switch is not in stacking mode Slot number displayed. Viewing the Alternate IP Address To view the alternate IP address for a node. the remaining LEDs (Mgmt. Fan. and PSU-E) on the unit operate normally.

you cannot configure a secondary IP address on the management VLAN. Software Version 12.75/24 Flags: AddrMaskRly NO BOOTP Host NO DirBcstHwFwd NO Fwd Bcast NO IgnoreBcast NO IP Fwding NO IPmc Fwd NO Multinetted VLAN NO IRDP Advert NO SendParam YES SendPortUn YES Send Redir YES SendTimxceed YES SendUnreach YES TimeStampRly NO VRRP NO ExtremeXOS Concepts Guide.66. a secondary address cannot be configured and so the Secondary IP line does not appear. This allows you to see how the configured alternate management IP address has been applied. Further. The alternate IP address is restricted to the same subnet as the primary subnet configured for the management IP interface. only a single subnet is used with the possibility of multiple station addresses.4. inet 10. show ipconfig mgmt Command The show ipconfig mgmt command shows the configured alternate management IP address as applied to the management VLAN on the local unit.4.1Q Tag 4095 For the management VLAN. The Alternate IP line shows one of the following: ● ● ● The configured alternate management IP address if it has been activated <none> if it has not been configured Mismatch if it has been configured but does not exactly match the Primary IP subnet. This allows you to see how the configured alternate management IP address has been applied.4. The show ip config mgmt command displays the following information: Slot1 Stack.35 # show vlan "Mgmt" VLAN Interface with name Mgmt created by user Admin State: Enabled Tagging: Virtual router: VR-Mgmt Primary IP: 10.4.36 # show ipconfig Mgmt Router Interface on VLAN Mgmt is enabled and up.1. (Number of active ports=1) Untag: Mgmt-port on Mgmt-? is active 802.66. The show vlan mgmt command displays the following information: Slot-1 Stack.255 Mtu 1500 Alternate IP Address: 10.1/24 Alternate IP: 10.Managing an Operating SummitStack show vlan mgmt Command The show vlan mgmt command shows the alternate management IP address as applied to the management VLAN on the local unit.1. The Multinetted VLAN indication always appears as no.3 161 .4.74/24 broadcast 10. As a result.66.2/24 IPv6: None STPD: None Protocol: Match all unfiltered protocols Loopback: Disabled NetLogin: Disabled QosProfile: None configured Ports: 1.

3 . the added link status is Inhibited. see “Replacing a Node with the Same Switch Type” on page 165 or “Replacing a Node with a Different Switch Type” on page 166. it is added into the stack as follows: ● If stacking is not enabled on the node. If the node is already enabled for stacking. There is no way to disable a stacking port. adding a node to an active topology is similar to bringing up a new stack. Viewing Stacking Port Statistics To view the status of any stacking port. 2 Power on the new node. 1 Connect the stacking links to the new node. These ports are always enabled. and wait for it to be recognized by the stack. To add a node to a stack. The node is visible from the master node using the show stacking command. Adding a Node to a Stack From the perspective of a new node. use the following procedure. If the node was already enabled for stacking. if you have not already powered it on. It is. If stacking was already enabled on the node. visible using the show stacking command on the master node. use the following command variations: show show show show ports ports ports ports stack-ports <stacking-port-list> utilization {bandwidth | bytes | packets} {stack-ports <stacking-port-list> | <port_list>} statistics {norefresh} {<port_list> | stack-ports <stacking-port-list>} rxerrors {norefresh} {stack-ports <stacking-port-list> | <port_list>} txerrors {norefresh} The commands accept stacking port ranges that span multiple nodes. and the node has either not yet determined its role or become a standby because it is not configured to be master capable.Configuring Stacked Switches For the management VLAN. The Alternate IP Address line shows one of the following: ● ● ● The configured alternate management IP address if it has been activated <none> if it has not been configured Mismatch if it has been configured but does not exactly match the Primary IP subnet. and the node is already a master node. however. the node does not come up in the stack. a secondary address cannot be configured and so the Secondary IP line does not appear. ● ● ● 162 ExtremeXOS Concepts Guide. Software Version 12. and if the node’s slot number duplicates that of another node in the stack. If the node has already been powered on. and its slot number is unique. the result is the same as described in “Merging Two Stacks” on page 166. NOTE If the node being added is actually a replacement node for one that was previously removed. its slot number is unique. There are no stack port configuration options. the node becomes operational. Its stacking parameters are configurable and the node is rebootable from the stack.

and if the node’s slot number duplicates that of another node in the stack. visible using the show stacking command on the master node. ExtremeXOS Concepts Guide. and its slot number is unique. You can configure the stacking parameters and you can restart the node from the stack. The node becomes a standby node or a backup node. Make sure the same image on the new node contains the same ExtremeXOS release that is being run by the stack. however. ● ● 3 On the master node. If stacking is enabled on the node. The node is visible from the master node using the show stacking command. run the show switch command to verify the image selected for the stack.Managing an Operating SummitStack If the node is powered on after being connected to the stack. Software Version 12. the node enters the Failed state. the node does not come up in the stack. 13 (Optional) Run the show stacking configuration command and verify that the configuration is what you want. the node responds as follows: ● If stacking is not enabled on the node. 8 Make sure the node's master-capability is properly set (see “Configuring Master-Capability” on page 152).3 163 . the node joins the stack. configure the license-level restriction of the new node to be same as the other members in the stack (see “Managing Licenses on a SummitStack” on page 157). 11 Run the show stacking configuration command and verify that the configuration is what you want after the node is rebooted. 10 Configure an alternate IP address and gateway (see “Configuring an Alternate IP Address and Gateway” on page 153). 6 Configure a unique slot number for the new node (see “Configuring Slot Numbers” on page 149). 12 Reboot the new node by entering the reboot slot [<slot-number> | node-address <nodeaddress>] command. 5 Run the synchronize stacking {node-address <node-address> | slot <slot-number>} command for the new node. It is. 7 If necessary. 9 Configure a node role priority if needed (see “Configuring Node Priority” on page 149). If there is no backup node already and the node is master capable. If stacking is enabled on the node. the node becomes a backup. 4 Verify the stack configuration using the show stacking configuration command.

6 Configure the license-level restriction of the new node to be same as the other members in the stack if needed. The example below adds a new node that becomes slot 7. 7 (Optional) Configure the priority. 4 Use the synchronize stacking node-address 00:04:96:26:6c:92 command to copy stacking parameters to the new node. Do not be concerned with the state of the node at this time.3 . ■ The connection broken should be the one between node 00:04:96:20:b2:5c port 2 and node 00:04:96:26:6a:f1 port 1. The new node 00:04:96:26:6c:92 port 1 should be connected to node 00:04:96:20:b2:5c port 2 The new node 00:04:96:26:6c:92 port 2 should be connected to node 00:04:96:26:6a:f1 port 1. 164 ExtremeXOS Concepts Guide. Slot-1 Stack. 3 Verify the stack configuration using the show stacking configuration command. (B) Port is Blocked 1 Connect the new switch to the stack using a stacking cable to join the stacking ports and form a physical ring. The show stacking command can also be used to verify whether the node is present in the stack. master-capability.13 # reboot node-address 00:04:96:26:6c:92 Are you sure you want to reboot this stack node? (y/N) Yes After the node restarts.Configuring Stacked Switches Example: Adding a Node to a Stack Assume the original stack is connected as follows: Slot-1 Stack. 5 Configure the new node with a unique slot number in the active topology. The connections should be made such that the node appears in the natural position in the stack and in the slot. Software Version 12.----*1 1 00:04:96:26:6a:f1 Operational C*1 2 00:04:96:26:6a:f1 Operational C2 1 00:04:96:26:6c:93 Operational C2 2 00:04:96:26:6c:93 Operational C3 1 00:04:96:26:5f:4f Operational C3 2 00:04:96:26:5f:4f Operational CB 4 1 00:04:96:1f:a5:43 Operational CB 4 2 00:04:96:1f:a5:43 Operational C5 1 00:04:96:28:01:8f Operational C5 2 00:04:96:28:01:8f Operational C6 1 00:04:96:20:b2:5c Operational C6 2 00:04:96:20:b2:5c Operational C* . See Configuring a new stack for details.12 # configure stacking node-address 00:04:96:26:6c:92 license-level edge This command will take effect at the next reboot of the specified node(s). 8 Reboot the node alone using the command: Slot-1 Stack. Slot-1 Stack. and wait for it to be recognized by the stack.---.----------. ■ ■ 2 Power on the new node. it enters the active topology as a standby node.----------------.9 # show stacking stack-ports Stack Topology is a Ring Slot Port Node MAC Address Port State Flags ---.Indicates this node Flags: (C) Control path is active. and the alternate-ip-address of the new node. if you have not already powered it on.11 # configure stacking node-address 00:04:96:26:6c:92 slot-number 7 This command will take effect at the next reboot of the specified node(s).

Indicates this node Flags: (C) Candidate for this active topology. ● Replacing a Node with the Same Switch Type When you replace a node with the same switch type. For more information. see “Replacing a Node with a Different Switch Type” on page 166.------. The switch joins the stack topology but might not join the active topology. 2 Remove the stack links from the node. you must change the stack configuration before the new node can operate. 3 Replace the node with the same type of node.----------. ExtremeXOS Concepts Guide. either contact Extreme Networks for a license upgrade for the node. If the reason is Incompatible EXOS Version. NOTE If you are replacing a node with a different switch type.Managing an Operating SummitStack 9 Verify the new stack and the slot using the commands show stacking and show slot.18 # show slot Slots Type Configured State Ports -------------------------------------------------------------------Slot-1 X450a-48t X450a-48t Operational 50 Slot-2 X450a-24x X450a-24x Operational 26 Slot-3 X450a-24t X450a-24t Operational 26 Slot-4 SummitX450-24x SummitX450-24x Operational 26 Slot-5 SummitX450-24t SummitX450-24t Operational 26 Slot-6 SummitX450-24t SummitX450-24t Operational 26 Slot-7 X450a-24x Operational 26 Slot-8 Empty 0 10 If the new slot 7 shows as Failed. Software Version 12. 4 Connect the stack links and power on the node.18 # show stacking Stack Topology is a Ring Active Topology is a Ring Node MAC Address Slot Stack State Role Flags -----------------. or restrict the entire stack to operate at the lower level.---. use the show slot 7 detail command to determine the reason: ● If the reason is License Mismatch. To replace a node with an identical switch type: 1 Note the slot number of the node you are replacing. you can continue to use the same stack configuration. Slot-1 Stack.--*00:04:96:26:6a:f1 1 Active Master CA00:04:96:26:6c:93 2 Active Standby CA00:04:96:26:5f:4f 3 Active Backup CA00:04:96:1f:a5:43 4 Active Standby CA00:04:96:28:01:8f 5 Active Standby CA00:04:96:20:b2:5c 6 Active Standby CA00:04:96:26:6c:92 7 Active Standby CA* . for example when you replace a a Summit X450a48t with a Summit X450a-48t. The procedure in this section works only when the old and new nodes have identical switch types. (A) Active Node (O) node may be in Other active topology Slot-1 stacK.3 165 . log into the master node and use the synchronize slot 7 command.

2 Follow the procedure outlined in “Replacing a Node with the Same Switch Type” on page 165. the maximum number of nodes in an active topology is eight. All configuration parameters (except for the related node's NVRAM-based configurations such as stacking parameters.) 7 Verify that the node license is at the same level or higher than the stack license level. if needed. see “Replacing a Node with the Same Switch Type” on page 165. Merging Two Stacks You can join or merge two stacks to create one larger stack.) Replacing a Node with a Different Switch Type When you replace a node with the different switch type. However. Software Version 12. The slot configuration for the replaced node must change to reflect the new switch type. (See “Replacing a Node with a Different Switch Type” on page 166. you cannot continue to use the same stack configuration. For more information. The operation performed when two stack segments are joined together depends on the following factors: ● ● ● Whether a slot number is duplicated Whether both stacks have master nodes The states of the nodes in each stack. enter the show slot {<slot> {detail} | detail } command. Otherwise. reboot only the replacement node. 6 Configure the slot number for the new node using the slot number noted in Step 1.Configuring Stacked Switches 5 Copy stacking parameters from the master node using the synchronize stacking node <nodeaddress> command. and failsafe account) for the slot are erased. To replace a node with a different switch type: 1 Enter the unconfigure slot <slot> command to remove the configuration for the node to be replaced. NOTE If you are replacing a node with the same switch type. the node was replaced with a different type of switch. reboot the stack. for example when you replace a a Summit X450a-48t with a Summit X450e-48p. 166 ExtremeXOS Concepts Guide. (See “Configuring Slot Numbers” on page 149. see “Managing Licenses on a SummitStack” on page 157. If you replaced the master. you can continue to use the existing stack configuration. The stack or node restarts. If the slot shows a Mismatch state. image to be used. specifying the node address of the node that is to be synchronized with the master node. 8 If the master node was replaced.3 . For more information. Upgrade the node’s license level. NOTE To verify that the new node became operational. or configure a stacking license level restriction on the node if the node's default or purchased license level is greater than the stack license level. the replacement node starts up as the master.

If one of the nodes that is not configured for stacking is then configured for stacking and restarted. (O) node may be in Other active topology Slot-1 StackA.130. This example assumes two stacks named StackA and StackB. These nodes become standby nodes in the stack.------. one of the segments has a master and a backup node.168. one of the following occurs: ● If two segments are joined.----------. node is not responding Flags: (C) master-Capable in use. the join is allowed. Here are displays taken from the original StackA: Slot-1 StackA. (E) Stacking is currently Enabled.1 CcEeMm.Ee 00:04:96:26:60:FF 3 3 Auto 192. and all nodes have assigned slot numbers that are unique in both stacks.168.168.1 –-EeMm.130.--*00:04:96:26:60:DD 1 Active Master CA00:04:96:26:60:EE 2 Active Backup CA00:04:96:26:60:FF 3 Active Standby CA(*) Indicates This Node Flags: (C) Candidate for this active topology. both have operational masters.--*00:04:96:26:60:DD 1 1 Auto 192. This prevents accidental stack joins.1 CcEeMm. there are no duplicate slot numbers. Example: Merging Two Stacks The example in this section demonstrates how to join two stacks.------. (i) Stack MACs configured and in use are not the same or unknown.Indicates this node ? . (m) Stack MACs configured and in use are the same.--------------. (M) Stack MAC in use.Managing an Operating SummitStack If the nodes are configured with stacking enabled.103/24 192. and the other segment does not have either a master or a backup node.Ee 00:04:96:26:60:EE 2 2 Auto 192.8 # show stacking Stack Topology is a Ring Active Topology is a Ring Node MAC Address Slot Stack State Role Flags -----------------.102/24 192.---. do not attempt to join the active topology but nevertheless join the stack. If two segments are joined. both have operational masters. (c) master-capable is configured. (e) Stacking is configured Enabled.168.130.130.Cached information. Any nodes enabled for stacking that are isolated between nodes that are not enabled for stacking attempt to form an isolated active topology.-----------------.101/24 192. (-) Not in use or not configured ExtremeXOS Concepts Guide. The link that has just connected the two stacks shows as Inhibited.168. ● ● The nodes that are not configured for stacking. If two segments are joined. Software Version 12.--.130. the nodes in this segment are acquired by the master node. and at least one of the nodes in one of the stacks duplicates a slot number of a node in the other stack. the behavior is as if two active stacks were joined.---.130. The joined stack assumes the name StackA. the nodes on the joined segment can still be reconfigured centrally for stacking.3 167 . In this condition. (A) Active node. the dual master situation is automatically resolved.---.168.Ee * .9 # show stacking configuration Stack MAC in use: 02:04:96:26:60:DD Node Slot Alternate Alternate MAC Address Cfg Curr Prio Mgmt IP / Mask Gateway Flags Lic -----------------.

----------.103/24 * .1 Flags ------CcEeMmCcEeMm–-EeMm- Lic ------ 168 ExtremeXOS Concepts Guide.---.--00:04:96:26:60:AA 1 Active Master CA00:04:96:26:60:88 2 Active Backup CA00:04:96:26:60:99 3 Active Standby CA(*) Indicates This Node Flags: (C) Candidate for this active topology.131.168.102/24 00:04:96:26:60:99 3 3 Auto 192.168.Cached information. or (E) Edge in use (c) Core. (B) Port is Blocked Slot-1 StackA. Software Version 12.3 # show stacking Stack Topology is a Ring Active Topology is a Ring Node MAC Address Slot Stack State Role Flags -----------------.168.131.Indicates this node ? . or (e) Edge configured (-) Not in use or not configured Slot-1 StackA.-----------------*00:04:96:26:60:AA 1 1 Auto 192.----------------. (A) Advanced edge.Indicates this node Flags: (C) Control path is active.131.131.10 # Slot-1 StackA.101/24 00:04:96:26:60:88 2 2 Auto 192.10 # show stacking stack-ports Stack Topology is a Ring Slot Port Node MAC Address Port State Flags ---.3 # show slot Slots Type Configured State Ports -------------------------------------------------------------------Slot-1 X450e-24p X450e-24p Operational 26 Slot-2 X450a-24t X450a-24t Operational 26 Slot-3 X450a-24tDC X450a-24tDC Operational 26 Slot-4 Empty 0 Slot-5 Empty 0 Slot-6 Empty 0 Slot-7 Empty 0 Slot-8 Empty 0 Slot-1 StackA.----------.131. (a) Advanced edge. (O) node may be in Other active topology Slot-1 StackB. node is not responding Alternate Gateway --------------192.---.3 .------.4 # Here are displays taken from StackB: Slot-1 StackB.---.Configuring Stacked Switches License Level Restrictions : (C) Core.---.168.168.--.4 # show stacking configuration Stack MAC in use: 02:04:96:26:60:AA Node Slot Alternate MAC Address Cfg Curr Prio Mgmt IP / Mask -----------------. (A) Active node.1 192.----*1 1 00:04:96:26:60:DD Operational CB *1 2 00:04:96:26:60:DD Operational C2 1 00:04:96:26:60:EE Operational C2 2 00:04:96:26:60:EE Operational C3 1 00:04:96:26:60:FF Operational C3 2 00:04:96:26:60:FF Operational CB * .168.131.1 192.

(i) Stack MACs configured and in use are not the same or unknown. (A) Advanced edge.Indicates this node Flags: (C) Control path is active. (M) Stack MAC in use. Software Version 12. For StackB. Assuming both stacks are rings. (B) Port is Blocked Slot-1 StackB.6 # show slot Slots Type Configured State Ports -------------------------------------------------------------------Slot-1 X450a-48t X450a-48t Operational 26 Slot-2 X450a-24x X450a-24x Operational 26 Slot-3 X450a-24xDC X450a-24xDC Operational 26 Slot-4 Empty 0 Slot-5 Empty 0 Slot-6 Empty 0 Slot-7 Empty 0 Slot-8 Empty 0 Form the new stack. (E) Stacking is currently Enabled. break the link between node 00:04:96:26:60:FF port 2 and node 00:04:96:26:60:DD port 1.----------------. (c) master-capable is configured. This can be seen using the show stacking stack-ports command as shown below in Step 1. or (e) Edge configured (-) Not in use or not configured Slot-1 StackB. the links between the two stacks are in Inhibited state. break the link between node 00:04:96:26:60:99 port 2 and node 00:04:96:26:60:AA port 1.---. ExtremeXOS Concepts Guide.3 169 . Since both are active stacks with duplicate slot numbers.5 # show stacking stack-ports Stack Topology is a Ring Slot Port Node MAC Address Port State Flags ---. (m) Stack MACs configured and in use are the same. break one link in each stack as follows: ● ● For StackA. (a) Advanced edge. Then connect the broken links between the two stacks to form a ring as follows: ● ● Connect node 00:04:96:26:60:FF port 2 to node 00:04:96:26:60:AA port 1. Connect node 00:04:96:26:60:99 port 2 to node 00:04:96:26:60:DD port 1.----------.----1 1 00:04:96:26:60:AA Operational C1 2 00:04:96:26:60:AA Operational CB 2 1 00:04:96:26:60:88 Operational CB 2 2 00:04:96:26:60:88 Operational C3 1 00:04:96:26:60:99 Operational C3 2 00:04:96:26:60:99 Operational C* . (-) Not in use or not configured License Level Restrictions : (C) Core.Managing an Operating SummitStack Flags: (C) master-Capable in use. (e) Stacking is configured Enabled. or (E) Edge in use (c) Core.

168.168. and show stacking stack-ports.130. (O) node may be in Other active topology Slot-1 StackA.------.--*00:04:96:26:60:DD 1 Active Master CA00:04:96:26:60:EE 2 Active Backup CA00:04:96:26:60:FF 3 Active Standby CA00:04:96:26:60:AA 1 Active Master --O 00:04:96:26:60:88 2 Active Backup --O 00:04:96:26:60:99 3 Active Standby --O (*) Indicates This Node Flags: (C) Candidate for this active topology.Indicates this node ? .------. (c) master-capable is configured.130. (A) Active node.168.102/24 192.102/24 192.130.1 –-EeMm.Configuring Stacked Switches Assume that the master of stack A is to be the master node of the joined stack. (a) Advanced edge.3 .--------------. (e) Stacking is configured Enabled.Ee 00:04:96:26:60:FF 3 3 Auto 192. (i) Stack MACs configured and in use are not the same or unknown.131.--*00:04:96:26:60:DD 1 1 Auto 192.---.130. Slot-1 StackA.130. (m) Stack MACs configured and in use are the same. (E) Stacking is currently Enabled.Ee 00:04:96:26:60:AA 1 1 Auto 192.131.12 # show stacking configuration Stack MAC in use: 02:04:96:26:60:DD Node Slot Alternate Alternate MAC Address Cfg Curr Prio Mgmt IP / Mask Gateway Flags Lic -----------------.Ee 00:04:96:26:60:EE 2 2 Auto 192.130.11 # show stacking Stack Topology is a Ring Active Topology is a Daisy-Chain Node MAC Address Slot Stack State Role Flags -----------------.168.168.168. (A) Advanced edge.----------. node is not responding Flags: (C) master-Capable in use.103/24 192.168.131.-----------------.----------------. Software Version 12.---.----*1 1 00:04:96:26:60:DD Inhibited -*1 2 00:04:96:26:60:DD Operational C2 1 00:04:96:26:60:EE Operational C2 2 00:04:96:26:60:EE Operational C3 1 00:04:96:26:60:FF Operational C3 2 00:04:96:26:60:FF Inhibited -1 1 00:04:96:26:60:AA Inhibited -1 2 00:04:96:26:60:AA Operational C2 1 00:04:96:26:60:88 Operational C2 2 00:04:96:26:60:88 Operational C- 170 ExtremeXOS Concepts Guide.13 # show stacking stack-ports Stack Topology is a Ring Slot Port Node MAC Address Port State Flags ---.1 CcEe--i -00:04:96:26:60:88 2 2 Auto 192.131.168.131. or (e) Edge configured (-) Not in use or not configured Slot-1 StackA.---.1 CcEe--i -00:04:96:26:60:99 3 3 Auto 192.103/24 192. Log into the intended master node.168.1 CcEeMm.1 CcEeMm.--. 1 Verify the details of the new stack using the commands show stacking. or (E) Edge in use (c) Core.168.101/24 192.168.131. show stacking configuration. (M) Stack MAC in use. (-) Not in use or not configured License Level Restrictions : (C) Core.1 --Ee--i -* .----------.168.Cached information.101/24 192.---.

and the Master node last. Because the slot numbers configured for the first three nodes in your stack are consistent with automatic slot assignment. Alternatively.--*00:04:96:26:60:DD 1 Active Master CA00:04:96:26:60:EE 2 Active Backup CA00:04:96:26:60:FF 3 Active Standby CA00:04:96:26:60:AA 4 Active Standby CA00:04:96:26:60:88 5 Active Standby CA00:04:96:26:60:99 6 Active Standby CA(*) Indicates This Node Flags: (C) Candidate for this active topology. there is no temporary dual master situation as a result of these separate node reboots.1 automatic 6 Configure a license restriction to be the minimum of the two original values on all nodes.---. and use the automatic form of the command as follows: configure stacking alternate-ip-address 192. (A) Active node. In this case. a common stack MAC address. You can verify the joined stack came up as expected. you may perform automatic slot assignment now: configure stacking slot-number automatic.168.130. 5 Configure new alternate IP addresses for nodes from original StackB.------.Managing an Operating SummitStack 1 00:04:96:26:60:99 Operational C2 00:04:96:26:60:99 Inhibited -* . The latter requires the following commands: reboot node 00:04:96:26:60:99 reboot node 00:04:96:26:60:88 reboot node 00:04:96:26:60:AA The order of reboot should be the Standby nodes first.130. you may purchase license upgrades from Extreme if necessary. the Backup node next. run the following commands to see the resulting stack. 8 When the rebooted nodes come back up. that is.101/24 192. all nodes should have unique slot numbers. 4 Configure stacking redundancy so that only slots 1 and 2 are master-capable with the command: configure stacking redundancy minimal.168. or individually reboot the three nodes formerly from stack B. and so forth: Slot-1 StackA. Because none of these nodes is master-capable.14 # 3 3 2 Configure the nodes such that they all have unique slot numbers.3 171 . (O) node may be in Other active topology ExtremeXOS Concepts Guide. Assume that the block of addresses allocated to StackA can be extended. (B) Port is Blocked Slot-1 StackA. Software Version 12. use the command: configure stacking license-level edge 7 Either reboot the entire stack topology using the reboot stack-topology command. 3 Configure the stack MAC address with the command: configure stacking mac-address.Indicates this node Flags: (C) Control path is active.----------.11 # show stacking Stack Topology is a Ring Active Topology is a Ring Node MAC Address Slot Stack State Role Flags -----------------.

(A) Advanced edge.--*00:04:96:26:60:DD 1 1 Auto 192.130.----------. IP subnetworks.3 # show slot Slots Type Configured State Ports -------------------------------------------------------------------Slot-1 X450e-24p X450e-24p Operational 26 Slot-2 X450a-24t X450a-24t Operational 26 Slot-3 X450a-24tDC X450a-24tDC Operational 26 Slot-4 X450a-48t Operational 50 Slot-5 X450a-24x Operational 26 Slot-6 X450a-24xDC Operational 26 Slot-7 Empty 0 Slot-8 Empty 0 9 Configure the new slots in VLANs.168.168.Ee 00:04:96:26:60:EE 2 2 Auto 192.Indicates this node Flags: (C) Control path is active.----*1 1 00:04:96:26:60:DD Operational C*1 2 00:04:96:26:60:DD Operational C2 1 00:04:96:26:60:EE Operational C2 2 00:04:96:26:60:EE Operational C3 1 00:04:96:26:60:FF Operational C3 2 00:04:96:26:60:FF Operational C4 1 00:04:96:26:60:AA Operational C4 2 00:04:96:26:60:AA Operational CB 5 1 00:04:96:26:60:88 Operational CB 5 2 00:04:96:26:60:88 Operational C6 1 00:04:96:26:60:99 Operational C6 2 00:04:96:26:60:99 Operational C* .168.130.130.102/24 192. or (E) Edge in use (c) Core.1 –-EeMm.168. (i) Stack MACs configured and in use are not the same or unknown.3 .---.103/24 192. (a) Advanced edge.104/24 192. (E) Stacking is currently Enabled.168.Ee 00:04:96:26:60:FF 3 3 Auto 192.--.13 # show stacking stack-ports Stack Topology is a Ring Slot Port Node MAC Address Port State Flags ---. or (e) Edge configured (-) Not in use or not configured Slot-1 StackA.130. Software Version 12.Cached information.168.168.130. node is not responding Flags: (C) master-Capable in use.101/24 192.Ee * .Ee 00:04:96:26:60:99 6 6 Auto 192. (M) Stack MAC in use.12 # show stacking configuration Stack MAC in use: 02:04:96:26:60:DD Node Slot Alternate Alternate MAC Address Cfg Curr Prio Mgmt IP / Mask Gateway Flags Lic -----------------.168.Configuring Stacked Switches Slot-1 StackA.130.106/24 192.168. and so forth as required.----------------.Ee 00:04:96:26:60:AA 4 4 Auto 192.130.Indicates this node ? .Ee 00:04:96:26:60:88 5 5 Auto 192.130.--------------. (-) Not in use or not configured License Level Restrictions : (C) Core.-----------------.130.105/24 192.------.130.14 # Slot-1 StackA.1 –-EeMm. (c) master-capable is configured.1 –-EeMm.130.1 CcEeMm.168. (e) Stacking is configured Enabled.1 CcEeMm.130.---.168.1 –-EeMm. (B) Port is Blocked Slot-1 StackA. (m) Stack MACs configured and in use are the same. 172 ExtremeXOS Concepts Guide.---.168.

If the active partition is different on some nodes. and to reboot the node into the primary partition.3 173 . use the show slot detail command. use the use image {partition} {primary | secondary} command to select the image partition (primary or secondary) into which the software was saved. If necessary.Managing an Operating SummitStack Upgrading ExtremeXOS on a Stack This section includes the following: ● ● ● “Upgrading the Software on All Active Nodes” on page 173 “Upgrading the Software on a Single Node” on page 174 “Upgrading the Bootrom” on page 174 Upgrading the Software on All Active Nodes You can centrally upgrade the software on all active nodes in a stack. To determine the active partition selected on all nodes and the ExtremeXOS versions installed in each partition. you must reboot the stack after installation with the image partition that received the software being selected. the action you take depends on what is stored in both partitions: ● If both primary and secondary partitions have the same ExtremeXOS release. you may use the commands use image {primary | secondary} slot <slot-number> reboot slot <slot-number> to cause a node to use the same active image as the rest of the stack. Software Version 12.0 or greater). ● If you are using the primary image on your master node and some other node primary image does not contain the same ExtremeXOS version as your master node's primary image. you may use the command synchronize slot <slot-number> to cause the node to contain the same ExtremeXOS versions in both partitions as it is on the master node. make sure that the active image partition is same across all nodes. Use the command download image [[<hostname> | <ipaddress>] <filename> {{vr} <vrname>}] {<partition>} to download a new ExtremeXOS software release and install it on all nodes on the active topology. ExtremeXOS Concepts Guide. For example: download image [[<hostname> | <ipaddress>] <filename> {{vr} <vrname>}] {primary | secondary} use image {partition} [primary | secondary] reboot Before you upgrade a SummitStack. You can install the image only on the alternate image partition and not on the active image partition. To upgrade all nodes in the stack. Use the reboot {[time <mon> <day> <year> <hour> <min> <sec>] | cancel} command to restart all nodes in the new release. NOTE Hitless upgrade is not supported in SummitStack. To run the upgraded software. all nodes must be running an ExtremeXOS release that supports stacking (ExtremeXOS release 12.

3 . Software Version 12. this sets all nodes back to a factory default configuration. see Appendix B. Enter the following commands to download an image to a node: download image [[<hostname> | <ipaddress>] <filename> {{vr} <vrname>}] {<primary | secondary>} slot <slot number> use image {partition} [primary | secondary] slot <slotid> reboot slot <slot number> The slot number is the one in use by the active node that is to be upgraded. the stack attempts to download the bootrom image and install it on all stackable switches in the active topology. Upgrading the Bootrom The SummitStack feature does not require a bootrom upgrade. You should not upgrade the bootrom of any node unless there are other reasons to do so. and all nodes in the active topology reboot. SummitStack does allow centralized bootrom upgrade. The slot parameter is available only on stackable switches in the active stack topology. if your master node has the same image versions in its partitions that you want installed in the node to be upgraded. In effect. log into the master node and run the command unconfigure switch all The configuration file is deselected. You can download and install the bootrom to a specific slot using the slot parameter. all stacking parameters are reset to factory defaults. For information on upgrading the bootrom. Dismantling a Stack If you wish to dismantle a stack and use the Summit switches in stand-alone mode.” If you do not provide a slot number. You can upgrade the image on an active node even if the node shows as Failed when using the show slot command.Configuring Stacked Switches Upgrading the Software on a Single Node You can upgrade the software on a single active node. Be sure that you keep the same image versions on all the other nodes as you have on the master node. However. thus allowing individual redeployment of each switch. you can use the command synchronize slot <slot-number> to upgrade both images and select the desired image. “Software Upgrade and Boot Options. use the following commands from the master node: unconfigure stacking [node <node-address> | slot <slot-number>] reboot [node <node-address> | slot <slot-number>] 174 ExtremeXOS Concepts Guide. Alternatively. Removing a Node from a Stack To remove only one switch from the stack.

There could be incorrect stacking cabling. enter: reboot node-address <node-address> Or to reboot an active node from another active node. You may now disconnect the switch from the stack and your networks as needed. enter: reboot stack-topology To reboot a specific node. You can: ● ● ● ● ● Reboot all the nodes in the stack topology A specific node Reboot all nodes in the active topology Move a node to a standby node Reboot the stack topology so that every node comes up in standby role To reboot all nodes in the active topology. Also check the log using the show log command. Reboot all nodes in the stack simultaneously. The switch with the highest priority was not elected manager—nodes might have been powered up at different times. and Port Numbering” on page 130). Rebooting a Stack You can reboot a stack by entering the command reboot from the master. or powered down nodes. a configuration error. Software Version 12. It de-selects the configuration file and uses the factory defaults. enter: reboot slot <slot-number> Troubleshooting a Stack Use this section to diagnose and troubleshoot common configuration errors for stacking. show stacking configuration. The most common errors are: ● The stack did not come up as expected—Use the show stacking. A node appears in the stack as expected but does not appear to be operating as configured—Use the show slot {<slot> {detail} | detail } command to see if there is a license mismatch or an ● ● ExtremeXOS Concepts Guide. enter the following command from a master node login session: reboot To reboot all the nodes in the stack topology. and redeploy the switch.3 175 .Troubleshooting a Stack When the node reboots. Configuration Files. it detects that the configuration file selected is a stacking configuration file (see “Understanding SummitStack Configuration Parameters. and show stacking stack-ports commands to diagnose the problem.

it is possible to form two separate Active Topologies. Upgrade its ExtremeXOS version using the procedure you would use if the node was not part of the stack.3 . Software Version 12. If the slot number of the node duplicates that of another node in the stack.Configuring Stacked Switches incorrect ExtremeXOS software version. either the node appears as Failed. see “Managing Licenses on a SummitStack” on page 157. ● To find the node failures and isolated nodes. Another node in the stack has the same slot number as this node. or some link between the node and the active topology of the stack appears as Inhibited. If the node is isolated by other nodes that are not enabled for stacking. The node is isolated from the active topology of the stack by nodes on which the stacking feature is not enabled. ● A correctly cabled and powered-on node does not appear in the stack—The node might be running an ExtremeXOS version that is earlier than ExtremeXOS 12. The latter can be seen using the show stacking stack-ports command. use the show stacking command: ● ● If the node is not enabled for stacking. This results in a dual master situation.0. If the node is isolated by another failed node. For more information. ● ● This remainder of this section describes the following troubleshooting topics: ● ● ● ● Managing a Dual Master Situation on page 176 Setting Traps for Stacking on page 179 Rescuing a Stack That Has No Master-Capable Node on page 180 Connecting to a SummitStack with No Master on page 179 Managing a Dual Master Situation If a daisy chain is broken. A node can fail to become an active node for the following reasons: ● ● ● The stacking feature is not enabled on the node. the node appears as Disabled. The node is isolated from the active topology of the stack by failed nodes. 176 ExtremeXOS Concepts Guide. some nodes between the node and the active topology of the stack show as Disabled. or if a ring is broken in two places. the show stacking command shows the node as Active and the “O” flag is set.

you can configure the master-capability so as to prevent some nodes in the stack from operating in backup or master node roles.Troubleshooting a Stack Figure 5: Example of a Split Stack That Results in a Dual Master Situation M1 B8 M2 S7 B3 P6 S5 P6 M B S X S4 BD_161 Node 6 is powered off Master node Backup node Standby node Indicates the broken link For example. After rebooting. a link is broken while a node in the ring was powered off. Node M2 immediately transitions from backup to master node role.3 177 . The link that is now broken formerly connected the original master (M1) and backup (M2) nodes of a single active topology. the backup node becomes a master node because the situation is similar to that of master failure. a master election process occurs among the nodes on this broken segment. All nodes in the stack except the powered off node are in the active topology and all nodes are configured to be master-capable. Nodes 1. in Figure 5. a rebooting node does not advertise itself to its ExtremeXOS Concepts Guide. Nodes B8 and B3 are elected in their respective active topologies as backup nodes. Software Version 12. you can force all nodes in the (broken) stack topology to restart and come up as not master-capable for the life of that restart. The management IP address also appears to be duplicated since that address applies to the entire original stack. For example. 4. Because both the stacks are configured to operate as a single stack. Instead. If the backup node is on one stack and the master node is on the other. In addition. 7 and 8 form an active topology and nodes 2. 3. these nodes reboot. there is confusion in your networks. resulting in a dual master situation. Dual master conditions are also possible when two non-adjacent nodes in a ring or a single (middle) node in a daisy chain reboot. all of the switch’s configured IP addresses appear to be duplicated. For a period of time. Standby nodes that exist in a severed stack segment that does not contain either the original master or backup node do not attempt to become the master node. The save configuration {primary | secondary | <existing-config> | <new-config>} command saves the configuration on all nodes in the active topology. To help mitigate the dual master problem. however. and 5 form another active topology.

NOTE The following procedure is necessary only if you cannot reconnect the severed link in a timely manner. Avoiding too many master-capable nodes when configuring larger stacks. If the System UpTimes of both masters differ. all nodes on the (other) broken portion reboot. Placing the nodes that provide stack redundancy (i. Otherwise. 2 Use the show stacking command to determine the nodes that have been lost from the stack.Configuring Stacked Switches neighbors. either through its console port or through the management interface using the alternate management IP address. Eliminating a Dual Master Situation Manually To eliminate the dual master situation. 3 Log into any node in the severed segment you wish to deactivate. 178 ExtremeXOS Concepts Guide. if the backup node is on the same portion as the master. 4 Reboot the broken segment forcing all nodes in the segment to come up as standby nodes using the reboot stack-topology as-standby command. take care when selecting the stack segment to be rebooted. you can reboot either segment without loss of unsaved configuration changes. If you know the node that was master of the unbroken stack. you can reboot the stack segment that does not contain this master node. resulting in temporary stacking link failures. determine the System UpTime shown by each master node. Software Version 12. it becomes a (dual) master.3 . You can avoid a dual master possibility during configuration by: ● ● ● Configuring the stack in a ring topology. you need to know all the nodes that are supposed to be in the stack. the dual master condition resolves itself. and the nodes that are isolated perform as a severed stack segment depending on the circumstances of the severance: ● ● if the backup node is on the broken portion. This could cause node isolation.e.. If the System UpTimes of both masters are the same. The formerly broken portion of the stack reboots and the nodes come up as standby nodes. 1 If you lose the management connectivity. those nodes that are master-capable) such that stacking link severances are unlikely. you must reboot the segment with the smaller System UpTime. If you can reconnect. You might lose the management connectivity to the master node because the other master node duplicates the stack’s primary management IP address and stack MAC address. the dual master condition is resolved. All standby and backup nodes that had been acquired by the losing master node also reboot. You should already know all the nodes that are expected to be part of the stack. log into the master node using its alternate management IP address. resulting in the reboot of one of the master nodes. You should reboot the segment that has the smaller System UpTime. or when a severed stack is rejoined. When the rebooting nodes have sufficiently recovered. Issue show stacking to find whether the broken segment has indeed elected a new master node. If you have unsaved configuration changes.

and the new master node continues to increase it as time passes. Resolution of the dual master situation should generally be in favor of the original stack segment’s master node. logging in to that node requires knowledge of the failsafe account information that is already configured into that node's NVRAM. If a stack severance results in the master and backup nodes being on different segments. Setting Traps for Stacking The stack generates traps that provide status information about the switches in the stack and also stacking port status. Traps generated by the stack include: ● ● ● extremeStackMemberStatusChanged extremeStackMemberSlotId—Indicates the slot ID extremeStackMemberOperStatus—Indicates the slot state of the switch The stack generates this trap when an overheat condition is detected on an active node: ● extremeStackMemberOverheat This trap is generated when the node reaches a steady state. it is assumed that this is a severed stack rejoin.Troubleshooting a Stack Automatic Resolution of the Dual Master Situation When two stack segments are connected together and no slot number is duplicated on either segment. It is possible that each stack segment has its own master. the severed segment always has the smaller System UpTime. If a new node has been added to the stack since the stack failsafe account was configured. Thus the System UpTime is the time since a master was first elected on a segment. This is because the original stack segment may still retain the unsaved configuration. Whenever a member is added or deleted from the stack. the System UpTime is inherited by the new master node. In this case. the change is indicated through this trap: ● extremeStackingPortStatusChanged IfIndex—Interface Index of the port extremeStackingPortRemoteMac—MAC Address of the remote switch attached to this port extremeStackingPortLinkSpeed—Indicates 10/100/1000 Mbps extremeStackingPortLinkStatus—Status of the link The trap is generated whenever the status of a stacking port changes. The master election is done using the System UpTime. ExtremeXOS Concepts Guide. Software Version 12. you can log in to a node by using the failsafe account. When the stack is broken and both master and backup nodes are on the same segment. the master is elected using the normal node role election method. The master election process collects the System UpTime information of the nodes. If the severed segment was restarted before electing a new master node. If a failover occurs. the unsaved configuration is lost on that segment. Connecting to a SummitStack with No Master If an entire stack has no master node because the stack has been rebooted in standby only mode.3 179 . both have the same System UpTime.

Software Version 12. the selected node requires a network connection for authentication. with one master-capable node) and the master node failed.3 . In this situation.Configuring Stacked Switches If you do not know the failsafe account and you still want to log in to the stack. the only security information available is the failsafe account. At the login prompt. if a stack was operating with no redundancy (for example. For example. you can log into any node and reconfigure master-capability or redundancy. Another example is the case where you dismantle a stack before using the unconfigure stacking or unconfigure switch all command. If you know the failsafe user name and password. However. the node notices and resets this indicator. This node then sets an internal indicator that is preserved across the reboot. Since the save configuration {primary | secondary | <existing-config> | <new-config>} command saves the configuration file to all nodes. There is no master node in the active topology. 180 ExtremeXOS Concepts Guide. ignores the node master-capability configuration. you have to: ● ● Join the stack to another segment that has a master node to which the you have access Manually restart the stack to clear the as-standby condition if the reboot stack-topology asstandby command was previously used Use the procedure described in “Rescuing a Stack That Has No Master-Capable Node” on page 180 ● Rescuing a Stack That Has No Master-Capable Node NOTE If a node becomes unbootable. if you do not know the failsafe account information. not master-capable. All nodes in the active topology have master-capability turned off. You can have a stack with nodes that are all configured with the master-capability set to off. refer to the Troubleshooting appendix for information. Stacking mode is active on the node. and are isolated from a stack master. there is another way you can change the configuration. the node that just rebooted as master-capable should have access to the security information that was configured for the stack. and becomes a master node. enter the following special login ID exactly as displayed here (all uppercase letters) and press Enter: REBOOT AS MASTER-CAPABLE The following message appears: Node reboot initiated with master-capability turned on. In this case. If a RADIUS server is needed. all other nodes in the stack restart as standby nodes and there is no master node. While restarting. The special login ID described above is available only if all the following conditions are met: ● ● ● ● The node supports SummitStack. individual Summit switches are configured for stacking.

Alternatively. it becomes a Master. If this procedure is used. You can then log in using the default admin account with no password. unless you again use the special login ID to restart. The procedure described here is generally not needed if another node that is master-capable is expected to rejoin the stack. Reboot the node using the special REBOOT AS MASTER_CAPABLE login described above. Based on the stacking topology. The Topology Protocol that ExtremeXOS Concepts Guide. NOTE The special login ID does not function on stacks that have nodes configured to be master-capable. All nodes converge on the new (daisy chain) topology that results from the link break. While the node is a master. All traffic paths that were directed through the failed link are redirected. you may use the special login REBOOT AS MASTER-CAPABLE with no password to force a reboot of a node with master-capability temporarily turned on. the node must be rebooted again. The link goes down while a node restarts or when it is powered off. Software Version 12. the special login ID is not recognized. Stacking Link Failure A stacking link is said to be failed when one of the following happens: ● ● ● The stacking link is physically disconnected. and then pressing and holding the space bar until the bootrom prompt appears. Force the switch to boot up with a default configuration by entering the following commands at the bootrom prompt: config none boot ● The switch boots up in stacking mode operating as a master-capable switch. During the reboot. you may log in using the failsafe account. In this case.3 181 . Ring Topology . the stack behavior changes.. If you restart a node that has been restarted with the special login ID. even though the entire stack is still configured as not master-capable. To get the special login ID to be recognized. Using the special login ID does not alter the master-capability configuration permanently. its security configuration might be unusable. If a node has been intentionally separated from the stack without first being unconfigured. If you wish to reconfigure. The neighbor on a link stops transmitting topology information. When a node has been rebooted using the special login ID.. perform the following steps: ● ● ● Connect to the node's console port. even when the reboot stack-topology as-standby command is issued.Troubleshooting a Stack If the above conditions are met. it is possible that the new master duplicates the master that is expected to rejoin later. five minutes after starting the node and every five minutes after that. that node restarts using its configured mastercapability. the following message appears on the console: Warning: the stack has no Master node and all active nodes are operating with master-capability turned off. enter the bootrom program by waiting until you see the message Starting Default Bootloader .

Configuring Stacked Switches determines the stack topology immediately informs other nodes that a link has failed. Can I enable EAPS on stacking? Yes. Depending on master capability configuration and the original location of the backup node. 182 ExtremeXOS Concepts Guide. The Topology Protocol reports the loss of all nodes in the severed portion. Each node starts the process of redirecting traffic paths. EAPS is not used as a redundancy protocol for the stacking ring. Daisy chain . ● ● Why should I configure an Alternate IP address? To enable login to an individual node using the management port of the node and to be able to configure a node individually. the dual master condition may be in effect.3 . EAPS operates in your networks even if an EAPS path crosses through the stacking links. ● How would I know whether there is a dual master situation in a stack? A main symptom is loss of IP connectivity. Run the show stacking command to see whether all expected nodes are still in the stack. A stacking link failure means a severed stack. ● How would I find the current topology of the stack? Run show stacking command. You can enable the EAPS on a stack. the severed portion may or may not elect a new master node. If it does. It is most beneficial in manually resolving a dual master situation since connectivity using the alternate IP address is not affected by the dual master situation. Software Version 12. The show slot {<slot> {detail} | detail } command displays the slots that contain active nodes that are in the severed portion as Empty. FAQs on SummitStack ● How can I find the slot number of the master slot in a stack? To find the slot number of the master slot. log in to any stack node and run the command show stacking.

The relationship of a node and a slot does not change if the SummitStack is rewired. a slot number is assigned to a node through configuration and stored in the node's NVRAM. the SummitStack. use the following command: configure slot <slot> module <module_type> ExtremeXOS Concepts Guide. the BlackDiamond 20808 switch. and a default port and VLAN configuration is automatically generated.3 183 . all the port information and the module type for that slot must be saved to non-volatile storage. It takes effect only when the node restarts. Software Version 12.5 Configuring Slots and Ports on a Switch This chapter describes the following topics: ● ● ● ● ● ● ● ● ● ● ● Overview on page 183 Disabling MSM-G8X I/O Ports on page 185 Configuring Ports on a Switch on page 186 Jumbo Frames on page 195 Link Aggregation on the Switch on page 200 Mirroring on page 218 Remote Mirroring on page 227 Extreme Discovery Protocol on page 233 Software-Controlled Redundant Port and Smart Redundancy on page 234 Configuring Automatic Failover for Combination Ports on page 236 Displaying Port Configuration Information on page 238 Overview This section describes configuring slots on modular switches. and module configuration information is not saved. if the modular switch or SummitStack is rebooted or the module is removed from the slot. which are the BlackDiamond 10808 switch. see Appendix B. After any port on the module has been configured (for example. To do this. In the following descriptions. NOTE For information on saving the configuration. or port parameters). In a SummitStack. and the BlackDiamond 8800 series switches. If a slot has not been configured for a particular type of module. the BlackDiamond 12800 series switches. VLAN. a VLAN association. a VLAN tag configuration. “Software Upgrade and Boot Options.” You configure the modular switch or a SummitStack with the type of input/output (I/O) module that is installed in each slot. the port. the phrase inserted into a slot in a SummitStack means that the node has become active. The term module refers to a Summit family switch that may be present in the stack as an active node. and because of its configured slot value it appears to be present in a slot when the show slot command is run. then any type of module is accepted in that slot. Otherwise.

To disable a slot. So. If a module is present when you issue this command.Configuring Slots and Ports on a Switch You can also preconfigure the slot before inserting the module. the slot configuration must be cleared or configured for the new module type. information for all slots is displayed. To use the new module type in a slot. use the following CLI command: enable slot You can configure the number of times that a slot can be restarted on a failure before it is shut down. mismatch) Port information If no slot is specified. when you work with the data ports on the 184 ExtremeXOS Concepts Guide. You configure these ports exactly as you do any other ports on the switch. the module is reset to default settings. one slot on the BlackDiamond 8810 switch is dedicated to MSM-G8X use—slot A. which is slot 6 when you work with the data ports. which is referred to as slot 5 when working with the data ports. To display information about a particular slot. To clear the slot of a previously assigned module type. or I/ O. the MSM-G8X module has eight 1 Gbps fiber SFP GBIC data. Slot B. part number and serial number Current state (power down. NOTE This information is also applicable for the MSM-48c module with the I/O port card installed. or slot 6. use the following command: clear slot <slot> All configuration information related to the slot and the ports on the module is erased. This allows you to begin configuring the module and ports before installing the module in the chassis or activating the related node in the SummitStack. use the following command: show slot {<slot>} {detail} Information displayed includes: ● ● ● Module type. If you have a secondary MSM-G8X. it can be used for a secondary MSM-G8X or for a module consisting solely of data. Software Version 12. diagnostic. Additionally. use the following command: configure slot <slot-number> restart-limit <num_restarts> Details on I/O Ports On the BlackDiamond 8810 switch. All slots on the modular switches are enabled by default. To set the restart-limit. The primary MSM-G8X must be in slot A in the BlackDiamond 8810 switch. or slot 5. is a dual-purpose slot. or I/O. operational. and a different type of module is inserted.3 . ports. use the following CLI command: disable slot To re-enable slot. ports. the inserted module is put into a mismatch state and is not brought online. If a slot is configured for one type of module. that one goes into slot B.

those commands affect only the data ports on that slot. If you have a secondary MSM-G8X. ports. On the BlackDiamond 8806 switch.Disabling MSM-G8X I/O Ports MSM-G8X. and e-series modules are as follows: ● ● ● ● ● ● ● ● ● 8500-G24X-e 8500-G48T-e G48Te module G48Pe module G48Ta module G48Tc module G48Xa module G48Xc module G48Te2 module ExtremeXOS Concepts Guide. the MSMs remain unaffected. those commands affect only the MSM-G8X host CPU subsystem. and slot 3 or 4 if you have two MSMs in the switch. that one goes into slot B. So. those commands affect only the MSM-G8X host CPU subsystem. The sole exception is that the reboot msm command reboots both the MSM-G8X and the I/O ports on that module. or I/O. which is referred to as slot 3 when working with the data ports. The BlackDiamond 8000 a-series. c-series. or I/O. Disabling MSM-G8X I/O Ports NOTE This section applies to the BlackDiamond 8000 a-series. is a dual-purpose slot. Software Version 12. the I/O ports remain unaffected. The sole exception is that the reboot msm command reboots both the MSM-G8X and the I/O ports on that module. ports. one slot on the BlackDiamond 8806 switch is dedicated to MSM-G8X use—slot A. and e-series modules only. When you issue most msm commands on this switch. which is slot 4 when you work with the data ports. Additionally. c-series. You configure these ports exactly as you do any other ports on the switch. The BlackDiamond 8000 a-series. those commands affect only the data ports on that slot. or slot 4. When you issue most msm commands on this switch. or slot 3. the MSMs remain unaffected. When you issue any slot commands specifying a slot that contains an MSM-G8X (slot 5 with one MSM-G8X and slots 5 and 6 with two MSMs) on the BlackDiamond 8810 switch. the I/O ports remain unaffected. The primary MSM-G8X must be in slot A in the BlackDiamond 8806 switch. you specify slot 5 if you have one MSM-G8X. when you work with the data ports on the MSM-G8X. the MSM-G8X module also has eight 1 Gbps fiber SFP GBIC data.3 185 . and e-series modules provide increased capabilities over the BlackDiamond 8800 original-series modules. and slot 5 or 6 if you have two MSMs in the switch. When you issue any slot commands specifying a slot that contains an MSM-G8X (slot 3 with one MSM-G8X and slots 3 and 4 with two MSMs) on the BlackDiamond 8806 switch. c-series. it can be used for a secondary MSM-G8X or for a module consisting solely of data. you specify slot 3 if you have one MSM-G8X. Slot B.

” for more information on VRs. Configuring Ports on a Switch NOTE A port can belong to multiple virtual routers (VRs). c-series. To obtain the full functionality of the BlackDiamond 8000 a-series. the switch returns an error message when you attempt to execute certain commands.5 and you have any of the BlackDiamond a-series. This section describes the following topics of configuring ports on a switch: ● ● ● Port Numbering on page 187 Enabling and Disabling Switch Ports on page 188 Configuring Switch Port Speed and Duplex Setting on page 188 186 ExtremeXOS Concepts Guide.3 . only the I/O ports on the module are disabled.) Once you remove the original modules and unconfigure and disable those slots. once with each MSM-G8X slot. issue the commands twice. if you are running ExtremeXOS software that is earlier than version 11. those slots display as ‘Empty’ when you use the show slot command. Software Version 12. When you are running a BlackDiamond 8800 series switch with both original-series modules and BlackDiamond 8000 a-series.Configuring Slots and Ports on a Switch ● ● ● ● ● ● ● ● ● G24Xc module 10G4Xa module 10G4Xc module 10G8Xc module 10G4Ca module S-10G1Xc module S-G8Xc module 8900-G96T-c 8900-10G24X-c You may want to run a BlackDiamond 8800 series chassis with all a-series. c-series. c-series. Use the following commands to disable the I/O ports on the MSM-G8X in the BlackDiamond 8800 chassis: unconfigure slot <slot> disable slot <slot> {offline} where the slot number is the one containing the MSM-G8X (slot 3 and/or 4 for the BlackDiamond 8806 chassis. slot 5 and/or 6 for the BlackDiamond 8810 chassis). Also. and e-series modules. and e-series modules. “Virtual Routers. c-series or e-series modules in the chassis. (Refer to the specific feature in the ExtremeXOS Concepts Guide to see the messages. See Chapter 16. you must disable the I/O ports on the MSM-G8X. issue the above commands to disable the I/O ports on the MSM. NOTE The MSM will continue to work. If you are running a chassis with two MSMs. or e-series modules.

d—Specifies a contiguous series of ports and a series of noncontiguous ports on a stand-alone switch Modular Switch and SummitStack Numerical Ranges On a modular switch. as shown below: 5 Separate the port numbers by a dash to enter a range of contiguous numbers.Configuring Ports on a Switch ● ● WAN PHY OAM on page 193 Configuring Switching Mode—Cut-through Switching on page 195 Port Numbering ExtremeXOS runs on both stand-alone and modular switches.a. This section describes the following topics: ● ● Stand-alone Switch Numerical Ranges on page 187 Modular Switch and SummitStack Numerical Ranges on page 187 Stand-alone Switch Numerical Ranges On a stand-alone switch. The nomenclature for the port number is as follows: slot:port For example.3 187 . and separate the numbers by a comma to enter a range of noncontiguous numbers: ● ● ● x-y—Specifies a contiguous series of ports on a stand-alone switch x. if an I/O module that has a total of four ports is installed in slot 2 of the chassis. Software Version 12. such as a Summit family switch. such as the BlackDiamond 10808 switch.y—Specifies a noncontiguous series of ports on a stand-alone switch x-y. The following wildcard combinations are allowed: ● ● ● ● slot:*—Specifies all ports on a particular I/O module or stack node slot:x-slot:y—Specifies a contiguous series of ports on multiple I/O modules or stack nodes slot:x-y—Specifies a contiguous series of ports on a particular I/O module or stack node slota:x-slotb:y—Specifies a contiguous series of ports that begin on one I/O module or stack node and end on another I/O module or stack node ExtremeXOS Concepts Guide. and SummitStack. the port number is a combination of the slot number and the port number. the port number is simply noted by the physical port number. the following ports are valid: ● ● ● ● 2:1 2:2 2:3 2:4 You can also use wildcard combinations (*) to specify multiple modular slot and port combinations. and the port numbering scheme is slightly different on each.

To receive these SNMP trap messages. SummitStack.cfg” configuration files. Use the commands configure switch ports initial-mode disabled to disable and configure switch ports initial-mode enabled to enable.7:12-7:15 You have the flexibility to receive or not to receive SNMP trap messages when a port transitions between up and down. Software Version 12. BlackDiamond 12800 series switches. and the Summit family switches Wide area network (WAN) PHY port—only on the BlackDiamond 10808. use the following command: disable snmp traps port-up-down ports [<port_list> | all] Refer to “Displaying Port Configuration Information” for information on displaying link status. This information is saved in NVRAM and is not saved in the “. and 20808 series switches and the Summit X450a and X450e series switches ● ● ● ● 188 ExtremeXOS Concepts Guide. You cannot disable the stacking ports of a Summit family switch (whether or not it is included in a SummitStack). X450e-48p. to disable slot 7. all ports are enabled. X250e-24p. autonegotiation. use the following command: enable snmp traps port-up-down ports [<port_list> | all] To stop receiving these messages. 12800. duplex.Configuring Slots and Ports on a Switch Enabling and Disabling Switch Ports By default. ports 3. ExtremeXOS supports the following port types: ● ● ● ● 10 Gbps ports 10/100/1000 Mbps copper ports 10/100/1000 GBICs 10/100/1000 Mbps copper ports with Power over Ethernet (PoE)—only on the G48P and G48Pe modules installed in the BlackDiamond 8800 series switch and the Summit X450e-24p. use the following command: disable port 7:3. and flow control settings. and show switch to display the configuration. Configuring Switch Port Speed and Duplex Setting NOTE Refer to “Displaying Port Configuration Information” for information on displaying port speed. To enable or disable one or more ports on a switch.7:5. NOTE You can choose to boot the BlackDiamond 12800 series switches with the ports disabled. which must have their speed configured to 100 Mbps 100/1000 FX/LX SFP GBIC ports—only on BlackDiamond 8800 series switches. use the following commands: enable port [<port_list> | all] disable port [<port_list> | all] For example. 5. and 12 through 15 on a modular switch or SummitStack.3 . and X250e-48p switches 1 Gbps small form factor pluggable (SFP) gigabit Ethernet interface converter (GBIC) fiber ports 100 FX GBICs.

the ports autonegotiate port speed. there are two GBICs supported by Extreme that can have a configured speed: ● ● 100 FX GBICs. they should be configured to 1G auto on (or auto off) if 1G SFP optic is inserted. Autonegotiation determines the port speed and duplex setting for each port (except 10 Gbps ports). Software Version 12. Stacking links provide the same type of switch fabric that is provided in a BlackDiamond 8800 series switch.Configuring Ports on a Switch ● ● ● 10/100 Mbps copper ports with Power over Ethernet (PoE) ports for Summit X250e series switches 10Gbps stacking ports (Summit family switches only) 10 Gbps small Form Factor pluggable+ (SFP+) fiber ports. use the following command: configure ports <port_list> auto on {speed [10 | 100 | 1000 | 10000]} {duplex [full | half]} ExtremeXOS does not support turning off autonegotiation on the management port. speed. and link fault signal. 100BASE-T. duplex. Note that Summit X650-24x. use the following command: configure ports <port_list> auto off speed [10 | 100 | 1000 | 10000] duplex [half | full] To configure the system to autonegotiate. NOTE With autonegotiation turned off. However. Table 23 lists the support for autonegotiation. or 1000BASE-T networks. ports 23 and 24 can only support SFP+ optics. and the Summit family switches) The 10 Gbps ports always run at full duplex and 10 Gbps. By default. which must have their speed configured to 100 Mbps 100FX/1000LX GBICs. In general. These should be configured to 10Gbps auto off if an SFP+ optic is inserted. and duplex setting for the various types of ports. and their speed cannot be modified. you cannot set the speed to 1000 Mbps. You also cannot configure data port features such as VLANs and link aggregation. the BlackDiamond 12800 series switches. SFP gigabit Ethernet ports are statically set to 1 Gbps. NOTE Stacking ports always use the same type of connector and copper PHY which are built in to the Summit family switches. You cannot configure stacking port parameters such as port speed. You can also configure each port for a particular speed (either 10 Mbps or 100 Mbps). To configure port speed and duplex setting.3 189 . You can manually configure the duplex setting and the speed of 10/100/1000 Mbps ports. Table 23: Support for Autonegotiation on Various Ports Port 10 Gbps 1 Gbps fiber SFP GBIC 100 FX GBIC Autonegotiation Off On (default) Off On (default) Off Speed 10000 Mbps 1000 Mbps 100 Mbps Duplex Full duplex Full duplex Full duplex ExtremeXOS Concepts Guide. The 10/100/1000 Mbps ports can connect to either 10BASE-T. which can be configured at either speed (available only on the BlackDiamond 8800 series switches.

Software Version 12. with autonegotiation enabled. flow control is enabled. X450a.Do not transmit pause frames ● 10 Gbps ports on modules for the BlackDiamond 10808.Respond to pause frames . and the behavior of reacting to received pause frames can be disabled.Respond to pause frames . IEEE 802.Do not respond to pause frames .3x).3x flow control provides the ability to configure different modes in the default behaviors. With Extreme Networks devices. and X650 series switches. the switch does not actually transmit pause frames unless it is configured to do so.Do not transmit pause frames ■ Autonegotiation disabled . and transmitting pause frames.Configuring Slots and Ports on a Switch Table 23: Support for Autonegotiation on Various Ports (Continued) Port 100/1000 Mbps FX/LX SFP GBIC 10/100/1000 Mbps 10/100 Mbps 10 Gbps SFP+ Autonegotiation On (default) Off On (default) Off On (default) Off Off Speed 100 Mbps 1000 Mbps 10 Mbps 100 Mbps 10 Mbps 100 Mbps 10000 Mbps Duplex Full duplex Full/half duplex Full/half duplex Full/half duplex Full/half duplex Full duplex Flow control on Gigabit Ethernet ports is enabled or disabled as part of autonegotiation (see IEEE 802.3 . and 20808 series chassis: ■ Autonegotiation always disabled . the 1 Gbps ports and the 10 Gbps ports implement flow control as follows: ● 1 Gbps ports ■ Autonegotiation enabled .Do not transmit pause frames ● Flow Control—Summit Family Switches and BlackDiamond 8800 Series Switches Only As shown above. SummitStack. When autonegotiation is turned On. flow control is disabled.Respond to pause frames . 12800. 190 ExtremeXOS Concepts Guide. However. as described below.Transmit pause frames 10 Gbps ports for the Summit X450.Do not advertise support for pause frames .Do not advertise support for pause frames . reacting to (stopping transmission). This includes receiving. Ports can be configured to transmit pause frames when congestion is detected. If autonegotiation is set to Off on the ports.Do not advertise support for pause frames . and on modules for the BlackDiamond 8800 series switch: ■ Autonegotiation always disabled . X450e.Advertise support for pause frames . Summit family switches and BlackDiamond 8800 series switches advertise the ability to support pause frames.

TX flow-control must first be disabled. Although a gigabit Ethernet port runs only at full duplex.Configuring Ports on a Switch TX. This includes protocol packets such as. use the following command: disable flow-control rx-pause ports NOTE To disable RX flow-control. This is also called lossless switching mode. ExtremeXOS Concepts Guide. You can configure ports to transmit link-layer pause frames upon detecting congestion. When flow control is applied to the fabric ports. Disabling rx-pause processing avoids dropping packets in the switch and allows for better overall network performance in some scenarios where protocols such as TCP handle the retransmission of dropped packets by the remote partner. To configure a port to disable the processing of IEEE 802. RX flow-control must first be enabled. use the following command: enable flow-control tx-pause ports NOTE To enable TX flow-control. If you attempt to disable RX flow-control with TX flow-control enabled. an error message is displayed. You can configure the switch to disable the default behavior of responding to received pause frames. Software Version 12. an error message is displayed.3 191 . there can be a performance limitation. If you attempt to enable TX flow-control with RX flow-control disabled.3x pause frames. The following limitations apply to the TX flow control feature: ● Flow control is applied on an ingress port basis which means that a single stream ingressing a port and destined to a congested port can stop the transmission of other data streams ingressing the same port which are destined to other ports. High volume packets destined to the CPU can cause flow control to trigger. you may need to turn autonegotiation off on a fiber gigabit Ethernet port. you must specify the duplex setting. use the following command: disable flow-control tx-pause ports RX. EDP. a single 1G port being congested could backpressure a high-speed fabric port and reduce its effective throughput significantly. For example. VRRP. To configure a port to return to the default behavior of enabling the processing of pause frames. The goal of IEEE 802.3x pause frames. and OSPF. To configure a port to return to the default behavior of not transmitting pause frames. ● ● To configure a port to allow the transmission of IEEE 802. EAPS. use the following command: enable flow-control rx-pause ports Turning Off Autonegotiation on a Gigabit Ethernet Port In certain interoperability situations.3x is to backpressure the ultimate traffic source to eliminate or significantly reduce the amount of traffic loss through the network.

the following message is logged to the syslog: 08/26/2008 06:05:29.remote fault recovered. (All the modules on the BlackDiamond 8800 series switch support LFS.info> MSM-A: 4:3 . NOTE On the BlackDiamond 10808 switch.3ae-2002.29 Port 1 link down . the system puts the link back up and the traffic automatically resumes. The system sends LinkDown and LinkUp traps when these events occur. monitors the 10 Gbps ports and indicates either a remote fault or a local fault.56 <Info:vlan.remote fault.dbg. which is always enabled.info> MSM-A: Port 4:3 link down due to local fault 09/09/2004 15:13:33. all Layer 2 and above traffic stops.56 <Info:vlan.info> MSM-A: 4:3 . Additionally.info> MSM-A: 4:3 .info> MSM-A: Port 4:3 link up at 10 Gbps speed and full-duplex 09/09/2004 15:13:33. All earlier versions of the 10G6X do not support this feature.02 <Info:hal.03 <Info:vlan. the 10 Gbps module must have the part number 804405-00 Revision 09 or higher to support LFS. Software Version 12. 09/09/2004 15:14:12.49 <Info:vlan.info> MSM-A: Port 4:3 link down due to remote fault 09/09/2004 14:59:05.info> MSM-A: Port 4:3 link up at 10 Gbps speed and full-duplex 09/09/2004 14:59:08. 192 ExtremeXOS Concepts Guide. 09/09/2004 15:13:33.local fault recovered.dbg. 09/09/2004 14:59:05.sys. After the fault has been alleviated.sys. 09/09/2004 15:14:11.dbg.35 <Info:vlan. To display the part number of the module. the system writes one or more information messages to the syslog.22 <Info:hal. use the show slot <slot_number> command.sys.dbg.56 <Info:hal. The Extreme Networks implementation of LFS conforms to the IEEE standard 802. they always run at full duplex and 10 Gbps speed.3 . The system then stops transmitting or receiving traffic from that link.sys. on disabling the 10 Gbps ports.56 <Info:hal.info> MSM-A: 4:3 . Running Link Fault Signal The 10 Gbps ports support the Link Fault Signal (LFS) function.info> MSM-A: Port 4:3 link down due to local fault In Summit series switches. as shown in the following example for a BlackDiamond 8800 series switch: 09/09/2004 14:59:08. This function.Configuring Slots and Ports on a Switch The following example turns autonegotiation off for port 1 (a 1 Gbps Ethernet port) on a module located in slot 1 of a modular switch: configure ports 1:1 auto off speed 1000 duplex full The 10 Gbps ports do not autonegotiate.local fault.dbg.) Although the physical link remains up.Local fault This message is logged even when the 10 Gbps port is currently operating in 1 Gbps in the case of Summit X650 series switches.

3 193 . and 20808 series switches.Configuring Ports on a Switch NOTE A link down or up event may trigger Spanning Tree Protocol topology changes or transitions.3ae. the Summit X450a. and Summit X650 series switches whether or not they are included in a SummitStack. the system causes the Ethernet link to come up regardless of the cable type connected to the port. The following example turns autopolarity off for ports 5 to 7 on a Summit X450 series switch: configure ports 5-7 auto-polarity off When autopolarity is disabled on one or more Ethernet ports. you might opt to turn autopolarity off on one or more ports. The WAN-PHY OAM feature is a subset of the SONET/SDH overhead function and the WAN PHY interface is defined in IEEE 802. The autopolarity feature is enabled by default. BlackDiamond 12800. 12800. you need a crossover cable to connect other networking equipment and a straight-through cable to connect to endstations. and BlackDiamond 8800 Series Switches only. SummitStack. This feature applies to only the 10/ 100/1000 BASE-T ports on the switch. NOTE Autopolarity detection is always on for the BlackDiamond 10808. use the following command: configure ports [<port_list> | all] auto-polarity [off | on] Where the following is true: ● ● ● ● port_list—Specifies one or more ports on the switch all—Specifies all of the ports on the switch off—Disables the autopolarity detection feature on the specified ports on—Enables the autopolarity detection feature on the specified ports Under certain conditions. BlackDiamond 20808. you can verify that status by using the command: show ports information detail WAN PHY OAM BlackDiamond 10808. BlackDiamond 20808. To disable or enable autopolarity detection. Turning off Autopolarity Summit Family Switches. Software Version 12. The autopolarity feature allows the system to detect and respond to the Ethernet cable type (straight-through or crossover cable) used to make the connection to the switch port. You can configure WAN PHY OAM on the BlackDiamond 10808. and Summit X650 Series Switches only. When the autopolarity feature is enabled. When the autopolarity feature is disabled. ExtremeXOS Concepts Guide. BlackDiamond 12800. Summit X450a.

use the following command: configure ports <port_list> wan-phy trace-path <id_string> To set a WAN PHY port to loopback. Summit X450a and X650 series switches.3 . the default is 15 NULL characters. use the following command: (This command is not supported on the BlackDiamond 20808 switch. BlackDiamond 12800. use the following commands: On BlackDiamond 10808. the default is off To set the framing. the default is 15 NULL characters Loopback—line. Summit X450a and X650 series switches configure ports <port_list> wan-phy loopback [line | off] On BlackDiamond 20808 switches configure ports <port_list> wan-phy loopback {off | internal | line} Displaying WAN PHY OAM Information You display information on the WAN PHY ports using the following commands: show show show show show ports ports ports ports ports {mgmt | <port_list>} information {detail} <port_list> wan-phy configuration <port_list> wan-phy errors {no-refresh} <port_list> wan-phy events {no-refresh} <port_list> wan-phy overhead {no-refresh} 194 ExtremeXOS Concepts Guide. Software Version 12. BlackDiamond 12800. internal. The BlackDiamond 20808 switch is WAN-PHY capable on all 10G ports with an XM-8XB module. The LW XENPAK provides an interface connection between a 10G Ethernet and a 10G SONET/SDH network from a 10G Ethernet equipment port. default is line. Configuring WAN PHY OAM Parameters The following are configurable WAN PHY OAM parameters: ● ● ● ● ● Framing—either SONET or SDH.Configuring Slots and Ports on a Switch The WAN-PHY feature is available on LW XENPAK ports on the BlackDiamond 10808.) configure ports <port_list> wan-phy clocking [line | internal] To set a section trace ID. use the following command: configure ports <port_list> wan-phy framing [sonet | sdh] To choose the clock source. use the following command: configure ports <port_list> wan-phy trace-section <id_string> To set a path trace ID. or off. Clock source—either internal or line. J1 path trace string—16-character string. default is SONET. J0 section trace string—16-character string.

it can operate only the switching fabric in cut-through mode. including four bytes used for the cyclic redundancy check (CRC). The packet is stored in its entirety in packet memory and can be validated via the frame CRC by the switch prior to forwarding it to the next hop. Following are examples: ● Cut-through mode cannot be achieved when switching a packet internally from a low-speed frontpanel port (1G or 10G) to a higher-speed fabric port. In this case. In some circumstances. cut-through switching can be used when switching between equal speed ports or from a higher-speed interface to a lower-speed interface. The following limitations apply to the cut-through switching feature: ● ● Cut-through mode cannot be achieved for packet sizes less than or equal to 384 bytes. On the Summit X650 series switches (whether or not included in a SummitStack) and BlackDiamond 8900 series modules. store-and-forward is automatically used. use the following command: configure forwarding switching-mode [cut-through | store-and-forward] To display the switching mode settings. The BlackDiamond 8900-G96T-c has partial support. Error packets may be forwarded when using cut-through mode. ExtremeXOS Concepts Guide. Cut-through switching allows the switch to begin transmitting a packet before its entire contents have been received thereby reducing the overall forwarding latency for large packet sizes. you can configure the switch to a cut-through switching mode. Extreme products support switching and routing of jumbo frames at wirespeed on all ports. Of the BlackDiamond 8900 series modules. ● ● Configuring Switching Mode To configure the switching mode. Store-and-forward switching requires the complete receipt of a packet prior to transmitting it out the interface. The configuration for jumbo frames is saved across reboots of the switch. routers. use the following command: show forwarding configuration Jumbo Frames Jumbo frames are Ethernet frames that are larger than 1522 bytes. These packets need to be detected and discarded by one of the downstream switches. store-and-forward switching will automatically be used. or the ultimate end station. Store-and-forward is used whenever the egress interface is congested including when QoS rate shaping is in effect. Store-and-forward is used for packets that are switched to multiple egress ports in scenarios such as VLAN flooding and multicast.3 195 .Jumbo Frames Configuring Switching Mode—Cut-through Switching Summit X650 Series Switches and BlackDiamond 8900 Series Modules Only The default switching mode for ExtremeXOS switches is store-and-forward. However. Software Version 12. only the 8900-10G24X-c and 8900-MSM128 fully support cutthrough switching mode.

Guidelines for Jumbo Frames You need jumbo frames when running the Extreme Networks vMAN implementation. there is no control over the size. the Rx error counter increments for an “Rx Crc” error as well as an “Rx Over” error. it can transmit frames up to a size of 10240 bytes excluding CRC. Use ‘enable jumbo-frame ports all’. show port statistics does not show the count for the Rx frames. ● ● ● ● ● The following information applies to jumbo frames on a SummitStack. For the egress packets. If a good packet greater in size than the supported maximum length of 1.522 bytes with a CRC error is received. ● When jumbo frame support is not configured. BlackDiamond 12800. If you are working on a BlackDiamond 8800 series switch. The Jabber frame counter is not supported. and BlackDiamond 20808 series switches Summit X150.Configuring Slots and Ports on a Switch Jumbo frames are used between endstations that support larger frame sizes for more efficient transfers of bulk data. X350. Whether or not a jumbo frame is enabled on a port. X250e. BlackDiamond 12800. PBB. SummitStack. If a packet greater in size than the supported maximum length of 1. and 10G4X ports globally. control for jumbo frames is available. Enabling Jumbo Frames per Port You can enable jumbo frames per port on the following switches: ● ● ● BlackDiamond 8000 a-series. For such packets. “vMAN. G24x. 196 ExtremeXOS Concepts Guide. and e-series modules BlackDiamond 10808.3 . X450e and X650 series switches If you attempt to enable jumbo frames per port on BlackDiamond 8800 original-series modules. Both endstations involved in the transfer must be capable of supporting jumbo frames. X450a.” The following information applies to jumbo frames on the BlackDiamond 20808 switch. The switch only performs IP fragmentation.522 bytes is received on a port. For more information on configuring vMANs. it can accept tagged or untagged packets up to 1522 bytes. ● Jumbo frame support is always enabled and available on Summit family switches that are operating in a SummitStack. and PBB-TE. the system returns the following message: Error: You must enable jumbo-frame on all MSM-G8X I/O ports and G48T. For the ingress packets. the switch enables jumbo frames when you configure vMANs. When you are working on a BlackDiamond 10808. c-series.” At the same time such a packet increments the counter for jumbo frames in the show ports packet command. the show ports rxerrors command shows it as “Rx Over. Software Version 12. refer to Chapter 13. All control for packet size has to be in ingress. or a Summit family switch. G48P. or participates in maximum transmission unit (MTU) negotiation on behalf of devices that support jumbo frames. Refer to “Displaying Port Configuration Information” for information on displaying jumbo frame status. you can enable and disable jumbo frames on individual ports before configuring vMANs. or BlackDiamond 20808 series switch.

Software Version 12. and includes 4 bytes of CRC plus another 4 bytes if 802. c-series. X450e. ● To enable jumbo frame support on BlackDiamond 8800 original-series modules or Summit X450 series switches. ● When you configure vMANs on BlackDiamond 8800 series switches. X450a. SummitStack. enable jumbo frames on the desired ports. Use 'enable jumbo-frame port all' and then 'disable jumbo-frame port (port)' on any other port. If you attempt to enable jumbo frames per port on an X250e. The following information applies to jumbo frames on BlackDiamond 8800 original-series modules and Summit X450 series switches: ● BlackDiamond 8800 original-series modules and Summit X450 series switches support jumbo frames on the entire switch.3 197 . ExtremeXOS Concepts Guide. The system returns an error message if you attempt to enter specified ports. Ensure that the NIC maximum MTU size is at or below the maximum MTU size configured on the switch. the system returns the following message: Error: You must first enable jumbo-frame on all MSM-G8X I/O ports and G48T. and the Summit family switches. the system returns the following message: Error: You must first enable jumbo-frame on all S450-24X and S450-24T ports globally. or X650 series switch when a Summit X450 series switch is also active in the SummitStack. you cannot enable or disable jumbo frames per port. Use ‘enable jumbo-frame ports all’ and the ‘disable jumbo-frame port <port_list>’ on any other port. G48P. the system returns the following error message: Error: You must enable jumbo-frame on all S450-24X and S450-24T ports globally. 'enable jumbo-frame port all'. To enable jumbo frame support. jumbo frames are either enabled or disabled on every port on the switch. you can enable or disable jumbo frames for individual ports before configuring the vMANs. use the following command: configure jumbo-frame-size <framesize> The jumbo frame size range is 1523 to 9194.Jumbo Frames If you attempt to enable jumbo frames per port on the Summit X450 series switch (whether or not it is operating in a SummitStack). and 10G4X port globally. use the following command: enable jumbo-frame ports all After you issue this command. This value describes the maximum size of the frame in transit (on the wire). To set the maximum jumbo frame size.1Q tagging is being used. Enabling Jumbo Frames NOTE Some network interface cards (NICs) have a configured maximum MTU size that does not include the additional 4 bytes of CRC. Frames that are larger than the MTU size configured on the switch are dropped at the ingress port. BlackDiamond 8800 original-series modules and Summit X450 series switches enable or disable jumbo frames on the entire switch. any new modules you add to the switch will also have jumbo frames enabled. G24X. Use If you attempt to enable jumbo frames per port on a BlackDiamond 8000 a-series. or e-series module that co-exists in the chassis with a BlackDiamond 8800 original-series module.

X450a. and X650 series switches. BlackDiamond 12800 series switches. c-series. The source host does not set the DF bit in the datagram headers. a source host can choose not to set the DF bit in datagram headers. X450e. the Extreme switch discards the datagrams and returns an ICMP Destination Unreachable message to the sending host. BlackDiamond 8000 a-. support path MTU discovery. Normally. the source host reduces its assumed path MTU and retransmits the datagrams. and Summit X250e. and X650 series switches support fragmentation of IP packets. the host can perform path MTU discovery again.3 . with a code meaning “fragmentation needed and DF set”. BlackDiamond 20808 switch. IP Fragmentation with Jumbo Frames NOTE BlackDiamond 8800 original-series modules and Summit X450 series switches do not support fragmentation of any IP packets they forward. Software Version 12. X450a. X450e. c-. Using path MTU discovery. The host sends all datagrams on that path with the “don’t fragment” (DF) bit set which restricts fragmentation. The above support is included whether or not the switches are present in a SummitStack.Configuring Slots and Ports on a Switch Set the MTU size for the VLAN by using the following command: configure ip-mtu <mtu> vlan <vlan_name> Next. a source host assumes that the path MTU is the MTU of the first hop (which is known). the host continues to set DF in all datagrams. 198 ExtremeXOS Concepts Guide. ● If it is willing to have datagrams fragmented. If any of the datagrams must be fragmented by an Extreme switch along the path. so that if the route changes and the new path MTU is lower. and e-series modules and Summit X250e. whether or not included in a SummitStack. When the source host receives the message (sometimes called a “Datagram Too Big” message). and e-series modules. enable support on the physical ports that will carry jumbo frames using the following command: enable jumbo-frame ports [all | <port_list>] Path MTU Discovery NOTE BlackDiamond 8800 original-series modules and Summit X450 series switches do not support the router specification for path MTU discovery. The path MTU discovery process ends when one of the following is true: ● The source host sets the path MTU low enough that its datagrams can be delivered without fragmentation. The BlackDiamond 10808 switch. ExtremeXOS supports the fragmenting of IP packets. The BlackDiamond 8000 a-series. the packets are fragmented instead of discarded. If an IP packet originates in a local network that allows large packets and those packets traverse a network that limits packets to a smaller size.

and BlackDiamond 8000 a-series. ExtremeXOS Concepts Guide. and e-series modules.Jumbo Frames This feature is designed to be used in conjunction with jumbo frames. The platforms which currently support fragmentation do so only for layer-3 forwarding. if you do not use jumbo frames. 3 Assign an IP address to the VLAN. To use IP fragmentation within a VLAN: 1 Enable jumbo frames on the incoming port. when you enable jumbo frame support on a port on the VLAN you will receive a warning that the ip-mtu size for the VLAN is not set at maximum jumbo frame size. IP Fragmentation within a VLAN ExtremeXOS supports IP fragmentation within a VLAN. 4 Enable ipforwarding on the VLAN. IP fragmentation can be used only for traffic that stays within the same VLAN. with 1500 the default. X450a. Only jumbo frame-to-normal frame fragmentation is supported.3 199 . 2 Add the port to a VLAN. However. This feature does not require you to configure the MTU size. only. to use IP fragmentation. 3 Assign an IP address to the VLAN. 4 Enable ipforwarding on the VLAN. 5 Set the MTU size for the VLAN. For traffic that is sent to other VLANs. If you leave the MTU size configured to the default value. Software Version 12. NOTE To set the MTU size greater than 1500. c-series. NOTE IP fragmentation within a VLAN does not apply to Summit X250e. X450e and X650 series switches (whether or not included in a SummitStack). You can ignore this warning if you want IP fragmentation within the VLAN. you must enable jumbo frames for the entire switch or stack. To configure VLANs for IP fragmentation: 1 Enable jumbo frames on the incoming port. using the following command: configure ip-mtu <mtu> vlan <vlan_name> The ip-mtu value ranges between 1500 and 9194. Frames that are fragmented are not processed at wire-speed within the switch fabric. all ports in the VLAN must have jumbo frames enabled. NOTE If you are working with BlackDiamond 8800 original-series modules or Summit X450 series switches (whether or not included in a SummitStack). 2 Add the port to a VLAN. all ports in the VLAN must be configured for jumbo frame support. NOTE Jumbo frame-to-jumbo frame fragmentation is not supported.

is disabled by default. Link aggregation is most useful when: ● ● The egress bandwidth of traffic exceeds the capacity of a single link. link aggregation. If a port in a load-sharing group (or LAG) fails. This section describes the following topics: ● ● ● ● ● ● ● ● ● ● Link Aggregation Overview on page 200 Link Aggregation and Software-Controlled Redundant Ports on page 201 Dynamic Versus Static Load Sharing on page 201 Load-Sharing Algorithms on page 202 LACP on page 207 Health Check Link Aggregation on page 210 Guidelines for Load Sharing on page 211 Configuring Switch Load Sharing on page 213 Load-Sharing Examples on page 216 Displaying Switch Load Sharing on page 218 Link Aggregation Overview NOTE All ports in a LAG must be running at the same speed and duplex setting. Load sharing allows the switch to use multiple ports as a single logical port. Software Version 12. Refer to IEEE 802. NOTE Load sharing must be enabled on both ends of the link.3 . For example.Configuring Slots and Ports on a Switch Link Aggregation on the Switch The link aggregation (also known as load sharing) feature allows you to increase bandwidth and availability by using a group of ports to carry traffic in parallel between switches. VLANs see the LAG as a single logical port. The advantages to link aggregation include an increase in bandwidth and link redundancy. Each port can belong to only one LAG. Most load-sharing algorithms guarantee packet sequencing between clients. traffic is redistributed to the remaining ports in the LAG. which allows multiple physical ports to be aggregated into one logical port. or LAG. If the failed port becomes active again. Link aggregation. or a network loop may result. or load sharing. traffic is redistributed to include that port. and trunking are terms that have been used interchangeably in Extreme Networks documentation to refer to the same feature. Multiple links are used for network resiliency. Load sharing. although you can only reference the master port of a LAG to a Spanning Tree Domain (STPD). all the ports of the LAG actually belong to the specified STPD. 200 ExtremeXOS Concepts Guide.3ad for more information on this feature. And. or link aggregation group (LAG).

If you are configuring software-controlled redundant ports and link aggregation together. Also. the following rules apply: ● You must unconfigure the software-controlled redundant ports before either configuring or unconfiguring load sharing. both static and dynamic. Health Check Link Aggregation is used to create a link aggregation group that monitors a particular TCP/IP address and TCP port. If any port in the LAG is enabled for vMAN. EAPS. “ACLs. Static load sharing—Static load sharing is a grouping of ports specifically configured to load share. and 20808 series switches. You can run the Link Layer Discovery Protocol (LLDP) on ports in a LAG. all ports in the group are automatically enabled to handle jumbo size frames on the BlackDiamond 10808. you may experience a slight interruption in the protocol operation. ESRP.3 201 . The entire LAG must go down before the software-controlled redundant port takes effect. The Link Aggregation Control Protocol is used to dynamically determine if link aggregation is possible and then to automatically configure the aggregation. SummitStack. and Summit family switches. 12800. and so forth) to the port and then create a LAG on that port. See Chapter 18. In modular switches. or link aggregation: ● Dynamic load sharing—Dynamic load sharing includes the Link Aggregation Control Protocol (LACP) and Health Check Link Aggregation. You must enable jumbo frames on BlackDiamond 8800 series switches. To seamlessly add or delete bandwidth when running control protocols. The switch ports at each end must be specifically configured as part of a load-sharing group. vMAN is automatically enabled on all ports of an untagged LAG. the aggregation of separate physical links into a single logical link multiplies total link bandwidth in addition to providing resiliency against individual link failures. ● Dynamic Versus Static Load Sharing ExtremeXOS software supports two broad categories of load sharing. LACP is part of the IEEE 802. so resiliency is also provided against individual module failures. vMAN ports can belong to LAGs. NOTE You can use vMAN ACLs to configure load sharing on a vMAN. The LAG is enabled only when LACP detects that the remote device is also using LACP and is able to join the LAG. If you add the protocols (for example.3ad standard and allows the switch to dynamically reconfigure the link aggregation groups (LAGs).” for complete information on vMAN ACLs. Link Aggregation and Software-Controlled Redundant Ports NOTE This section applies to Summit family switches only. The software supports control protocols across the LAGs. Extreme Networks recommends that you create a LAG consisting of only one port. ● ExtremeXOS Concepts Guide. Software Version 12. ExtremeXOS supports LAGs across multiple modules. Then add your protocols to that port and add other ports as needed.Link Aggregation on the Switch In both situations.

X450a. X450e. Algorithm selection is not intended for use in predictive traffic engineering. IPv4 and IPv6 packets—When a Summit X650 switch is not present in a SummitStack. ■ 202 ExtremeXOS Concepts Guide. and X650 series switches. and Summit X450 Series Switches on page 203 Link Aggregation Algorithms—BlackDiamond 8900 Series Modules.) The following are the types of traffic to which addressed-based algorithms apply and the traffic components used to select egress links: ● ● Layer 2 frames and non-IP traffic—The source and destination MAC addresses. X450a. Link Aggregation Algorithms—Summit X150. X450a. X350. For some types of traffic. and X450e series switches and SummitStack support address-based load sharing. The ExtremeXOS software provides multiple addressed-based algorithms. The ExtremeXOS software supports the following types of load sharing algorithms: ● ● Port based—The egress link is chosen based on the ingress port number. SummitStack. and X450e Series Switches Summit X150. algorithms select an egress link for each packet forwarded to egress LAG. X250e. SummitStack. load sharing is based on the configured options supported on each platform: ■ L2 algorithm—Layer 2 source and destination MAC addresses.Configuring Slots and Ports on a Switch NOTE The platform-related load-sharing algorithms apply to LACP (as well as static load sharing). Available on SummitStack and Summit X250e. Load-Sharing Algorithms Load-sharing.3 . X250e. For other types of traffic. (These platforms do not support port-based load sharing. Software Version 12. VLANs configured to use other ports in the LAG will have those ports deleted from the VLAN when link aggregation is enabled. you can configure an algorithm. X250e. The following sections describe the algorithm choices for different platforms: ● Link Aggregation Algorithms—Summit X150. Available on SummitStack and all Summit family switches. Address based—The egress link is chosen based on egress packet contents. L3_L4 algorithm—Layer 3 and Layer 4. X450a. X350. X350. and X450e Series Switches on page 202 Link Aggregation Algorithms—BlackDiamond 8500 and 8800 Series Modules. or link aggregation. and Summit X650 Series Switches on page 204 Link Aggregation Algorithms—BlackDiamond 10808 and 12800 Series Switches on page 205 Link Aggregation Algorithms—BlackDiamond 20808 Switches on page 206 NOTE ● ● ● ● Always reference the master logical port of the load-sharing group when configuring or viewing VLANs. the algorithm is fixed and cannot be changed. the combined source and destination IP addresses and source and destination TCP and UDP port numbers.

SummitStack. the combined source and destination IP addresses and source and destination TCP and UDP port numbers. BlackDiamond 8800 original-series modules and Summit X450 switches transmit packets on a single port of a LAG. IPv4 and IPv6 packets—The source and destination IP addresses. Link Aggregation Algorithms—BlackDiamond 8500 and 8800 Series Modules. and Summit family switches: the combined source and destination IP addresses and source and destination TCP and UDP port numbers. SummitStack. SummitStack. load sharing on all other switch types is based on the switch type: ■ ■ Summit X450-24t and X450-24x: Layer 3 source and destination IP addresses. and Summit X450 series switches. Available on BlackDiamond 8800 series switches. and Summit X450 series switches support address-based load sharing. SummitStack.Link Aggregation on the Switch ● IPv4 and IPv6 packets—When Summit X650 switches are installed in a SummitStack. G24X.) BlackDiamond 8000 a-series. The L3_L4 keyword is not supported on Summit X150 and X350 series switches. The following are the types of traffic to which addressed-based algorithms apply and the traffic components used to select egress links: ● IPv4 and IPv6 packets—When no BlackDiamond 8900 series modules or Summit X650 switches are installed in a modular switch or SummitStack. and all Summit family switches. Non-IP traffic—The source and destination MAC addresses. X350. Available on BlackDiamond 8000 a-series. L3 algorithm—Layer 3 source and destination IP addresses. load sharing is based on the configured options supported on each platform: ■ L2 algorithm—Layer 2 source and destination MAC addresses. SummitStack. ■ ■ ● IPv4 and IPv6 packets—When BlackDiamond 8900 series modules are installed in a BlackDiamond 8800 series switch or when Summit X650 switches are installed in a SummitStack. c-series. and e-series modules and BlackDiamond 8500 series modules. Available on BlackDiamond 8800 series switches. 10G4X and MSM-G8X I/O modules: source and destination IP addresses. G48P. and e-series modules distribute packets across all members of a LAG. All other SummitStack compatible Summit family switches: Layer 3 and Layer 4. ■ ExtremeXOS Concepts Guide. (These platforms do not support port-based load sharing.3 203 . and unknown unicast packets (not configurable)—Depends on traffic type: ■ ■ You control the field examined by the switch for address-based load sharing when the load-sharing group is created by using the following command: enable sharing <port> grouping <port_list> {algorithm [port-based | address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check} NOTE The L3 and custom keywords are not supported on Summit X150. All other BlackDiamond 8500 and 8000 series modules. multicast. L3_L4 algorithm—Layer 3 and Layer 4. X450a. and X450e series switches. ● Broadcast. and Summit X450 Series Switches BlackDiamond 8500 and 8800 series modules. Software Version 12. the combined source and destination IP addresses and source and destination TCP and UDP port numbers. load sharing on all other module or switch types is based on the module or switch type: ■ Summit X450-24t and X450-24x and G48T. c-series. X250e.

Link Aggregation Algorithms—BlackDiamond 8900 Series Modules. The configuration options are: ■ ■ ■ ■ The source and destination IPv4 addresses and Layer 4 port numbers (default) The source IP address only. L3 algorithm—Layer 3 source and destination IP addresses. and Summit X650 Series Switches BlackDiamond 8900 series modules. Software Version 12. IPv4 and IPv6 packets—Load sharing is based on the configured options supported on each platform: ■ ■ ■ L2 algorithm—Layer 2 source and destination MAC addresses.Configuring Slots and Ports on a Switch ● Non-IP traffic—The source and destination MAC addresses. MPLS packets—Uses the top. the combined source and destination IP addresses and source and destination TCP and UDP port numbers. which are supported by other switch platforms too. L3_L4 algorithm—Layer 3 and Layer 4. SummitStack. SummitStack. and the ethertype. 204 ExtremeXOS Concepts Guide. and reserved labels and the source and destination IP addresses. You control the field examined by the switch for address-based load sharing when the load-sharing group is created by using the following command: enable sharing <port> grouping <port_list> {algorithm [port-based | address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check} NOTE The custom keyword is not supported on Summit X450 series switches. The following are the types of traffic to which custom addressed-based algorithms apply and the traffic components used to select egress links: ● ● Non-IP Layer 2—Uses the VLAN ID. ● MPLS packets—The source and destination MAC addresses. IPv4 packets—Uses IP address information from an IP header.) These platforms support two types of algorithms: ● ● Standard algorithms. the custom algorithm always uses the inner header of an IP-in-IP or GRE tunnel packet. The destination IP address only The source and destination IP addresses ● ● IPv6 packets—Uses the source and destination IPv6 addresses and Layer 4 port numbers. second. including the ability to evaluate IP address information from the inner header of an IP-in-IP or GRE tunnel packet. which use newer switch hardware to offer additional options. (These platforms do not support port-based load sharing.3 . Custom Algorithms. Custom algorithms. the source and destination MAC addresses. and Summit X650 series switches support addressbased load sharing. The following are the types of traffic to which standard addressed-based algorithms apply and the traffic components used to select egress links: ● ● Layer 2 frames and non-IP traffic—The source and destination MAC addresses. or for tunneled packets. Standard Algorithms.

algorithms on the BlackDiamond 10808 and 12800 series switches. IPv4 and IPv6 packets—Configurable with the following choices: ■ ■ ■ The source and destination MAC addresses. as follows: ● Port-based—Uses the ingress port to determine which physical port in the load-sharing group is used to forward traffic out of the switch. Address-based—Uses addressing information to determine which physical port in the load-sharing group to use to forward traffic out of the switch. Software Version 12. Address-based load sharing. regardless of which is the source and which is the destination. the source and destination IP addresses. ExtremeXOS Concepts Guide. source and destination TCP and UDP port numbers.Link Aggregation on the Switch The following command allows you to enable load sharing and select either a standard algorithm or specify that you want to use a custom algorithm: enable sharing <port> grouping <port_list> {algorithm [port-based | address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check} If you choose the custom option when you enable load sharing. and the packet checksum. the port-based scheme is used. the address-based algorithm has a more even distribution and is the recommended choice. Link Aggregation Algorithms—BlackDiamond 10808 and 12800 Series Switches You can configure one of two load-sharing.3 205 . ■ ■ You can enable address-based load sharing on these switches by using the following command: enable sharing <port> grouping <port_list> {algorithm [port-based | address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check} NOTE The custom keyword is not supported on BlackDiamond 10808 and 12800 series switches. The source and destination MAC addresses and the source and destination IP addresses. or link aggregation. the addressing information examined is based on the packet protocol as follows: ● ● Layer 2 frames and non-IP traffic—The source and destination MAC addresses. When you configure address-based load sharing. However. source and destination IP addresses. ● If you do not explicitly select an algorithm. The xor hash algorithm guarantees that the same egress port is selected for traffic distribution based on a pair of IP addresses. source and destination IP addresses. or both. The source and destination MAC addresses. and the packet checksum. layer 4 ports. you can use the following command to select a custom load sharing algorithm: configure sharing address-based custom [ipv4 [L3-and-L4 | source-only | destinationonly | source-and-destination] | hash-algorithm [xor | crc-16]] The hash-algorithm option controls how the source information (such as an IP address) is used to select the egress port. The source and destination MAC addresses. The source and destination MAC addresses. and source and destination TCP and UDP port numbers.

Layer 2 is the default setting. NOTE The options that include CHK_SUM apply only to IPv4 packets.Configuring Slots and Ports on a Switch You can control the field examined by the switch for address-based load sharing by using the following command: configure sharing address-based [L2 | L2_L3 | L2_L3_L4 |L2_L3_CHK_SUM | L2_L3_L4_CHK_SUM] In this command. The source IPv6 address The destination IPv6 address. The source IPv4 address. 206 ExtremeXOS Concepts Guide. The master port of the load-sharing group can be the monitor port for port-mirroring. ● IPv4 and IPv6 packets—Configurable with the following choices: ■ ■ ■ ■ ■ You can enable address-based load sharing on the switch by using the following command: enable sharing <port> grouping <port_list> {algorithm address-based} {lacp | healthcheck} You can control the field examined by the switch for address-based load sharing by using the following command: configure sharing address-based [L2 | L3 | L2_SMAC | L2_DMAC | L3_SIP | L3_DIP | IP6_SIP | IP6_DIP] The selected address-based algorithm is applied to the entire switch. which is likely to change from packet to packet. The configured algorithm is applicable only to those trunks that are created after the algorithm configuration. When you configure address-based load sharing.3 . Both source and destination IPv4 addresses. Link Aggregation Algorithms—BlackDiamond 20808 Switches BlackDiamond 20808 switches support the address-based load sharing algorithm. to all the load-sharing groups created in the switch. Examining the checksum in addition to the other parameters produces a random traffic pattern on the egress of the load-sharing links because the checksum includes the packet length. Software Version 12. to all the load-sharing groups configured as address-based. the addressing information examined is based on the packet protocol as follows: ● Layer 2 frames—The source and destination MAC addresses: ■ ■ The source MAC address alone The destination MAC address alone. The selected address-based algorithm is applied to the entire switch. CHK_SUM indicates that the switch should examine the IP packet checksum. The destination IPv4 address. Layer 2 (L2) is the default setting. The address-based algorithm uses addressing information to determine which physical port in the load-sharing group to use to forward traffic out of the switch. Address-based load sharing.

the system determines the status of the ports and whether to send traffic on which ports. You configure dynamic link aggregation by first assigning a primary. The communicating systems negotiate priority for controlling the actions of the entire trunk (LAG). the outer label is used to determine the physical port to be used for forwarding the traffic. using an automatically generated key.3 207 . ● ● The sharing algorithm configured above is not applicable for MPLS label switched packets and IPv4 multicast switched packets.3ad standard. and the VLAN ID are used to determine the output physical port. For Layer 3 IP forwarded frames. For other types of frames. using LACP. ExtremeXOS Concepts Guide. The LACPDUs inform the remote system of the identity of the sending system. NOTE Layer 2 packets that are flooded always egress via only one physical port of the load-shared trunk. LACP determines which links are available. Each link can belong to only one LAG. based on the lowest system MAC number. the group address. You can run the Link Aggregation Control Protocol (LACP) on Extreme Networks devices. After you enable and configure LACP. or logical. the source IP address. the source and destination MAC addresses are used to determine the physical port to be used to forward the traffic out of the switch. If a key from a particular system on a given link matches a key from that system on another link. All third-party devices supporting LACP run with Extreme Networks devices. In the case of IPv4 multicast switched packets. the automatically generated key of the link. You can override this automatic prioritization by configuring the system priority for each LAG. and the desired aggregation capabilities of the link. LACP. After the remote system exchanges LACPDUs with the LAG. For MPLS label switched packets. the source and destination IP addresses are used to determine the physical port to be used to forward the traffic out of the switch. determines which links can aggregate. Software Version 12. the system sends PDUs (LACPDUs) on the LAG ports. or LAG and then specifying the other ports you want in the LAG. port to the group. those links are aggregatable. the following applies: ● For Layer 2 forwarded frames. LACP enables dynamic load sharing and hot standby for link aggregation links. The addition of LACP provides the following enhancements to static load sharing. or link aggregation: ● ● ● ● Automatic configuration Rapid configuration and reconfiguration Deterministic behavior Low risk of duplication or misordering After you enable load-sharing. in accordance with the IEEE 802. LACP NOTE LACP fails over hitlessly in the event of a failover to a duplicate MSM/MM in a modular switch. the source and destination MAC addresses are used to determine the physical port to be used to forward the traffic out of the switch.Link Aggregation on the Switch When the sharing algorithm is L2. the LACP protocol is enabled by default.

If a loopback condition exists between two ports.3 . If there is no matching key. The protocol keeps sending and receiving LACPDUs until both sides of the link have echoed back each other’s information. the system uses those ports with the lowest port number as active ports. The lowest numbered ports are the first to be automatically added to the aggregator. LACP automatically moves the standby port into selected mode and that port begins collecting and distributing traffic. look for the ports specified as being in the aggregator. Based on the LACPDUs exchanged with the remote link. NOTE Always verify the LACP configuration by issuing the show ports sharing command. The Extreme Networks LACP implementation responds to marker frames but does not initiate these frames.) All ports configured in a LAG begin in an unselected state. LACP uses the mux portion of the protocol to determine which ports join the aggregator and can collect and distribute traffic. the rest go to standby. After the sync messages match up on each end. The protocol then enables the aggregated link for traffic and monitors the status of the links for changes that may require reconfiguration. they cannot aggregate. it moves into the mux state of waiting. A few seconds after a port is selected. that port must first be added to the LAG before you can configure the LACP settings.Configuring Slots and Ports on a Switch Among those ports deemed aggregatable by LACP. You can configure the port priority to ensure the order that ports join the aggregator. the standby ports become active. if one of the links in a LAG goes down and there are standby links in that LAG. these ports are available to join the aggregator if one of the selected ports should go offline. the ends of the link are then considered synchronized. The system now detects and blocks loopbacks. the ports in the LAG remain in the unselected state. For example. if more than one port is configured with the same priority. and then into the mux state of attached. The system sends a trap when a member port is added to or deleted from an aggregator. After the ports in the LAG move into the selected state. also according to the lowest port number. the system does not allow a pair of ports that are in the same LAG but are connected to one another by the same link to select the same aggregator. the remaining ports aggregatable to that LAG are put into standby status. ports with the same MAC address and a different admin key can belong to the same LAG. (See “Configuring LACP” on page 214 for the number of active and standby LACP links supported per platform. You can configure additional parameters for the LACP protocol and the system sends certain SNMP traps in conjunction with LACP. that is. the lowest-numbered port joins the aggregator first. Again. The marker protocol portion of LACP ensures that all traffic on a link has been received in the order in which it was sent and is used when links must be dynamically moved between aggregation groups. As the name implies. Ports with the same MAC address and the same admin key cannot aggregate. Software Version 12. However. The attached ports then send their own LACP sync messages announcing that they are ready to receive traffic. Should an active link fail. 208 ExtremeXOS Concepts Guide. However if more ports in the LAG are selected than the aggregator can handle because of the system hardware. that port is moved into the aggregator (into the mux state of collectingdistributing) and is able to collect and distribute traffic. You can also display the aggregator count by issuing the show lacp lag command. those ports that fall out of the hardware’s capability are moved into standby state. those ports that have a matching key are moved into a selected state.

The default configuration for defaulted ports is to be removed. or 90 seconds. If there are fewer ports in the aggregator than the maximum number allowed.) Use the show lacp lag <group-id> detail command to display the timeout value for the LAG. Software Version 12. or deleted. the switch sends LACPDUs only when it receives one from the other end of the link. use the configure sharing lacp defaultedstate-action command to add ports to the aggregator. which is 3 seconds. Use the show lacp member-port <port> detail command to display the churn on both sides of the link. The display shows as True until the aggregator forms. If the Churn value is shown as True in the display. when it changes to display as False. You can configure this timeout value as long. (In ExtremeXOS 11. defaulted ports in the LAG are always removed from the aggregator. (In ExtremeXOS version 11. ensure that the partner link is in LACP active mode. it is always active mode. the timeout value is not configurable and is set as long. the mode is not configurable. You can configure whether you want this defaulted LAG port removed from the aggregator or added back into the aggregator. this is not configurable. the default is long. A LAG port moves to expired and then to the defaulted state when it fails to receive an LACPDU from its partner for a specified time. that port automatically has a lower priority than any other port in the LAG (including those already in standby). (In ExtremeXOS 11. If the aggregator has the maximum ports.3.3. check your LACP configuration.3. There are two LACP activity modes: active and passive. Use the show lacp lag <group-id> {detail} command to display the defaulted action set for the LAG. which is 90 seconds. If you configure the LAG to add the defaulted port into the aggregator. the system adds the defaulted port to the aggregator (port set to selected and collecting-distributing). A LAG port moves into a defaulted state after the timeout value expires with no LACPDUs received for the other side of the link. those ports are removed from the aggregator and the port state is set to unselected. or short. If you configure the LAG to remove ports that move into the default state. the system takes inventory of the number of ports currently in the aggregator. the switch periodically sends LACPDUs.Link Aggregation on the Switch The system sends an error message if a LAG port is configured and up but still not attached to the aggregator or in operation within 60 seconds. NOTE One side of the link must be in active mode in order to pass traffic. in passive mode.3 209 . In LACP active mode. but you should check your configuration. from the aggregator. The default is active mode. The issue may be either on your end or on the partner link. If you configure your side in the passive mode. the system adds the defaulted port to the standby list (port set to standby). NOTE If the defaulted port is assigned to standby. ExtremeXOS Concepts Guide.) NOTE To force the LACP trunk to behave like a static sharing trunk.) Use the show lacp lag <group-id> detail command to display the LACP mode for the LAG.

Figure 6 displays an example of a Health Check LAG: Figure 6: Health Check LAG Example Server1 192.104 Note: The default port to monitor is port 80 (HTTP). A typical use case for this application is when a user wishes to connect each member link to a Security Server to validate traffic.1.168. The LAG is added to a VLAN on the same subnet as the Security Server IP addresses they wish to monitor.168.Configuring Slots and Ports on a Switch Health Check Link Aggregation The Health Check LAG application allows you to create a link aggregation group where individual member links can monitor a particular TCP/IP address and TCP port.102 1:1 ExtremeXOS 1:2 1:3 1:10 vlan1 192. the port is removed from the aggregator and traffic through that particular link is redistributed to the other LAG member links. As long as the switch can establish a TCP connection to the target switch and TCP port. by virtue of the sharing algorithm. Each member link of the Health Check LAG is connected to an individual Security Server. The Health Check LAG application attempts to do a TCP connect to each IP/TCP port through each member port. EX_Ports_0045 210 ExtremeXOS Concepts Guide. The TCP connection will retry based on the configured frequency and miss settings. Software Version 12.168.101 HEALTH CHECK LAG Application controls this LAG or Trunk Group Server2 192.1. If a TCP connection cannot be established through the member link.1.1 Connect and monitor TCP port on each individual link No response from specified TCP port 1:4 1:3 removed from LAG Server3 192. When connectivity to the TCP/IP address and TCP port fails. the connection is considered up.103 Server4 192.1. Each member port is configured to monitor a particular IP address and TCP port. The Health Check LAG.168.3 . will load balance traffic across the member links. the member link is removed from the link aggregation group. Establishing the status of a TCP connectivity is based on standard TCP socket connections.168.1.

Warning> MSM-A: Error Max Load Share Groups Exceeded(-48) from HAL on CardExec INIT(5) for slot 8 Once you configure more than 32 LAGs on a SummitStack with a Summit X450 switch. the system displays the following error message: Error: Slot <slot_number> can support a maximum of 32 trunks If you want to configure more than 32 LAGs on this SummitStack. a Summit X450 switch will not initialize even if you reduce the number of LAGs to 32. X250e.Error> MSM-A: Slot 8 is not supported when more than 32 load share groups have previously been configured. The system logs an error message at the error level similar to the following when you must reduce the system (even if you reduced the number of LAGs to 32): 04/07/1921 23:52:28. SummitStack. the maximum number of LAGs for all other Summit family switches is 128.3 211 . and Summit X650 Series Switches on page 204 ■ ■ ● The maximum number of LAGs for a Summit X450 switch or a SummitStack that contains a Summit X450 switch is 32. Software Version 12. and 20808 Series Switches on page 213 Load Sharing Rules and Restrictions for All Switches on page 213 Load Sharing Guidelines for Summit Family Switches and SummitStack The following rules apply to load sharing on Summit family switches: ● ● One static LAG can contain up to 8 ports.29 <Warn:DM. You can configure only the address-based load-sharing algorithm as described in the following sections: ■ ● ● Link Aggregation Algorithms—Summit X150. If you attempt to insert a Summit X450 series module into a SummitStack. One LACP LAG can contain up to 16 links per LAG. If you attempt to configure more than 32 LAGs on a SummitStack that contains a Summit X450 series switch. A system reboot is required to clear this condition. X450a. you must unconfigure the slot occupied by the Summit X450 series switch and remove the switch from the stack.Card. which includes up to 8 selected links and 8 standby links. ExtremeXOS Concepts Guide. 12800. A Health Check LAG can contain up to 8 ports.29 <Warn:DM. SummitStack.Warning> MSM-A: Slot-8 FAILED (1) Error Max Load Share Groups Exceeded(-48) from HAL on CardExec INIT(5) for slot 04/07/1921 23:52:28. and X450e Series Switches on page 202 Link Aggregation Algorithms—BlackDiamond 8500 and 8800 Series Modules. you must reboot the system or SummitStack first.29 <Erro:HAL. the module fails the Init state with log error messages at the warning level similar to the following: 04/07/1921 23:52:28. X350. and Summit X450 Series Switches on page 203 Link Aggregation Algorithms—BlackDiamond 8900 Series Modules.Link Aggregation on the Switch Guidelines for Load Sharing The following sections provide guidelines for load sharing: ● ● ● ● Load Sharing Guidelines for Summit Family Switches and SummitStack on page 211 Load Sharing Guidelines for BlackDiamond 8800 Series Switches on page 212 Load Sharing Guidelines for BlackDiamond 10808.

per LACP. 212 ExtremeXOS Concepts Guide. One LACP LAG can contain up to 16 links per LAG. selected and standby. SummitStack.Card. Software Version 12. The system logs an error message at the error level similar to the following when you must reduce the system (even if you reduced the number of LAGs to 32): 04/07/1921 23:52:28.3 .29 <Warn:DM. the 10G4X module will not initialize even if you reduce the number of LAGs to 32. you must reboot the system first. and Summit X450 Series Switches on page 203 Link Aggregation Algorithms—BlackDiamond 8900 Series Modules.Configuring Slots and Ports on a Switch NOTE See “Configuring LACP” on page 214 for the maximum number of links. however.29 <Warn:DM. selected and standby. Use the following commands to unconfigure the slot and disable that slot: unconfigure ports wan-phy and disable slot If you attempt to insert a 10G4X module into a BlackDiamond 8800 switch configured for more than 32 LAGs (or attempt to insert a Summit X450 series module into a SummitStack). the module fails the Init state with log error messages at the warning level similar to the following: 04/07/1921 23:52:28. Load Sharing Guidelines for BlackDiamond 8800 Series Switches The following rules apply to load sharing on BlackDiamond 8800 series switches: ● ● One static LAG can contain up to 8 ports. One Health Check LAG can contain up to 8 ports. or if you attempt to configure more than 32 LAGs on a SummitStack that contains a Summit X450 series switch. which includes up to 8 selected links and 8 standby links. per LACP.29 <Erro:HAL.Error> MSM-A: Slot 8 is not supported when more than 32 load share groups have previously been configured. NOTE See “Configuring LACP” on page 214 for the maximum number of links. the system displays the following error message: Error: Slot <slot_number> can support a maximum of 32 trunks If you want to configure more than 32 LAGs on this chassis.Warning> MSM-A: Error Max Load Share Groups Exceeded(-48) from HAL on CardExec INIT(5) for slot 8 Once you configure more than 32 LAGs on a BlackDiamond 8800 switch. it is not necessary to remove the 10G4X module. and Summit X650 Series Switches on page 204 ■ ● The maximum number of LAGs is 128 unless a 10G4X module is in use in the chassis. If you attempt to configure more than 32 LAGs on a BlackDiamond 8800 switch that contains a 10G4X module or has a slot configured for the 10G4X module.Warning> MSM-A: Slot-8 FAILED (1) Error Max Load Share Groups Exceeded(-48) from HAL on CardExec INIT(5) for slot 04/07/1921 23:52:28. You can configure only the address-based load-sharing algorithm as described in the following sections: ■ ● ● Link Aggregation Algorithms—BlackDiamond 8500 and 8800 Series Modules. SummitStack. you must both unconfigure the slot holding the 10G4X module and disable the slot holding that module or remove the 10G4X module. A system reboot is required to clear this condition. in which case the maximum number of LAGs is 32.

All the ports in a load-sharing group must have the same exact configuration. also known as a link aggregation group (LAG). Load Sharing Rules and Restrictions for All Switches Additionally. or link aggregation. among ports. selected and standby. All the ports in a loadsharing group must also be of the same bandwidth class. You can configure port. A LAG that spans multiple modules must use ports that have the same maximum bandwidth capability. duplex setting.Link Aggregation on the Switch Load Sharing Guidelines for BlackDiamond 10808. You can configure address-based load sharing as described in “Link Aggregation Algorithms— BlackDiamond 20808 Switches” on page 206. The maximum number of LAGs is 128. Configuring Switch Load Sharing NOTE See “Guidelines for Load Sharing” on page 211 for specific information on load sharing for each specific device. you must create a load-sharing group of ports. per LACP. including autonegotiation. 12800. and so on. Software Version 12. and 20808 series switches: ● ● One static LAG can contain up to 16 ports. ESRP host attach or don’t-count. It can be thought of as the logical port representing the entire port group. and 20808 Series Switches The following rules apply to load sharing on the BlackDiamond 10808. NOTE ● ● ● See “Configuring LACP” on page 214 for the maximum number of links.3 213 . the following rules apply to load sharing on all switches: ● ● The ports in the LAG do not need to be contiguous. The following sections describe common load sharing configuration tasks: ● ● ● ● ● Creating and Deleting Load Sharing Groups on page 214 Adding and Deleting Ports in a Load-Sharing Group on page 214 Configuring the Load Sharing Algorithm on page 214 Configuring LACP on page 214 Configuring Health Check Link Aggregation on page 215 ExtremeXOS Concepts Guide.or address-based load sharing as described in “Link Aggregation Algorithms—BlackDiamond 10808 and 12800 Series Switches” on page 205. 12800. The first port in the load-sharing group is configured to be the master logical port. To set up a switch for load sharing. One dynamic LAG can contain up to 32 links per LAG. which includes up to 16 selected links and 16 standby links. This is the reference port used in configuration commands and serves as the LAG group ID. with one exception—you can mix media type on 1 Gbps ports.

3 . To enable or disable a load-sharing group. 214 ExtremeXOS Concepts Guide. or LAG. use the following commands: enable sharing <port> grouping <port_list> {algorithm [port-based | address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check} disable sharing <port> NOTE All ports that are designated for the LAG must be removed from all VLANs prior to configuring the LAG. use the following commands: configure sharing <port> add ports <port_list> configure sharing <port> delete ports <port_list> NOTE See “Configuring LACP” on page 214 for the maximum number of links. selected and standby. you can configure the load sharing algorithm as described in “Load-Sharing Algorithms” on page 202. and it serves as the LAG Group ID. first create a LAG. See Chapter 11. and SummitStack) configure sharing address-based [L2 | L2_L3 | L2_L3_L4 |L2_L3_CHK_SUM | L2_L3_L4_CHK_SUM] (BlackDiamond 10808. you must. Summit X650 switches. Software Version 12. you assign a group of ports to a single. again. and 20808 series switches) Configuring LACP NOTE Extreme Networks does not recommend enabling LACP and ELSM on the same port. This is the reference port used in configuration commands. per LACP. To configure LACP. logical port number. The first port in the LAG serves as the logical port for the LAG. The commands for configuring load sharing algorithms are: enable sharing <port> grouping <port_list> {algorithm [port-based | address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check} (SummitStack and all Summit family switches except Summit X650) configure sharing address-based custom [ipv4 [L3-and-L4 | source-only | destinationonly | source-and-destination] | hash-algorithm [xor | crc-16]] (BlackDiamond 8900 series modules. It can be thought of as the logical port representing the entire port group. Adding and Deleting Ports in a Load-Sharing Group Ports can be added or deleted dynamically in a load-sharing group.” for information on ELSM. To add or delete ports from a load-sharing group. 12800. or LAG. “Status Monitoring and Statistics. Configuring the Load Sharing Algorithm For some traffic on selected platforms.Configuring Slots and Ports on a Switch Creating and Deleting Load Sharing Groups To define a load-sharing group.

6 If you want to change the activity mode. using the following command: enable sharing <port> grouping <port_list> {algorithm [port-based | address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check} The port you assign using the first parameter becomes the logical port for the link aggregation group and the LAG Group ID when using LACP. Configuring Health Check Link Aggregation To configure Health Check link aggregation you must first create a LAG. This logical port must also be included in the port list of the grouping itself. look for the ports listed as being in the aggregator.3 215 . LACP handles prioritization using system MAC addresses. ExtremeXOS Concepts Guide. When you create the LAG. Software Version 12. NOTE Always verify the LACP configuration by issuing the show ports sharing command. The LAG is created in the same way that a static LAG is created and if no monitoring is ever created. use the following command: configure sharing <port> lacp system-priority <priority> This step is optional. issue the following command: configure lacp member-port <port> priority <port_priority> 5 If you want to change the expiry timer. use the following command: configure sharing <port> lacp activity-mode [active | passive] The default value for the activity mode is active. use the following command: configure sharing <port> lacp defaulted-state-action [add | delete] The default value for defaulted LAG ports is delete the default ports. 3 Add or delete ports to the LAG as desired. 2 If you want to override the default prioritization in LACP for a specified LAG. This logical port must also be included in the port list of the grouping itself. using the following command: configure sharing <port> add ports <port_list> 4 If you want to override the ports selection for joining the LAG by configuring a priority for a port within a LAG.Link Aggregation on the Switch To create a LAG for LACP: 1 Create a LAG. this LAG behaves like a static LAG. 1 Create a LAG using the following command: enable sharing <port> grouping <port_list> {algorithm [port-based | address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check} The port you assign using the <port> parameter becomes the logical port for the link aggregation group and the LAG Group ID when using Health Check link aggregation. One port in the LAG serves as the logical port for the LAG and is the reference port used in configuration commands. or 90 seconds. use the following command: configure sharing <port> lacp timeout [long | short] The default value for the timeout is long. no monitoring is initially configured. 7 If you want to configure the action the switch takes for defaulted LAG ports.

the VLAN interface would be brought DOWN as well. NOTE VLANs to which Health Check LAG ports are to be added must be configured in loopback mode. or misses are not specified. the defaults described in the ExtremeXOS Command Reference Guide are used. as well has defining dynamic link aggregation. if this were the only port in the VLAN. the trunk is considered DOWN. Software Version 12. VLANs configured to use other ports in the load-sharing group will have those ports deleted from the VLAN when load sharing becomes enabled. on stand-alone and modular switches. 216 ExtremeXOS Concepts Guide. As a consequence. When using load sharing. logical port 9 represents physical ports 9 through 12. this would cause the TCP monitoring to fail because the L3 vlan interface used by TCP monitoring would no longer send or receive TCP data. 3 Add the LAG to a VLAN whose subnet is the same as the configured tracking IP addresses. This is to prevent the VLAN interface from going down if all ports are removed from the Health Check LAG.Configuring Slots and Ports on a Switch 2 Configure monitoring for each member port using the following command: configure sharing health-check member-port <port> add tcp-tracking <IP Address> {tcp-port <TCP Port> frequency <sec> misses <count>} If the TCP-port. The following commands are used to modify the configured Health Check LAG. configure vlan <vlan> add port <lag port> [tagged | untagged] All of the tracking IP addresses must be in the same subnet in which the LAG belongs. 1 Delete the monitoring configuration for a member port using the following command: configure sharing health-check member-port <port> delete tcp-tracking <IP Address> {tcp-port <TCP Port>} 2 Enable or disable monitoring for a member port in the Health Check LAG using the following command: configure sharing health-check member-port <port> [disable | enable] tcp-tracking Load-Sharing Examples This section provides examples of how to define load sharing. frequency.3 . or link aggregation. In a normal LAG when all ports are removed from the aggregator. Load Sharing on a Stand-alone Switch The following example defines a static load-sharing group that contains ports 9 through 12. In the Health Check LAG situation. and uses the first port in the group as the master logical port 9: enable sharing 9 grouping 9-12 In this example. the logical port serves as the LAG Group ID. you should always reference the master logical port of the load-sharing group (port 9 in the previous example) when configuring or viewing VLANs.

or LAG Group ID: enable sharing 5:7 grouping 3:9-3:12. ● ● enable sharing 10 grouping 10-12 lacp configure sharing 10 lacp system-priority 3 configure sharing 10 add port 5 Health Check LAG Example The following example creates a Health Check LAG of 4 ports: create vlan v1 configure v1 ip 192.3 217 . Address-based load sharing can also span modules.1. Sets the system priority for that LAG to 3. or link aggregation. or LAG group ID: enable sharing 3:9 grouping 3:9-3:12 In this example. logical port 3:9 represents physical ports 3:9 through 3:12. you should always reference the LAG Group ID of the load-sharing group (port 5:7 in the previous example) when configuring or viewing VLANs. and uses port 7 in the slot 5 group as the primary logical port. LACP Example The following configuration example: ● Creates a dynamic LAG with the logical port (LAG Group ID) of 10 that contains ports 10 through 12.103 192.168.1.102 192.168.101 192.1.1. logical port 5:7 represents physical ports 3:9 through 3:12 and 5:7 through 5:10. Adds port 5 to the LAG.1/24 enable sharing 5 grouping 5-8 health-check enable loopback-mode v1 configure v1 add port 5 configure sharing health-check member-port configure sharing health-check member-port configure sharing health-check member-port configure sharing health-check member-port 5 6 7 8 add add add add track-tcp track-tcp track-tcp track-tcp 192.Link Aggregation on the Switch Cross-Module Load Sharing on a Modular Switch or SummitStack The following example defines a static load-sharing group on modular switches that contains ports 9 through 12 on slot 3. Software Version 12. 5:7-5:10 In this example. ports 7 through 10 on slot 5. When using load sharing. VLANs configured to use other ports in the load-sharing group will have those ports deleted from the VLAN when load sharing becomes enabled.104 tcp-port tcp-port tcp-port tcp-port 8080 8080 8080 8080 ExtremeXOS Concepts Guide. Single-Module Load Sharing on a Modular Switch or SummitStack The following example defines a static load-sharing.168.168. group that contains ports 9 through 12 on slot 3 and uses the first port as the master logical port 9.1.168.

or virtual ports. use the following command: clear lacp counters You can display the LCAP counters for all member ports in the system. use the following command: show ports sharing To verify LACP configuration. Software Version 12. use the following command: show sharing health-check Mirroring NOTE You can accomplish port mirroring using ACLs or CLEAR-Flow. See Chapter 18. A virtual port is a combination of a VLAN and a port. use the following command: show lacp To display information for the specified LAG. VLANs. The system uses a traffic filter that copies a group of traffic to the monitor port(s). use the following command: show lacp member-port <port> {detail} Refer to “Displaying Port Configuration Information” for information on displaying summary loadsharing information.3 . To clear the counters. “ACLs.Configuring Slots and Ports on a Switch Displaying Switch Load Sharing You can display static and dynamic load sharing. the types are shown by the following aggregation controls: ● ● ● Static link aggregation—static Link Aggregation Control Protocol—LACP Health check link aggregation—hlth-chk To verify your configuration. Mirroring configures the switch to copy all traffic associated with one or more ports. across VLANs when routing). In the link aggregation displays. 218 ExtremeXOS Concepts Guide.” for more information on ACLs and Chapter 23. You can have only one monitor port or port list on the switch. use the following command: show lacp counters To display information for a health check LAG. To display the LACP counters. while preserving the ability of a single protocol analyzer to track and differentiate traffic within a broadcast domain (VLAN) and across broadcast domains (for example. “CLEAR-Flow. This feature allows you to mirror multiple ports or VLANs to a monitor port. use the following command: show lacp lag <group-id> {detail} To display LACP information for a specific port that is a member of a LAG. The monitor port or ports can then be connected to a network analyzer or RMON probe for packet analysis.” for more information on CLEAR-Flow.

or a port + VLAN. When routing between VLANs. you cannot specify ingressing or egressing traffic when mirroring VLAN traffic and a virtual port filter. A monitor port list may contain up to 16 ports. you can mirror up to 16 VLANs on a given port. Up to 16 mirroring filters and 1 monitor port or 1 monitor port list can be configured. regardless of VLAN configuration. NOTE Frames that contain errors are not mirrored. Guidelines for Mirroring The guidelines for mirroring are hardware dependent. Mirroring is disabled by default. Egress—Mirrors traffic sent from the port. This is the default behavior and the behavior when you use the command configure mirroring mode standard. the default for port-based mirroring is ingress and egress). EXOS supports up to 16 monitor ports for one-to-many mirroring. is copied to the monitor port(s). and Summit family switches. EXOS supports up to 16 mirror filters where each filter can be a port. (If you omit the optional parameters. Virtual port—All data specific to a VLAN on a specific port is copied to the monitor port(s). is copied to the monitor port(s). Find your hardware type in this section for your specific guidelines. You can specify which traffic the port mirrors: ■ ■ ■ Ingress—Mirrors traffic received at the port. ingress traffic is mirrored as it is received (on the wire). a VLAN. ● VLAN—All data to a particular VLAN.Mirroring NOTE The mirroring filter limits discussed in this chapter do not apply when you are working with Sentriant devices. Summit Family Switches The traffic filter on Summit family switches can be defined based on one of the following criteria: ● Physical port—All data that traverses the port. Software Version 12. SummitStack. Only traffic ingressing a VLAN can be monitored. all traffic is forwarded. regardless of the physical port configuration. ● ● ● ● ● ExtremeXOS Concepts Guide. When you use the command configure mirroring mode enhanced. NOTE On BlackDiamond 8800 series switches. Ingress and egress—Mirrors traffic either received at the port or sent from the port. ingress mirrored traffic is presented to the monitor port(s) as modified for routing.3 219 .

even if you select ingress and egress traffic. egress mirrored packets are tagged.Configuring Slots and Ports on a Switch ● In standard mode (see the command configure mirroring mode). Ingress mirrored packets are tagged depending on the location of the ingress port and monitor port. When using enhanced mode mirroring. but a loopback port cannot be used in a load share group . X250e. two packets are mirrored when a packet encounters both an ingress and egress mirroring filter. a packet which matches both an ingress mirroring filter and an egress mirroring filter can only be ingress mirrored. X350. the switch returns the following message: Mirroring is not compatible with SFlow. Even if some untagged ports send mirrored traffic to the monitor port or ports. Tagged and untagged traffic is mirrored as below: ■ ■ ■ ● When using standard mode mirroring. the packet egress the monitor port or ports as untagged. You cannot run sFlow and mirroring on the same switch on the Summit X450 series switches. that tag is locked and a normal VLAN cannot have that tag. Enhanced mirroring mode must be configured if you are going to configure a remote mirroring tag. If you attempt to enable mirroring on these devices on a port that is already enabled for sFlow. This combination is allowed so that an intermediate remote mirroring switch can configure remote mirroring using the same remote mirroring tag as other source switches in the network. In Summit X650 series switches. 220 ExtremeXOS Concepts Guide. on these platforms the existence of a VLAN with the same tag as a configured remote-tag is prevented. In enhanced mode. when the monitor port is on a Summit X650 and the ingress mirrored port is on a different slot. Software Version 12. that traffic also egresses the monitor port or ports tagged with the internal VLAN ID. The tag is unique across the switch. all traffic ingressing the monitor port or ports is tagged only if the ingress packet is tagged. Enhanced mirroring mode is configured using the following command: configure mirroring mode enhanced ● ● The configuration of remote-tag does not require the creation of a VLAN with the same tag. When a VLAN is created with remote-tag. Similarly if you try to create a remote-tag VLAN where remote-tag already exists in a normal VLAN as a VLAN tag. the packet is mirrored only the first time it matches a mirror filter and is not mirrored on subsequent configured filters. the tagging of the mirrored packet will be the same as the tagging of the ingress packet. a monitor port cannot be added to a load share group. you cannot use that tag and the VLAN creation fails. With a monitor port or ports on all other Summit switches. packets which match both an ingress filter and an egress filter will result in two packets egressing the monitor port or ports. when using standard mode mirroring. and X650 series switch With a monitor port or ports on the Summit X450 (original) series switches. X450. If the packet arrived at the ingress port as untagged. In one-to-many mirroring. Mirroring is not enabled! ● ● You can run mirroring and sFlow on the same device when you are running one of the following: ■ ● Summit X150. egress port and monitor port within the switch as well as the type of switch on which the packet ingresses. In normal mirroring. The behavior depends on the location of the ingress port. Within a stack.3 . all traffic egressing the monitor port or ports is tagged. a monitor port list can be added to a load share group. X450a. Make sure that VLANs meant to carry normal user traffic are not configured with a tag used for remote mirroring.

or e-series module or a Summit X250e. and X650 series switches in a SummitStack Tagged and untagged traffic is mirrored slightly differently depending on the module that the mirrored port and the monitor port or ports are on: ■ With a monitor port(s) on a BlackDiamond 8800 original-series module or a Summit X450 series switch in a SummitStack. that traffic also egresses the monitor port(s) tagged with the internal VLAN ID. This is the default behavior and the behavior when you use the command configure mirroring mode standard. a VLAN. regardless of the physical port configuration. is copied to the monitor port(s). or a port + VLAN. X450e. ingress traffic is mirrored as it is received (on the wire). the switch returns the following message: Mirroring is not compatible with SFlow. Ingress and egress—Mirrors traffic either received at the port or sent from the port. With a monitor port or ports on a BlackDiamond 8000 a-series. all traffic is forwarded. all traffic egressing the monitor port(s) is tagged (regardless of what module the ingressing port is on). the default for port-based mirroring is ingress and egress). ingress mirrored traffic is presented to the monitor port(s) as modified for routing.3 221 . egress port and monitor port within the switch as well as the type of module on which the packet ingresses. c-series. the behavior varies depending on the configuration of daisy chain or ring mode stacking. regardless of VLAN configuration. Only traffic ingressing a VLAN can be monitored. On SummitStack. is copied to the monitor port(s). the mirrored packet is tagged only if the ingress packet is tagged (regardless of which module the ingressing port is on). X450a. You can specify which traffic the port mirrors: ■ ■ ■ Ingress—Mirrors traffic received at the port. Virtual port—All data specific to a VLAN on a specific port is copied to the monitor port(s). and e-series modules in a BlackDiamond 8800 chassis Summit X250e. X450a. and X650 series switch in a SummitStack. You cannot include the monitor port or ports for BlackDiamond 8800 series switches or SummitStack in a load-sharing group. ● VLAN—All data to a particular VLAN. a packet which matches both an ingress mirroring filter and an egress mirroring filter can only be ingress mirrored. Even if some untagged ports send mirrored traffic to the monitor port(s). When using standard mode mirroring. Mirroring is not enabled! ● ● ● ● ● ● ● ● You can run mirroring and sFlow on the same device when you are running one of the following: ■ ■ ● BlackDiamond 8000 a-series. you cannot specify ingressing or egressing traffic when mirroring VLAN traffic. EXOS supports up to 16 monitor ports for one-to-many mirroring. You cannot run sFlow and mirroring on the same switch for using BlackDiamond 8800 originalseries modules or Summit X450 series switches in a SummitStack. Software Version 12. The behavior depends on the location of the ingress port. (If you omit the optional parameters.Mirroring BlackDiamond 8800 Series Switches and SummitStack The traffic filter on BlackDiamond 8800 series switches and SummitStack can be defined based on one of the following criteria: ● Physical port—All data that traverses the port. When routing between VLANs. When you use the command configure mirroring mode enhanced. ■ ExtremeXOS Concepts Guide. c-series. When using enhanced mode mirroring. two packets are mirrored when a packet encounters both an ingress and egress mirroring filter. If you attempt to enable mirroring on these devices on a port that is already enabled for sFlow. X450e. Egress—Mirrors traffic sent from the port. EXOS supports up to 16 mirror filters where each filter can be a port.

Software Version 12. On the BlackDiamond 10808. On the BlackDiamond 12800 series switches. is copied to the monitor port(s).Configuring Slots and Ports on a Switch If the packet arrived at the ingress port as untagged. IP multicast packets which are egress mirrored contain the source MAC address and VLAN ID of the unmodified packet. Enhanced mirroring mode must be configured if you are going to configure a remote mirroring tag. And. is copied to the monitor port(s). or a port + VLAN. On BlackDiamond 8800 series switches. For example. egress mirrored packets may not be transmitted out of the monitor port as they egressed the port containing the egress mirroring filter. the packet egresses the monitor port(s) as untagged. VLAN—All data to and from a particular VLAN. a VLAN. Virtual port—All data specific to a VLAN on a specific port is copied to the monitor port(s). Similarly if you try to create a remote-tag VLAN where remote-tag already exists in a normal VLAN as a VLAN tag. In addition. The tag is unique across the switch. EXOS supports up to 16 mirror filters where each filter can be a port. X450e. or X650 series switches in a SummitStack.3 . and e-series modules or Summit X250e. all traffic egressing the monitor port is tagged. X450a. an egress mirrored packet that undergoes VLAN translation is mirrored with the untranslated VLAN ID. ● With the BlackDiamond 8000 a-series. When a VLAN is created with remote-tag. ingress and egress traffic is mirrored. Enhanced mirroring mode is configured using the following command: configure mirroring mode enhanced ● ● ● The configuration of remote-tag does not require the creation of a VLAN with the same tag. NOTE ● ● ● ● The monitor port or ports on the BlackDiamond 10808 and 12800 series switches must be explicitly configured for tagged or untagged frames. Summit family switches. that tag is locked and a normal VLAN cannot have that tag. even if some untagged ports send mirrored traffic to the monitor port(s). If the mirroring is enabled as tagged on the monitor port. only the ingress traffic is mirrored. ● The traffic egressing the monitor port(s) can be either tagged or untagged. that traffic also egresses the monitor port(s) as tagged. ● BlackDiamond 10808 and BlackDiamond 12800 Series Switches The traffic filter on the BlackDiamond 10808 and 12800 series switches can be defined based on one of the following criteria: ● Physical port—All data that traverses the port. if 222 ExtremeXOS Concepts Guide. or SummitStack. you cannot use that tag and the VLAN creation fails. Make sure that VLANs meant to carry normal user traffic are not configured with a tag used for remote mirroring. on these platforms the existence of a VLAN with the same tag as a configured remote-tag is prevented. This is the tag of the VLAN that contains the untagged ports. you may see a packet mirrored twice. In this case. This combination is allowed so that an intermediate remote mirroring switch can configure remote mirroring using the same remote mirroring tag as other source switches in the network. when traffic is modified by hardware on egress. regardless of VLAN configuration. regardless of the physical port configuration. This occurs only if both the ingress mirrored port and the monitor port or ports are on the same one-half of the module and the egress mirrored port is either on the other one-half of that module or on another module. EXOS supports up to 16 monitor ports for one-to-many mirroring. c-series.

This combination is allowed so that an intermediate remote mirroring switch can configure remote mirroring using the same remote mirroring tag as other source switches in the network. ● The traffic egressing the monitor port(s) can be either tagged or untagged. is copied to the monitor port(s). a VLAN. ● ● BlackDiamond 20808 Switches The traffic filter on BlackDiamond 20808 switches can be defined based on one of the following criteria: ● Physical port—All data that traverses the port. (If you omit the optional parameters. all traffic egressing the monitor port is tagged.3 223 . Ingress and egress—Mirrors traffic received at and sent from any port in the VLAN. You can specify which traffic the port mirrors: ■ ■ ■ Ingress—Mirrors traffic received at any port in the VLAN. the monitor port must be specified as a port-list and. even if some untagged ports send mirrored traffic to the monitor port(s). NOTE The monitor port or ports on the BlackDiamond 20808 switches must be explicitly configured for tagged or untagged frames. Make sure that VLANs meant to carry normal user traffic are not configured with a tag used for remote mirroring. a loopback-port must be configured. regardless of the physical port configuration. (If you omit the optional parameters. If the mirroring is enabled as tagged on the monitor port. You can specify which traffic the port mirrors: ■ ■ ■ Ingress—Mirrors traffic received at the port. for the BlackDiamond 10808 and 12800 switches. ingress and egress traffic is forwarded. The configuration of remote-tag does not require the creation of a VLAN with the same tag. all traffic egressing the monitor port is untagged. ingress and egress traffic is forwarded. Ingress and egress—Mirrors traffic received at the port and sent from the port. (If you omit the optional parameters.) ● VLAN—All data to a particular VLAN. EXOS supports up to 16 monitor ports for one-to-many mirroring. ingress and egress traffic is forwarded. Egress—Mirrors traffic sent from the port. The tag is unique across the switch. that traffic also egresses the ExtremeXOS Concepts Guide. you cannot use that tag and the VLAN creation fails. ● For one-to-many mirroring. Ingress and egress—Mirrors traffic received at the port and sent from the port. Software Version 12. Egress—Mirrors traffic sent from the port. or a port + VLAN. In this case. including mirrored tagged packets. You can specify which traffic the port mirrors: ■ ■ ■ Ingress—Mirrors traffic received at the port. Similarly if you try to create a remote-tag VLAN where remote-tag already exists in a normal VLAN as a VLAN tag. regardless of VLAN configuration.) ● Virtual port—All data specific to a VLAN on a specific port is copied to the monitor port(s). is copied to the monitor port(s). Egress—Mirrors traffic sent from any port in the VLAN. on these platforms the existence of a VLAN with the same tag as a configured remote-tag is prevented. When a VLAN is created with remote-tag. that tag is locked and a normal VLAN cannot have that tag.) ● ● EXOS supports up to 16 mirror filters where each filter can be a port.Mirroring mirroring is enabled as untagged on the monitor port(s).

they can have ports that span multiple modules. To change monitor ports. Delete a port from a VLAN (for all VLAN-. and if you want to configure one-to-many mirroring for any of those VLANs. The mirroring configuration is removed when you: ■ ■ ■ Delete a VLAN (for all VLAN-based filters). The monitor port is automatically removed from all VLANs. Make sure that VLANs meant to carry normal user traffic are not configured with a tag used for remote mirroring. ● ● 224 ExtremeXOS Concepts Guide. on these platforms the existence of a VLAN with the same tag as a configured remote-tag is prevented. all traffic egressing the monitor port is untagged.) The loopback port is dedicated for mirroring and hence cannot be used for other configuration and that is indicated through glowing LED. all the filters are unconfigured. ● Any mirrored port can also be enabled for load sharing (or link aggregation). You cannot mirror the monitor port. On SummitX450-24t and SummitX450-24x switches. you need to enable jumbo frame support in the mirror-to port and loopback port. (This does not apply to the BlackDiamond 20808 switches. including mirrored tagged packets. (This does not apply to the BlackDiamond 20808 switches. And. each individual port of the load-sharing group must be explicitly configured for mirroring.3 . The configuration of remote-tag does not require the creation of a VLAN with the same tag. port-based filters). you must first remove all the filters. You cannot use the management port at all in mirroring configurations. Unconfigure a slot (for all port-based filters on that slot). This combination is allowed so that an intermediate remote mirroring switch can configure remote mirroring using the same remote mirroring tag as other source switches in the network. If you attempt to enable mirroring on a port that is already enabled for ELSM. The mirroring filters are not confined to a single module. if your configuration has ports belonging to multiple VLANs as tagged. please ensure that the vMAN ethertype is set to 0x8100 before the mirroring configuration. The tag is unique across the switch.) One-to-many mirroring uses vMAN functionality internally on non-BlackDiamond 20808 switches. you cannot add it to a VLAN. one-to-many mirroring uses a VLAN internally. however. Similarly if you try to create a remote-tag VLAN where remote-tag already exists in a normal VLAN as a VLAN tag. ● ● ● ● ● With one-to-many mirroring. This is the tag of the VLAN that contains the untagged ports. ● Mirroring Rules and Restrictions This section summarizes the rules and restrictions for configuring mirroring: ● ● ● ● ● When you disable mirroring. that tag is locked and a normal VLAN cannot have that tag. You cannot run ELSM and mirroring on the same port. you cannot use that tag and the VLAN creation fails.Configuring Slots and Ports on a Switch monitor port(s) as tagged. You cannot mirror egress traffic on BlackDiamond 12800 series switches. if you need to mirror tagged packets of length 1519 to 1522. When a VLAN is created with remote-tag. Software Version 12. the switch returns a message similar to the following: Error: Port mirroring cannot be enabled on an ELSM enabled port. ● ● No loopback port is needed for one-to-many mirroring. On the BlackDiamond 20808 switches. if mirroring is enabled as untagged on the monitor port(s).

Mirroring Examples Mirroring is disabled by default. unconfigure the mirroring filters. The loopback-port is an otherwise unused port required when mirroring to a port-list. use the following command: disable mirroring NOTE When you change the mirroring configuration.) enable mirroring to port-list <port-list> loopback-port <port> The port-list is a list of monitor ports which will transmit identical copies of mirrored packets. (This applies to the BlackDiamond 20808 switches only.3 225 . ExtremeXOS Concepts Guide. the bandwidth available will be devoted mostly to regular traffic instead of mirrored traffic when the load is high. Egress mirroring also is not available for one-to-many mirroring or remote mirroring.Mirroring ● For the BlackDiamond 20808 switches. the following packet types will not be egress mirrored using egress VLAN or virtual port-based mirroring: ■ ■ ■ ■ ● ● ● CPU generated packets L2 multicast traffic MPLS/VPLS packets VMAN untagged packets Port-based egress mirroring is able to mirror these packet types. use the following command: (This does not apply to the BlackDiamond 20808 switches. (This applies to the BlackDiamond 20808 switches only.) ● As traffic approaches line rate. the switch stops sending egress packets from the monitor port until the change is complete. To enable mirroring on a single port. (This applies to the BlackDiamond 20808 switches only. Software Version 12. mirroring rate may decrease.) Monitor ports in one-to-many mirroring cannot be load-sharing groups. If you have egress ACLs that overlap interfaces with egress VLAN or egress virtual port mirroring filters. The loopback-port is not available for switching user data traffic. Since mirroring makes copies of traffic.) Egress mirroring does not work with the monitor port as part of a load-sharing group. egress ACLs and egress VLAN and virtual port mirroring are mutually exclusive. The ingress mirroring traffic to the monitor port and regular traffic are not affected. To disable mirroring. the following command can be used: enable mirroring to port <port-no> To enable mirroring on multiple ports.) Due to certain restrictions. (This applies to the BlackDiamond 20808 switches only.

enable mirroring to port-list 2:24. port 1 and the VLAN default to the untagged monitor port. enable mirroring to port-list 2:5-2:7 loopback-port 3:1 configure mirroring add port 6:5 ingress BlackDiamond 10808 and 12800 Series Switches The following example selects slot 7. port 4 on a modular switch or SummitStack as the monitor port and sends all traffic sent from slot 6.Configuring Slots and Ports on a Switch BlackDiamond 8800 Series Switches. and 7 on slot 2 on a modular switch or SummitStack as the monitor ports and sends all traffic received at slot 6. port 3 as the untagged monitor port and sends all traffic coming into or out of a modular switch on slot 7. port 4 on a modular switch or SummitStack as the monitor port and sends all traffic received at slot 6. port 3: enable mirroring to port 7:3 untagged configure mirroring add port 8:1 vlan default The following example selects slot 2. port 3 as the tagged monitor ports and sends all traffic coming into or out of a modular switch on slot 7. port 1 to the monitor port: enable mirroring to port 7:3 untagged configure mirroring add port 7:1 The following example sends all traffic coming into or out of the system on slot 8. port 28 is an unused port selected as the loopback port. SummitStack. port 5 to the monitor port: enable mirroring to port 3:4 configure mirroring add port 6:5 ingress The following example selects slot 3. 6. port 1 to the monitor ports. port 5 to the monitor port: enable mirroring to port 3:4 configure mirroring add port 6:5 egress The following example selects port 4 on a standalone switch as the monitor port and sends all traffic ingressing the VLAN red to the monitor port: enable mirroring to port 4 configure mirroring add vlan red The following example selects port 4 on a standalone switch as the monitor port and sends all traffic ingressing the VLAN red on port 5 to the monitor port: enable mirroring to port 4 configure mirroring add vlan red port 5 The following example selects ports 5. port 24 and slot 7. Software Version 12. port 1 is an unused port selected as the loopback port. which is slot 7. port 5 to the monitor ports. and the Summit Family Switches The following example selects slot 3.3 . Slot 3. 7:3 loopback-port 2:28 tagged configure mirroring add port 7:1 226 ExtremeXOS Concepts Guide. Slot2.

port 24 and slot 7. Switch C is the destination switch.3 227 . and/or virtual ports to be remotely mirrored.Remote Mirroring BlackDiamond 20808 Switches The following example selects slot 3. c-. ExtremeXOS Concepts Guide. which is connected to the network analyzer. and e-series modules BlackDiamond 10808 switches BlackDiamond 12800 series switches BlackDiamond 20808 switches Summit X150 series switches Summit X250e series switches Summit X350 series switches Summit X450a series switches Summit X450e series switches Summit X650 series switches Figure 7 shows a typical remote mirroring topology. port 3 as the tagged monitor ports and sends all traffic coming into the modular switch on VLAN default to the monitor ports. Switch B is the intermediate switch. Remote mirroring is accomplished by reserving a dedicated VLAN throughout the network for carrying the mirrored traffic. Remote Mirroring Remote mirroring enables the user to mirror traffic to remotely connected switches. enable mirroring to port-list 2:24. Port 25 is the local monitor port on Switch A. Switch A is the source switch that contains ports. The display differs slightly depending on the platform. VLANs. Remote mirroring allows a network administrator to mirror traffic from several different remote switches to a port at a centralized location. port 2 as the tagged monitor port and sends all traffic coming into or out of the modular switch on slot 3. enable mirroring to port 3:2 tagged configure mirroring add port 3:1 The following example selects slot 2. 7:3 tagged configure mirroring add vlan default ingress Verifying the Mirroring Configuration The screen output resulting from the show mirroring command lists the ports that are involved in mirroring and identifies the monitor port. You can enable remote mirroring on the following platforms: ● ● ● ● ● ● ● ● ● ● BlackDiamond 8000 a-. port 1 to the monitor port. Software Version 12.

Unlike basic mirroring. The port connected to the network analyzer is added as untagged in the destination switch. you can use the following command: enable mirroring to port 25 remote-tag 1000 228 ExtremeXOS Concepts Guide. This causes the destination switch to remove the remote-tag.3 . The intermediate switches forward the remote-tagged mirrored packets to the adjacent intermediate/destination switch. and the mirrored packet reaches the network analyzer as the source switch sent it. This allows remote mirroring to use the existing network topology to transport remote mirrored packets to a destination switch. Configuration Details This section describes in detail the configuration details for the topology shown in Figure 7. Software Version 12. In the supported platforms of Summit family switches and BlackDiamond 8800 series switches. in the Summit X450a series switch. you can use the following command to establish ports 24 and 25 as monitor ports.Configuring Slots and Ports on a Switch Figure 7: Remote Mirroring Topology Network Analyser Port 2 Switch C Port 2 Switch B Port 25 Switch A EX_ports_0044 All the mirrored packets are tagged with the the remote-tag specified by the source switch. to enable remote mirroring to port 25. Configuration on Source Switch The remote-tag keyword followed by the tag is added in the command to enable mirroring.25 loopback-port 1 remote-tag 1000 The show mirroring output displays the remote tag when remote mirroring is configured. without the port-list and loopback-port keywords. from which any mirrored packets are transmitted with an additional VLAN tag containing a VLAN ID of 1000: enable mirroring to port-list 24. as these ports are added as tagged. For example. For instance. remote mirroring does not remove VLAN membership from the local monitor port(s). remote mirroring can also be enabled to a single port. whether the packet is already tagged or not.

except that the port connected to the network analyzer is added as untagged whereas all the other ports connected to the switches are added as tagged.3 229 . The ports connecting the source and destination switches are added as tagged in the intermediate switches. the configured tag displayed by the show vlan output is remote tag instead of the normal tag. Another way to configure a remote mirroring VLAN is to create a normal VLAN and disable learning on the VLAN. are not recommended. For the BlackDiamond 20808 switches. Configuration on Intermediate Switch When you enable mirroring with remote-tag 1000. The remote mirroring VLAN in the intermediate switches is used for carrying the mirroring traffic to the destination switch. which might cause protocol packets to be remotely mirrored. ExtremeXOS Concepts Guide. Blocking EDP packets on a remote mirroring VLAN is one example of a case where you must perform an extra action to accommodate the remote mirroring of protocol packets. create vlan remote_vlan configure vlan remote_vlan tag 1000 remote-mirroring configure vlan remote_vlan add ports 1 tagged configure vlan remote_vlan add ports 2 untagged For a remote mirroring VLAN. and remote mirroring can be configured for one port or by using a port-list. Software Version 12. IGMP snooping must be disabled on that VLAN for you to remotely mirror multicast packets through the switch. remotely mirrored protocol packets may have undesirable affects on intermediate and destination switches.2 tagged Using the remote-mirroring keyword automatically disables learning and IGMP snooping on the VLAN. you need to reserve a VLAN with tag 1000 in all the intermediate switches for remote mirroring.Remote Mirroring For the BlackDiamond 10808 and 12800 series switches. Since all packet types are mirrored when you configure remote mirroring. You may add the remote-mirroring keyword when you configure the tag to differentiate a normal VLAN from the remote mirroring VLAN. create vlan remote_vlan configure vlan remote_vlan tag 1000 remote-mirroring configure vlan remote_vlan add ports 1. a port-list and loopback-port are required for enabling remote mirroring. Guidelines The following are guidelines for remote mirroring: ● Configurations of remote mirroring. You may use the following configuration for creating the remote mirroring VLAN: create vlan remote_vlan configure vlan remote_vlan tag 1000 disable learning vlan remote_vlan disable igmp snooping remote_vlan Configuration on Destination Switch The configuration on the destination switch is same as that of the intermediate switches. a loopback-port is not required to enable remote mirroring.

remote mirroring can be enabled only when the enhanced mode is enabled for mirroring. You should perform the configuration of EAPS or Spanning Tree before adding mirroring filters on the source switch to prevent looping. Figure 8: Remote Mirroring with EAPS The configuration for the topology in Figure 8 is given in the following sections. Switch A Configuration The configuration details for a BlackDiamond 8810 switch are as follows: configure mirroring mode enhanced enable mirroring to port-list 8:2. Using EAPS or Spanning Tree can provide remote mirroring packets a redundant loop-free path through the network. Use the following commands for installation: create access-list remote_edp " ethernet-destination-address 00:e0:2b:00:00:00 mask ff:ff:ff:ff:ff:ff . the traffic from switch A is mirrored to the two ports 8:2 and 1:48 to connect to the destination switch.Configuring Slots and Ports on a Switch For EDP configuration on the remote mirroring VLAN. Software Version 12. Using the configuration shown in Figure 8." "deny" conf access-list add "remote_edp" first vlan "remote_vlan" ● In the supported platforms of Summit family switches and BlackDiamond 8800 series switches.1:48 loopback-port 8:1 remote-tag 1000 configure mirroring add port 8:35 create vlan eaps_control configure vlan eaps_control tag 1001 configure vlan eaps_control add ports 8:2. in the intermediate and destination switches you need to install ACL to block the EDP packets on the remote mirroring VLAN. Use of Remote Mirroring with Redundancy Protocols You can use remote mirroring with one-to-many mirroring to provide a redundant path from the source switch to the destination switch. remote mirrored packets have a loop-free redundant path through the network using EAPS.3 . Remote Mirroring with EAPS In Figure 8.1:48 tag create eaps eaps1 configure eaps1 mode master configure eaps1 primary port 8:2 configure eaps1 secondary port 1:48 configure eaps1 add control eaps_control 230 ExtremeXOS Concepts Guide.

Depending on the platform. ExtremeXOS Concepts Guide. the internal VLAN or vMAN needs to be added as the protected VLAN in the source switch in order to block the ports for mirroring when EAPS is complete. internalMirrorVlan.45 tag configure vlan remote_vlan add ports 1 create vlan eaps_control configure vlan eaps_control tag 1001 configure vlan eaps_control add ports 31.45 tag create eaps eaps1 configure eaps1 mode transit configure eaps1 primary port 31 configure eaps1 secondary port 45 configure eaps1 add control eaps_control configure eaps1 add protected remote_vlan enable eaps1 enable eaps NOTE The internalMirrorLoopback is an internal vMAN created when enabling mirroring to multiple ports on nonBlackDiamond 20808 switches.3 231 .Remote Mirroring configure eaps1 add protected internalMirrorLoopback enable eaps1 enable eaps Switch B Configuration The configuration details for an X450e switch are as follows: create vlan remote_vlan configure vlan remote_vlan tag 1000 remote-mirroring configure vlan remote_vlan add ports 19.9 tag create vlan eaps_control configure vlan eaps_control tag 1001 configure vlan eaps_control add ports 19. when enabling mirroring to multiple ports. Software Version 12. The BlackDiamond 20808 switch uses an internal VLAN.9 tag create eaps eaps1 configure eaps1 mode transit configure eaps1 primary port 19 configure eaps1 secondary port 9 configure eaps1 add control eaps_control configure eaps1 add protected remote_vlan enable eaps1 enable eaps Switch C configuration The configuration details for an X450a switch are as follows: create vlan remote_vlan configure vlan remote_vlan tag 1000 remote-mirroring configure vlan remote_vlan add ports 31.

1:48 loopback-port 8:1 remote-tag 1000 configure mirroring add port 8:35 create vlan v1 configure vlan v1 tag 1001 configure vlan v1 add ports 8:2. Switch A Configuration configure mirroring mode enhanced enable mirroring to port-list 8:2.9 tag create vlan v1 configure vlan v1 tag 1001 configure vlan v1 add ports 19. Software Version 12.1:48 enable stp1 enable stpd Switch B Configuration create vlan remote_vlan configure vlan remote_vlan tag 1000 remote-mirroring configure vlan remote_vlan add ports 19.45 tag 232 ExtremeXOS Concepts Guide.1:48 tag create stp stp1 configure stp1 mode dot1w configure stp1 add v1 ports all configure stp1 tag 1001 configure stp1 add vlan internalMirrorLoopback ports 8:2. A sample configuration follows.45 tag configure vlan remote_vlan add ports 1 create vlan v1 configure vlan v1 tag 1001 configure vlan v1 add ports 31.3 .Configuring Slots and Ports on a Switch Remote Mirroring With STP For the same topology shown in Figure 8 you can use STP instead of using EAPS.9 tag create stp stp1 configure stp1 mode dot1w configure stp1 add v1 ports all configure stp1 tag 1001 configure stp1 add vlan remote_vlan ports all enable stp1 enable stpd Switch C Configuration create vlan remote_vlan configure vlan remote_vlan tag 1000 remote-mirroring configure vlan remote_vlan add ports 31.

Extreme Discovery Protocol
create stp stp1 configure stp1 mode dot1w configure stp1 add v1 ports all configure stp1 tag 1001 configure stp1 add vlan remote_vlan ports 31,45 enable stp1 enable stpd

Extreme Discovery Protocol
The Extreme Discovery Protocol (EDP) is used to gather information about neighbor Extreme Networks switches. EDP is used by the switches to exchange topology information. Information communicated using EDP includes:
● ● ● ● ● ●

Switch MAC address (switch ID) Switch software version information Switch IP address Switch VLAN IP information Switch port number Switch configuration data: duplex and speed

EDP is enabled on all ports by default. EDP enabled ports advertise information about the Extreme Networks switch to other switches on the interface and receives advertisements from other Extreme Networks switches. Information about other Extreme Networks switches is discarded after a timeout interval is reached without receiving another advertisement. To disable EDP on one or more ports, use the following command:
disable edp ports [<ports> | all]

To enable EDP on specified ports, use the following command:
enable edp ports [<ports> | all]

To clear EDP counters on the switch, use the following command:
clear counters edp

This command clears the following counters for EDP protocol data units (PDUs) sent and received per EDP port:
● ● ● ● ● ●

Switch PDUs transmitted VLAN PDUs transmitted Transmit PDUs with errors Switch PDUs received VLAN PDUs received Received PDUs with errors

To view EDP port information on the switch, use the following command:
show edp

ExtremeXOS Concepts Guide, Software Version 12.3

233

Configuring Slots and Ports on a Switch Additionally, you view EDP information by using the following command:
show edp port <ports> detail

To configure the advertisement interval and the timeout interval, use the following command:
configure edp advertisment-interval <timer> holddown-interval <timeout>

Refer to “Displaying Port Configuration Information” for information on displaying EDP status.

Software-Controlled Redundant Port and Smart Redundancy
Using the software-controlled redundant port feature you can back up a specified Ethernet port (primary) with a redundant, dedicated Ethernet port; both ports are on the same switch. If the primary port fails, the switch will establish a link on the redundant port and the redundant port becomes active. Only one side of the link must be configured as redundant because the redundant port link is held in standby state on both sides of the link. This feature provides very fast path or network redundancy. NOTE
You cannot have any Layer 2 protocols configured on any of the VLANs that are present on the ports.

Smart Redundancy is a feature that allows control over how the failover from a redundant port to the primary port is managed. If this feature is enabled, which is the default setting, the switch attempts to revert to the primary port as soon as it can be recovered. If the feature is disabled, the switch attempts only to recover the primary port to active if the redundant port fails. A typical configuration of software-controlled redundant ports is a dual-homed implementation (Figure 9). This example maintains connectivity only if the link between switch A and switch B remains open; that link is outside the scope of the software-controlled port redundancy on switch C.

Figure 9: Dual-Homed Implementation for Switch C
Switch A Switch B

Primary Link

Redundant Link

Switch C
XOS002

In normal operation, the primary port is active and the software redundant switch (switch C in Figure 9) blocks the redundant port for all traffic, thereby avoiding a loop in the network. If the switch detects that the primary port is down, the switch unblocks the redundant port and allows traffic to flow through that redundant port.

234

ExtremeXOS Concepts Guide, Software Version 12.3

Software-Controlled Redundant Port and Smart Redundancy

NOTE
The primary and redundant ports must have identical VLAN membership.

You configure the software-controlled redundant port feature either to have the redundant link always physically up but logically blocked or to have the link always physically down. The default value is to have the link physically down, or Off. By default, Smart Redundancy is always enabled. If you enable Smart Redundancy, the switch automatically fails over to the redundant port and returns traffic to the primary port after connectivity is restored on that port. If you do not want the automatic restoration of the primary link when it becomes active, disable Smart Redundancy.

Guidelines for Software-Controlled Redundant Ports and Port Groups
Software-controlled redundant ports and port groups have the following limitations:

You cannot have any Layer 2 protocols configured on any of the VLANs that are present on the ports. (You will see an error message if you attempt to configure software redundant ports on ports with VLANs running Layer 2 protocols.) The primary and redundant ports must have identical VLAN membership. The master port is the only port of a load-sharing group that can be configured as either a primary or redundant port. Also, all ports on the load-sharing group must fail before the software-controlled redundancy is triggered. You must disable the software redundancy on the master port before enabling or disabling load sharing. You can configure only one redundant port for each primary port. Recovery may be limited by FDB aging on the neighboring switch for unidirectional traffic. For bidirectional traffic, the recovery is immediate. NOTE

● ●

● ●

On the BlackDiamond 10808 switch, on 10 Gbps modules with a serial number lower than 804405-00-09, the software redundant port feature cover only those failures where both the TX and RX paths fail. If a single strand of fiber is pulled on these ports, the software redundant port cannot correctly recover from the failure.To display the serial number of the module, use the show slot <slot_number> command. (All the modules on BlackDiamond 8800 series switches have this serial number or higher.)

Configuring Software-Controlled Redundant Ports
When provisioning software-controlled redundant ports, configure only one side of the link as redundant. In Figure 9 only the ports on switch C would be configured as redundant. NOTE
To enable the software-controlled redundant port feature, the primary and redundant ports must have identical VLAN membership.

ExtremeXOS Concepts Guide, Software Version 12.3

235

Configuring Slots and Ports on a Switch To configure a software-controlled redundant port, use the following command:
configure ports <primaryPort> redundant <secondaryPort> {link [on | off]}

The first port specified is the primary port. The second port specified is the redundant port. To unconfigure a software-controlled redundant port, use the following command and enter the primary port(s):
unconfigure ports <port_list> redundant

To configure the switch for the Smart Redundancy feature, use the following command:
enable smartredundancy <port_list>

To disable the Smart Redundancy feature, use the following command:
disable smartredundancy <port_list>

Verifying Software-Controlled Redundant Port Configurations
You can verify the software-controlled redundant port configuration by issuing a variety of CLI commands. To display the redundant ports as well as which are active or members of load-sharing groups, use the following command:
show ports redundant

To display information on which ports are primary and redundant software-controlled redundancy ports, use the following command:
show ports {mgmt | <port_list>} information {detail}

Refer to “Displaying Port Configuration Information” for more information on the show ports information command.

Configuring Automatic Failover for Combination Ports
Summit X450, X450a, and X450e Series Switches only.
The Summit X450, X450a, and X450e series switches have gigabit Ethernet ports; you configure automatic failover using the four combination ports. These ports are called combination ports because either the fiber port or the copper port is active, but they are never active concurrently. These ports, also called redundant ports, are shared PHY copper and fiber ports. If you plan to use the automatic failover feature, ensure that port settings are set correctly for autonegotiation. Summit X450 series switch ports do not advertise or support flow control frames.

NOTE
You may experience a brief episode of the link going down and recovering during the failover.

236

ExtremeXOS Concepts Guide, Software Version 12.3

Configuring Automatic Failover for Combination Ports To display the port type currently used as well as the preferred media setting, use the following command:
show ports {mgmt | <port_list>} information {detail}

Refer to “Displaying Port Configuration Information” for more information on the show ports information command. There are four ports on the Summit X450, X450a, and X450e series switches that are designed as combination ports for uplink redundancy. When sharing ports, only the fiber medium or only the copper medium can be active at one time. If the copper medium goes down while transmitting packets, the fiber medium activates and becomes the primary link; and vice-versa. See Figure 10 for a diagram of these combination ports on the Summit X450-24t switch and Figure 11 for a diagram of these combination ports on the Summit X450-24x switch (both switches have ports 1 to 4 as the combination ports). If copper medium 1 goes down while transmitting packets, fiber medium 1 activates and becomes the primary link, and vice-versa.

Figure 10: Redundancy Cabling on the Summit X450-24t Switch

1 2

3 4

1 2

3 4

S450_004

Figure 11: Redundancy Cabling for the Summit X450-24x Switch

1 2

3 4

1 2

3 4

S450_005

The switch determines whether the port uses the primary or redundant media based on the order in which the connectors are inserted into the switch. When the switch senses a mini-GBIC and a copper connector are inserted, the switch enables the uplink redundancy feature. As an example on the Summit X450-24t switch (which has ports 1 to 4 as the combination ports), if you insert mini-GBICs into fiber

ExtremeXOS Concepts Guide, Software Version 12.3

237

Configuring Slots and Ports on a Switch port 1 and fiber port 3 first and then connect copper ports 1 and 3, the switch assigns ports 1 and 3 as redundant ports. Hardware determines when a link is lost and swaps the primary and redundant ports to maintain stability. After a failover occurs, the switch keeps or sticks with the current port assignment until there is another failure or until a user changes the assignment using the CLI. To change the uplink failover assignment, use the following command:
configure ports <port_list> preferred-medium [copper | fiber] {force}

The default preferred-medium is fiber. If you use the force option, it disables automatic failover. If you force the preferred-medium to fiber and the fiber link goes away, the copper link is not used, even if available.

Displaying Port Configuration Information
You display summary port configuration information using the show ports {mgmt | <port_list>}
configuration {no-refresh} and show ports {mgmt | <port_list>} information {detail}

commands. The show ports configuration command shows you either summary configuration information on all the ports, or more detailed configuration information on specific ports. If you specify the norefresh parameter, the system displays a snapshot of the data at the time you issue the command. The show ports information command shows you either summary information on all the ports, or more detailed information on specific ports. The output from the command differs very slightly depending on the platform you are using. You can display real-time port utilization information, by issuing the following command:
show ports {mgmt | <port_list> | stack-ports <stacking-port-list>} utilization {bandwidth | bytes | packets}

When you use a parameter (packets, byte, or bandwidth) with the above command, the display for the specified type shows a snapshot per port when you issued the command.

238

ExtremeXOS Concepts Guide, Software Version 12.3

6

Universal Port

This chapter includes the following sections:
● ● ● ●

Overview on page 239 Configuring Universal Port Profiles and Triggers on page 255 Managing Profiles and Triggers on page 259 Sample Universal Port Configurations on page 261

Overview
Universal Port is a flexible framework that enables automatic switch configuration in response to special events such as:
● ● ● ●

User login and logoff Device connection to or disconnection from a port Time of day Event Management System event messages NOTE

The Universal Port feature is supported only on the platforms listed for this feature in the license tables in Appendix A, “ExtremeXOS Software Licenses.”

The primary component of the Universal Port feature is the profile, which is a special form of command script that runs when triggered by the events mentioned above. Profiles execute commands and use variables as do the scripts described in Chapter 7, “Using CLI Scripting.” The primary difference is that a profile can be executed manually or automatically, in response to switch events. NOTE
Special scripts can be run when the switch boots. For more information, see “Using Autoconfigure and Autoexecute Files” on page 1336.

Universal Port works with the following ExtremeXOS components and third-party products:
● ● ● ● ● ●

ExtremeXOS Network Login (see Chapter 21, “Network Login”) ExtremeXOS LLDP (see Chapter 8, “LLDP”) ExtremeXOS CLI Scripting (see Chapter 7, “Using CLI Scripting”) ExtremeXOS Event Management System (see Chapter 11, “Status Monitoring and Statistics”) RADIUS servers (see Chapter 22, “Security”) Active directory services such as LDAP and Microsoft Active Directory

ExtremeXOS Concepts Guide, Software Version 12.3

239

Universal Port The following are some examples of how you can use Universal Port on a network:

Automatically provision a VoIP phone and the attached switch port with appropriate Power over Ethernet (PoE) budget and Quality of Service (QoS) settings when the phone connects. Create security policies that can follow a user as the user roams around a campus. For example, an engineer can walk from Building 1 to Building 5, plug his PC into the network and be authenticated with the appropriate access rights and ACLs. Support separate authentication for VoIP phones and workstations on the same port. Create profile templates with variables so that you can re-use templates with different address ranges and parameters. Apply different security policies for different locations (for example, a restricted area). Disable wireless access after business hours. NOTE

● ●

● ●

The term profile is distinct from the term policy because a policy is only one particular application of a profile.

The following sections introduce Universal Port concepts:
● ● ● ● ● ● ● ● ●

Profile Types on page 240 Dynamic Profile Trigger Types on page 242 How User Authentication Profiles Work on page 245 How Device Detect Profiles Work on page 245 Profile Configuration Guidelines on page 246 Collecting Information from Supplicants on page 251 Supplicant Configuration Parameters on page 253 Universal Port Configuration Overview on page 253 Using Universal Port in an LDAP or Active Directory Environment on page 255

Profile Types
The ExtremeXOS software supports two types of profiles: static and dynamic. The following sections describe these profile types:
● ●

Static Profiles on page 240 Dynamic Profiles on page 241

Static Profiles
Static profiles are so named because they are not triggered by dynamic system events. To trigger a static profile, you must enter a CLI command at the switch prompt or run a script that contains the command to start a static profile. The following guidelines apply to static profiles:
● ● ●

Static profiles are not limited to individual ports and can include system wide configuration changes. Static profiles are not assigned to a port and are not specific to a device or a user. Changes made by static profiles are persistent. They are saved in the switch configuration and are preserved during system reboots.

240

ExtremeXOS Concepts Guide, Software Version 12.3

Overview Static profiles are typically used to establish default switch settings. Using scripts and variables, you can create static profiles that serve as templates for initializing switches or reconfiguring switches to manually respond to network or business events. These templates can simplify complex configuration tasks such as Netlogin.

Dynamic Profiles
Dynamic profiles are so named because they are dynamically triggered by the following types of events:
● ● ● ●

Device discovery and disconnect User or standards-based authentication and logoff Time of day Switch events reported by the Event Management System (EMS)

Dynamic profiles are event or action driven and do not require an administrator to start the profile. Without dynamic profile support, IT personnel must be available when devices are added, moved, or changed so they can configure both the network port and the new device. These tasks typically take a long time, do not support mobility, and are often prone to human error. When dynamic profiles are configured properly and a device connects to an edge port, a triggering event triggers a profile that runs a script to configure the port appropriately. The script can use system run-time variables and information gathered from tools such as NetLogin and LLDP to customize the port configuration for the current network environment. For example, the profile can customize the port configuration based on the user ID or MAC address. Dynamic profiles allow you to automate the network response to a variety of network events. Dynamic profiles create temporary states. For example, if a power outage causes the switch to restart, all ports return to the default configuration. When a triggering event such as a specific device connection occurs again, the profile is applied again. When the device is no longer connected, the disconnect event can trigger another profile to unconfigure the port. The temporary state configured by a dynamic profile is configured by prepending the configure cli mode non-persistent command to the script. The temporary nature of profile configuration is critical for network security. Imagine a situation where a dynamic security profile is used. If the information granting access to specific network resources is saved in the configuration, the switch is restarted, and a user loses network connectivity on a secure port, the secure port still provides network access after the switch restarts. Anybody else can access network resources simply by connecting to that secure port. Although the switch configuration returns to the default values after a restart, there is no automatic configuration rollback for dynamic profiles. For example, if a profile grants secure access to network resources at user login, the configuration is not automatically rolled back when the user logs off. To roll back the configuration at user log off, you must create another profile that responds to user log-off events. To support configuration rollback, the scripting feature allows you to save information used in dynamic profiles in variables. When a profile is activated and you want the option to roll back to the previous default setting, some information must be saved, such as the default VLAN setting or the default configuration of a port. Essentially anything modified from the previous setting can be preserved for future use by the profile that rolls back the configuration. There can be multiple profiles on a switch, but only one profile runs at a time. Data from a trigger event is used to select the appropriate profile, and that data can also be used to make decision points within a

ExtremeXOS Concepts Guide, Software Version 12.3

241

Universal Port profile. A typical example is the use of a RADIUS server to specify a particular profile and then apply port-based policies to the user based on the user’s location. There is no profile hierarchy and no software validation to detect if a new profile conflicts with older profile. If two profiles conflict, the same profile might produce different results, depending on the events leading up to the profile trigger. When you create profiles, you must be familiar with all profiles on the switch and avoid creating profiles that conflict with each other.

Dynamic Profile Trigger Types
The following sections introduce each of the dynamic profile trigger types:
● ● ● ●

Device Triggers on page 242 User Authentication Triggers on page 243 Time Triggers on page 244 Event Management System Triggers on page 244

Device Triggers
Device triggers launch a profile when a device connects to or disconnects from a port. The two types of device triggers are labeled device-detect and device-undetect in the software. Profiles that respond to these triggers are called device-detect profiles or device-undetect profiles. Typically, a device-detect profile is used to configure a port for the device that has just connected. Likewise, a device-undetect profile is used to return the port to a default configuration after a device disconnects. A variety of different devices can be connected to a port. When devices connect to the network, Universal Port helps provide the right configuration at the port. Device triggers respond to the discovery protocols IEEE 802.1ab LLDP and ANSI/TIA-1057 LLDP-MED for Voice-over-IP (VoIP) phone extensions. A device-detect trigger occurs when an LLDP packet reaches a port that is assigned to a device-detect profile. A device-undetect trigger occurs when periodically transmitted LLDP packets are not received anymore. LLDP age-out occurs when a device has disconnected or an age-out time has been reached. LLDP must be enabled on ports that are configured for device-detect or device-undetect profiles. LLD P is described in Chapter 8, “LLDP.” The combination of device triggers and LLDP enables the custom configuration of devices that connect to switch ports. For example, Voice-over-IP (VoIP) phones can send and receive information in addition to normal device identification information. The information sent through LLDP can be used to identify the maximum power draw of the device. The switch can then set the maximum allocated power for that port. If the switch does not have enough PoE left, the switch can take action to lower the PoE loading and try again. The switch can also transmit additional VoIP files and call server configuration information to the phone so the phone can register itself and receive necessary software and configuration information. There can only be one device-detect profile and one device-undetect profile per port. To distinguish between different connecting devices, you can use if-then-else statements in a profile along with detailed information provided through LLDP.

242

ExtremeXOS Concepts Guide, Software Version 12.3

Overview

User Authentication Triggers
User authentication triggers launch a profile when a user or an identified device logs in or out of the network using the network login feature described in Chapter 21, “Network Login.” The network login feature does not permit any access beyond the port until the user or device is authenticated. The two types of user authentication triggers are labeled user-authenticate and user-unauthenticated in the software. Profiles that respond to these triggers are called user-authenticate profiles or user-unauthenticated profiles. Typically, a user-authenticate profile is used to configure a port for a user and device that has just connected. Likewise, a user-unauthenticated profile is used to return the port to a default configuration after a user or device disconnects. Successful network login triggers the user-authenticate profile, and either an explicit logout, a session time out, or a disconnect triggers the userunauthenticated profile.

NOTE
VoIP phones are also capable of being authenticated before being allowed on the network. The phone begins 802.1x authentication based on a personal username and password. This authentication step is available and supported by the latest firmware from vendors such as Avaya and Mitel.

Network login requires a RADIUS server for user or device authentication. The RADIUS server provides the following features:
● ● ●

Centralized database for network authentication Further centralization when connected to an LDAP or Active Directory database Dynamic switch configuration through Vendor Specific Attributes (VSAs)

VSAs are values that are passed from the RADIUS server to the switch after successful authentication. VSAs can be used by the switch to configure connection attributes such as security policy, VLAN, and location. For more information on RADIUS and VSAs, see Chapter 22, “Security.” The following sections introduce each of the network login event types that can trigger profiles:
● ● ●

802.1x Network Login on page 243 MAC-Based Network Login on page 243 Web-Based Network Login on page 244

802.1x Network Login. Network login 802.1x requires 802.1x client software on the device to be authenticated. At login, the user supplies a user name and password, which the switch passes to the RADIUS server for authentication. When the user passes authentication, the RADIUS server notifies the switch, and the user-authenticate profile is triggered. One advantage of 802.1x network login is that it can uniquely identify a user. A disadvantage is that not all devices support 802.1x authentication. For more information, see Chapter 21, “Network Login.” MAC-Based Network Login. MAC-based network login requires no additional software, and it does not require any interaction with the user. When network login detects a device with a MAC address that is configured on the switch, the switch passes the MAC address and an optional password to the RADIUS server for authentication. When the device passes authentication, the RADIUS server notifies the switch, and the user-authenticate profile is triggered. One advantage of MAC-based network login is that it requires no special software. A disadvantage is that security is based on the MAC address of the client, so the network is more vulnerable to spoofing attacks. For more information, see Chapter 21, “Network Login.”

ExtremeXOS Concepts Guide, Software Version 12.3

243

Universal Port

NOTE
MAC-based authentication can also be used to identify devices. For example, an entire MAC address or some bits of the MAC address can identify a device and trigger switch port auto-configuration similar to the LLDP-based device detect event. The difference between MAC-based authentication and LLDP authentication is that MAC-based authentication does not provide information on the connected device. The advantage of MAC-based authentication is that it enables non-LLDP devices to trigger profiles.

Web-Based Network Login. Web-based network login requires a DHCP server and may require a DNS server. At login, the user supplies a user name and password through a Web browser client, which the switch passes to the RADIUS server for authentication. When the user passes authentication, the RADIUS server notifies the switch, and the user-authenticate profile is triggered. Some advantages of Web-based network login are that it can uniquely identify a user and it uses commonly available Web client software. Some disadvantages are a lower level of security and the IP configuration requirement. For more information, see Chapter 21, “Network Login.”

Time Triggers
Time triggers launch a profile at a specific time of day or after a specified period of time. For example, you can use time triggers to launch profiles at the following times:
● ● ●

6 p.m. every day One-time after 15 minutes 1 hour intervals

You might use a time trigger to launch a profile to disable guest VLAN access, shut down a wireless service, or power down a port after business hours. Time triggers enable profiles to perform timed backups for configurations, policies, statistics, and so forth. Anything that needs to happen on a regular basis or at a specific time can be incorporated into a time-of-day profile. A profile that uses a time trigger is called a time-of-day profile. Time-of-day profiles are not limited to non-persistent-capable CLI commands and can use any command in the ExtremeXOS CLI. Unlike the device-detect and user-authenticate triggers, time triggers do not have an equivalent function to the device-undetect or user-unauthenticated triggers. If you need the ability to unconfigure changes made in a time-of-day profile, just create another time-of-day profile to make those changes.

Event Management System Triggers
EMS-event triggers launch a profile when EMS produces a message that conforms to a predefined definition that is configured on the switch. The ExtremeXOS EMS feature is described in Chapter 11, “Status Monitoring and Statistics.” Profiles that respond to EMS-event triggers are called EMS-event profiles. Typically, an EMS-event profile is used to change the switch configuration in response to a switch or network event.

244

ExtremeXOS Concepts Guide, Software Version 12.3

Overview The EMS events that trigger Universal Port profiles are defined in EMS filters and can be specified in more detail with additional CLI commands. You can create EMS filters that specify events as follows:
● ● ●

Component.subcomponent Component.condition Component.subcomponent.condition

You can use the show log components command to display all the components and subcomponents for which you can filter events. If you specify a filter to take action on a component or subcomponent, any event related to that component triggers the profile. You can use the show log events all command to display all the conditions or events for which you can filter events. If you decide that you want to configure a profile to take action on an ACL policy change, you can add a filter for the ACL.Policy.Change event. You can further define an event that triggers a Universal Port profile by specifying an event severity level and text that must be present in an event message. When a specified event occurs, event information is passed to the Universal Port profile in the form of variables, which can be used to modify the switch configuration. EMS-triggered profiles allow you to configure responses for any EMS event listed in the show log components and show log filters all commands. However, you must be careful to select the correct event and corresponding response for each profile. For example, if you attempt to create a Universal Port log target for a specific event (component.subcomponent.condition) and you accidentally specify a component (component), the profile is applied to all events related to that component. Using EMS-triggered profiles is similar to switch programming. They provide more control and therefore more opportunity for misconfiguration. Unlike the device-detect and user-authenticate triggers, EMS event triggers do not have an equivalent function to the device-undetect or user-unauthenticated triggers. If you need the ability to unconfigure changes made in an EMS-event profile, just create another static or dynamic profile to make those changes.

How Device Detect Profiles Work
Device detect profiles enable dynamic port configuration without the use of a RADIUS server. Devicedetect profiles and device undetect profiles are triggered as described earlier in “Device Triggers” on page 242. When a device connects to a port that has a device-detect profile configured, the switch runs the specified profile and stops. Only one device detect profile can be configured for a port, so the same profile runs each time a device is detected on the port. Only one device-undetect profile can be configured for a port, so the same profile is run each time the switch detects that all previouslyconnected devices are no longer connected.

How User Authentication Profiles Work
User-authentication profiles can be assigned to user groups or individual users. Typically, a company creates profiles for groups such as software engineering, hardware engineering, marketing, sales, technical support, operations, and executive. These kinds of categories make profile management more streamlined and simple.

ExtremeXOS Concepts Guide, Software Version 12.3

245

Universal Port The authentication process starts when a switch receives an authentication request through network login. The authentication request can be for a specific user or a MAC address. A user name and password might be entered directly or by means of other security instruments, such as a smart card. A MAC address would be provided by LLDP, which would need to be operating on the ingress port. Network login enforces authentication before granting access to the network. All packets sent by a client on the port do not go beyond the port into the network until the user is authenticated through a RADIUS server. The switch authenticates the user through a RADIUS server, which acts as a centralized authorization point for all network devices. The RADIUS server can contain the authentication database, or it can serve as a proxy for a directory service database, such as LDAP or Active Directory. The switch also supports optional backup authentication through the local switch database when a RADIUS server is unavailable. The RADIUS server responds to the switch and either accepts or denies user authentication. When user authentication is accepted, the RADIUS server can also send Vendor Specific Attributes (VSAs) in the response. The VSAs can specify configuration data for the user such as the Universal Port profile to run for logon, a VLAN name, a user location, and a Universal Port profile to run for logout. Extreme Networks has defined vendor specific attributes that specify configuration settings and can include variables to be processed by the Universal Port profile. If profile information is not provided by the RADIUS server, the user-authenticate profile is used. Profiles are stored and processed on the switch. When a user name or MAC address is authenticated, the switch places the appropriate port in forwarding mode and runs either a profile specified by the RADIUS server, or the profile defined for the authentication event. The profile configures the switch resources for the user and stops running until is activated again. When a user or MAC address is no longer active on the network, due to logoff, disconnect, or inactivity, user unauthentication begins. To complete unauthentication, the switch stops forwarding on the appropriate port and does one of the following: 1 Run an unauthenticate profile specified by the RADIUS server during authentication 2 Run an unauthenticate profile configured on the switch and assigned to the affected port 3 Run the authenticate profile used to authenticate the user initially The preferred unauthenticate profile is one specified by the RADIUS server during authentication. If no unauthenticate profiles are specified, the switch runs the authenticate profile used to authenticate the user or device.

Profile Configuration Guidelines
You can configure both static and dynamic profiles using the command line interface (CLI) or the EPICenter® Universal Port Manager. This section presents the following topics:
● ● ● ● ●

Obtaining Profiles on page 247 Profile Rules on page 247 Multiple Profiles on the Same Port on page 247 Supported Configuration Commands and Functions on page 247 Universal Port Variables on page 249

246

ExtremeXOS Concepts Guide, Software Version 12.3

Overview

Obtaining Profiles
You can write your own profiles, or you can obtain profiles from the Extreme Networks website, another Extreme Networks user or partner, or Extreme Networks professional services. Sample profiles are listed in “Sample Universal Port Configurations” on page 261. The Universal Port Handset Provisioning Module is a collection of profiles and documentation that is available with other samples on the Extreme Networks website.

Profile Rules
All profiles have the following restrictions:
● ● ● ● ●

Maximum 5000 characters in a profile. Maximum 128 profiles on a switch. Profiles are stored as part of the switch configuration file. Copy and paste is the only method to transfer profile data using the CLI. Unless explicitly preceded with the command configure cli mode persistent, all nonpersistent-capable commands operate in non-persistent mode when operating in dynamic profiles. Unless explicitly preceded with the command configure cli mode non-persistent, all nonpersistent-capable commands operate in persistent mode when operating in static profiles. NOTE

There is no profile hierarchy, which means users must verify there are no conflicting rules in static and dynamic profiles. This is a normal requirement for ACLs, and is standard when using policy files or dynamic ACLs.

NOTE
When the switch is configured to allow non-persistent-capable commands to operate in non-persistent mode, the switch configuration can roll back to the configuration that preceded the entry of the non-persistent-capable commands. This roll back behavior enables ports to return to their initial state when a reboot or power cycle occurs.

Multiple Profiles on the Same Port
Multiple Universal Port profiles can be created on a switch, but only one profile per event can be applied per port. Different profiles on the same port apply to different events; for example, different authentication events for different devices or users. You can configure multiple user profiles on a port or a group of ports. For instance, you might create user-authentication profiles for different groups of users, such as Engineering, Marketing, and Sales. You can also configure a device-triggered profile on a port that supports one or more user profiles. However, you can configure only one device-triggered profile on a port.

Supported Configuration Commands and Functions
Static and dynamic profiles support the full ExtremeXOS command set and the built-in functions described in Chapter 7, “Using CLI Scripting.” However, a subset of these commands operates by default in non-persistent mode when executed in a dynamic profile. Commands that are executed in persistent mode become part of the saved switch configuration that persists when the switch is

ExtremeXOS Concepts Guide, Software Version 12.3

247

Universal Port rebooted. Commands that are executed in non-persistent mode configure temporary changes that are not saved in the switch configuration and do not persist when the switch is rebooted. Most commands operate only in persistent mode. The subset of commands that operate in nonpersistent mode are called non-persistent-capable commands. The Universal Port feature uses the nonpersistent-capable commands to configure temporary changes that could create security issues if the switch were rebooted or reset. The use of non-persistent-capable commands in scripts and Universal Port profiles allows you to make temporary configuration changes without affecting the default configuration the next time the switch is started. Table 24 shows the non-persistent capable CLI commands.

Table 24: Non-Persistent-Capable Configuration Commands
CLI Commands ACL Commands Dynamic ACL syntax allows the application of all ACLs configure access-list add <dynamic_rule> [ [[first | last]{priority <p_number>}]|[[before | after] <rule>]|[priority <p_number>]] [any | vlan <vlanname> | ports <portlist>] {ingress | egress} {zone <zone>} {application <appl_name>} configure access-list delete <dynamic_rule> [any | vlan <vlanname> | ports <portlist> | all] {ingress | egress} {application <appl_name>} LLDP configure lldp ports <portlist> [advertise|don'tadvertise]... Port disable port [<port_list> | all] disable jumbo-frame ports [all | <port_list>] enable port [<port_list> | all] enable jumbo-frame ports [all | <port_list>] Power over Ethernet configure inline-power label <string> ports <port_list> configure inline-power operator-limit <milliwatts> ports [all |<port_list>] configure inline-power priority [critical | high | low] ports <port_list> disable inline-power disable inline-power ports [all | <port_list>] disable inline-power slot <slot> enable inline-power enable inline-power ports [all | <port_list>] enable inline-power slot <slot> unconfigure inline-power priority ports [all | <port_list>]

248

ExtremeXOS Concepts Guide, Software Version 12.3

Overview

Table 24: Non-Persistent-Capable Configuration Commands (Continued)
CLI Commands VLAN configure {vlan} <vlan_name> add ports [<port_list> | all] {tagged | untagged} {{stpd} <stpd_name>} {dot1d | emistp | pvst-plus}} configure ip-mtu <mtu> vlan <vlan_name> QOS/Rate-limiting 802.1p priority assignment to traffic on a port configure ports <port_list> {qosprofile} <qosprofile> Show Commands All show commands can be executed in non-persistent mode.

By default, all commands operate in persistent mode with the following exceptions:

In Universal Port dynamic profiles, the non-persistent-capable commands operate in non-persistent mode unless preceded by the configure cli mode persistent command in the profile. In the CLI, CLI scripts, and static profiles, the non-persistent-capable commands operate in nonpersistent mode only when preceded by the configure cli mode non-persistent command.

You can use the configure cli mode persistent command and the configure cli mode nonpersistent command to change the mode of operation for non-persistent-capable commands multiple times within a script, profile, or configuration session.

Universal Port Variables
Universal Port uses CLI Scripting variables (see Chapter 7, “Using CLI Scripting”) to make system and trigger event information available to profiles. Variables allow you to create profiles and scripts that respond to the state of the switch as defined in the variables. When a profile is triggered, the system passes variables to the profile. You can also create and use variables of your own. User-defined variables are limited to the current context unless explicitly saved. NOTE
You must enable CLI scripting before using variables or executing a script.

If you save variables (as described in “Saving, Retrieving, and Deleting Session Variables” on page 295), certain data from one profile can be reused in another profile for another event. For example, between login and logout events, the data necessary for the rollback of a port configuration can be shared. The following sections describe the variables that are available to profiles:
● ● ● ●

Common Variables on page 249 User Profile Variables on page 250 Device Detect Profile Variables on page 251 Event Profile Variables on page 251

Common Variables. Table 25 shows the variables that are always available for use by any script. These variables are set up for use before a script or profile is executed.

ExtremeXOS Concepts Guide, Software Version 12.3

249

Universal Port

Table 25: Common Variables
Variable Syntax $STATUS $CLI.USER $CLI.SESSION_ID $CLI.SESSION_TYPE $EVENT.NAME $EVENT.TIME $EVENT.TIMER_TYPE $EVENT.TIMER_NAME $EVENT.TIMER_LATE_ SECS $EVENT.PROFILE Definition Status of last command execution. Username for the user who is executing this CLI. An identifier for a session. This identifier is available for the roll-back event when a device or user times out. Type of session of the user. This is the event that triggered this profile. Time this event occurred. The time is in seconds since epoch. Type of timer, which is periodic or non_periodic. Name of the timer that the Universal Port is invoking. Time difference between when the timer fired and when the actual shell was run in seconds.a Name of the profile that is being run currently.

a.In ExtremeXOS Release 12.0, this variable was named $EVENT.TIMER_DELTA_SECS. User Profile Variables. Table 26 shows the variables available to user profiles.

Table 26: User Profile Variables
Variable Syntax $EVENT.USERNAME $EVENT.NUMUSERS Definition Name of user authenticated. This is a string with the MAC address for MAC-based user-login. Number of authenticated supplicants on this port after this event occurred.

NOTE
For user-authenticated events, the initial value of this variable is 0. For user unauthenticated events, the initial value is 1. $EVENT.USER_MAC $EVENT.USER_PORT $EVENT.USER_VLAN $EVENT.USER_ALL_VLANS $EVENT.USER_IP MAC address of the user. Port associated with this event. VLAN associated with this event or user. When a user is authenticated to multiple VLANs, this variable includes all VLANs for which the user is authenticated. IP address of the user if applicable. Otherwise, this variable is blank.

250

ExtremeXOS Concepts Guide, Software Version 12.3

Overview Device Detect Profile Variables. Table 27 shows the variables available to device detect profiles.

Table 27: Device Profile Variables
Variable Syntax $EVENT.DEVICE Definition Device identification string. Possible values for EVENT.DEVICE are: AVAYA_PHONE, GEN_TEL_PHONE, ROUTER, BRIDGE, REPEATER, WLAN_ACCESS_PT, DOCSIS_CABLE_SER, STATION_ONLY and OTHER. These strings correspond to the devices that the LLDP application recognizes and reports to the Universal Port management application. $EVENT.DEVICE_IP $EVENT.DEVICE_MAC $EVENT.DEVICE_POWER $EVENT.DEVICE_MANUFACTURER_ NAME $EVENT.DEVICE_MODEL_NAME $EVENT.USER_PORT The IP address of the device (if available). Blank if not available. The MAC address of the device (if available). Blank if not available. The power of the device in milliwatts (if available). Blank if not available. The manufacturer of the device. Model name of the device. Port associated with the event.

Event Profile Variables. Table 28 shows the variables available to event profiles.

Table 28: Event Profile Variables
Variable Syntax $EVENT.NAME $EVENT.LOG_DATE $EVENT.LOG_TIME $EVENT.LOG_ COMPONENT_ SUBCOMPONENT $EVENT.LOG_EVENT $EVENT.LOG_FILTER_ NAME $EVENT.LOG_SEVERITY $EVENT.LOG_MESSAGE $EVENT.LOG_PARAM_0 to $EVENT.LOG_PARAM_9 Definition The event message. The event date. The event time. The component and subcomponent affected by the event as it appears in the show log components command display. The event condition as it appears in the show log events command display. The EMS filter that triggered the profile. The event severity level defined in EMS. The event message with arguments listed in the format %1%. Event arguments 0 to 9.

Collecting Information from Supplicants
A supplicant is a device such as a VoIP phone or workstation that connects to the switch port and requests network services. As described in Chapter 8, “LLDP,” LLDP is a protocol that can be used to collect information about device capabilities from attached devices or supplicants. To use Universal Port with LLDP, you must enable LLDP on the port.

ExtremeXOS Concepts Guide, Software Version 12.3

251

Universal Port

NOTE
Avaya and Extreme Networks have developed a series of extensions for submission to the standards consortium for inclusion in a later version of the LLDP-MED standard:
■ ■ ■

Avaya Power conservation mode Avaya file server Avaya call server

The following is an example of information provided through LLDP about an IP phone:
LLDP Port 1 detected 1 neighbor Neighbor: (5.1)192.168.10.168/00:04:0D:E9:AF:6B, age 7 seconds - Chassis ID type: Network address (5); Address type: IPv4 (1) Chassis ID : 192.168.10.168 - Port ID type: MAC address (3) Port ID : 00:04:0D:E9:AF:6B - Time To Live: 120 seconds - System Name: "AVAE9AF6B" - System Capabilities : "Bridge, Telephone" Enabled Capabilities: "Bridge, Telephone" - Management Address Subtype: IPv4 (1) Management Address : 192.168.10.168 Interface Number Subtype : System Port Number (3) Interface Number : 1 Object ID String : "1.3.6.1.4.1.6889.1.69.1.13" - IEEE802.3 MAC/PHY Configuration/Status Auto-negotiation : Supported, Enabled (0x03) Operational MAU Type : 100BaseTXFD (16) - MED Capabilities: "MED Capabilities, Network Policy, Inventory" MED Device Type : Endpoint Class III (3) - MED Network Policy Application Type : Voice (1) Policy Flags : Known Policy, Tagged (0x1) VLAN ID : 0 L2 Priority : 6 DSCP Value : 46 - MED Hardware Revision: "4625D01A" - MED Firmware Revision: "b25d01a2_7.bin" - MED Software Revision: "a25d01a2_7.bin" - MED Serial Number: "061622014487" - MED Manufacturer Name: "Avaya" - MED Model Name: "4625" - Avaya/Extreme Conservation Level Support Current Conservation Level: 0 Typical Power Value : 7.4 Watts Maximum Power Value : 9.8 Watts Conservation Power Level : 1=7.4W - Avaya/Extreme Call Server(s): 192.168.10.204 - Avaya/Extreme IP Phone Address: 192.168.10.168 255.255.255.0 Default Gateway Address : 192.168.10.254 - Avaya/Extreme CNA Server: 0.0.0.0 - Avaya/Extreme File Server(s): 192.168.10.194 - Avaya/Extreme IEEE 802.1q Framing: Tagged

252

ExtremeXOS Concepts Guide, Software Version 12.3

Overview

NOTE
LLDP is tightly integrated with IEEE 802.1x authentication at edge ports. When used together, LLDP information from authenticated end point devices is trustable for automated configuration purposes. This tight integration between 802.1x and LLDP protects the network from automation attacks.

Supplicant Configuration Parameters
As described in Chapter 8, “LLDP,” LLDP is a protocol that can be used to configure attached devices or supplicants. The following LLDP parameters are configurable on the switch ports when device-detect profiles execute:
● ● ● ● ● ●

VLAN Name Port VLAN ID Power Conservation Mode Avaya File Server Avaya Call server 802.1Q Framing

Universal Port Configuration Overview
Because Universal Port operates with multiple ExtremeXOS software features and can operate with multiple third-party products, Universal Port configuration can require more than just the creation of profiles and triggers. No single overview procedure can cover all the possible Universal Port configurations. The following sections provide overviews of the following common types of Universal Port configurations:
● ● ● ●

Device-Detect Configurations on page 253 User-Authentication Configurations on page 254 Time-of-Day Configurations on page 255 EMS-Event Configurations on page 255

Device-Detect Configurations
A Universal Port device-detect configuration requires only a switch and supplicants. If PoE devices will connect to the switch, the switch should support PoE. Supplicants should support LLDP in the applicable software or firmware. NOTE
To support supplicant configuration, you might consider adding a DHCP server to your network.

Use the following procedure to configure Universal Port for device detection: 1 Create a device-detect profile as described in “Creating and Configuring New Profiles” on page 256. 2 Create a device-undetect profile as described in “Creating and Configuring New Profiles” on page 256.

ExtremeXOS Concepts Guide, Software Version 12.3

253

Universal Port 3 Assign the device-detect profile to the edge ports as described in “Configuring a Device Event Trigger” on page 257. 4 Assign the device-undetect profile to the edge ports as described in “Configuring a Device Event Trigger” on page 257. 5 Verify that correct profiles are assigned to correct ports by entering the following command:
show upm events <event-type>

6 Enable LLDP message advertisements on the ports that are configured for device-detect profiles as described in Chapter 8, “LLDP.” 7 Test profile operation as described in “Verifying a Universal Port Profile” on page 260.

User-Authentication Configurations
A Universal Port user-authenticate configuration requires the following components:
● ● ●

An Extreme Networks switch, which might need to include PoE support. RADIUS server for user authentication and VSA transmission. Supplicants that support the authentication method you select. LLDP support is recommended, but is optional when MAC address authentication is used. NOTE

To support supplicant configuration, you might consider adding a DHCP server to your network. For VoIP applications, you can use a TFTP server and a call server to provide for additional supplicant configuration.

Use the following procedure to configure Universal Port for user login: 1 Configure the RADIUS server as described in Chapter 22, “Security.”. The configuration should include the following:
■ ■ ■

User ID and password for RADIUS clients. Extreme Networks custom VSAs. Addition of the edge switch as a RADIUS client.

2 Create a user-authenticate profile as described in “Creating and Configuring New Profiles” on page 256. 3 Create a user-unauthenticate profile as described in “Creating and Configuring New Profiles” on page 256. 4 Assign the user-authenticate profile to the edge ports as described in “Configuring a User Login or Logout Event Trigger” on page 257. 5 Assign the user-unauthenticate profile to the edge ports as described in “Configuring a User Login or Logout Event Trigger” on page 257. 6 Configure network login on the edge switch as described in Chapter 21, “Network Login.” 7 Configure the edge switch as a RADIUS client as described in Chapter 22, “Security.” 8 Verify that correct profiles are assigned to correct ports by entering the following command:
show upm events <event-type>

9 Enable LLDP message advertisements on the ports that are configured for device-detect profiles as described in Chapter 8, “LLDP.” 10 Test profile operation as described in “Verifying a Universal Port Profile” on page 260.

254

ExtremeXOS Concepts Guide, Software Version 12.3

Configuring Universal Port Profiles and Triggers

Time-of-Day Configurations
To configure Universal Port to use a time-of-day profile, use the following procedure: 1 Create a profile as described in “Creating and Configuring New Profiles” on page 256. 2 Create and configure a timer as described in “Configuring a Universal Port Timer” on page 257. 3 Create the timer trigger and attach it to the profile as described in “Configuring a Timer Trigger” on page 257.

EMS-Event Configurations
To configure Universal Port to use an EMS-event profile, use the following procedure: 1 Create the EMS-Event profile as described in “Creating and Configuring New Profiles” on page 256. 2 Create and configure an event filter to identify the trigger event as described in “Creating an EMS Event Filter” on page 258. 3 Create the event trigger and attach it to the profile and filter as described in “Configuring an EMS Event Trigger” on page 258. 4 Enable the event trigger as described in “Enabling and Disabling an EMS Event Trigger” on page 258.

Using Universal Port in an LDAP or Active Directory Environment
The RADIUS server can operate in proxy mode with information stored in a central directory service such as LDAP or Active Directory. This proxy mode is configured between the RADIUS server and the central directory service. Once configured, supplicants can be authenticated from the central directory service. For more information, see the following:
● ● ●

“Setting Up Open LDAP” in Chapter 22, “Security” RADIUS server product documentation Product documentation for your central directory service

Configuring Universal Port Profiles and Triggers
You can configure both static and dynamic profiles using the command line interface (CLI) or the EPICenter Universal Port Manager. This section describes the following configuration tasks using the CLI:
● ● ● ● ● ● ● ● ●

Creating and Configuring New Profiles on page 256 Editing an Existing Profile on page 256 Configuring a Device Event Trigger on page 257 Configuring a User Login or Logout Event Trigger on page 257 Configuring a Universal Port Timer on page 257 Configuring a Timer Trigger on page 257 Creating an EMS Event Filter on page 258 Configuring an EMS Event Trigger on page 258 Enabling and Disabling an EMS Event Trigger on page 258

ExtremeXOS Concepts Guide, Software Version 12.3

255

Universal Port
● ●

Unconfiguring a User or Device Profile Trigger on page 258 Unconfiguring a Timer on page 258 NOTE

In the CLI, “upm” is used as an abbreviation for the Universal Port feature.

Creating and Configuring New Profiles
When you create and configure a new profile, you are basically writing a script within a profile that can be triggered by system events. For more information on the rules, commands, and variables that apply to profiles, see “Profile Configuration Guidelines” on page 246. To create and configure a new profile, enter the following command:
configure upm profile <profile-name> maximum execution-time <seconds>

After you enter the command, the switch prompts you to add command statements to the profile as shown in the following example:
X450e-24p.3 # create upm profile detect-voip Start typing the profile and end with a . as the first and the only character on a line. Use - edit upm profile <name> - for block mode capability create log entry Starting_Script_DETECT-voip set var callServer 192.168.10.204 set var fileServer 192.168.10.194 set var voiceVlan voice set var CleanupProfile CleanPort set var sendTraps false # . X450e-24p.4 #

The example above creates a log entry and sets some variables, but it is not complete. This example shows that after you enter the create upm profile command, you can enter system commands. When you have finished entering commands, you can exit the profile creation mode by typing the period character at the start of a line and pressing <Enter>.

Editing an Existing Profile
To edit an existing profile, enter the following command:
edit upm profile <profile-name>

256

ExtremeXOS Concepts Guide, Software Version 12.3

Configuring Universal Port Profiles and Triggers

Configuring a Device Event Trigger
There are two types of device event triggers, which are named as follows in the CLI: device-detect and device-undetect. When you configure a device event trigger, you assign one of the two device event trigger types to a profile and specify the ports to which the triggered profile applies. To configure a device event trigger, use the following command:
configure upm event <upm-event> profile <profile-name> ports <port_list>

Replace <upm-event> with one of the device event trigger types: device-detect or device-undetect.

Configuring a User Login or Logout Event Trigger
There are two types of user event triggers, which are named as follows in the CLI: user-authenticate and user-unauthenticated. When you configure a user event trigger, you assign one of the two user event trigger types to a profile and specify the ports to which the triggered profile applies. To configure a user event trigger, use the following command:
configure upm event <upm-event> profile <profile-name> ports <port_list>

Replace <upm-event> with one of the device event trigger types: user-authenticate or userunauthenticated.

Configuring a Universal Port Timer
To configure a Universal Port timer, you must complete two steps: 1 Create the timer. 2 Configure the timer. To create the timer, use the following command:
create upm timer <timer-name>

To configure the timer, use the following commands:
configure upm timer <timer-name> after <time-in-secs> {every <seconds>} configure upm timer <timer-name> at <month> <day> <year> <hour> <min> <secs> {every <seconds>}

Configuring a Timer Trigger
When you configure a timer trigger, you assign a configured timer to a profile. When the configured time arrives, the switch executes the profile. To configure a timer trigger, use the following command:
configure upm timer <timerName> profile <profileName>

Replace <timerName> with the timer name and <profileName> with the profile name.

ExtremeXOS Concepts Guide, Software Version 12.3

257

Universal Port

Creating an EMS Event Filter
An EMS event filter identifies an event that can be used to trigger a profile. To create an EMS event filter, use the following procedure: 1 Create a log filter to identify the event using the following command:
create log filter <name> {copy <filter name>}

2 Configure the log filter using the following commands:
configure log filter <name> [add | delete] {exclude} events [<event-condition> | [all | <event-component>] {severity <severity> {only}}] configure log filter <name> [add | delete] {exclude} events [<event-condition> | [all | <event-component>] {severity <severity> {only}}] [match | strict-match] <type> <value>

Configuring an EMS Event Trigger
When you configure an EMS event trigger, you identify an EMS filter that defines the event and a profile that runs when the event occurs. To configure an EMS event-triggered profile, use the following procedure: 1 Create a log target to receive the event notification using the following command:
create log target upm {<upm_profile_name>}

2 Configure the log target to specify a filter and any additional parameters that define the event with the following commands:
configure log target upm {<upm_profile_name>} filter <filter-name> {severity [[<severity>] {only}]} configure log target upm {<upm_profile_name>} match {any | <regex>}

Enabling and Disabling an EMS Event Trigger
When you configure an EMS event trigger, it is disabled. To enable an EMS event trigger or disable a previously enabled trigger, use the following commands:
enable log target upm {<upm_profile_name>} disable log target upm {<upm_profile_name>}

Unconfiguring a User or Device Profile Trigger
To unconfigure a user or device profile trigger, use the following command:
unconfigure upm event <upm-event> profile <profile-name> ports <port_list>"

Unconfiguring a Timer
To unconfigure a timer, use the following command:
unconfigure upm timer <timerName> profile <profileName>

258

ExtremeXOS Concepts Guide, Software Version 12.3

Managing Profiles and Triggers

Managing Profiles and Triggers
This section describes the following tasks:
● ● ● ● ● ● ● ● ● ● ●

Manually Executing a Static or Dynamic Profile on page 259 Displaying a Profile on page 259 Displaying Timers on page 259 Displaying Universal Port Events on page 260 Displaying Profile History on page 260 Verifying a Universal Port Profile on page 260 Handling Profile Execution Errors on page 260 Disabling and Enabling a Profile on page 261 Deleting a Profile on page 261 Deleting a Timer on page 261 Deleting an EMS Event Trigger on page 261

Manually Executing a Static or Dynamic Profile
Profiles can be run from the command line interface by configuring the system to run as it would when the trigger events happen. This facility is provided to allow you to test how the system behaves when the actual events happen. The actual configuration is applied to the switch when the profile is run. To manually execute a profile, use the following command:
run upm profile <profile-name> {event <event-name>} {variables <variable-string>}

Example:
run upm profile afterhours

If the variables keyword is not present, but an events variable is specified, the user is prompted for various environment variables appropriate for the event, including the VSA string for user authentication.

NOTE
Variables are not validated for correct syntax.

Displaying a Profile
To display a profile, enter the following command:
show upm profile <name>

Displaying Timers
To display a list of timers and associated timer information, enter the following command:
show upm timers

ExtremeXOS Concepts Guide, Software Version 12.3

259

Universal Port

Displaying Universal Port Events
You can display a list of events that relate to one of the following trigger types:
● ● ● ●

device-detect device-undetect user-authenticate user-unauthenticated

To display a list of Universal Port events for one of the above triggers, enter the following command:
show upm events <event-type>

Replace <event-type> with one of the trigger types listed above.

Displaying Profile History
To display a list of triggered events and associate event data, enter one of the following commands:
show upm history {profile <profile-name> | event <upm-event> | status [pass | fail] | timer <timer-name> | detail} show upm history exec-id <number>

Verifying a Universal Port Profile
To verify a Universal Port profile configuration, trigger the profile and verify that it works properly. Trigger the profile based on the trigger type as follows:
● ● ● ●

Device triggers: plug in the device Authentication triggers: authenticate a device or user Timer triggers: temporarily configure the timer for an approaching time EMS event triggers: reproduce the event to which the trigger responds

You can use the commands described earlier in this section to view information about the profile and how it behaves. Because Universal Port works with multiple switch features, you might want to enter commands to examine the configuration of those features. The following commands are an example of some of the commands that can provide additional information about profile operation:
show show show show lldp lldp neighbors log netlogin

Handling Profile Execution Errors
To conserve resources, the switch stores only the last execution log for the profile that resulted in an error.

260

ExtremeXOS Concepts Guide, Software Version 12.3

Sample Universal Port Configurations Use the following command to see a tabular display showing the complete history of the last 100 profiles run:
show upm history {profile <profile-name> | event <upm-event> | status [pass | fail] | timer <timer-name> | detail}

Use the detail keyword to display the actual executions that happened when the profile was run. Use the following command to display a specific execution that was run:
show upm history exec-id <number>

Select the exec-id number from the list in the tabular display.

Disabling and Enabling a Profile
Universal Port profiles are automatically enabled when they are created. To disable a profile or enable a previously disabled profile, use the following commands:
disable upm profile <profile-name> enable upm profile <profile-name>

Deleting a Profile
To delete a profile, enter the following command:
delete upm profile <profile-name>

Deleting a Timer
To delete a timer, enter the following command:
delete upm timer <timer-name>

Deleting an EMS Event Trigger
To delete an EMS event trigger, enter the following command:
delete log target upm {<upm_profile_name>}

Sample Universal Port Configurations
This section provides the following examples:
● ● ● ● ●

Sample MAC Tracking Profile on page 262 Universal Port Handset Provisioning Module Profiles on page 267 Sample Static Profiles on page 271 Sample Configuration with Device-Triggered Profiles on page 274 Sample Configuration with User-Triggered Profiles on page 276

ExtremeXOS Concepts Guide, Software Version 12.3

261

Universal Port
● ● ● ● ● ●

Sample Profile with QoS Support on page 280 Sample Event Profile on page 280 Sample Configuration for Generic VoIP LLDP on page 282 Sample Configuration for Generic VoIP 802.1x on page 283 Sample Configuration for Avaya VoIP 802.1x on page 284 Sample Configuration for a Video Camera on page 286

Sample MAC Tracking Profile
The example in this section shows how to create a profile that takes action based on the MAC tracking feature. When the MAC tracking feature detects a MAC move in a VLAN, the MAC tracking feature generates an EMS log, which then triggers a profile. The following sections provide information for this example:
● ● ● ● ●

Switch Configuration on page 262 MAC Tracking EMS Log Message on page 263 Profile Configuration on page 263 Policy File Configuration on page 263 Console Logs on page 264

Switch Configuration
The general switch configuration is as follows:
#Vlan config create vlan v1 configure v1 add ports 1:17-1:18 configure vlan v1 ipadd 192.168.10.1/24 #mac tracking config create fdb mac-tracking create fdb mac-tracking create fdb mac-tracking create fdb mac-tracking create fdb mac-tracking

entry entry entry entry entry

00:01:02:03:04:01 00:01:02:03:04:02 00:01:02:03:04:03 00:01:02:03:04:04 00:01:02:03:04:05

#Log filter configuration create log filter macMoveFilter configure log filter "macMoveFilter" add events "FDB.MACTracking.MACMove" #Meter configuration for ingress /egress rate limit create meter m1 configure meter m1 peak-rate 250 mbps create meter m2 configure meter m2 peak-rate 500 mbps

262

ExtremeXOS Concepts Guide, Software Version 12.3

count c1.Sample Universal Port Configurations MAC Tracking EMS Log Message The MAC tracking feature produces the following EMS log message and message parameters: The MAC address %0% on VLAN '%1%' has moved from port %2% to port %3%" EVENT. for SAVE/EXIT log target configuration create log target upm "macMove" configure log target upm "macMove" filter "macMoveFilter" enable log target upm "macMove" Policy File Configuration This example uses the following two policy files: Ingress rate limit (ingress_limit.0/24 " "deny .168.count dacl3" create access-list dacl4 "source-address 192.3 263 .LOG_PARAM_1 "vlan name" EVENT.LOG_PARAM_2 "source port" EVENT. Software Version 12. } } ExtremeXOS Concepts Guide.11.count dacl5" configure access-list add dacl1 first ports $(EVENT.16.0/24 " "deny .# enter .168.count dacl4" create access-list dacl5 "source-address 192.count dacl2" create access-list dacl3 "source-address 192.168.LOG_PARAM_3) configure access-list add dacl5 first ports $(EVENT.0/24 " "deny .15.pol) ================================= entry ingress { if { ethernet-source-address 00:AA:00:00:00:01.# editor enable cli scripting create access-list dacl1 "source-address 192.count dacl1" create access-list dacl2 "source-address 192.0/24 " "permit .LOG_PARAM_3 "moved port" Profile Configuration The profile is configured as follows: create upm profile macMove .168.10.LOG_PARAM_3) conf access-list ingress_limit vlan v1 conf access-list ingress_limit ports $(EVENT.LOG_PARAM_3) configure access-list add dacl4 first ports $(EVENT.0/24 " "permit . } then { Meter m1.LOG_PARAM_3) configure access-list add dacl2 first ports $(EVENT.LOG_PARAM_3) configure access-list add dacl3 first ports $(EVENT.17.168.LOG_PARAM_3) conf access-list egress_limit any . ethernet-destination-address 00:BB:00:00:00:01.

7 # show log con fil Log Filter Name: DefaultFilter I/ E Component SubComponent Condition .15 # * (debug) BD-12804.----------------------I FDB MACTracking MACMove Severity CEWNISVD -------******** Severity CEWNISVD ----------N---- * (debug) BD-12804.----------.-----------.----------------------I All Log Filter Name: macMoveFilter I/ E Component SubComponent Condition .Universal Port Egress QoS (egress_limit.14 # sh fdb mac-tracking configuration SNMP trap notification : Disabled MAC address tracking table (5 entries): 00:01:02:03:04:01 00:01:02:03:04:02 00:01:02:03:04:03 00:01:02:03:04:04 00:01:02:03:04:05 * (debug) BD-12804. } then { qosprofile qp2.27 # show meter -------------------------------------------------------------------------------Name Committed Rate(Kbps) Peak Rate(Kbps) Burst Size(Kb) -------------------------------------------------------------------------------m1 -250000 -m2 -500000 -Total number of Meter(s) : 2 * (debug) BD-12804.3 .----------. count c2. } } Console Logs The following show commands display the switch configuration: * (debug) BD-12804.pol) ================================= entry egress { if { ethernet-source-address 00:BB:00:00:00:01.-----------. ethernet-destination-address 00:AA:00:00:00:01.28 # 264 ExtremeXOS Concepts Guide. Software Version 12.

config.config.Pass 2009-05-14 11:33:54 -------------------------------------------------------------------------------Number of UPM Events in Queue for execution: 0 * (debug) BD-12804.PROFILE macMove ExtremeXOS Concepts Guide.LOG_FILTER_NAME "macMoveFilter" 5 # set var EVENT.openingFile> MSM-A: Loading policy ingress_limit from file /config/ingress_limit.88 <Noti:ACL.72" 7 # set var EVENT.bind> MSM-A: Policy:bind:ingress_limit:vlan:*:port:1:18: 05/14/2009 11:33:54.Msg.LOG_MESSAGE "The MAC address %0% on VLAN '%1%' has moved from port %2% to port %3%" 11 # set var EVENT.72 <Noti:UPM. Software Version 12.87 <Info:pm.9 # sh upm history detail UPM Profile: macMove Event: Log-Message(macMoveFilter) Profile Execution start time: 2009-05-14 11:33:54 Profile Execution Finish time: 2009-05-14 11:33:54 Execution Identifier: 1 Execution Status: Pass Execution Information: 1 # enable cli scripting 2 # configure cli mode non-persistent 3 # set var EVENT.openingFile> MSM-A: Loading policy egress_limit from file /config/egress_limit.config.89 <Info:pm.87 <Info:pm.loaded> MSM-A: Loaded Policy: ingress_limit number of entries 1 05/14/2009 11:33:54.8 # show upm history -------------------------------------------------------------------------------Exec Event/ Profile Port Status Time Launched Id Timer/ Log filter -------------------------------------------------------------------------------1 Log-Message(macMoveF macMove --.upmMsgExshLaunch> MSM-A: Launched profile macMove for the event log-message A total of 8 log messages were displayed.NAME LOG_MESSAGE 4 # set var EVENT.LOG_PARAM_3 "1:18" 15 # set var EVENT.pol 05/14/2009 11:33:54.bind> MSM-A: Policy:bind:ingress_limit:vlan:v1:port:*: 05/14/2009 11:33:54. * (debug) BD-12804.7 # show log 05/14/2009 11:33:54.bind> MSM-A: Policy:bind:egress_limit:vlan:*:port:*: 05/14/2009 11:33:54.config.MACTracking" 8 # set var EVENT.LOG_PARAM_1 "v1" 13 # set var EVENT.3 265 .LOG_COMPONENT_SUBCOMPONENT "FDB.Policy.89 <Noti:ACL.LOG_PARAM_0 "00:01:02:03:04:05" 12 # set var EVENT.89 <Info:pm.Policy.Policy.LOG_PARAM_2 "1:17" 14 # set var EVENT.89 <Noti:ACL.loaded> MSM-A: Loaded Policy: egress_limit number of entries 1 05/14/2009 11:33:54.Sample Universal Port Configurations The following show commands display the switch status after a MAC address move: ================================== (debug) BD-12804.LOG_SEVERITY "Notice" 10 # set var EVENT.LOG_TIME "11:33:54.LOG_EVENT "MACMove" 9 # set var EVENT.pol 05/14/2009 11:33:54.LOG_DATE "05/14/2009" 6 # set var EVENT.

Software Version 12.0/24 " "permit .16.count dacl2" 19 # create access-list dacl3 "source-address 192.168.LOG_PARAM_3) done! 27 # conf access-list ingress_limit vlan v1 done! 28 # conf access-list ingress_limit ports $(EVENT.LOG_PARAM_3) done! 23 # configure access-list add dacl2 first ports $(EVENT.count dacl1" 18 # create access-list dacl2 "source-address 192.Universal Port 16 # enable cli scripting 17 # create access-list dacl1 "source-address 192.10.17.LOG_PARAM_3) done! 26 # configure access-list add dacl5 first ports $(EVENT.count dacl5" 22 # configure access-list add dacl1 first ports $(EVENT.168.LOG_PARAM_3) done! 24 # configure access-list add dacl3 first ports $(EVENT.7 # show fdb mac-tracking statistics MAC Tracking Statistics Thu May 14 11:41:10 2009 Add Move Delete MAC Address events events events ===================================================== 00:01:02:03:04:01 0 0 0 00:01:02:03:04:02 0 0 0 00:01:02:03:04:03 0 0 0 00:01:02:03:04:04 0 0 0 00:01:02:03:04:05 1 1 0 ===================================================== 0->Clear Counters U->page up D->page down ESC->exit 266 ExtremeXOS Concepts Guide.11.10 # * (debug) BD-12804.3 .15.count dacl3" 20 # create access-list dacl4 "source-address 192.count dacl4" 21 # create access-list dacl5 "source-address 192.0/24 " "permit .0/24 " "deny .168.0/24 " "deny .168.LOG_PARAM_3) done! 25 # configure access-list add dacl4 first ports $(EVENT.LOG_PARAM_3) done! 29 # conf access-list egress_limit any done! -------------------------------------------------------------------------------Number of UPM Events in Queue for execution: 0 * (debug) BD-12804.0/24 " "deny .168.

6 # show access-list dynamic Dynamic Rules: ((*).Sample Universal Port Configurations (debug) BD-12804.Rule is non-permanent ) (*)dacl1 (*)dacl2 (*)dacl3 (*)dacl4 (*)dacl5 (*)hclag_arp_0_4_96_1e_32_80 HealthCheckLAG * (debug) BD-12804. The following network side configuration is done: enable SNMP traps. 4620.7 # * (debug) BD-12804. Software Version 12. NOTE The MetaData information is used by the EPICenter to create a user-friendly interface to modify the variables.1x authentication. The profile is triggered after an LLDP packet is detected on the port. adjust POE reservation values based on device requirements.5 # show access-list Vlan Name Port Policy Name Dir Rules Dyn Rules =================================================================== * * egress_limit ingress 1 0 * 1:18 ingress_limit ingress 1 5 v1 * ingress_limit ingress 1 0 * (debug) BD-12804. 4625 # Requirements: LLDP capable devices #******************************** # @MetaDataStart # @ScriptDescription "This is a template for configuring network parameters for VoIP phones support LLDP but without authentication. 2007 # Tested Phones: Avaya 4610. QOS assignment. add the voiceVlan to the port as tagged. The module is triggered through the detection of an LLDP packet on the port.7 # Bound Bound Bound Bound Bound Bound to to to to to to 1 1 1 1 1 0 interfaces interfaces interfaces interfaces interfaces interfaces for for for for for for application application application application application application Cli Cli Cli Cli Cli ===================================================================================== Universal Port Handset Provisioning Module Profiles The Universal Port Handset Provisioning Module provides the following profiles: ● ● ● Device-Triggered Generic Profile on page 267 Authentication-Triggered Generic Profile on page 269 Authentication-Triggered Avaya Profile on page 270 Device-Triggered Generic Profile This is a template for configuring network parameters for VoIP phone support without 802. You can ignore the MetaData while using the CLI.3 267 . #******************************** # Last Updated: April 11. " ExtremeXOS Concepts Guide.

USER_PORT advertise vendor-specific configure lldp port $EVENT.NAME. Software Version 12.USER_PORT if (!$match($setQuality.3 .USER_PORT enable snmp traps lldp-med ports $EVENT.true)) then create log entry Config_SNMP_Traps enable snmp traps lldp ports $EVENT.USER_PORT disable snmp traps lldp-med ports $EVENT.DEVICE-DETECT)) then create log entry Starting_LLDP_Generic_Module_Config # VoiceVLAN configuration configure vlan $voicevlan add port $EVENT.0)) then create log entry Starting_LLDP_Generic_UNATUH_Module_Config if (!$match($sendTraps.DEVICE_IP.USER_PORT qosprofile qp7 endif endif if (!$match($EVENT.USER_PORT endif create log entry UNConfig_LLDP unconfig lldp port $EVENT.true)) then create log entry Config_QOS configure port $EVENT.USER_PORT advertise vendor-specific med capabilities dot1 vlan-name vlan med policy application med power-via-mdi #Configure POE settings per device requirements create log entry Config_POE configure inline-power operator-limit $EVENT.true)) then create log entry UNConfig_QOS unconfig qosprofile ports $EVENT.0.USER_PORT advertise vendor-specific voice vlan $voicevlan dscp 46 configure lldp port $EVENT.0.USER_PORT endif 268 ExtremeXOS Concepts Guide.DEVICE_POWER ports $EVENT.USER_PORT tagged #SNMP Trap if (!$match($sendTraps.DEVICE-UNDETECT) && $match($EVENT.Universal Port # @VariableFieldLabel "Voice VLAN name" set var voicevlan voiceavaya # @VariableFieldLabel "Send trap when LLDP event happens (true or false)" set var sendTraps false # @VariableFieldLabel "Set QoS Profile (true or false)" set var setQuality false # @MetaDataEnd # if (!$match($EVENT.USER_PORT disable snmp traps lldp-med ports $EVENT.USER_PORT endif #Link Layer Discovery Protocol-Media Endpoint Discover create log entry Config_LLDP configure lldp port $EVENT.NAME.0.USER_PORT else disable snmp traps lldp ports $EVENT.true)) then create log entry UNConfig_SNMP_Traps disable snmp traps lldp ports $EVENT.USER_PORT #QoS Profile if (!$match($setQuality.USER_PORT advertise vendor-specific $voicevlan configure lldp port $EVENT.

0.1x authenticated devices.0.0.USER_PORT endif if (!$match($EVENT.NAME.1x capable devices. When used with IP phones.yes)) then create log entry Config_QOS configure port $EVENT.0 create log entry $EVENT. The module is triggered through successful authentication of the device.1x authenticated devices.0.DEVICE_IP. #*********************************************** # Last Updated: April 11. netlogin configured and enabled on deployment ports #*********************************************** # @MetaDataStart # @ScriptDescription "This is a template for configuring network parameters for 802. 4625 # Requirements: 802. The module is triggered through successful authentication or unauthentication of the device.3 269 .USER_PORT qosprofile qp7 configure qosprofile qp7 minbw $lowbw maxbw $highbw ports $EVENT. 4620. The following network side configuration is done: QOS assignment and enables DOS protection.NAME. This profile assumes that the phone does not support LLDP and is provisioned using DHCP options.TIME endif create log entry End_LLDP_Generic_Module_Config Authentication-Triggered Generic Profile This profile has been created for phones that support an authentication protocol. phone provisioning is done through DHCP options.0." # @Description "VLAN name to add to port" set var vlan1 voiceavaya # @VariableFieldLabel "Set QoS Profile (yes or no)" set var setQuality yes # @Description "QoS Profile (0-100)" set var lowbw 50 # @VariableFieldLabel "QoS MAX Bandwidth (0-100)" set var highbw 100 # @VariableFieldLabel "Enable Denial of Service Protection (yes or no)" set var dosprotection yes # @MetaDataEnd ################################## # Start of USER-AUTHENTICATE block ################################## if (!$match($EVENT.Sample Universal Port Configurations unconfig inline-power operator-limit ports $EVENT. This is a template for configuring network parameters for 802.DEVICE-UNDETECT) && !$match($EVENT. Software Version 12.USER-AUTHENTICATED)) then ############ #QoS Profile ############ # Adds a QOS profile to the port if (!$match($setQuality.0)) then create log entry DoNothing_0.USER_PORT endif # ExtremeXOS Concepts Guide. 2007 # Tested Phones: Avaya 4610.

45. SW4620 # Requirements: 802.yes)) then enable dos-protect create log entry DOS_enabled endif # endif ################################ # End of USER-AUTHENTICATE block ################################ # # #################################### # Start of USER-UNAUTHENTICATE block #################################### if (!$match($EVENT.Universal Port ######################## #Security Configurations ######################## create log entry Applying_Security_Limits # enables Denial of Service Protection for the port if (!$match($dosprotection. file server.USER_PORT endif ################################## # End of USER-UNAUTHENTICATE block ################################## create log entry End_802_1x_Generic_Module_Config Authentication-Triggered Avaya Profile This script has been created for Avaya phones that support both 802. #******************************** # Last Updated: April 11.100 # @VariableFieldLabel "Avaya phone file server IP address" set var fileserver 192.yes)) then create log entry UNConfig_QOS unconfig qosprofile ports $EVENT.45. Additionally the following network side configuration is done: enable SNMP traps and QOS assignment" # @VariableFieldLabel "Avaya phone call server IP address" set var callserver 192.10. dot1q. Instead of using DHCP options.USER_PORT endif unconfig inline-power operator-limit ports $EVENT. VSA 203 and VSA 212 from authentiication server. 2007 # Tested Phones: SW4610. This module will provision the phone with the following parameters: call server.250 # @VariableFieldLabel "Send trap when LLDP event happens (true or false)" set var sendTraps true # @VariableFieldLabel "Set QoS Profile (true or false)" 270 ExtremeXOS Concepts Guide. the phone is provisioned using LLDP parameters developed jointly by Extreme Networks and Avaya. Software Version 12.USER-UNAUTHENTICATED)) then create log entry Starting_8021x_Generic_UNATUH_Module_Config if (!$match($setQuality. power.3 .NAME. QP7 defined on the switch #******************************** # @MetaDataStart # @ScriptDescription "This is a template for configuring LLDP capable Avaya phones using the authentication trigger. dscp.95.1x authentication server.1x authentication and LLDP.

Sample Universal Port Configurations set var setQuality true # @MetaDataEnd # if (!$match($EVENT.USER_PORT endif endif create log entry End_Avaya_VOIP_802.USER-AUTHENTICATED)) then create log entry Starting_Avaya_VOIP_802.USER_PORT else disable snmp traps lldp ports $EVENT.USER_PORT enable snmp traps lldp-med ports $EVENT.USER_PORT advertise vendor-specific avaya-extreme callserver $callserver configure lldp port $EVENT.3 271 .USER_PORT configure lldp port $EVENT.4 # Create upm profile p1 Enable port 1:1 .true)) then unconfig qosprofile ports $EVENT.USER-UNAUTHENTICATED)) then create log entry Starting_Avaya_VOIP_802.1x_UNATUH_Module_Config if (!$match($sendTraps.USER_PORT enable snmp traps lldp-med ports $EVENT.true)) then configure port $EVENT.USER_PORT endif enable lldp port $EVENT.USER_PORT advertise vendor-specific avaya-extreme fileserver $fileserver configure lldp port $EVENT. * BD-10808.USER_PORT advertise vendor-specific avaya-extreme dot1qframing tag if (!$match($setQuality.NAME.USER_PORT endif disable lldp port $EVENT.1x_Module_Config Sample Static Profiles The following configuration creates a profile and runs it statically: * BD-10808. Software Version 12.USER_PORT else disable snmp traps lldp ports $EVENT.USER_PORT disable snmp traps lldp-med ports $EVENT.USER_PORT if (!$match($setQuality.true)) then enable snmp traps lldp ports $EVENT.true)) then enable snmp traps lldp ports $EVENT.USER_PORT advertise vendor-specific dot1 vlan-name configure lldp port $EVENT.USER_PORT qosprofile qp7 endif endif # if (!$match($EVENT.4 #run upm profile p1 ExtremeXOS Concepts Guide.NAME.1x_AUTH_Module_Config if (!$match($sendTraps.USER_PORT disable snmp traps lldp-med ports $EVENT.

0 # Description: This profile configures the switch with an EAPs ring. #*********************************************** # Last Updated: May 11.PROFILE p1 5 # enable port 1:1 This profile creates and configures EAPS on the edge switch for connecting to the aggregation switch. 2007 # Tested Devices: X450e EXOS 12. Network login.TIME 1161172575 4 # set var EVENT.3 . Time run: 2006-10-18 11:56:15 Execution Identifier: 8006 Execution Status: Pass Execution Information: 1 # enable cli scripting 2 # set var EVENT. configures network login.1x. The profile will configure the listed features: EAPs ring. #*********************************************** # @MetaDataStart # @ScriptDescription “This is a template for configuring network parameters for edge Summit devices. creates specified # vlans. configure network login. 802. vlans. Software Version 12. RADIUS. and configures the RADIUS client component on the switch.4 # show upm history exec 8006 UPM Profile: p1 Event: User Request .NAME USER-REQUEST 3 # set var EVENT. and default routes.” # @VariableFieldLabel “Create EAPs ring? (yes or no)” set var yneaps yes # @VariableFieldLabel “Name of EAPs domain” set var eapsdomain upm-domain # @VariableFieldLabel “Primary port number” set var eapsprimary 23 # @VariableFieldLabel “Secondary port number” set var eapssecondary 24 # @VariableFieldLabel “Name of EAPs control VLAN” set var eapsctrl upm_ctrl # @VariableFieldLabel “Tag for EAPs control VLAN” set var eapsctrltag 4000 # @VariableFieldLabel “Create standard VLANs? (yes or no)” set var ynvlan yes # @VariableFieldLabel “Name of Voice vlan” set var vvoice voice # @VariableFieldLabel “Voice VLAN tag” set var vvoicetag 10 # @VariableFieldLabel “Voice VLAN virtual router” set var vvoicevr vr-default # @VariableFieldLabel “Name of Security Video” set var vidsec vidcam # @VariableFieldLabel “Security Video VLAN tag” set var vidsectag 40 # @VariableFieldLabel “Security Video VLAN virtual router” set var vidsecvr vr-default # @VariableFieldLabel “Name of Data vlan” set var vdata datatraffic # @VariableFieldLabel “Data VLAN tag” set var vdatatag 11 272 ExtremeXOS Concepts Guide. creates specific VLANs and assigns tags.Universal Port * BD-10808.

11.yes)) then create log entry CreateStandardVLANs create vlan $vvoice vr $vvoicevr config vlan $vvoice tag $vvoicetag config vlan $vvoice add port $eapsprimary tagged config vlan $vvoice add port $eapssecondary tagged config eaps $eapsdomain add protected $vvoice enable lldp ports $netloginports create qosprofile qp5 config vlan $vvoice ipa 192.144 # @VariableFieldLabel “RADIUS Client IP Address” set var radclient 192.168.221 # create vlan $vidsec vr $vidsecvr config vlan $vidsec tag $vidsectag config vlan $vidsec add port $eapsprimary tagged config vlan $vidsec add port $eapssecondary tagged config eaps $eapsdomain add protected $vidsec config vlan $vidsec ipa 192.221 # ExtremeXOS Concepts Guide.168.168.168.221 # @VariableFieldLabel “RADIUS Server Shared Secret” set var radsecret goextreme # @VariableFieldLabel “Network Login port list” set var netloginports 1-20 # @MetaDataEnd ################################## # Start of EAPs Configuration block ################################## if (!$match($yneaps.yes)) then create log entry Config_EAPs config eaps config-warnings off create eaps $eapsdomain config eaps $eapsdomain mode transit config eaps $eapsdomain primary port $eapsprimary config eaps $eapsdomain secondary port $eapssecondary create vlan $eapsctrl config $eapsctrl tag $eapsctrltag config $eapsctrl qosprofile qp8 config $eapsctrl add port $eapsprimary tagged config $eapsctrl add port $eapssecondary tagged config eaps $eapsdomain add control vlan $eapsctrl enable eaps enable eaps $eapsdomain else create log entry EAPs_Not_Configured endif ############ #VLAN Config ############ if (!$match($ynvlan.40.11.3 273 .Sample Universal Port Configurations # @VariableFieldLabel “Data VLAN virtual router” set var vdatavr vr-default # @VariableFieldLabel “Enable Network Login? (yes or no)” set var ynnetlogin yes # @VariableFieldLabel “RADIUS Server IP Address” set var radserver 192. Software Version 12.10.

Universal Port create vlan $vdata vr $vdatavr config vlan $vdata tag $vdatatag config vlan $vdata add port $eapsprimary tagged config vlan $vdata add port $eapssecondary tagged config eaps $eapsdomain add protected $vdata config vlan $vdata ipa 192.0.204 set var fileServer 192.168.168.1/24 # Create the universal port profile for device-detect on the switch. Software Version 12.168.254 vr vr-default else create log entry NoVLANsCreated endif ############ #RADIUS & Netlogin ############ if (!$match($ynnetlogin.11.for block mode capability create log entry Starting_Script_DETECT-voip set var callServer 192.2 # configure voice ipaddress 192.1 # create vlan voice X450e-24p. as the first and the only character on a line.10.11. # X450e-24p. Use .168.10.168.194 set var voiceVlan voice set var CleanupProfile CleanPort set var sendTraps false # create log entry Starting_DETECT-VOIP_Port_$EVENT.3 # create upm profile detect-voip Start typing the profile and end with a .168.11.USER_PORT 274 ExtremeXOS Concepts Guide.221 create vlan nvlan config netlogin vlan nvlan config default del po $netloginports enable netlogin dot1x enable netlogin mac enable netlogin ports $netloginports dot1x mac config netlogin ports $netloginports mode mac-based-vlans config radius netlogin primary server $radserver client-ip $radclient vr VR-Default config radius netlogin primary shared-secret $radsecret enable radius netlogin config netlogin add mac-list 00:19:5B:D3:e8:DD else create log entry NoNetlogin endif Sample Configuration with Device-Triggered Profiles The following example demonstrates how to configure Universal Port for device detection: # Create and configure the VLAN for the VoIP network.221 # config ipr add default 192.edit upm profile <name> .3 .yes)) then create log entry ConfigNetlogin #configure $vdata ipaddress 192. # X450e-24p.

USER_PORT unconfigure lldp port $EVENT.USER_PORT #configure $voiceVlan delete port $EVENT.Sample Universal Port Configurations #********************************************************** # adds the detected port to the device "unauthenticated" profile port list #********************************************************** create log entry Updating_UnDetect_Port_List_Port_$EVENT.USER_PORT tag #********************************************************** # Configure the LLDP options that the phone needs #********************************************************** configure lldp port $EVENT.USER_PORT advertise vendor-specific avaya-extreme callavaya-extreme fileavaya-extreme dot1qmed capabilities #configure lldp port $EVENT.USER_PORT advertise vendor-specific med power-via-mdi #configure inline-power operator-limit $EVENT. # * X450e-24p.USER_PORT advertise vendor-specific med policy application voice vlan $voiceVlan dscp 46 #********************************************************** # Configure the POE limits for the port based on the phone requirement #********************************************************** # If port is PoE capable.USER_PORT #unconfigure upm event device-undetect profile avaya-remove ports $EVENT.USER_PORT advertise vendor-specific framing tagged configure lldp port $EVENT. X450e-24p.USER_PORT advertise vendor-specific server $fileServer configure lldp port $EVENT.USER_PORT create log entry LLDP_Info_Cleared_on_$EVENT.edit upm profile <name> .3 275 .5 # create upm profile clearports Start typing the profile and end with a . Software Version 12.for block mode capability create log entry STARTING_UPM_Script_CLEARPORT_on_$EVENT. uncomment the following lines #configure lldp port $EVENT.DEVICE_POWER ports $EVENT.USER_PORT #********************************************************** # adds the detected port to the proper VoIP vlan #********************************************************** configure $voiceVlan add port $EVENT.USER_PORT . Use .USER_PORT configure upm event Device-UnDetect profile CleanupProfile ports $EVENT.USER_PORT create log entry POE_Settings_Cleared_on_$EVENT.USER_PORT create log entry Script_DETECT-phone_Finished_Port_$EVENT.USER_PORT advertise vendor-specific server $callServer configure lldp port $EVENT.USER_PORT ExtremeXOS Concepts Guide.USER_PORT unconfigure inline-power operator-limit ports $EVENT. as the first and the only character on a line.4 # # Create the universal port profile for device-undetect on the switch.

5 # # # Assign the device-detect profile to the edge ports.enabled Event name: log-message(Log filter name) .9 # show upm profile UPM Profile Events Flags Ports ============================================================= clearports Device-Undetect e 1-10 detect-voip Device-Detect e 1-10 =========================================================== Number of UPM Profiles: 2 Number of UPM Events in Queue for execution: 0 Flags: d .6 # config upm event device-detect profile detect-voip ports 1-10 # # Assign the device-undetect profile to the edge ports. # #Sample entry of using an individual MAC addresses 00040D50CCC3 Auth-Type := EAP. Extreme-Netlogin-VLAN = voice #Sample entry of using wildcard MAC addresses (OUI Method) 00040D000000 Auth-Type := EAP.3 .disabled. User-Password == "00040D50CCC3" Extreme-Security-Profile = "phone LOGOFF-PROFILE=clearport.7 # config upm event device-undetect profile clearports ports 1-10 * X450e-24p.USER_PORT . # * X450e-24p. The first part of the example shows the RADIUS server configuration. Software Version 12. For more information on RADIUS server configuration. e . User-Password == "1234" 276 ExtremeXOS Concepts Guide. User-Password == "1234" Extreme-Security-Profile = "phone LOGOFF-PROFILE=clearport.Universal Port create log entry FINISHED_UPM_Script_CLEARPORT_on_$EVENT. # * X450e-24p. # * X450e-24p. edit the users file located at /etc/raddb/users as shown in the # following lines.8 # # # Verify that correct profiles are assigned to correct ports.".” # Configure the RADIUS server for the userID and password pair. # For FreeRADIUS. * X450e-24p. Extreme-Netlogin-VLAN = voice #Sample entry of using numeric UserID and password 10284 Auth-Type := EAP.10 # enable lldp ports 1-10 Sample Configuration with User-Triggered Profiles The example in this section demonstrates how to configure a RADIUS server and Universal Port for user login. “Security. # * X450e-24p. see Chapter 22.".Truncated to 20 chars # # Enable LLDP message advertisements on the ports assigned to universal ports.

1 # create upm profile phone Start typing the profile and end with a . edit the dictionary file located at //etc/raddb/dictionary to # include the following details: VENDOR Extreme 1916 ATTRIBUTE Extreme-CLI-Authorization 201 integer Extreme ATTRIBUTE Extreme-Shell-Command 202 string Extreme ATTRIBUTE Extreme-Netlogin-Vlan 203 string Extreme ATTRIBUTE Extreme-Netlogin-Url 204 string Extreme ATTRIBUTE Extreme-Netlogin-Url-Desc 205 string Extreme ATTRIBUTE Extreme-Netlogin-Only 206 integer Extreme ATTRIBUTE Extreme-User-Location 208 string Extreme ATTRIBUTE Extreme-Netlogin-Vlan-Tag 209 integer Extreme ATTRIBUTE Extreme-Netlogin-Extended-Vlan 211 string Extreme ATTRIBUTE Extreme-Security-Profile 212 string Extreme VALUE Extreme-CLI-Authorization VALUE Extreme-CLI-Authorization VALUE Extreme-Netlogin-Only VALUE Extreme-Netlogin-Only # End of Dictionary Disabled Enabled Disabled Enabled 0 1 0 1 # Add the switch as an authorized client of the RADIUS server. edit the file located at //etc/raddb/clients.conf The rest of this example demonstrates the configuration that takes place at the ExtremeXOS switch: # Create the universal port profile for user-authenticate: * X450e-24p.194 set var voiceVlan voice set var CleanupProfile CleanPort set var sendTraps false # create log entry Starting_AUTH-VOIP_Port_$EVENT. as the first and the only character on a line. # For FreeRADIUS. Software Version 12.168.168.conf to include the # switches as details: # client 192.10.10. Extreme-Netlogin-Vlan = v-sales # Define the Extreme custom VSAs on RADIUS.204 set var fileServer 192. Use .Sample Universal Port Configurations Extreme-Security-Profile = "voip LOGOFF-PROFILE=voip".USER_PORT ExtremeXOS Concepts Guide.10. # For FreeRADIUS.for block mode capability create log entry Starting_Script_Phone set var callServer 192. User-Password == "Money" Extreme-Security-Profile = "Sales-qos LOGOFF-PROFILE=Sales-qos".4 { secret = purple shortname = x450e-24p # End of clients.edit upm profile <name> .3 277 .168. Extreme-Netlogin-Vlan = voice #Sample entry of using a text UserID and password Sales Auth-Type := EAP.

USER_PORT advertise vendor-specific avaya-extreme call$EVENT.4 # config radius primary server 192.USER_PORT unconfigure inline-power operator-limit ports $EVENT.USER_PORT advertise vendor-specific avaya-extreme dot1q$EVENT. X450e-24p.USER_PORT #****************************************************** # Configure the LLDP options that the phone needs #****************************************************** configure lldp port server $callServer configure lldp port server $fileServer configure lldp port framing tagged configure lldp port $EVENT.USER_PORT . # 278 ExtremeXOS Concepts Guide.3 . as the first and the only character on a line.4 vr "VR-Default" * X450e-24p.10. Use .USER_PORT create log entry LLDP_Info_Cleared_on_$EVENT.USER_PORT .USER_PORT advertise vendor-specific avaya-extreme file$EVENT.USER_PORT create log entry POE_Settings_Cleared_on_$EVENT.USER_PORT create log entry FINISHED_Script_CLEARPORT_on_$EVENT.11. # * X450e-24p. uncomment the following lines #create log entry UPM_Script_A-Phone_Finished_Port_$EVENT.for block mode capability create log entry STARTING_Script_CLEARPORT_on_$EVENT.USER_PORT advertise vendor-specific med capabilities # If port is PoE capable.Universal Port #****************************************************** # adds the detected port to the device "unauthenticated" profile port list #****************************************************** create log entry Updating_Unauthenticated_Port_List_Port_$EVENT. Software Version 12. * X450e-24p.144 client-ip 192.2 # # Configure RADIUS on the edge switch.USER_PORT unconfigure lldp port $EVENT.1 # create upm profile clearport Start typing the profile and end with a .168.edit upm profile <name> .2 # # # Create the universal port profile for user-unauthenticate on the switch: # * X450e-24p.168.5 # config radius primary shared-secret purple # Configure Network Login on the edge switch.

e . Software Version 12.11 # enable radius netlogin # # For Network Login MAC-based or OUI method.8 # config netlogin vlan nvlan * X450e-24p.m.10 # enable netlogin ports 11-20 mode mac-based-vlans * X450e-24p.: * X450e-24p. Use . # * X450e-24p.9 # enable netlogin dot1x * X450e-24p. # * X450e-24p.11 # enable radius netlogin # Assign the user-authenticate profile to the edge port.17 # enable lldp ports 11-20 Sample Timer-Triggered Profile The following profile and timer configuration disables PoE on ports 1 to 20 everyday at 6 p. # * X450e-24p.edit upm profile <name> .10 # config netlogin add mac-list 00:04:0D:00:00:00 24 1234 * X450e-24p.Sample Universal Port Configurations For Network Login 802.14 # configure upm event user-unauthenticated profile "clearport" ports 11-20 * X450e-24p.1 # create upm profile eveningpoe Start typing the profile and end with a .12 # configure upm event user-authenticate profile "phone" ports 11-20 * X450e-24p.7 # create vlan nvlan * X450e-24p.enabled Event name: log-message(Log filter name) .3 279 .15 # # Check that the correct profiles are assigned to the correct ports.for block mode capability create log entry Starting_Evening disable inline-power ports 1-20 ExtremeXOS Concepts Guide.Truncated to 20 chars # Enable LLDP message advertisements on the ports. as the first and the only character on a line.7 # create vlan nvlan * X450e-24p.16 # show upm profile =========================================================== UPM Profile Events Flags Ports =========================================================== phone User-Authenticated e 11-20 clearport User-Unauthenticated e 11-20 =========================================================== Number of UPM Profiles: 5 Number of UPM Events in Queue for execution: 0 Flags: d . # * X450e-24p.13 # # Assign the user-unauthenticate profile to the edge port.1x.disabled. use the following commands: * X450e-24p.8 # config netlogin vlan nvlan * X450e-24p. use the following commands: * X450e-24p.9 # enable netlogin mac * X450e-24p.

but it is also possible to disable the egress port to break loops. By leveraging Universal Port and the Extreme Loop Recovery Protocol (ELRP) as shown in example below.46 <Warn:ELRP. 64 received.” Below is the Universal Port profile configuration for this example: Create upm profile p1 set var z1 $uppercase($EVENT. User-Password == "test" Extreme-security-profile = "p1 QOS=\"QP8\".3 # create upm timer night *X450e-24p.2 *X450e-24p. the script configures the QoS profile configured by the user in the RADIUS server for the USER-AUTHENTICATED event. USER-AUTHENTICATED) == 0) then if ($match($z1.5 # config upm timer night at 7 7 2007 19 00 00 every 86400 Sample Profile with QoS Support The example below can be used with a Summit X450 series switch that supports QoS profiles qp1 and qp8.NAME. and Universal Port on the switch as part of the user log-in authentication process.VLAN=\"voicetest\". In this example.Report. ingress slot:port (1) egress slot:port (24) 280 ExtremeXOS Concepts Guide. When the user or phone logs in with a particular MAC address.Message> [CLI:ksu:1] LOOP DETECTED : 436309 transmited. Should these loops develop. Software Version 12.3 .USER_MAC) set var z2 $uppercase(00:04:0d:9d:12:a9) #show var z1 #show var z2 if ($match($EVENT.LOGOFF-PROFILE=p2.USER_PORT qosprofile $QOS endif endif . the Spanning Tree Protocol (STP) can create loops in a network. You must configure network login. *X450e-24p." For more information on configuring the RADIUS users file. $z2) == 0) then configure port $EVENT. When a loop is detected on ports where ELRP is enabled and configured. they can cause network degradation and eventually crash the network by duplicating too many Ethernet frames.Universal Port . “Security.4 # config upm timer night profile eveningpoe *X450e-24p. see Chapter 22. the RADIUS server. Sample Event Profile If not configured properly. ELRP logs a message using the following format: 01/17/2008 08:08:04. it is not only possible to detect and isolate the egress port. the user sets the QoS profile to be qp8. The following example is an entry in the RADIUS users file for the MAC address of the phone: 00040D9D12A9 Auth-Type := local.

----------. %5% received.upmMsgExshLaunch> Launched profile disable_port_elrp for the event log-message ExtremeXOS Concepts Guide.Report. Two log messages will be logged when the loop is detected on ports 1 and 24 and ELRP is enabled both.Report. and the interval is “1.------------.” If a loop is detected.string 4 . and ports 1 and 24 should be disabled. You can view this by entering the show log command as in the following example: > show log 01/17/2008 08:08:05.Msg.number (32-bit unsigned int) 3 .LOG_PARAM_7 . connect the ports 1 and 24 to form a loop.info> Port 24 link down 01/17/2008 08:08:05.3 281 .---------ELRP Report Message Warning 8 total 0 .dbg.Message" details Comp SubComp Condition Severity Parameters ------.49 <Info:vlan. If we enable ELRP on only one port.Message match string “LOOP” enable log target upm “disable_port_elrp” configure log target upm “disable_port_elrp” filter f1 At this point.22 <Noti:UPM.Sample Universal Port Configurations To view more information on format of this command. We observe that parameter 7 is the one we have to disable from the above log message and the details for that event. The following procedure configures Universal Port to disable the egress port identified by parameter 7: 1 Create the profile and add the command to disable the egress port as follows: create upm profile disable_port_elrp disable port $EVENT. ingress slot:port (%6%) egress slot:port (%7%)" In the example log statement.string "[%0%:%1%:%2%] %3% : %4% transmited. 2 Verify that the profile is created and enabled by entering the following command: show upm profile 3 Create the EMS configuration by entering the following commands: create log target upm disable_port_elrp create log filter f1 configure log target f1 add event ELRP.string 1 . In this example.6 # show log events "ELRP.----------------------. Software Version 12. the ports is all. This triggers the disable_port_elrp profile twice.string 2 . we enable ELRP on all ports of a VLAN as follows: configure elrp-client periodic <vlan> ports <all> interval 1 We want the profile to disable egress ports 1 and 24 (which have been configured for loop).number (unsigned int) 6 . then the port alone would be disabled. enter the show log events command as shown in the following example: * BD8810-Rack2.string 7 .number (32-bit unsigned int) 5 . the VLAN ksu. we want to disable the egress port on which the ELRP control packets went out.

The module is triggered through the detection of an LLDP packet on the port.Msg.USER_PORT advertise vendor-specific med capabilities configure lldp port $EVENT. To view the configuration.NAME.Report. Sample Configuration for Generic VoIP LLDP #******************************** # Last Updated: March 20. enter the show upm history command.46 <Noti:UPM. 64 received.USER_PORT endif #Link Layer Discovery Protocol-Media Endpoint Discover create log entry Config_LLDP configure lldp port $EVENT.1x authentication. ingress slot:port (24) egress slot:port (1) 01/17/2008 08:08:03.46 <Warn:ELRP. ingress slot:port (1) egress slot:port (24) 01/17/2008 08:08:04.dbg.50 <Info:vlan.upmMsgExshLaunch> Launched profile disable_port_elrp for the event log-message 01/17/2008 08:08:04.69 <Info:vlan.Message> [CLI:ksu:1] LOOP DETECTED : 436309 transmited.info> Port 24 link up at 1 Gbps speed and fullduplex To view the profile execution history. add the voiceVlan to the port as tagged.3 .Universal Port 01/17/2008 08:08:04. use the show config upm and show config ems commands. QOS assignment.info> Port 1 link down 01/17/2008 08:08:04.USER_PORT advertise vendor-specific dot1 vlan-name vlan $voicevlan 282 ExtremeXOS Concepts Guide. Software Version 12.Report. 63 received.USER_PORT enable snmp traps lldp-med ports $EVENT." # @Description "Voice VLAN name" set var voicevlan voice # @Description "Send trap when LLDP event happens (true or false)" set var sendTraps false # @Description "Set QoS Profile (true or false)" set var setQuality false # @META_DATA_END # if (!$match($EVENT.true)) then create log entry Config_SNMP_Traps enable snmp traps lldp ports $EVENT. adjust POE reservation values based on device requirements.USER_PORT disable snmp traps lldp-med ports $EVENT.46 <Warn:ELRP.dbg. The following network side configuration is done: enable SNMP traps.Message> [CLI:ksu:1] LOOP DETECTED : 436309 transmited. 4625 # Requirements: LLDP capable devices #******************************** # @META_DATA_START # @FileDescription "This is a template for configuring network parameters for VoIP phones support LLDP but without 802. enter the show upm history details command to see all the profiles or display information on a specific event by entering the exec-id. If you want to see the more details.DEVICE-DETECT)) then create log entry Starting_LLDP_Generic_Module_Config # VoiceVLAN configuration configure vlan $voicevlan add port $EVENT.USER_PORT tagged #SNMP Trap if (!$match($sendTraps.USER_PORT else disable snmp traps lldp ports $EVENT. 2007 # Tested Phones: Avaya 4610. 4620.

NAME. The following network side configuration is done: QOS assignment and enables DOS protection.0)) then create log entry Starting_LLDP_Generic_UNATUH_Module_Config if (!$match($sendTraps.0. phone provisioning is done through DHCP options. 4620.1x capable devices.NAME. 2007 # Tested Phones: Avaya 4610.USER_PORT advertise vendor-specific med policy application voice vlan $voicevlan dscp 46 configure lldp port $EVENT.USER_PORT endif create log entry UNConfig_LLDP unconfig lldp port $EVENT.USER_PORT endif if (!$match($EVENT. Software Version 12.USER_PORT disable snmp traps lldp-med ports $EVENT.0.1x authenticated devices." # @Description "VLAN name to add to port" set var vlan1 voice # @Description "Set QoS Profile (yes or no)" set var setQuality yes # @Description "QoS Profile (0-100)" set var lowbw 50 # @Description "QoS MAX Bandwidth (0-100)" ExtremeXOS Concepts Guide.TIME endif create log entry End_LLDP_Generic_Module_Config Sample Configuration for Generic VoIP 802.Sample Universal Port Configurations configure lldp port $EVENT.USER_PORT endif unconfig inline-power operator-limit ports $EVENT.USER_PORT #QoS Profile if (!$match($setQuality.DEVICE_IP.true)) then create log entry Config_QOS configure port $EVENT.0.0. netlogin configured and enabled on deployment ports #*********************************************** # @META_DATA_START # @FileDescription "This is a template for configuring network parameters for 802.0 create log entry $EVENT. 4625 # Requirements: 802.DEVICE_POWER ports $EVENT.DEVICE-UNDETECT) && $match($EVENT.USER_PORT qosprofile qp7 endif endif if (!$match($EVENT.0. The module is triggered through successful authentication of the device.1x #*********************************************** # Last Updated: April 6.0.USER_PORT if (!$match($setQuality.USER_PORT advertise vendor-specific med power-via-mdi #Configure POE settings per device requirements create log entry Config_POE configure inline-power operator-limit $EVENT.true)) then create log entry UNConfig_QOS unconfig qosprofile ports $EVENT.3 283 . When used with IP phones.DEVICE-UNDETECT) && !$match($EVENT.0)) then create log entry DoNothing_0.0.0.true)) then create log entry UNConfig_SNMP_Traps disable snmp traps lldp ports $EVENT.DEVICE_IP.

file server. This module will provision the phone with the following parameters: call server. SW4620 # Requirements: 802. QP7 defined on the switch# ******************************** # @META_DATA_START # @FileDescription "This is a template for configuring LLDP capable Avaya phones using the authentication trigger.250 # @Description "Send trap when LLDP event happens (true or false)" set var sendTraps true # @Description "Set QoS Profile (true or false)" set var setQuality true # @META_DATA_END 284 ExtremeXOS Concepts Guide.45. Additionally the following network side configuration is done: enable SNMP traps and QOS assignment.Universal Port set var highbw 100 # @Description "Enable Denial of Service Protection (yes or no)" set var dosprotection yes # @META_DATA_END ################################## # Start of USER-AUTHENTICATE block ################################## if (!$match($EVENT.USER_PORT endif # ######################## #Security Configurations ######################## create log entry Applying_Security_Limits # enables Denial of Service Protection for the port if (!$match($dosprotection.95.1x authentication server.yes)) then create log entry Config_QOS configure port $EVENT.100 # @Description "Avaya phone file server IP address" set var fileserver 192. dscp.10." # @Description "Avaya phone call server IP address" set var callserver 192. Software Version 12.yes)) then enable dos-protect create log entry DOS_enabled endif # endif ################################ # End of USER-AUTHENTICATE block Sample Configuration for Avaya VoIP 802. VSA 203 and VSA 212 from authentiication server.45. dot1q.3 . power.NAME. 2007 # Tested Phones: SW4610.1x #******************************** # Last Updated: March 20.USER-AUTHENTICATED)) then ############ #QoS Profile ############ # Adds a QOS profile to the port if (!$match($setQuality.USER_PORT qosprofile qp7 configure qosprofile qp7 minbw $lowbw maxbw $highbw ports $EVENT.

Sample Universal Port Configurations # if (!$match($EVENT.true)) then enable snmp traps lldp ports $EVENT.0/24 " "permit " create access-list $(DEVICE_MAC)_192_168_2_0 "ethernet-source-address $DEVICE_MAC destination-address 192.0/24 " "permit " create access-list $(DEVICE_MAC)_smtp "ethernet-source-address $DEVICE_MAC . destination-port 25" "permit create access-list $(DEVICE_MAC)_http "ethernet-source-address $DEVICE_MAC .168. protocol tcp .USER_PORT advertise vendor-specific avaya-extreme callserver $callserver configure lldp port $EVENT. protocol tcp .USER_PORT if (!$match($setQuality.USER_PORT configure lldp port $EVENT. protocol tcp .3. destination-address 192.USER_PORT advertise vendor-specific avaya-extreme dot1qframing tag if (!$match($setQuality.USER-AUTHENTICATED) ) then create access-list $(DEVICE_MAC)_192_168_1_0 "ethernet-source-address $DEVICE_MAC destination-address 192.true)) then configure port $EVENT. destination-port 443" "permit " .NAME.USER_PORT enable snmp traps lldp-med ports $EVENT.USER-UNAUTHENTICATED)) then create log entry Starting_Avaya_VOIP_802.NAME.168.125/32 .100.USER_PORT endif endif create log entry End_Avaya_VOIP_802.3 285 .true)) then enable snmp traps lldp ports $EVENT.USER_PORT advertise vendor-specific avaya-extreme fileserver $fileserver configure lldp port $EVENT.true)) then unconfig qosprofile ports $EVENT.1.USER_PORT qosprofile qp7 endif endif # if (!$match($EVENT. destination-port 80" "permit " create access-list $(DEVICE_MAC)_https "ethernet-source-address $DEVICE_MAC .USER_PORT endif enable lldp port $EVENT. .1x_AUTH_Module_Config if (!$match($sendTraps. . Software Version 12.USER_PORT advertise vendor-specific dot1 vlan-name configure lldp port $EVENT.USER-AUTHENTICATED)) then create log entry Starting_Avaya_VOIP_802.0/24 " "permit " create access-list $(DEVICE_MAC)_192_168_3_0 "ethernet-source-address $DEVICE_MAC destination-address 192. " ExtremeXOS Concepts Guide.USER_PORT else disable snmp traps lldp ports $EVENT.USER_PORT enable snmp traps lldp-med ports $EVENT.1x_Module_Config Dynamic Security Policy if (!$match($CLI_EVENT.USER_PORT else disable snmp traps lldp ports $EVENT.1x_UNATUH_Module_Config if (!$match($sendTraps.USER_PORT disable snmp traps lldp-med ports $EVENT.168.USER_PORT disable snmp traps lldp-med ports $EVENT.168.2.USER_PORT endif disable lldp port $EVENT.

USER-UNAUTHENTICATED) ) then # Clean up configure access-list delete $(DEVICE_MAC)_192_168_1_0 ports $USER_PORT configure access-list delete $(DEVICE_MAC)_192_168_2_0 ports $USER_PORT configure access-list delete $(DEVICE_MAC)_192_168_3_0 ports $USER_PORT configure access-list delete $(DEVICE_MAC)_smtp ports $USER_PORT configure access-list delete $(DEVICE_MAC)_http ports $USER_PORT configure access-list delete $(DEVICE_MAC)_https ports $USER_PORT configure access-list delete $(DEVICE_MAC)_dhcp ports $USER_PORT configure access-list delete $(DEVICE_MAC)_deny ports $USER_PORT delete access-list $(DEVICE_MAC)_192_168_1_0 delete access-list $(DEVICE_MAC)_192_168_2_0 delete access-list $(DEVICE_MAC)_192_168_3_0 delete access-list $(DEVICE_MAC)_smtp delete access-list $(DEVICE_MAC)_http delete access-list $(DEVICE_MAC)_https delete access-list $(DEVICE_MAC)_dhcp delete access-list $(DEVICE_MAC)_deny endif Sample Configuration for a Video Camera This template adds an ACL to an edge port when a video camera connects. #*********************************************** # Last Updated: March 9.0.Universal Port create access-list $(DEVICE_MAC)_dhcp "protocol udp. 2007 # Tested Devices: Dlink DCS 1110 # Requirements: netlogin configured and enabled on deployment ports #*********************************************** # @MetaDataStart # @ScriptDescription "This is a template for configuring the switch for the right environment for this webcam. The profile configures and applies an ACL onto a switch port when a user authenticates.0. destination-port 67" "permit" create access-list $(DEVICE_MAC)_deny "destination-address 0. This ACL blocks a particular IP address from accessing the video camera and assigns the user to QoS profile 7. Software Version 12. It creates a dynamic access-list to restrict access" # @Description "VLAN name to add to port" # set var vlan1 voiceavaya # @VariableFieldLabel "Set QoS Profile (yes or no)" # set var setQuality yes # @Description "QoS Profile (0-100)" # set var lowbw 50 # @VariableFieldLabel "QoS MAX Bandwidth (0-100)" # set var highbw 100 # @MetaDataEnd ################################## 286 ExtremeXOS Concepts Guide.0/0" "deny " configure access-list add $(DEVICE_MAC)_192_168_1_0 first port $USER_PORT configure access-list add $(DEVICE_MAC)_192_168_2_0 first port $USER_PORT configure access-list add $(DEVICE_MAC)_192_168_3_0 first port $USER_PORT configure access-list add $(DEVICE_MAC)_smtp first port $USER_PORT configure access-list add $(DEVICE_MAC)_http last port $USER_PORT configure access-list add $(DEVICE_MAC)_https last port $USER_PORT configure access-list add $(DEVICE_MAC)_dhcp first port $USER_PORT configure access-list add $(DEVICE_MAC)_deny last port $USER_PORT endif if (!$match($CLI_EVENT.3 .

USER_PORT # endif # unconfigure inline-power operator-limit ports $EVENT.168.Sample Universal Port Configurations # Start of USER-AUTHENTICATE block ################################## if (!$match($EVENT.yes)) then # create log entry UNConfig_QOS # unconfig qosprofile ports $EVENT.USER-AUTHENTICATED)) then ############ #QoS Profile ############ # Adds a QOS profile to the port # if (!$match($setQuality.USER_PORT qosprofile qp7 # configure qosprofile qp7 minbw $lowbw maxbw $highbw ports $EVENT. Software Version 12.USER_PORT delete access-list webcamblock endif ################################## # End of USER-UNAUTHENTICATE block ################################## create log entry End_802_1x_Generic_Module_Config ExtremeXOS Concepts Guide.USER_PORT #### remove acl configure access-list delete webcamblock port $EVENT.220/32" "deny" configure access-list add webcamblock first port $EVENT.3 287 .NAME.yes)) then # create log entry Config_QOS # configure port $EVENT.NAME.10.USER_PORT # endif # ############ #ACL Section ############ # Adds an ACL to stop traffic to a particular address create log entry Config_ACL create access-list webcamblock "destination-address 192.USER_PORT #endif # endif ################################ # End of USER-AUTHENTICATE block ################################ # # #################################### # Start of USER-UNAUTHENTICATE block #################################### if (!$match($EVENT.USER-UNAUTHENTICATED)) then # create log entry Starting_8021x_Generic_UNATUH_Module_Config # if (!$match($setQuality.

3 . Software Version 12.Universal Port 288 ExtremeXOS Concepts Guide.

Retrieving.3 289 . and executing scripts: ● ● ● ● ● ● ● ● ● ● ● Enabling and Disabling CLI Scripting on page 290 Creating Scripts on page 290 Using Script Variables on page 291 Using Special Characters in Scripts on page 292 Using Operators on page 292 Using Control Structures in Scripts on page 293 Using Built-In Functions on page 294 Controlling Script Configuration Persistence on page 295 Saving. Software Version 12. and Deleting Session Variables on page 295 Executing Scripts on page 296 Configuring Error Handling on page 296 ExtremeXOS Concepts Guide. CLI-based scripting allows you to significantly automate switch management. Setting Up Scripts The following sections describe the tasks for creating.7 Using CLI Scripting This chapter includes the following sections: ● ● ● ● Overview on page 289 Setting Up Scripts on page 289 Displaying CLI Scripting Information on page 296 CLI Scripting Examples on page 298 Overview CLI-based scripting allows you to create a list of commands that you can execute manually with a single command or automatically when a special event occurs. configuring. CLI-based scripting supports variables and functions. see “Using Autoconfigure and Autoexecute Files” on page 1336. so that you can write scripts that operate unmodified on multiple switches and in different environments. For more information. NOTE Special scripts can be used to configure the switch when it boots.

The method you choose depends on how you want to execute the script. including the testing of script-related commands.3 . If you want to create a script that is activated automatically when a device or user connects to or disconnects from a switch port. Software Version 12. and you plan to execute that script manually. see Chapter 6. Creating Scripts for Use with the Universal Port Feature The Universal Port feature allows you to create dynamic profiles that are activated by a trigger event. For more information on entering script commands in a universal port profile. If you do not include the permanent option. “Universal Port. Creating a Script File A script file is an ASCII text file that you can create with any ASCII text editor program. CLI scripting is disabled the next time the switch boots. Software Upgrade and Boot Options. To disable scripting. enter the following command: disable cli scripting {permanent} Creating Scripts There are two ways to create scripts. These dynamic profiles contain script commands and cause dynamic changes to the switch configuration to enforce a policy. you should create the script with the Universal Port feature. The text file can contain CLI commands and can use the scripting options described in the following sections: ● ● ● ● ● Using Script Variables on page 291 Using Special Characters in Scripts on page 292 Using Operators on page 292 Using Control Structures in Scripts on page 293 Using Built-In Functions on page 294 You can move an ASCII script file to the switch using the same techniques described for managing ASCII configuration files in Appendix B. When the command is used without the permanent option. The universal port profiles support all the scripting options listed above for creating script files. such as a user or device connection to a switch port. If you want to create a script file to configure a switch or a switch feature.” 290 ExtremeXOS Concepts Guide. you can create a script file. it enables CLI scripting for the current session only. To support scripting. The following sections provide more information on these options. you must enable scripting using the following command: enable cli scripting {permanent} The permanent option enables CLI scripting for new sessions only and makes the configuration change part of the permanent switch configuration so that the scripting configuration remains the same when the switch reboots.Using CLI Scripting Enabling and Disabling CLI Scripting CLI scripting is disabled by default.

or a combination of the above with operators and functions. enter either of the following statements: set var CLI. For example: set var x $TCL(string length ${CLI. NOTE You must enable CLI scripting before using these variables or executing a script. No error message is displayed. Table 30 shows the system variables that you must define before use.USER}).USER $CLI. You can create your own variables and change the values of variables. or to change a variable value. such as a period. This output can be used for operations such as match and regexp. ● ● ● ExtremeXOS Concepts Guide. To define this variable. Only the set var CLI command supports expression evaluation. use the following command: set var <varname> <_expression> When using variables.Setting Up Scripts Using Script Variables Table 29 shows the predefined system variables that are always available for use by any script. Table 30: System Variables that Must be Created Variable Syntax $CLI. For more information on TCL functions. If a variable already exists.OUT Definition Output of last show command. Predefined variables are automatically set up for use before a script or profile is executed.OUT " " set var CLI. another variable. and functions are described in “Using Built-In Functions” on page 294. see “Using Built-In Functions” on page 294. Operators are described in “Using Operators” on page 292. UserName who is executing this CLI. Type of session of the user. The variable name must be unique. When you use a variable with a special character. For more information on these operations. A variable can be referenced as $X or $(X). Table 29: Predefined System Variables Variable Syntax $STATUS $CLI.OUT 0 Extreme Networks recommends that you delete this variable after each use. The expression can be a constant value.3 291 . The maximum size of this variable is 1 MB. in a TCL function. it is overwritten. You must define this variable before it is used. see “Using Built-In Functions” on page 294. then the variable needs to be enclosed in parentheses. the following guidelines apply: ● ● ● ● ● Variable names are case insensitive and are limited to 32 characters. Software Version 12. To create a variable and set a value for it. For example: set var z ($(x) + 100).SESSION_TYPE Definition Status of last command execution. If the variable name X contains special characters such as +-/*. the variable must be enclosed in braces.

A right shift always propagates the sign bit.100) To display all variables or a specified variables. For example: set var variablename \$<varname> set var $CLI. 0 otherwise. The valid operators are listed in decreasing order of precedence. Some operators can be used in all numeric expressions. precede the special character with a backslash character.Using CLI Scripting The following examples show various ways to define or change variables: set var x 100 set var x ($x + 2) set var y ($x . The dollar sign character indicates a variable. These operators are valid for all operand types. None of these operands can be applied to string operands. Table 31: Operators Operator + ~ ! * / % + << >> < > <= >= == != Action Unary minus Unary plus Bit-wise NOT Logical NOT Multiply Divide Remainder Add Subtract Left shift Right shift Boolean less Boolean greater Boolean less than or equal Boolean greater than or equal Boolean equal Boolean not equal Each operator produces a zero or one result. and the remainder operand can be applied only to integers. 292 ExtremeXOS Concepts Guide. while others are restricted to integer or string expressions. Software Version 12. Each operator produces 1 if the condition is true. Using Operators Operators allow you to manipulate variables and evaluate strings. and the bit-wise NOT operand can be applied only to integers. and the quote characters surround text strings. These operators can be applied to strings as well as numeric operands. To use these characters as regular characters.USER “Robert \"Bob\" Smith” Scripts also support quote characters within quotes. Table 31 lists the operators supported and provides comments on when they can be used. The remainder always has the same sign as the divisor and an absolute value smaller than the divisor. These operands are valid for integer operands only.3 . in which case string comparison is used. These operands are valid for any numeric operations. Comments None of these operands can be applied to string operands. use the following command: show var {<varname>} Using Special Characters in Scripts The dollar sign ($) character and quote (") characters have special purposes in scripts.

Nesting is supported up to five levels. Otherwise the result is the value of z. Otherwise. This operator is valid for integer operands only. it produces a result of 0.Setting Up Scripts Table 31: Operators (Continued) Operator & ^ Action Bit-wise AND Bit-wise exclusive OR Bit-wise OR Logical AND Comments This operator is valid for integer operands only. | && || Logical OR x?y:z If-then-else (as in the C programming language) If x evaluates to non-zero. The Ctrl-C key combination can be used to break out of any While loop(s). This operator is valid for numeric operands only (integers or floating-point). This operator produces a result of 1 if both operands are nonzero. This operator produces a result of 0 if both operands are zero. ExtremeXOS Concepts Guide. This operator is valid for numeric operands only (integers or floating-point). This operator is valid for integer operands only. then the result is the value of y. The operators mentioned in “Using Operators” on page 292 can be used in an expression in the set var command or in an IF or WHILE condition. Software Version 12. Using Control Structures in Scripts The CLI supports the control structures described in the following sections: ● ● Conditional Execution on page 293 Loop While Condition is TRUE on page 293 Conditional Execution IF (<expression>) THEN <statements> ELSE <statements> ENDIF The expression must be enclosed in parentheses. The x operand must have a numeric value. Loop While Condition is TRUE WHILE (<expression>) DO <statements> ENDWHILE The expression must be enclosed in parentheses. it produces a result of 1. Otherwise.3 293 .

See if a list contains a particular element. Using Built-In Functions Built in functions allow you to manipulate and evaluate the variables inside your script and the script output. Join lists together. an error message appears. Retrieve an element from a list. Create a string by joining list elements together. Table 33: Supported TCL Functions Function append binary clock concat expr join lappend lindex linsert list llength lrange lreplace lsearch lsort regexp Function Type String handling String handling System related List handling Math List handling List handling List handling List handling List handling List handling List handling List handling List handling List handling String handling Description Append to variable.3 . Note that the software does not support the simultaneous operation of multiple TCL functions. Create a list. Count the number of elements in a list. Returns zero if the specified variable does not exist. string 2) $READ(prompt) $TCL(function args) Function Compares the two strings string 1 and string 2. For more information on TCL functions. It returns -1. Evaluate an expression. equal to. Insert elements into a list. or greater than string2. Insert and extract fields from binary strings.tk/man/tcl8. Displays a prompt for user input and accepts input until the user presses [Return] or the session times out.htm. Table 32: Built-In Functions Syntax $MATCH(string 1. or 1. depending on whether string1 is less than.Using CLI Scripting If there is incorrect nesting of an IF condition or WHILE loop. Match a regular expression against a string.0. Software Version 12. 294 ExtremeXOS Concepts Guide. Comments can be inserted by using the number sign (#). If a user tries to type more than five WHILE loops or five IF conditions. Table 32 shows the built-in functions. Append list elements onto a variable. Replace elements in a list with new elements. Return one or more adjacent elements from a list. Returns 0 if string1 matches string2.tcl. $UPPERCASE(string) $VAREXISTS(varname) Returns the string uppercased. Obtain and manipulate time. Breaking out of any number of WHILE loops always clears the WHILE condition.3/TclCmd/ contents. Returns non-zero if the specified variable does exist. Replace prompt with the prompt to display to the user. an error message appears. Sort the elements of a list. Table 33 shows the built-in Tool Command Language (TCL) functions. Calls a TCL built-in function (seeTable 33). go to http://www.

USER}). the variable must be enclosed in braces.3 295 . you use the key to identify the variables to be retrieved. use the command: save var key <key> [<var1> <var2> …] To retrieve saved session variables. such as a period. and the second session is the devicedetected session. When you want to retrieve the variables. Software Version 12. To change the script configuration persistence setting. The default setting for scripts is non-persistent. In the example above. For examples of scripts that use TCL functions. Non-persistent configuration changes remain part of the switch configuration only until the switch reboots. The first session is the device-undetected session. use the following command: configure cli mode [persistent | non-persistent] Saving. if a device is detected on a universal port and this triggers a profile (and the script commands within it). which is an ID for the saved variables. in a TCL function. Controlling Script Configuration Persistence When a script runs.Setting Up Scripts Table 33: Supported TCL Functions (Continued) Function regsub re_syntax split string Function Type String handling String handling List handling String handling Description Perform substitutions based on regular expression pattern matching. use the command: load var key <key> [<var1> <var2> …] To delete saved session variables. and Deleting Session Variables Session variables are the set of variables that are active for a particular session. Each session has its own set of variables and values. These variables are saved to system memory using a key. Manipulate strings. Retrieving. or it can make non-persistent changes. For example: set var x $TCL(string length ${CLI. see “CLI Scripting Examples” on page 298. use the command: delete var key <key> ExtremeXOS Concepts Guide. NOTE When you use a variable with a special character. For example. the commands within the script can make persistent changes to the switch configuration. The software allows you to save session variables before replacing them. this allows you to retrieve the earlier values when the port returns to the device-undetected state. the variable values that were active when the profile started are replaced with the variable values defined in the profile. Syntax of TCL regular expressions. Up to five variables can be saved or retrieved at a time. To save up to five session variables. which are saved across reboots. Split a string into a proper TCL list.

Executing a Script File To execute a script file..Using CLI Scripting The variables saved by the save var command are saved using the specified key and are retrievable and restored in the context that this profile was applied.” Configuring Error Handling The following command controls script error handling: configure cli mode scripting [abort-on-error | ignore-error] The default error handling behavior is to ignore errors. You can change options within the scripts. You are responsible for generating unique keys. including device detection and undetection and user authentication and unauthentication.. Executing Scripts You can execute scripts by loading a script file or through the Universal Port feature. transfer the script file to the switch and use the load script <filename> {arg1} {arg2} . Software Version 12. Displaying CLI Scripting Information You can use the information in the following sections to display CLI scripting information: ● ● Viewing CLI Scripting Status on page 297 Viewing CLI Scripting Variables on page 298 296 ExtremeXOS Concepts Guide. Executing a Universal Port Script Universal port scripts are called profiles and are executed based on several types of trigger events. “Universal Port.3 . For information on how to create profiles and configure the triggers. see Chapter 6. {arg9} command. They are available to rollback events like userunauthenticate and device-undetect.

2 # show management CLI idle timeout CLI max number of login attempts CLI max number of sessions CLI paging CLI space-completion CLI configuration logging CLI scripting CLI scripting error mode CLI persistent mode Telnet access SSH Access Web access Total Read Only Communities Total Read Write Communities RMON SNMP access : : : : : : : : : : : : : : : : : : : : Enabled (20 minutes) 5 16 Enabled (this session only) Disabled (this session only) Disabled Disabled (this session only) Ignore-Error (this session only) Persistent (this session only) Enabled (tcp port 23 vr all) Access Profile : not set ssh module not loaded.57.42.11 /10550 10. whether or not the configuration is persistent. Software Version 12.255.255.43.81 /10550 Flags: Version: 1=v1 2=v2c Mode: S=Standard E=Enhanced InPkts 0 Gets 0 Sent 6 SNMP stats: SNMP traps: OutPkts 6 Errors 0 GetNexts 0 Sets 0 AuthTraps Enabled AuthErrors 0 ExtremeXOS Concepts Guide.2 /10550 10. Enabled (tcp port 80) 1 1 Disabled Enabled Access Profile Name : not set Enabled Flags 2E 2E 2E 2E 2E 2E SNMP Traps SNMP v1/v2c TrapReceivers Destination Source IP Address 10. and the CLI scripting error mode as shown in the following example: show management X450a-24t.43.13 /10550 10.43.255.Displaying CLI Scripting Information Viewing CLI Scripting Status The show management command displays whether or not CLI scripting is enabled.38 /10550 10.15 /10550 10.3 297 .255.255.99.255.

CLI Scripting Examples The following script creates 100 VLANS with IP Addresses from 10.100.4 # show var ---------------------------------------Count : 3 --------------------------------------------------------------------------------------------------------variableName variableValue -------------------------------.1.1.$(count).3 . the software disables CLI scripting output until the script is complete.OUT " " show switch set var date $TCL(lrange ${CLI. When the CLI scripting output is enabled. When the CLI scripting output is disabled.OUT} 31 31) set var date $TCL(linsert $date 3 $year) set var time $TCL(lrange ${CLI.SESSION_TYPE serial CLI. Software Version 12.1. all script commands and responses are displayed.1/16 set var count ($count + 1) endwhile show vlan The following script displays the date and time: set var CLI.-------------------------------CLI.1/16 to 10. Use the enable cli scripting output and disable cli scripting output commands to control what a script displays when you are troubleshooting.Using CLI Scripting Viewing CLI Scripting Variables You can use the show var command to display the currently defined variables and their values as shown in the following example: SummitX450-24x.OUT} 30 30) show var date show var time 298 ExtremeXOS Concepts Guide.OUT} 27 29) set var year $TCL(lrange ${CLI.1/16: enable cli scripting Set var count 1 while ($count < 101) do Create vlan v$count configure vlan v$count ipaddress 10. the only script output displayed is the show var command and its output. and then CLI scripting output is enabled.1.USER admin STATUS 0 ------------------------------------------------------------------ Controlling CLI Script Output When the load script command is entered.

OUT} "\n") set var x2 $TCL(lsort -decreasing $x1) set var output $TCL(join $x2 "\n") show var output The following script extracts the MAC address given the age of an FDB entry: set var CLI.CLI Scripting Examples The following script sorts the FDB table in descending order: set var CLI.OUT " " show fdb set var input $TCL(split ${CLI.OUT} "\n") set var y1 $TCL(lsearch -glob $input *age*) set var y2 $TCL(lindex $input $y1) set var y3 $TCL(split $y2 " ") set var y4 $TCL(lindex $y3 0) show var y4 ExtremeXOS Concepts Guide.OUT " " show fdb set var x1 $TCL(split ${CLI. Software Version 12.3 299 .

Software Version 12.Using CLI Scripting 300 ExtremeXOS Concepts Guide.3 .

bridges. Once enabled. and wireless stations.8 LLDP This chapter includes the following sections: ● ● ● ● ● ● ● ● Overview on page 301 LLDP Packets on page 303 Transmitting LLDP Messages on page 304 Receiving LLDP Messages on page 305 Managing LLDP on page 305 Supported TLVs on page 306 Configuring LLDP on page 315 Displaying LLDP Settings on page 321 Overview The software supports the Link Layer Discovery Protocol (LLDP). they are TLVs originating from the power over Ethernet (PoE) powered device (PD) connected to a port and certain inventory management TLVs. The 802. LLDP support enables devices to advertise their capabilities and media-specific configuration information and to learn the same information from the devices connected to it. The TLV information is contained and transmitted in an LLDP protocol data unit (LLDPDU).1ab specification provides detailed TLV information. and a method for storing the information contained in received advertisements. The information distributed using LLDP is stored by its recipients in a standard Management Information Base (MIB). other TLVs are optionally configured. The information is represented in Type Length Value (TLV) format for each data item. routers. LLDP defines a set of common advertisement messages. the LLDP MED TLVs are transmitted only after the switch ExtremeXOS Concepts Guide. The LLDP neighbor discovery protocol allows you to discover and maintain accurate network topologies in a multivendor environment. LLDP works concurrently with Extreme Discovery Protocol (EDP). LLDP transmits periodic advertisements containing device information and media-specific configuration information to neighbors attached to the same network. LLDP provides a standard method of discovering and representing the physical network connections of a given network management domain. The switch can transmit and receive LLDP media endpoint discovery (MED) TLVs. The switch can receive and record certain TLVs but not transmit these TLVs. It also works independently. Certain TLVs are mandatory and are always sent after LLDP is enabled. you do not have to run EDP to use LLDP. LLDP is a Layer 2 protocol (IEEE standard 802.1ab) that is used to determine the capabilities of devices such as repeaters. access points. LLDP agents cannot solicit information from other agents by way of this protocol. making it possible for the information to be accessed by a Network Management System (NMS) using a management protocol such as the Simple Network Management Protocol (SNMP).3 301 . the LLDP MED TLVs messages are sent only after a neighbor is detected sending out LLDP MED TLVs. a protocol for transmitting the advertisements. Software Version 12.

which is referred to as a triggered update. the PD receives these TLVs. You must enable the LLDP-MED capabilities TLV before configuring and enabling any other LLDP MED TLVs. Once the repeat count is reached. By default.LLDP receives an LLDP MED TLV from a neighbor. For this reason. The TLV format with link layer control frames is used to communicate with other LLDP agents. you must disable the LLDP-MED capabilities TLVs only after you have disabled all other LLDP MED TLVs. (Refer to Table 35 for a listing of the proprietary TLVs that are only received by the switch. and store them in LLDP MIB objects. NOTE LLDP runs with link aggregation. two connected switches will never exchange LLDP MED TLVs. the detecting switch sends out an LLDPDU each 1 second for the configured number of times (called the repeat count). when disabling the LLDP MED TLVs. The device can also support the following types of LLDP TLVs: ● ● Avaya-Extreme Networks proprietary TLVs LLDP media endpoint discovery (MED) TLVs The software supports several TLVs that are proprietary to Avaya and Extreme Networks (avayaextreme TLVs). so 2 network connectivity devices will not exchange LLDP MED messages. Some of these TLVs primarily concern the PD.3 . but does not transmit them. You configure LLDP per port. the switch sends out the LLDPDU each 1 second 3 times. The LLDP MED protocol extension introduces a new feature called MED fast start. you can change this repeat count between 1 and 0 seconds 10 times. the configured transmit interval value is used between LLDPDUs. The agent then sends an update with the new values. Use the following command to configure the repeat count: configure lldp med fast-start repeat-count <count> 302 ExtremeXOS Concepts Guide. and each port can store received information for a maximum of four neighbors. LLDP agents also receive link layer control frames. Likewise. When a new MED-capable device is detected. Software Version 12. These TLVs primarily advertise and receive information for Avaya voice over IP (VoIP) telephones.) These proprietary LLDPs are transmitted and received as soon as you enable LLDP and configure the specified TLVs. If the information for multiple elements changes in a short period. the LLDP agent is notified. which is automatically enabled when the LLDP MED capabilities TLV is enabled. If the information values from the device change at any time. and the LLDP MED TLVs must be configured and enabled prior to the detection. extract the information from TLVs. the changes are bundled together and sent as a single update to reduce network load. NOTE Network connectivity devices wait to detect LLDP MED TLVs from endpoints before they send out LLDP MED TLVs. LLDP MED TLVs are sent only after the device detects a neighbor transmitting LLDP MED TLVs.

the LLDP EtherType. As you add TLVs. the source MAC address.) LLDP Packets You can configure the device to transmit messages. (Refer to Table 35 for a listing of these inventory management TLVs. when you enable the LLDP MED capabilities TLV on the port. The LLDP packet contains the destination multicast address. Extreme Networks recommends that you advertise information regarding only one or two VLANs on the LLDP port. Software Version 12. Multiple advertisements messages (or TLVs) are transmitted in one LAN packet. and a frame check sequence (FCS). the remaining TLVs are dropped. the LLDPDU (Figure 12). The LLDP multicast address is defined as 01:80:C2:00:00:0E. at the default level of 3.3 303 . The frames are sent as untagged frames. to receive messages. the system logs a message to the EMS and the show lldp statistics commands shows this information under the Tx Length Exceeded field. The length of the packet cannot exceed 1500 bytes. the LLDPDU data. When you reach 1500 bytes. you increase the length of the LLDP frame. To enable the LLDP MED SNMP traps. the switch can receive. issue the following command: enable snmp traps lldp-med {ports [all | <port_list>]} In addition. Figure 12: LLDP Packet Format DA SA Ethertype Data + Pad LLDP_Multicast Address 6 Source MAC Address 6 88-CC 2 LLDPDU 1500 FCS 4 Octets XOS005 The following characteristics apply to LLDP packets: ● ● ● ● They are IEEE 802. to avoid dropped TLVs. they are disabled by default.LLDP Packets NOTE The fast-start feature is automatically enabled. ExtremeXOS Concepts Guide. and the EtherType is defined as 0x88CC. LLDP is enabled and configured per port. If the system drops TLVs because of exceeded length. The Spanning Tree Protocol (STP) state of the port does not affect the transmission of LLDP frames. You must enable SNMP traps separately for the LLDP MED traps. or both.3 Ethernet frames. but not transmit. The frames are sent with a link-local-assigned multicast address as destination address. the LLDP MED inventory management TLVs.

the Extreme Networks switch periodically sends out an untagged LLDPDU frame that contains the mandatory LLDP TLVs as well as the configured optional TLVs. The following information. even with jumbo frames enabled. TLVs that exceed this limit are dropped. Transmitting LLDP Messages In transmit mode. when configured.3 . Software Version 12. The mandatory TLVs and the system description TLV are automatically transmitted after you enable LLDP. can be sent at regular intervals: ● ● ● ● ● ● ● ● ● Chassis ID (mandatory) Port ID (mandatory) Time-to-live (mandatory) Port description System name System description (sent by default) System capabilities Management address 802.1-specific information ■ ■ ■ VLAN name Port VLAN ID Port and protocol VLAN ID MAC/PHY Power via MDI Link aggregation Maximum frame size Power conservation request Call server File server 802.3-specific information ■ ■ ■ ■ ● Avaya-Extreme Networks proprietary information ■ ■ ■ ■ ● MED extensions (Once enabled.LLDP NOTE The LLDPDU has a maximum of 1500 bytes. The LLDP agent running on the Extreme Networks switch passes serially through the list of ports that are enabled for LLDP and periodically transmits an LLDP frame containing the mandatory TLVs and any configured optional TLVs.1Q framing information ● 802. these are sent only when the switch detects a neighbor on the port that transmits at least one MED TLV) ■ ■ ■ ■ MED capabilities Network policy Location ID Extended information on Power via MDI 304 ExtremeXOS Concepts Guide.

A port configured to receive LLDP messages can store information for up to four neighbors. and stores the information in a remote device database. managing. and displaying LLDP. LLDP is disabled by default. as well as power conservation levels available to that PD) Endpoint IP address (including the mask and gateway addresses) Converged Network Analyzer (CNA) server IP address Hardware revision Firmware revision Software revision Serial number Manufacturer name Model name Asset ID ■ ■ ● Inventory management LLDP MED TLVs: ■ ■ ■ ■ ■ ■ ■ Managing LLDP LLDP can work in tandem with EDP. Software Version 12. in order of TLV type.) Each port can store LLDP information from a maximum of four neighbors. You access the information using SNMP. LLDP information is transmitted periodically and stored for a finite period. To access this information with the CLI. typical power value. unless it is refreshed by the remote LLDP agent. and EDP is enabled by default. Receiving LLDP Messages The LLDP agent running on an Extreme Networks switch receives LLDPDUs. and maximum power value. use the show lldp neighbors detailed command. You access the messages from the neighbors with SNMP or the CLI. parses the messages. (Refer to ExtremeXOS Command Reference Guide for complete information on configuring.Receiving LLDP Messages This information is obtained from memory objects such as standard MIBs or from system management information. You manage LLDP using the CLI and SNMP.) ExtremeXOS Concepts Guide.3 305 . (You must use the detailed variable to display this information. Unrecognized TLVs are also stored in the remote device database. The information is purged after the configured timeout interval. as follows: ● Avaya-Extreme Networks proprietary information ■ PD conservation level support (includes the PD’s current conservation level. The software receives several TLVs that it does not transmit.

and the rest are optional.LLDP The LLDP MED TLVs begin transmission only after detecting LLDP MED TLVs transmitted by a neighbor.3 . Also. This action ensures that only valid information is stored in the LLDP agent. the default interval is 5 seconds. incoming LLDP packets are only accepted if one or more clients are authenticated. those TLVs are also controlled by these timers. the traps are disabled by default. Some TLVs are mandatory according to the 802. including when optional TLVs exceeding the 1500-byte limit are dropped and more than 4 neighbors are detected on a port. or updates that are initiated by a change in the topology Transmit interval (default is 30 seconds)—applies to messages sent periodically as part of protocol Time-to-live (TTL) value (default is 2 minutes)—time that the information remains in the recipient’s LLDP database NOTE ● ● Once the LLDP MED TLVs begin transmitting (after detecting LLDP MED TLVs from a connected endpoint). the device stores the information and initializes a timer that is compared to the TTL value of the packet. The system logs EMS messages regarding LLDP. this TLV sends out the IPv4 address configured on the management VLAN. you can set a variety of time periods for the transmission and storage of the LLDP messages (or you can use the default values). With ExtremeXOS. when enabled. If you have not configured an IPv4 address on the management VLAN. the systems send all LLDP traps to the configured trap receivers. Each time a device receives an LLDP advertisement packet. you can enable the LLDP-specific SNMP traps. as follows: ● ● Reinitialization period (default is 2 seconds) Delay between LLDP transmissions (default is 2 seconds)—applies to triggered updates. After you enable LLDP. You configure the period between the system sending SNMP notifications. When both IEEE 802. LLDP configurations are saved across reboots when you issue the save configuration command.1x and LLDP are enabled on the same port. Software Version 12. the software advertises the system’s MAC address. The mandatory and system description TLVs are included by default as soon as you enable LLDP. the LLDP agent deletes the stored information. LLDP does not send out IPv6 addresses in this field. Supported TLVs The TLVs are contained in the LLDPDU portion of the LLDP packet. LLDP packets are not sent until one or more clients authenticate a port. You can configure an optional TLV to advertise or not to advertise the device’s management address information to the port’s neighbors. The system description TLV is enabled by default on the ExtremeXOS LLDP implementation.1ab standard. 306 ExtremeXOS Concepts Guide. After you enable LLDP. If the timer reaches the TTL value. After you enable the LLDP-specific traps. Additionally some TLVs can be repeated in one LLDP. and the LLDPDU cannot exceed 1500 bytes.

the other four TLVs cannot be configured not to advertise. The following TLVs are enabled by default when LLDP transmit is enabled on a port: ● ● ● ● ● Chassis ID Port ID Time to live System description End-of-LLDP PDU All of these TLVs that are sent by default are mandatory for the protocol and cannot be disabled. Any TLVs that exceed the limit are dropped. if they are included by default after you enable LLDP. except the system description. NOTE Refer to ExtremeXOS Command Reference Guide for complete information on configuring LLDP using the CLI. You can configure the system not to advertise the system description when LLDP is enabled. Software Version 12.3 307 . Table 34 lists all the defined TLVs. Extreme Networks recommends sending information on only one or two VLANs on the LLDP port. if they are mandatory or optional. if they can be configured.Supported TLVs NOTE To avoid exceeding the 1500-byte limit. and if you can repeat that TLV in one LLDP packet. Table 34: Available TLVs for Transmission Name Chassis ID Port ID Time to live (TTL) Port description System name System description System capabilities Management address VLAN name Port VLAN ID Port and protocol VLAN ID Protocol identity MAC/PHY configuration/status Power via MDI Link aggregation Maximum frame size PoE conservation level request X X X X X Avaya-Extreme Networks proprietary TLV X Included by default X X X X X X X X X X X X X Not supported X X ExtremeXOS sends only 1 TLV User configurable Repeatable Comments Mandatory TLV Mandatory TLV Mandatory TLV ExtremeXOS Concepts Guide.

To display these received messages. Table 35 lists the TLVs that the switch can receive. and must be disabled after all other MED TLVs MED TLVs transmit only after detecting a neighbor transmitting MED TLVs Network policy X X Content cannot be configured by SNMP MED TLVs transmit only after detecting a neighbor transmitting MED TLVs Location ID X MED TLVs transmit only after detecting a neighbor transmitting MED TLVs Can be enabled only on a PoE-capable port MED TLVs transmit only after detecting a neighbor transmitting MED TLVs End-of-LLDP PDU X Mandatory TLV File server X 802. To receive any of these TLVs. 308 ExtremeXOS Concepts Guide. use the show lldp neighbor detailed CLI command.1Q framing X LLDP MED capabilities X Extended power via MDI X NOTE Refer to ExtremeXOS Command Reference Guide for complete information on configuring LLDP using the CLI. all TLVs are received (even if the LLDP MED capabilities TLV is not enabled). After you enable LLDP receiving on the switch. the port must be enabled for LLDP.3 . but not transmit. Software Version 12.LLDP Table 34: Available TLVs for Transmission (Continued) Name Call server Included by default User configurable X Repeatable Comments Avaya-Extreme Networks proprietary TLV Avaya-Extreme Networks proprietary TLV Avaya-Extreme Networks proprietary TLV Must be enabled before any other MED TLV.

TTL TLV The TTL TLV is mandatory. so it is the port number on stand-alone switches and the combination of slot and port number on modular switches. ExtremeXOS Concepts Guide. and nonconfigurable. The port ID TLV is used to uniquely identify the port within the device. The default value is 120 seconds (or 2 minutes). EDP also uses this to identify the device. sent by default after LLDP is enabled. Software Version 12. you cannot configure this TLV. This TLV indicates how long the record should be maintained in the LLDP database. Port ID TLV This mandatory TLV is sent by default after you enable LLDP on the port. as well as default gateway address Advertises IP address of Converged Network Analyzer (CNA) IP phone address CNA server Hardware revision Firmware revision Software revision Serial number Manufacturer name Model name Asset ID Avaya-Extreme Avaya-Extreme MED MED MED MED MED MED MED Mandatory TLVs This section describes the following mandatory TLVs.3 309 . which are automatically enabled after you enable LLDP on a port: ● ● ● ● Chassis ID TLV on page 309 Port ID TLV on page 309 TTL TLV on page 309 End-of-LLDPDU TLV on page 310 Chassis ID TLV This mandatory TLV is sent by default after you enable LLDP on the port. The software uses the ifName object for this TLV.Supported TLVs Table 35: Available TLVs for Reception Name PoE Conservation level support Type Avaya-Extreme Comments Sent by PD to advertise current power consumption level and current conservation level including typical power value. and available conservation power levels Advertises IP address and mask. The ExtremeXOS software uses the system’s MAC address to uniquely identify the device. It is not configurable. maximum power value.

Software Version 12. Optional TLVs All the optional TLVs are configurable using the CLI and/or SNMP.3 . which is used to calculate the TTL TLV. Although. The system automatically adds this TLV to the LLDPDU after you enable LLDP.) End-of-LLDPDU TLV The end-of-LLDPDU TLV marks the end of the data. you do not configure the TTL TLV. the ExtremeXOS software includes this TLV in all LLDPDUs by default.LLDP A value of 0 in the TTL TLV means the client is shutting down and that record should be deleted from the database. This section describes the optional TLVs. you can configure the transmit hold value. The TTL TLV is mandatory and is sent by default after LLDP is enabled. When you disable an LLDP port. under the following categories: ● ● ● Standards-based TLVs on page 310 Avaya-Extreme TLVs on page 313 LLDP MED TLVs on page 314 Standards-based TLVs NOTE The system description TLV is automatically enabled after you enable LLDP and is always sent as part of the LLDPDU. you can configure the system not to advertise this TLV. This section describes the following optional standards-based TLVs: ● ● ● ● ● ● ● ● ● ● ● ● Port description TLV on page 311 System name TLV on page 311 System description TLV on page 311 System capabilities TLV on page 311 Management address TLV on page 311 VLAN name TLV on page 311 Port VLAN ID TLV on page 311 Port and protocol VLAN ID TLV on page 312 MAC/PHY configuration/status TLV on page 312 Power via MDI TLV on page 312 Link aggregation TLV on page 312 Maximum frame size TLV on page 312 310 ExtremeXOS Concepts Guide. (See “Configuring LLDP Timers” on page 316 for more information on transmit hold value and TTL. technically. the triggered update LLDPU from that port contains a TTL TLV of 0. Although this TLV is not mandatory according to the standard.

(For untagged VLANs. When configured to advertise the system capabilities. so you should configure the port to advertise only the specified VLANs. You configure this TLV to be advertised or not advertised. Management address TLV.) You can specify exactly which VLANs to advertise.0. if previously configured using SNMP. only one port VLAN ID TLV can exist in the LLDPDU. The system capabilities TLV indicates the device’s capabilities and which of these are enabled. This TLV can be repeated several times within one LLDPDU. You configure this TLV to be advertised or not advertised. System description TLV. by default. If the management VLAN does not have an assigned IP address. The ExtremeXOS software advertises bridge and router capabilities. by default.Supported TLVs Port description TLV. That management TLV is the IP address of the management VLAN.3 311 . You can enable this TLV for tagged and untagged VLANs. whenever you enable LLDP on a port. the system sends this TLV. ExtremeXOS advertises only one management TLV.1Q tag for that VLAN. By default. When you enable this TLV for tagged VLANs. After at least one VLAN on the device has IP forwarding enabled. the system sends all VLAN names on the port. You configure this TLV to be advertised or not advertised. The system name TLV contains the device’s configured system name. The port VLAN ID advertises the untagged VLAN on that port. the internal tag is advertised. System name TLV. If you have not configured this parameter. after you configure this TLV. the TLV carries an empty string. which you define using the configure snmp sysname command. the management address TLV advertises the system’s MAC address. If you configure this TLV and there is no untagged VLAN on the particular port. You configure this TLV to be advertised or not advertised. The ExtremeXOS implementation sends this TLV. This is the only TLV that is enabled by default but not mandatory according to the standard. This TLV associates a VLAN name to the IEEE 802. You can disable sending this TLV after you enable LLDP. Software Version 12. The management address TLV supplies the management entity for the device. the TLV advertises the IEEE 802. Thus.12 v1120b12 by release-manager on Fri Mar 18 16:01:08 PST 2005 System capabilities TLV. VLAN name TLV. ExtremeXOS Concepts Guide. The port description TLV contains the ifDescr object. the system automatically advertises router capabilities. You configure this TLV to be advertised or not advertised. However. When enabled. but.2. Port VLAN ID TLV. LLDP does not recognize IPv6 addresses in this field.1Q tag assigned to that VLAN. The ExtremeXOS software allows you to advertise VLAN name information to neighboring devices. the system sends the image information (from the show version command) in the system description TLV: ExtremeXOS version 11. Extreme Networks devices advertise bridging capabilities. each VLAN name requires 32 bits and the LLDPDU cannot exceed 1500 bytes. which is the ASCII string you entered using the configure ports display-string command. You configure this TLV to be advertised or not advertised. this TLV is not included in the LLDPDU. This is the sysName as defined in RFC 3418.

after you configure this TLV. You configure this TLV to be advertised or not advertised. When configured. When enabled. after you configure this TLV. the system always advertises support for this type of VLAN. As Extreme Networks devices are always capable of supporting protocol-based VLANs. the TLV reports a value of 1518 after you configure it to advertise. this TLV advertises autonegotiation and physical layer capabilities of the port. By default. as listed in Table 36. including the power status. This TLV allows network management to advertise and discover the power-via-MDI capabilities of the sending 802. duplex setting.LLDP Port and protocol VLAN ID TLV. This TLV allows the port to advertise its maximum supported frame size to its neighbors. The system adds information about the speed rate. this TLV allows the port to advertise VLANs and whether the port supports protocolbased VLANs or not. You configure this TLV to be advertised or not advertised. The device type field contains a binary value that represents whether an LLDP-MED device transmitting the LLDPDU is a power sourcing entity (PSE) or power device (PD). However. as VLAN TLV requires space and the LLDPDU cannot exceed 1500 bytes. this TLV is included in the LLDPDU only for those ports that support supplying power over Ethernet (PoE). MAC/PHY configuration/status TLV. Table 36: Power Management TLV Device Information Value 0 1 2-3 Power source PSE device PD device Reserved Additional PoE information is advertised as well. You configure this TLV to be advertised or not advertised. the TLV still advertises the port’s capability and sets the VLAN ID value to 0. If no protocol-based VLANs are configured on the port. You configure this TLV to be advertised or not advertised. 312 ExtremeXOS Concepts Guide.3 LAN station.3 . the system sends information for all VLANs on the port. bit rate. (Refer to for “Avaya-Extreme TLVs” on page 313 and “LLDP MED TLVs” on page 314 more information on power-related TLVs. the TLV inserts the configured value for the jumbo frames. When enabled. power class. You configure this TLV to be advertised or not advertised. When jumbo frames are not enabled on the specified port. If jumbo frames are enabled. Maximum frame size TLV. After configured. and pin pairs used to supply power. Power via MDI TLV . this TLV advertises information on the port’s load-sharing (link aggregation) capabilities and status.) Link aggregation TLV. This TLV can be repeated several times within one LLDPDU. physical interface. Software Version 12. and autonegotiation support and status. you should configure the port to advertise only specified VLANs.

This TLV works as an extension of the LLDP network policy TLV. For this TLV to function. PoE conservation level request TLV. Call server TLV. This TLV allows the exchange of information between an IP phone and a network connectivity device about the reachability of the call server for the IP phone connected to the respective port of the switch. By default. You configure this TLV to advertise or not advertise up to 8 call servers. The Avaya phone uses this addressing information after it receives the TLV from the switch. Use this TLV to exchange information about Layer 2 priority tagging between a connectivity device and an IP phone. This LLDP TLV is sent out only on PoE-capable Ethernet ports. This enables the PSE device to request the connected PD to go into a certain power conservation level or request the PD to go to the maximum conservation level. you must enable both: ● ● LLDP MED capabilities TLV (see “LLDP MED capabilities TLV” on page 314) LLDP MED network policy TLV (see “Network policy TLV” on page 314) ExtremeXOS Concepts Guide.1Q framing TLV. You change this level temporarily using a network station or SNMP with the MIB. the requested conservation value on this proprietary LLDP TLV is 0. The Avaya phone uses this addressing information after it receives the TLV from the switch. File server TLV. This TLV allows the exchange of information between an IP phone and the network connectivity device concerning the reachability of the file server for the IP phone connected to the respective port of the switch. which is no power conservation. You configure this TLV to advertise or not advertise a requested conservation level. You can send a maximum of 8 call server addresses in a single TLV. this change is not saved across a reboot.1Q framing TLV on page 313 NOTE You display the values for these TLVs using the show lldp neighbors detailed command. The Avaya phone uses this addressing information after it receives the TLV from the switch. You can advertise up to 4 file server addresses in a single TLV. Software Version 12.3 313 . 802.Supported TLVs Avaya-Extreme TLVs This section describes the following optional proprietary Avaya-Extreme Networks TLVs that you can configure the switch to transmit: ● ● ● ● PoE conservation level request TLV on page 313 Call server TLV on page 313 File server TLV on page 313 802.

You configure this MED TLV to allow both network connectivity devices and endpoint devices to advertise VLAN configuration and associated Layer 2 and Layer 3 attributes that apply for a specific set of applications on that port. Location identification TLV. Also. Network policy TLV. using a hexadecimal string with a minimum of 6 bytes ECS ELIN.3 . The following LLEP MED extension TLVs can be transmitted by the switch: ● ● ● ● LLDP MED capabilities TLV on page 314 Network policy TLV on page 314 Location identification TLV on page 314 Extended power-via-MDI TLV on page 314 NOTE You display the values for these TLVs using the show lldp neighbors detailed command. NOTE You must configure the LLDP MED capabilities TLV before any of the other MED TLVs can be enabled. and if so. 314 ExtremeXOS Concepts Guide. Extended power-via-MDI TLV. this TLV must be set to no-advertise after all other MED TLVs are set to no-advertise. This TLV allows LLDP MED network connectivity devices to determine that specified endpoints support LLDP MED. the switch must first detect a MED-capable device on the port. The switch sends all MED TLVs only after it detects a MED-capable device on the port. Each application can exist only once on each port. Use this TLV to advertise fine-grained power requirement details. including the power status of the PD and the port. using a 16-byte hexadecimal string Civic-based.LLDP LLDP MED TLVs This section describes the optional LLDP media endpoint discovery (MED) TLVs that you can configure the switch to transmit. as follows: ● ● ● Coordinate based. You configure this TLV per port/VLAN. LLDP MED capabilities TLV. each with its own DSCP value and/or priority tag. Software Version 12. The switch does not automatically send any MED TLVs after it is enabled. You configure this TLV to advertise or not advertise a maximum of three different location identifiers. This TLV tells the endpoint the specific VLAN to use for the specific application. You can enable this TLV only on PoE-capable ports. so two network connectivity devices will not exchange LLDP MED messages. using a numerical string with a range of 10 to 25 characters. to discover which LLDP MED TLVs the particular endpoint device supports and what device class it belongs to. You can configure a maximum of 8 TLVs. This TLV must be enabled before any of the other LLDP MED TLVs can be enabled. the switch returns an error message if you attempt to transmit this LLDP TLV over a non-PoE-capable port. each with a different format. Network connectivity devices wait for LLDP MED TLVs from endpoints before they send out LLDP MED TLVs.

can be configured to advertise or not to advertise. 6 If you want to send or receive MED extension TLVs.3 315 .Configuring LLDP Configuring LLDP You configure LLDP per port. Similarly. To configure LLDP: 1 Enable LLDP on the desired port(s). 2 If desired. are mandated by the 802. only receive the messages. 7 If you want to change the default value of 3 for the fast-start feature for LLDP MED. use the following command: enable lldp ports [all | <port_list>] {receive-only | transmit-only} After you enable LLDP. To enable LLDP. that you want included in the LLDPDU. To disable LLDP. enable these traps. You can also reference the IEEE 892.1ab standard. configure the following values: a Reinitialize period b Transmit interval c Transmit delay d Transmit hold 4 Enable the SNMP traps and configure the notification interval. configure the LLDP MED fast-start TLVs. 3 If you want to change any default values. 5 Configure any optional TLV advertisements. or both transmit and receive LLDP messages. Refer to the ExtremeXOS Command Reference Guide for complete information on configuring LLDP. the following TLVs are automatically added to the LLDPDU: ● ● ● ● ● Chassis ID Port ID TTL System description End of LLDPDU All of these. This section describes how to configure LLDP using the CLI. you select whether the ports will only transmit LLDP messages. Software Version 12. except the system description.1ab standard. When you enable LLDP on the ports. 8 If you want SNMP traps for the LLDP MED extension TLVs. configure the LLDP MED capabilities TLV. Enabling and Disabling LLDP LLDP is disabled on all ports by default. none of these. including the proprietary Avaya-Extreme TLVs. configure the system not to advertise the system description TLV. use the following command: disable lldp ports [all | <port_list>] {receive-only | transmit-only} ExtremeXOS Concepts Guide. except the system description.

SNMP LLDP traps are disabled on all ports.0. use the CLI to configure the relevant timer. use the following command: configure lldp ports [all | <port_list>] no-advertise system-description Configuring LLDP Timers After you enable LLDP. the system sends the following information in the system description TLV: ExtremeXOS version 11. use the following command: configure lldp transmit-delay [ auto | <seconds>] Each LLDP message contains a TTL value. use the following command: configure lldp transmit-interval <seconds> The time between triggered update LLDP messages is referred to as the transmit delay. The receiving LLDP agent discards all LLDP messages that surpass the TTL value. However. and the default value is 2 seconds. the default value is 120 seconds. this interval has a default value of every 30 seconds. To change the value for the transmit delay. NOTE The LLDP timers apply to the entire device and are not configurable by port. The reinitialize delay is the number of seconds the port waits to restart LLDP state machine. The TTL is calculated by multiplying the transmit interval value and the transmit hold value. the software supports the LLDP MIB. To change the default transmit hold value. the timer values assume the default values. When LLDP is disabled or if the link goes down. the default is 2 seconds. 316 ExtremeXOS Concepts Guide.25.2. if you want to change any of these default values. You can change the default transmit delay value to a specified number of seconds or to be automatically calculated by multiplying the transmit interval by 0. to enable LLDP SNMP traps.3 .LLDP Configuring the System Description TLV Advertisement If you have not configured the system description using SNMP sysName before enabling LLDP. use the following command: enable snmp traps lldp {ports [all | <port_list>]} The traps are only sent for those ports that are both enabled for LLDP and have LLDP traps enabled. By default. Software Version 12. use the following command: configure lldp transmit-hold <hold> Configuring SNMP for LLDP You can send SNMP traps regarding LLDP. To change this default value. LLDP is reinitialized.12 v1120b12 by release-manager on Fri Mar 18 16:01:08 PST 2005 To disable the default advertisement of the system description. the default transmit hold value is 4. use the following command: configure lldp reinitialize-delay <seconds> LLDP messages are transmitted at a set interval. To change the default reinitialize delay period.

including the mandatory TLVs. NOTE Extreme Networks recommends that you advertise only one or two VLANS on specified ports to avoid dropping TLVs from the LLDPDU. you must configure it separately. Configuring Optional TLV Advertisements By default. all optional TLVs are not added to the LLDPDU. use the following command: configure lldp snmp-notification-interval <seconds> NOTE If you want to send traps for LLDP MED. Use the enable snmp traps lldpmed {ports [all | <port_list>]} command to enable these traps.3 317 . You can add optional TLVs to the LLDPDU but be aware that the total LLDPDU cannot exceed 1500 bytes. You can see if you have dropped TLVs from your LLDPDU by referring to the EMS log or by issuing the show lldp statistics command. Software Version 12. Any optional added TLVs that exceed the 1500-byte limit are dropped. This section describes the following types of optional TLVs: ● ● ● Configuring Standards-based Optional TLVs on page 317 Configuring Proprietary Avaya-Extreme Optional TLVs on page 319 Configuring LLDP MED Optional TLVs on page 320 Configuring Standards-based Optional TLVs You configure LLDP ports to advertise any of the following optional TLVs: ● ● ● ● ● ● ● ● ● ● ● Port description TLV System name TLV System capabilities TLV Management address TLV VLAN name TLV (repeatable TLVs) Port VLAN ID TLV Port and protocol VLAN ID TLV (repeatable TLVs) MAC/PHY configuration/status TLV Power via MDI TLV Link aggregation TLV Maximum frame size TLV ExtremeXOS Concepts Guide.Configuring LLDP To disable the LLDP SNMP traps. or not advertised. To change this interval for the entire switch for LLDP traps. use the following command: disable snmp traps lldp {ports [all | <port_list>]} The default value for the interval between SNMP LLDP trap notifications is 5 seconds.

add one optional port and protocol VLAN ID TLV for each VLAN you want to advertise. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] management-address You can advertise more than one VLAN name per LLDP-enabled port. To configure the port VLAN ID TLV. To do so. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot1 port-protocol-vlan-ID {vlan [all | <vlan_name>]} NOTE The total LLPDU size is 1500 bytes. To advertise VLAN names. You can advertise the speed capabilities. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] systemcapabilities To advertise the IP address of the management VLAN (or the system MAC address if IP is not configured). use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot1 port-vlan-ID You can advertise more than one protocol-based VLAN per LLDP-enabled port.LLDP Refer to “Standards-based TLVs” on page 310 for complete information on each optional TLV.3 . use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] port-description To advertise the system name. any TLVs after that limit are dropped. You can advertise the untagged. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] system-name To advertise the system capabilities. Software Version 12. add one optional VLAN name TLV for each VLAN you want to advertise. To advertise these VLANs. any TLVs after that limit are dropped. the system sends an advertisement for all VLANs on the port. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot3 mac-phy 318 ExtremeXOS Concepts Guide. To do so. autonegotiation support and status and physical interface of the LLDP-enabled port using the MAC/PHY configuration/status TLV. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot1 vlan-name {vlan [all | <vlan_name>]} NOTE The total LLPDU size is 1500 bytes. To advertise the optional port description information. If you do not specify VLAN names. port-based VLAN for the LLDP-enabled port using the port VLAN ID TLV. To advertise this information.

use the proprietary Avaya-Extreme Networks 802.3 319 .1Q framing TLV with the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific avaya-extreme dot1q-framing [tagged | untagged | auto] ExtremeXOS Concepts Guide. To advertise load-sharing capabilities. Software Version 12.1Q framing TLV Refer to “Avaya-Extreme TLVs” on page 313 for complete information on each optional TLV. use the proprietary Avaya-Extreme Networks call server TLV with the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific avaya-extreme call-server <ip_address_1> {<ip_address_2> {<ip_address_3> {<ip_address_4> {<ip_address_5> {<ip_address_6> {<ip_address_7> {ip_address_8>}}}}}}} To advertise up to 4 file servers. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot3 max-frame-size Configuring Proprietary Avaya-Extreme Optional TLVs You configure LLDP ports to advertise any of the following optional proprietary Avaya-Extreme Networks TLVs: ● ● ● ● PoE conservation level request TLV Call server TLV File server TLV 802. To advertise a request for power conservation to the connected PDs. use the proprietary Avaya-Extreme Networks PoE conservation level request TLV with the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific avaya-extreme poe-conservation-request To advertise up to 8 call servers.Configuring LLDP Configure the power via MDI TLV to advertise the PoE capabilities of the LLDP-enabled port. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot3 power-via-mdi You advertise the load-sharing capabilities and status of the LLDP-enabled port by configuring the link aggregation TLV. To advertise the maximum frame size. To advertise the PoE capabilities and status. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot3 link-aggregation You advertise the maximum frame size available on the LLDP-enabled port using the maximum frame size TLV. use the proprietary Avaya-Extreme Networks file server TLV with the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific avaya-extreme file-server <ip_address_1> {<ip_address_2> {<ip_address_3> {<ip_address_4>}}} To advertise the Layer 2 priority tagging information.

This section describes configuring the following LLDP MED TLVs: ● ● ● ● ● LLDP MED capabilities TLV LLDP fast-start TLV Network policy TLV Location identification TLV Extended power-via-MDI TLV To enable configuration and transmission of any other LLDP MED TLV and to determine the LLDP MED capabilities of endpoint devices. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific med location-identification [coordinate-based <hex_value> | civic-based <hex_value> | ecs-elin <elin>] 320 ExtremeXOS Concepts Guide. the fast-start feature allows you to increase the learning speed of the switch for LLDP MED TLVs. use the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific med capabilities To configure the LLDP fast-start feature. To receive SNMP traps on the LLDP MED. Software Version 12. (See “Configuring LLDP MED Optional TLVs” for complete information. use the network policy TLV with the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific med policy application [voice | voice-signaling |guest-voice | guest-voice-signaling | softphone-voice | video-conferencing | streaming-video | video-signaling] vlan <vlan_name> dscp <dscp_value> {priority-tagged} To advertise location information. You must configure the LLDP MED capabilities TLV before you configure any other LLDP MED TLVs. the switch waits until it detects a MED-capable device before it begins transmitting the configured LLDP MED TLVs. The fast-start feature is automatically enabled once you enable the LLDP MED capabilities TLV.3 . use the following command: configure lldp med fast-start repeat-count <count> To advertise VLAN as associated Layer 2 and Layer 3 attributes for a specified application. Refer to “LLDP MED TLVs” on page 314 for complete information on each optional TLV. The switch does not transmit the MED TLVs as soon as they are enabled. you must have previously enabled both the configure lldp ports vendorspecific med capabilities and the configure lldp ports vendor-specific med policy application commands. (See “Configuring SNMP for LLDP” on page 316). you must enable these separately from the other LLDP traps. Because network connectivity devices wait to detect LLDP MED TLVs from endpoints before they send out LLDP MED TLVs 2 network connectivity devices will not exchange LLDP MED messages.) Configuring LLDP MED Optional TLVs After you enable an LLDP MED TLV. it must first detect an MED-capable device. Finally. you can change the configuration from the default setting of 3.LLDP NOTE For this command to work.

add the detailed option. You must use the detailed option to display information on the proprietary Avaya-Extreme Networks TLVs and the LLDP MED TLVs. use the show lldp statistics command. and specify the affected ports: unconfigure lldp port [all | <port_list>] Displaying LLDP Settings The system displays information on the LLDP status and statistical counters of the ports. To leave LLDP enabled. but reset the advertised TLVs to the five default TLVs. use the extended power-via-MDI TLV with the following command: configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific med power-via-mdi Unconfiguring LLDP To unconfigure LLDP. to display detailed LLDP information. use the show lldp command. To display the statistical counters related to the LLDP port.Displaying LLDP Settings To advertise power requirement details. and all the configured TLVs are still advertised. use the following command: unconfigure lldp This command only returns the LLDP timers to default values.3 321 . Displaying LLDP Port Configuration Information and Statistics To display LLDP port configuration information. ExtremeXOS Concepts Guide. Software Version 12. use the show lldp neighbors command. LLDP remains enabled. NOTE Refer to ExtremeXOS Command Reference Guide for complete information on displaying LLDP settings. You can display information on the LLDP port configuration and on the LLDP neighbors detected on the port. use the following command. as well as about the LLDP advertisements received and stored by the system. Displaying LLDP Information Detected from Neighboring Ports To display information from LLDP neighbors detected on the port.

3 . Software Version 12.LLDP 322 ExtremeXOS Concepts Guide.

1731—Compliant Frame Delay and Delay Variance Measurement on page 334 EFM OAM—Unidirectional Link Fault Management on page 337 CFM Connectivity Fault Management (CFM). and isolate connectivity failures in virtual bridged LANs. This chapter includes the following sections: ● ● ● CFM on page 323 Y.1ag specification. This section includes the following topics: ● ● ● ● ● ● Overview on page 323 Ping and Traceroute on page 327 Supported Instances for CFM on page 328 Configuring CFM on page 328 Displaying CFM on page 332 CFM Example on page 332 Overview NOTE Extreme Networks uses values defined in IEEE 802. however. Administration. Part of this specification is a toolset to manually check connectivity. known as Connectivity Check Messages (CCMs). verify. allows you to detect.9 Ethernet OAM Ethernet Operation.3 323 .1ag standard. ExtremeXOS Concepts Guide. Software Version 12.1ag Draft 8 for the MAC addresses and Ethernet type for CFM. measure network performance and distribute fault-related information. and Maintenance (OAM) includes functions used to detect network faults. or domains. You create hierarchical networks. NOTE The ExtremeXOS implementation of CFM is based on draft 8 of the IEEE 802. blocked Spanning Tree Protocol (STP) ports are taken into consideration when forwarding CFM messages. discussed in the emerging IEEE 802. There is no direct interaction between CFM and other Layer 2 protocols. which is sometimes referred to as Layer 2 ping. and test connectivity within that domain by sending Layer 2 messages.

which forwards the frames to all other ports of a service instance other than the port on which the UP MEP is configured.DOWN MEPs ■ Maintenance intermediate points (MIPs) NOTE The CFM filter function (CFF) is no longer supported from ExtremeXOS 12. For a DOWN MEP. a CFM frame exits from a port even if the port STP state is in blocking state. 324 ExtremeXOS Concepts Guide. not the direction. taking into account the port's STP state. A DOWN MEP sends CFM frames directly to the physical medium without considering the port STP state. a CFM frame exits from a port if only if the STP state of the port is in the forwarding state. a unique hierarchical numeric value for each domain Maintenance associations (MAs) Maintenance points (MPs). you create and configure the following entities: ● ● ● ● Maintenance domains. For an UP MEP. which are one of the following types: . which are the following ■ Maintenance end points (MEPs). An UP MEP sends CFM frames toward the frame filtering entity. The functionality of CFF is implicitly performed by MEPs.Ethernet OAM Figure 13 shows an example of hierarchical CFM domains.3 . (See Table 37 for more information on spans for CCM messages.UP MEPs . Software Version 12. Figure 13: CFM Hierarchical Domains Example Customer MD Level 5 ISP 4 ISP 4 Operator 0 ISP 4 ISP 4 Customer 5 CFMs EX_cfm_0041 NOTE The arrows in Figure 13 indicate the span that CCM messages take. or domains Maintenance domain (MD) level.1. This is similar to how the frame filtering entity forwards a normal data frame.) To achieve this hierarchical connectivity testing.

and you will not be able to test the connectivity within the domain.CFM Figure 14 shows the concept of UP and DOWN MEP at logical level: Figure 14: CFM UP and DOWN MEP at the Logical Level Frame Filtering (Forwarding) Port Filtering (STP Port blocking) Port Rx/Tx Physical Port Interfaces Down MEP Up MEP Frame Flow CFM Frame Flow Position of Up and Down MEP in a Bridge EX_cfm_0043 You must have at least one MP on an intermediate switch in your domain. A domain is the network or part of the network for which faults are to be managed. Ensure that you map and configure all ports in your domain carefully. especially the UP MEPs and the DOWN MEPs. You can have up to eight domains on an Extreme Networks switch. ExtremeXOS Concepts Guide. it is that section where you are monitoring Layer 2 connectivity. The MD levels are from 0 to 7. A domain is intended to be fully connected internally. Software Version 12. domains not virtual router-aware. NOTE Domains may cross VR boundaries. which function in a hierarchy for forwarding CFM messages. the CCMs are sent in the wrong direction in your network. You assign each domain an MD level. The highest number is superior in the CFM hierarchy. If these are incorrectly configured.3 325 .

One switch can have 8 domains.1ag recommends assigning different MD levels to different domains for different network users. and a service instance can be associated with more than one MA.> Within a given domain. The MA is unique within the domain.Ethernet OAM The IEEE standard 802. vMAN. Extreme Networks’ implementation of CFM associates MAs with service instances (a service instance can be a VLAN. Software Version 12. CFM messages with an inferior MD level are not forwarded to domains with a superior MD level. you associate maintenance associations (MAs). These various MPs filter or forward the CFM messages to test the connectivity of your network. depending on the configuration. In general. MIPs define intermediate points within a domain. NOTE You cannot associate the Management VLAN with an MA or a domain. Each MEP must have a MEP ID that is unique within the MA. The MEPs send the CCM messages differently. 4096 associations (see “Supported Instances for CFM” on page 328 for supported CFM elements). you should configure one MIP on each intermediate switch in the domain and a MEP on every edge switch.Inferior / Superior ----. The destination MAC address in the CCM frame is from a multicast MAC address range that is reserved for CFM messages. You assign the MPs to ports: UP MEPs. or the CCMs will flow in the wrong direction through the domain and not allow connectivity testing. All of the ports in that VLAN service instance are now in that MA and its associated domain. Refer to Table 37 for an illustration of domains with hierarchical MD levels. MIPs relay the CCM messages to the next MIP or MEP in the domain. NOTE Ensure that you configured the UP and DOWN MEPs correctly. or BVLAN). as follows: ● ● The DOWN MEPs sends out a single CCM message. Each configured MEP periodically sends out a Layer 2 multicast or unicast CCM message. Each MA associates with one service instance. The UP MEPs potentially sends the CCM message to all ports on the service instance (MA)—except the sending port—depending on the MPs configured on the outgoing ports. and MIPs. 128 ports. Table 37: MD Levels and Recommended Use MD level Use Superiority 0 Operator Most inferior 1 2 3 4 5 Customer Most superior 6 7 Service provider < ----. DOWN MEPs. 326 ExtremeXOS Concepts Guide. as follows: ● ● ● 5 to 7 for end users 3 and 4 for Internet service providers (ISPs) 0 to 3 for operators (entities carrying the information for the ISPs) All CFM messages with a superior MD level (numerically higher) pass throughout domains with an inferior MD level (numerically lower).3 .

NOTE All MEPs in an MA must be configured with the same CCM transmission interval. they can send a loopback message (LBM) or a link trace message (LTM). ExtremeXOS Concepts Guide. and the first MIP or MEP on the switch with the destination MAC address matching the embedded MAC address replies with an LBR. If the destination address is not present in the FDB. The system sends out an LTM to the special multicast address. The MD values are from 0 to 7.3 327 . in the hierarchy. and the system sends a message to the log. Each CCM has a time-to-live (TTL) value also noted for that message. Each MEP also makes a note of what port and what time it received a CCM. One important result of the continual transmission of CCM frames is that the MAC address of the originating MEP is known to all MPs in the association. After the TTL expires. You can only send a traceroute (or LTM) from a MEP. This information is stored in the CCM database. the MD level of 0 is lowest and 7 is highest. You can only send a ping from a MEP. only the following combinations can be on the same port within an MA: ● ● UP MEP and MIP DOWN MEP with neither UP MEP nor MIP CFM protocol imposes the following MP restrictions within an MA on a switch: ● ● ● ● ● MA can have either up MEP or down MEP and not both Only one down MEP per MA MA can have multiple Up MEPs MA can have both up MEP and MIP MA cannot have MIP if down MEP is present NOTE An MA can have an UP MEP in one switch and a DOWN MEP on another switch for the same MA.CFM You configure the time interval for each MEP to send a CCM.5 times the CCM transmission interval you configured on the switch that is originating the CCM. after that. the connectivity is considered broken. You send the traceroute to the unique system MAC address on the switch to which you are testing connectivity. Extreme Networks recommends setting this interval for at least 1 second. Software Version 12. the LTM is flooded on all the ports in the MIP node. and you ping to the unique system MAC address on the switch you are testing connectivity to. The operator sends out a unicast LBM. The CCM database holds up to 64 entries per MEP. Not all combinations of MPs are allowed on the same port within an MA. You can send with an LBM or an LTM only from a MEP (either UP or DOWN). This TTL interval is 3. additional CCM messages are discarded. The traceroute command displays every MIP along the path (see traceroute mac port). Ping and Traceroute When the operator sees a connectivity fault message from CFM in the system log. These are also referred to as a Layer 2 ping or a traceroute message. Each MIP in the path passes the frame only in the direction of the path and sends a link trace reply (LTR) message back to the originating with information that the LTM passed.

12800 and 20808 switches 32 on Summit Family switches. total number of all ports for all service instances assigned to an MA (see show cfm command for ports configured for CFM) Number of remote end points stored in a CCM database on each MEP. SummitStack and BlackDiamond 8800 and 8900 series modules. the system logs a message. you associate MAs with the specified domain and assign MPs within that MA. Configuring CFM To configure CFM.Ethernet OAM Supported Instances for CFM Table 38 displays the CFM support in ExtremeXOS. If an MEP fails to receive a CCM before the last advertised TTL value expires. SummitStack and BlackDiamond 8800 and 8900 series modules. MIBs. DOWN MEPs 1000 on BlackDiamond 10808. you create a maintenance domain and assign it a unique MD level. he can send a Layer 2 ping and/ or a traceroute message to isolate the fault. Total CFM ports 128 Per switch. you can configure the transmission interval for the CCMs. 12800 and 20808 series switches 32 on Summit Family switches. 12800 and 20808 switches 32 on Summit Family switches. Software Version 12.3 . SummitStack and BlackDiamond 8800 and 8900 series modules. NOTE The total number of CFM ports is a guideline. MIPs 1000 on BlackDiamond 10808. Optionally. Table 38: ExtremeXOS CFM Support Item Domains Associations (MAs) UP MEPs Limit 8 4096 1000 on BlackDiamond 10808. not a limit enforced by the system. and alarm suppression are not supported. 328 ExtremeXOS Concepts Guide. Next. one for each MD level Per switch Per switch Entries in the CCM database 64 CFM traps. 64 end points per MEP (additional CCMs discarded after this limit is reached) Per switch Per switch Notes Per switch. destination MAC type for an MA and remote MEPs statically in an MA. After the network administrator sees the system log message.

You can.CFM NOTE CFM does not use ACL. You can name domains using any one of the following three formats: ● Simple string Use an alphanumeric character string with a maximum of 43 characters.XX. there are no additional ACL entries present for CFM in the show access-list dynamic command output.XX.XX. use the following CLI command: create cfm domain dns <name> md-level <level> To create a domain and assign an MD level using the MAC address convention.YYY. use the following CLI command: create cfm domain string <name> md-level <level> To create a domain and assign an MD level using the DNS convention. each with a unique MD level. a domain name in this format using 123 as the 16-bit unsigned integer appears as follows: 00:11:22:33:44:55. and assign a unique MD level at that time.3 329 . you must use that same format throughout the entire domain. To create a domain and assign an MD level using the simple string convention. NOTE ● ● Whatever convention you choose. Available MD levels are numbered from 0 to 7. For example. Domain name server (DNS) name Use an alphanumeric character string with a maximum of 43 characters. The display format is XX. This section describes the following topics: ● ● ● ● Creating Maintenance Domains on page 329 Creating and Associating MAs on page 330 Creating MPs and the CCM Transmission Interval on page 331 Executing Layer 2 Ping and Traceroute Messages on page 332 Creating Maintenance Domains You create maintenance domains (MDs). or domains.XX. so the name and naming format must be identical to be understood throughout the domain. however. use the following CLI command: create cfm domain mac <mac-addr> <int> md-level <level> ExtremeXOS Concepts Guide. where X is the MAC address.XX. Higher numerical values are superior MD levels in the CFM hierarchy. use different naming conventions on different domains on one switch (up to eight domains allowed on one switch). MAC address plus 2-octet integer Use a MAC address and a 2-octet integer. Each switch can have a total of eight domains. The CFM messages carry the domain name.123. Software Version 12. and Y is the 2-octet integer.

use the following command: configure cfm domain <domain-name> association <association_name> destination-mac-type [unicast | multicast] 330 ExtremeXOS Concepts Guide. Software Version 12. Like the domains. ExtremeXOS CFM supports the use of a unicast destination address for CCM and LTM frames. use the following command: delete cfm domain <domain> Creating and Associating MAs Within a given domain. use the following command: configure cfm domain <domain_name> add association string <name> [[vlan <vlan_name>]|[vman <vman_name>]|[bvlan <bvlan_name>]] To add an MA to a domain using the 2-octet integer format.1ag standard. and each service instance may associate with more than one MA. use the following command: configure cfm domain <domain_name> add association vlan-id <vlanid> [[vlan <vlan_name>]|[vman <vman_name>]|[bvlan <bvlan_name>]] To delete an MA from a domain.Ethernet OAM Although you assign an MD level to the domain when you create that domain.3 . you associate maintenance associations (MAs). you can configure more than one MAs in any 1 domain. All of the ports in that service instance are now in that MA and its associated domain. To configure the destination MAC address type for an MA. Each MA associates with one service instance. use the following command: configure cfm domain <domain_name> add association integer <int> [[vlan <vlan_name>]|[vman <vman_name>]|[bvlan <bvlan_name>]] To add an MA to a domain using the RFC 2685 VPN ID format. The following formats are supported for naming the MAs: ● ● ● ● Character string 2-octet integer RFC 2685 VPN VLAN ID To add an MA to a domain using the character string format. use the following command: configure cfm domain <domain_name> add association vpn-id oui <oui> index <index> [[vlan <vlan_name>]|[vman <vman_name>]|[bvlan <bvlan_name>]] To add an MA to a domain using the VLAN ID format. This allows the support of a CFM operation in a network where use of multicast address is prohibited. Extreme Networks’ implementation of CFM associates MAs with service instances. you can change the MD level on an existing domain by using the following command: configure cfm domain <domain_name> md-level <level> To delete a domain. ExtremeXOS supports multiple formats for naming the MA. use the following command: configure cfm domain <domain_name> delete association <association_name> In addition to supporting multicast destination MAC address for CCM and LTM frames specified by the 802.

use the following command: configure cfm domain <domain-name> association <association_name> ports <port_list> end-point [up | down] mepid <mepid> To delete UP and DOWN MEPs. use the following command: configure cfm domain <domain-name> association <association_name> remote-mep <mepid> mac-address <mac_address> Creating MPs and the CCM Transmission Interval Within an MA. use the following command: configure cfm domain <domain_name> association <association_name> ports <port_list> add end-point [up | down ] <mepid> To change the MEP ID on an existing MEP. To configure UP and DOWN MEPs and its unique MEP ID. use the following command: configure cfm domain <domain_name> association <association_name> ports <port_list> delete end-point [up | down ] To configure a MIP. Use the following command to add a remote MEP to an MA statically: configure cfm domain <domain-name> association <association_name> add remote-mep <mepid> mac-address <mac_address> To delete a remote MEP from an MA. use the following command: configure cfm domain <domain-name> association <association_name> delete remote-mep <mepid> To configure a remote MEP MAC address.3 331 . use the following command: configure cfm domain <domain_name> association <association_name> ports <port_list> delete intermediate-point To configure the transmission interval for the MEP to send CCMs. you configure the following MPs: ● Maintenance end points (MEPs). use the following command: configure cfm domain <domain_name> association <association_name> ports <port_list> add intermediate-point To delete a MIP. which are one of the following types: ■ ■ UP MEPs—transmit CCMs and maintain CCM database DOWN MEPs—transmit CCMs and maintain CCM database ● Maintenance intermediate points (MIPs)—pass CCMs through Each MEP must have an ID that is unique for that MEP throughout the MA. Software Version 12.CFM ExtremeXOS CFM supports configuring remote MEPs statically for CFM operation where dynamic discovery of MEPs in an MA using multicast address is prohibited. issue the following command: configure cfm domain <domain_name> association <association_name> {ports <port_list> end-point [up | down]} transmit-interval [100|1000|10000|60000|600000] ExtremeXOS Concepts Guide.

To send a Layer 2 ping.Ethernet OAM To unconfigure the transmission interval for the MEP to send CCMs and return it to the default. the MAs and associated service instances. Software Version 12. this examples assumes a simple network. (See “Ping and Traceroute” on page 327 for information on how each MP handles these messages. you can display the current CFM configuration using the show cfm command. UP MEPs are configured for an MA with MD level 6 and DOWN MEPs are configured for an MA with MD level 3.3 . the domain names and MD levels. use the following command: traceroute mac <mac> {up-end-point} port <port> {domain} <domain_name> {association} <association_name> {ttl <ttl>} Displaying CFM To verify your CFM configuration. use the following command: unconfigure cfm domain <domain_name> association <association_name> {ports <port_list> end-point [up | down]} transmit-interval To enable of disable a MEP. the operator can use Layer 2 ping and traceroute messages to isolate the fault. this example assumes that CFM is configured on the access switches. The information this command displays includes the total ports configured for CFM. use the following command: ping mac <mac> port <port> {domain} <domain_name> {association} <association_name> To send a Link Trace Message (LTM) and receive information on the path. and the UP and DOWN MEPs. To display the CCM database for each MEP. as well as the necessary VMANs configured with the ports added. CFM Example As shown in Figure 15. use the show cfm detail command. 332 ExtremeXOS Concepts Guide. This example shows a VMAN associated with two maintenance domains and two different MAs.) NOTE You must have all the CFM parameters configured on your network before issuing the ping and traceroute messages. use the following command: configure cfm domain <domain_name> association <association_name> ports <port_list> end-point [up | down] [enable | disable] Executing Layer 2 Ping and Traceroute Messages If the system logs a missed CCM message.

Software Version 12. use the following CLI commands: create cfm domain string cust-xyz-d6 md-level 6 configure cfm domain cust-xyz-d6 add association string cust-xyz-d6-m100 vman m100 configure cfm domain cust-xyz-d6 association cust-xyz-d6-m100 port 1:1 add end-point up 20 configure cfm domain cust-xyz-d6 association cust-xyz-d6-m100 port 2:1 add intermediate-point create cfm domain string core-d3 md-level 3 configure cfm domain core-d3 add association string core-d3-m100 vman m100 configure cfm domain core-d3 association core-d3-m100 port 2:1 add end-point down 20 ExtremeXOS Concepts Guide.CFM Figure 15: CFM Configuration Example MD LEVEL 6 1.1 MD LEVEL 3 2. use the following CLI commands: create cfm domain string cust-xyz-d6 md-level 6 configure cfm domain cust-xyz-d6 add association string cust-xyz-d6-m100 vman m100 configure cfm domain cust-xyz-d6 association cust-xyz-d6-m100 port 1:1 add end-point up 10 configure cfm domain cust-xyz-d6 association cust-xyz-d6-m100 port 2:1 add intermediate-point create cfm domain string core-d3 md-level 3 configure cfm domain core-d3 add association string core-d3-m100 vman m100 configure cfm domain core-d3 association core-d3-m100 port 2:1 add end-point down 10 To configure switch 2 for this example.2 2.1 Switch 3 1. use the following CLI commands: create cfm domain string core-d3 md-level 3 configure cfm domain core-d3 add association string core-d3-m100 vman m100 configure cfm domain core-d3 association core-d3-m100 port 2:1 add intermediatepoint configure cfm domain core-d3 association core-d3-m100 port 2:2 add intermediatepoint To configure switch 3 for this example.1 Switch 2 2.3 333 .1 Switch 1 2.1 UP MEP DOWN MIP MEP EX_cfm_0040 To configure switch 1 for this example.

it periodically sends frames with ETH-DM information to its peer MEP in the same maintenance association (MA) and expects to receive frames with ETH-DM information from its peer MEP in the same MA. When a CFM segment is enabled to generate frames with ETH-DM information. A DMM frame with a valid MD level and a destination MAC address equal to the receiving node’s MAC address is considered to be a valid DMM frame. the transmission is not enabled.TxTimeStampf The MEP can also make two-way frame delay variation measurements based on its ability to calculate the difference between two subsequent two-way frame delay measurements. and calculates the two-way frame delay as: Frame Delay = RxTimeStampb .1731 standard and deals with the Ethernet Delay Measurement (ETH-DM) function. Software Version 12. which is the time at the receipt of the frame with ETH-DM reply information.1731—Compliant Frame Delay and Delay Variance Measurement This feature is based on the ITU-T Y. To allow a more precise 334 ExtremeXOS Concepts Guide. The MEP receiving the frame with ETH-DM reply information compares the TxTimeStampf with the RxTimeStampb.Ethernet OAM Y. either as continuous or on-demand mode. Every field in the DMM frame is copied to the DMR frame with the following exceptions: ● ● The source and destination MAC addressed are swapped. Continuous (proactive) measurement of frame delay and frame delay variation On-demand measurement of frame delay and frame delay variation. ● ● By default. The user is expected to explicitly enable the DMM transmission for a CFM segment. ExtremeXOS software supports: ● Two-way delay measurement—Delay Measurement Message (DMM) and Delay Measurement Reply (DMR). a DMR frame is generated and transmitted to the requesting node. Frame delay and frame delay variation measurements are performed in a maintenance association end point (MEP) by sending and receiving periodic frames with ETH-DM information to and from the peer end point during the diagnostic interval.3 . The OpCode field is changed from DMM to DMR. This measurement is done between two specific end points within an administrative domain. Specific configuration information that is required by an MEP to support ETH-DM is as follows: ● ● ● ● ● Maintenance domain (MD) level—The MD level at which the MEP exists Priority—The priority of the frames with ETH-DM information Drop eligibility—Frames with ETH-DM information that are always marked as drop ineligible Transmission rate Total transmit interval A node transmits frames with ETH-DM information with the following information element: TxTimeStampf: Timestamp at the transmission time of the ETH-DM frame Whenever a valid DMM frame is received by the peer.

the MEP replying to the frame with ETH-DM request information may include two additional timestamps in the ETH-DM reply information: RxTimeStampf—Timestamp at the time of receiving a frame with ETH-DM request information TxTimeStampb—Timestamp at the time of transmitting a frame with ETH-DM reply information Here the frame delay is calculated by the MEP that receives the DMR as follows: Frame Delay = (RxTimeStampb .3 335 .1731—Compliant Frame Delay and Delay Variance Measurement two-way frame delay measurement. For on- ExtremeXOS Concepts Guide. the segment transmits "X" number of DMMs and moves back to the disabled state. Upon enabling the transmission from a CFM segment. where "X" is the number of frames specified by the user through the CLI. For continuous transmission. ERROR: CFM Configuration is not complete for segment "s1" to start transmission NOTE A CFM segment without a domain and an association is considered to be an incomplete segment.RxTimeStampf) NOTE This frame delay is the round-trip delay from which the one-way delay between two nodes is arrived. the trigger is rejected and an error message similar to the following is given. This transmission continues even after reboot for both continuous and on-demand mode.Y. Figure 16 describes the DMM and DMR message flows between two end points. If the user enables on-demand transmission. the segment continues to transmit DMM frames until stopped by the user.TxTimeStampf) . Software Version 12. Frame Delay Measurement If a user tries to enable the transmission for a CFM segment whose configuration is not complete. Figure 16: Two-way Frame Delay and Frame Delay Variance Measurement DMM DMR DMM DMM DMR DMR Ethernet virtual circuit EX_oam_0002 The PDUs used to measure frame delay and frame delay variation are the DMM and the DMR PDUs where DMM is initiated from a node as a request to its peer and DMR is the reply from the peer. one at each transmit-interval which is configured through the CLI. the segment transmits DMM frames.(TxTimeStampb .

between two subsequent DMM transmissions. These alarm and clear states are maintained for a specified window. which was enabled to transmit "X" number of frames. during the current transmission. if not configured. or MSM failover. Min delay time—Time at which the minimum delay occurred in the current transmission window. if any. To create a CFM segment. starts transmitting again "X" number of frames after reboot. Various times are recorded at the segment level during the transmission of DMM frames. Configuring a CFM Segment Use the following commands to configure a CFM segment. Some of these commands are optional and. This state is maintained until the percentage of valid replies reaches the clear threshold. use the following command: create cfm segment <segment_name> destination <mac_addr> { copy <segment_name_to_copy> } 336 ExtremeXOS Concepts Guide. the segment. Table 39 lists the default values for a CFM segment: Table 39: Default Values for a CFM Segment Configuration Transmit interval Window Timeout Alarm threshold Clear threshold Dot1p priority Default Values 10 seconds 60 frames 50 msecs 10% 95% 6 NOTE The statistics for a particular transmission are preserved until the user triggers the transmission once again. ● ● ● ● Start time—Time at which the segment started the current transmission. that reply will be considered as a delayed one. Max delay time—Time at which the maximum delay occurred in the current transmission window. Once the percentage of the sum of lost and delayed frames reaches the alarm threshold. If a reply is not received within the transmit-interval. The old statistics are not preserved for both continuous and on-demand mode for all the above three scenarios. and is still transmitting.Ethernet OAM demand transmission. the segment is expected to get a reply from the destination within the specified time. then that frame is considered as lost. Software Version 12. Upon transmitting a DMM. that is. an alarm is generated and the segment is moved to the alarming state. which holds a set of recent frames and their corresponding delays. or process restart. Alarm time—The recent alarm time. the default values are used.3 . The mean delay and delay variance for the current window is also measured whenever the user polls the segment statistics. If a reply is received after that time.

use the following command: enable cfm segment frame-delay measurement <segment_name> [continuous | count <value>] To disable the transmission of the DMM frames for a particular CFM segment. use the following command: configure cfm segment <segment_name> dot1p <dot1p_priority> To configure the alarm and clear threshold value for CFM segment. use the following command: disable cfm segment frame-delay measurement <segment_name> To show the configuration and status of a specific CFM segment.3 337 . use the following command: delete cfm segment [<segment_name | all] To add a CFM domain to a CFM segment. Administration and Maintenance (OAM) to facilitate metro Ethernet network operation and troubleshooting to match traditional carrier network technologies. use the following command: show cfm segment frame-delay statistics {<segment-name>} To configure the timeout value for a CFM segment. Software Version 12. use the following command: configure cfm segment <segment_name> add domain <domain_name> association <association_name> To delete a CFM domain from a CFM segment. use the following command: configure cfm segment <segment_name> window <size> To trigger DMM frames at the specified transmit interval. use the following command: configure cfm segment <segment_name> [alarm-threshold | clear-threshold] <value> To configure the window size to be used for calculating the threshold values. use the following command: configure cfm segment <segment_name> delete domain association To configure the transmission interval between two consecutive DMM frames. This section covers that portion of EFM that deals with the unidirectional link fault indication on a 1G link that has the capability to transmit and receive independently. ExtremeXOS Concepts Guide. the Ethernet in the First Mile (EFM) standard.3ah.EFM OAM—Unidirectional Link Fault Management To delete a CFM segment. includes mechanisms for network Operation. use the following command: configure cfm segment <segment_name> timeout <msec> EFM OAM—Unidirectional Link Fault Management Summit X450a Series Switches Only IEEE 802. use the following command: configure cfm segment <segment_name> transmit-interval <interval> To configure the priority of the CFM segment. use the following command: show cfm segment {<segment_name>} To display the frame delay statistics for the CFM segment.

the link is still failed in both directions. but to the OAM layer. Unidirectional operation Switch 1 Switch 2 Key = Fault link Only OAM PDUs are sent in one direction. This implementation assures that OAM PDUs affect only the operation of the OAM protocol itself and not user data traffic. when one direction of communication fails on a link. On technologies that support the feature. 1000BASE-X PCS. The distinction between a unidirectional link and a normal link is shown in Figure 17. some communication capabilities exist. certain physical layers can support a limited unidirectional capability. the other direction of the link is taken down. The operation of OAM on an Ethernet interface does not adversely affect data traffic because OAM is a slow protocol with very limited bandwidth potential. The IEEE 802. This behavior eliminates the possibility of one-way transmissions. if the peer’s laser is malfunctioning). however. the local entity can set a flag in an OAM PDU to let the peer know that its transmit path is inoperable. Unidirectional Link Fault Management With EFM OAM. But by sending triggered OAM PDUs on detecting link down/local fault rather that waiting to send on periodic PDUs. To the higher layers. EX_oam_0003 You can enable unidirectional link fault detection and notification on individual ports with CLI commands. By utilizing the slow protocol MAC address. failure detection is less than 1 second can be achieved thereby accelerating fault recovery and network restoration. and 10GbE RS. 338 ExtremeXOS Concepts Guide. OAM frames are intercepted by the MAC sub layer and cannot propagate across multiple hops in an Ethernet network. Software Version 12.3ah standard defines fault notifications based on one-second timers. Unidirectional OAM operation is not supported on some legacy links but is supported on newer links such as 100BASE-X PCS. and it is not required for normal link operation. This allows appropriate register settings to transmit OAM PDUs even on a link that has a slowly deteriorating quality receive path or no receive path at all.Ethernet OAM In carrier networks. The ability to operate a link in a unidirectional mode for diagnostic purposes supports the maintenance objective of failure detection and notification. Then. OAM PDUs can be transmitted across unidirectional links to indicate fault information.3 . when a link is not receiving a signal from its peer at the physical layer (for example. Historically on Ethernet. so that higher layer protocols do not have to deal with that error scenario. Figure 17: Normal Link and Unidirectional Operation Normal link operation Switch 1 Switch 2 Data Frames and OAM PDUs are sent in both directions. Ethernet is usually deployed with an optical link.

Autonegotiation must be turned off. ExtremeXOS Concepts Guide. ELSM must not be enabled. To configure unidirectional link fault management on a port or ports. a failure is reported as a link down but OAM can use the link to send OAM traffic. All received traffic on that port is blocked except for Ethernet OAM PDUs. The link should be operating in full duplex mode. use the following command: disable ethernet oam ports [<port_list> | all] link-fault-management To display the Ethernet OAM settings. Table 40: OAM PDU Fields Field Destination Address Source Address Length/Type Subtype Flags Code Data/Pad FCS Octets 6 6 2 1 2 1 42-1496 4 Description Slow protocol multicast address Port’s individual MAC address Slow protocol type Identifies specific slow protocol Contains status bits Identifies OAM PDU type OAM PDU data Frame check sequence Value 01:80:C2:00:00:02 Switch MAC 0x8809 0x03 see Figure 17 0x00 (Information TLV) 0x00 (END of TLV) Configuring Unidirectional Link Fault Management The following are requirements to configure unidirectional link fault management on a port of a Summit X450a series switch: ● ● ● ● The switch link must have the capability to independently transmit and receive. use the following command: enable ethernet oam ports [<port_list> | all] link-fault-management To clear the counters on a configured port. Table 40 describes the fields of OAM PDUs. To higher layers.EFM OAM—Unidirectional Link Fault Management EFM OAM uses standard length Ethernet frames within the normal frame length of 64 to 1518 bytes as PDUs for their operation. the following behavior on the port is observed: ● ● ● A log indicates that traffic on the port is blocked. use the following command: show ethernet oam {ports [<port_list>} {detail} When configured. Software Version 12.3 339 . use the following command: clear ethernet oam {ports [<port_list>} counters To unconfigure unidirectional link fault management.

3 .Ethernet OAM 340 ExtremeXOS Concepts Guide. Software Version 12.

1 and higher G48Pe module for the BlackDiamond 8800 series switch—ExtremeXOS 11. PDs include wireless access points. reducing costs associated with separate power cabling and supply. Each Summit switch has its own PSU and the power budget for each Summit switch is determined by the internal/external PSUs connected to that Summit switch. Hitless failover means that if the primary MSM fails over to the backup MSM. Extreme Networks PoE Devices The following lists the Extreme Networks devices that support PoE and the minimum required software: ● 8500-G48T-e module (with daughter card) for the BlackDiamond 8800 series switch—ExtremeXOS 12. In a SummitStack. IP telephones.3 341 . web cameras. a single Ethernet cable supplies power and the data connection. all port currently powered will maintain power after the failover and all the power configurations remain active.10 PoE This chapter includes the following sections: ● ● ● ● ● ● ● Overview on page 341 Extreme Networks PoE Devices on page 341 Summary of PoE Features on page 343 Power Checking for PoE Module on page 343 Power Delivery on page 343 Configuring PoE on page 348 Displaying PoE Settings and Statistics on page 355 Overview Power over Ethernet (PoE) is an effective method of supplying 48 VDC power to certain types of powered devices (PDs) through Category 5 or Category 3 twisted pair Ethernet cables. laptop computers. With PoE. The system supports hitless failover for PoE in a system with two Management Switch Fabric Modules (MSMs).1 and higher ● ● ● ● ExtremeXOS Concepts Guide. and other devices. power is maintained across a failover on all PoE ports of non-primary nodes but is lost on all PoE ports of the failed primary node. Software Version 12.3 and higher G48P module for the BlackDiamond 8800 series switch—ExtremeXOS 11. Similar failover support is available for a SummitStack.1 and higher G48Te2 module (with daughter card) for the BlackDiamond 8800 series switch—ExtremeXOS 12.5 and higher G48Tc module (with daughter card) for the BlackDiamond 8800 series switch—ExtremeXOS 12.

Software Version 12. for instance.8 watts to 24 ports. Suddenly removing an EPS-C with 2 or 3 EPS-600LS modules providing power will cause an interruption of PoE power to the PDs. The Summit X450e-48p and Summit X250e-48p switches offer an optional external power supply chassis (EPS-C) than accepts up to three power modules (EPS-600LS). 16. 8.0 and higher Summit X250e-48p switch—ExtremeXOS 12. NOTE Refer to the Summit Family Switches Hardware Installation Guide for complete information on power availability using the Summit X450e-48p and X250e-48p switches in conjunction with the EPS-600 PSU. This allows an uninterrupted PoE transition from full power to redundant half power to internal power.0 and higher Summit X450e-24p switch—ExtremeXOS 11. Table 41 describes the EPS-C/EPS-600LS options for X450e-48p and X250e-48p switches.1 and higher Summit X250e-24p switch—ExtremeXOS 12. 2:1 power module redundancy When using the EPS-C with 0 or 1 EPS-600LS modules. Table 41: EPS-C/EPS-600LS Options for Summit X450e-48p and X250e-48p Switches Number of EPS600LS Module 0 1 2 3 Summit X450e-48p and X250e-48p PoE Capability Internal PSU 405 watt PoE power Redundant 405 watt PoE power Full 810 watt PoE power. 16.PoE ● ● ● ● ● Summit X150-24p switch—ExtremeXOS 12. No PoE redundancy Full 810 watt PoE power. for instance.8 watts to 48 ports. the user can specify the port priorities and port disconnect precedence.6 and higher NOTE PoE capability for the G48Tc and G48Te2 modules are available only with the addition of an optional PoE Daughter Module.3 .5 and higher Summit X450e-48p switch—ExtremeXOS 11. 810 watts of PoE power is available. the user should turn off the EPS-600LS one module at a time. See “Adding an S-PoE Daughter Card to an Existing Configuration” on page 353 for more information. 405 watts of PoE power is available for the Summit X450e-48p and 250e-48p PDs.4 watts to 48 ports or any combination where the total PoE power does not exceed the 405 watt PSU capacity. 342 ExtremeXOS Concepts Guide. If the total system demands exceed the available power on the Summit X450e-48p or X250e-48p switch. When disconnecting an EPS-C from a Summit X450e-48p or X250e-48p switch. When using the EPS-C with 2 or 3 EPS-600LS modules.

Summary of PoE Features Summary of PoE Features The ExtremeXOS implementation of PoE supports the following features: ● ● ● Configuration and control of the power distribution for PoE at the system. Before you install your PoE module. refer to the ExtremeXOS Command Reference Guide. the system removes power to the I/O modules beginning with the highest numbered slots until enough power is available. The chassis powers up as many I/O modules as possible with lower-numbered slots having priority. manage. Inline power reserved for a slot that is not used cannot be used by other PoE slots (inline power is not shared among PoE modules). the chassis calculates the power budget and only powers up the PoE module if there is enough power. However. Software Version 12. and port levels Management of an over-subscribed power budget Port LED control for indicating the link state Support for hitless failover in a chassis with two MSMs ● ● ● ● For detailed information on using the PoE commands to configure. the chassis calculates the power budget and powers up the PoE module only if there is enough power. ExtremeXOS Concepts Guide. slot. When a chassis containing a PoE module is booted or a new PoE module is inserted. power checking proceeds as described in the previous paragraph. and port levels Real-time discovery and classification of IEEE 802. Installed modules are not affected. and display PoE settings.3af-compliant PDs and many legacy devices Monitor and control of port PoE fault conditions including exceeding configured class limits and power limits and short-circuit detection Support for configuring and monitoring PoE status at the system. consult your sales team to determine the required power budget. the slot will not function in data-only mode without enough power for inline power. If a PoE module is inserted into a chassis. Power Checking for PoE Module PoE modules require more power than other I/O modules. I/O modules that were not powered up previously are powered up. the power drain is calculated. NOTE If your chassis has an inline power module and there is not enough power to supply the configured inline power for the slot. Before the PoE module is powered up. slot. Power Delivery This section describes how the system provides power to the PDs. If there is now enough power. If you lose power or the overall available power decreases. that slot will not power on.3 343 . if you reboot the chassis.

PoE Enabling PoE to the Switch You enable or disable inline power to the entire switch. the PoE capability is increased according to the external PSUs installed. You reserve power for each slot. However. Power reserved for a specific PoE module cannot be used by any other slot regardless of how much power is actually consumed on the specified slot. depending on the configuration of the optional EPS-600 PSUs. the internal PSU is capable of 405 watts of PoE power. or port. you reserve power for the entire switch. or per slot or per port. or PoE module. the power budget is provided on a per slot basis. actual aggregate power can be delivered up to the configured inline power budget for the slot or switch (for example.) To reduce the chances of ports fluctuating between powered and non-powered states. The maximum possible for each slot is 768 W. use the following commands: enable inline-power To disable inline power to the switch. use the following command: disable inline-power Disabling inline power removes power immediately to all connected PDs. The minimum power you can assign to a slot is 37 W. you can reconfigure the reserved power budget for 344 ExtremeXOS Concepts Guide. the reserved power budget remains with that slot until you unconfigure or reconfigure the power budget. The default power budget reserved for each PoE module is 50 W.3 . and X250e-48p switches. X450e-48p. (Refer to the Summit Family Switches Hardware Installation Guide for complete information on power availability with this optional unit. instead of spacing PDs evenly across PoE modules. the power budget is set by the capability of the power supplies connected. slot. NOTE Extreme Networks recommends that. you must reserve power for each PoE slot. The default value is enabled. Power Reserve Budget Summit X450e-48p and Summit X250e-48p Switches and Per Slot on Modular Switches On modular switches. If you are working on a BlackDiamond 8800 switch chassis.) To enable inline power to the switch. Also. By default. For Summit X450e-24p. or 0 W if the slot is disabled. when delivered power from ports increases or when the configured inline power budget for the slot is reduced). For the Summit X450e-48p and X250e-48p switches. not switchwide. For each of these Summit switches. If you are working with a Summit X450e48p or X250e-48p switch. newly inserted PDs are not powered when the actual delivered power for the module or switch is within approximately 19 W of the configured inline power budget for that slot. Software Version 12. whether or not included in a SummitStack. If you disable a slot with a PoE module. you fully populate a single PoE module with PDs until the power usage is just below the usage threshold. (Refer to “Power Reserve Budget” for information on reserving power on these devices. when using a modular switch. 50 watts of inline power is provided to each slot.

To configure the disconnect precedence for the switch. Summit X250e-48p. use the following command: configure inline-power disconnect-precedence [deny-port | lowest-priority] ExtremeXOS Concepts Guide. You configure the switch to handle a request for power that exceeds the power budget situation in one of two ways. On modular switches. even in data-only mode. the actual power drain is continuously measured. you cannot configure this disconnect precedence per slot. and Modular Switches Only After a PD is discovered and powered on a Summit X450e-48p. you do not have to disable the device to reconfigure the power budget.3 345 . the lower-priority port is disconnected and the higher-priority port is powered. this is a switchwide configuration that applies to each slot. the next PD requesting power is not connected (even if that port has a higher configured PoE port priority than those ports already receiving power). called the disconnect precedence: ● ● Disconnect PDs according to the configured PoE port priority for each PD. When you configure the denyport value. you can reconfigure dynamically. or a modular PoE switch. To supply power to all PDs. if you do not change the default value and the switch’s or slot’s power is exceeded. So. the switch disregards the configured PoE port priority and port numbering. regardless of that port’s PoE priority. To reset the reserved power budget for a slot to the default value of 50 W. If the usage for power by PDs is within 19 W of the reserved power budget for the PoE switch or module. the system begins denying power to PDs. use the following command: unconfigure inline-power budget slot <slot> PD Disconnect Precedence Summit X450e-48p. The default value is deny-port. Software Version 12. PoE modules are not powered-up at all. so that enough power is available to power all PDs. When the switch is configured for lowest-priority mode. Summit X250e-48p. you can reconfigure the reserved power budget for the switch or slot. if the reserved PoE power cannot be allocated to that slot. The total of all reserved slot power budgets cannot be larger than the total available power to the switch. You reconfigure the reserved power budget dynamically. These settings are preserved across reboots and other power-cycling conditions. Deny power to the next PD requesting power. the lowest numbered slots have priority in getting power and one or more modules in higher-numbered slots will be powered down. NOTE On modular switches. If the base module power requirements plus the reserved PoE power for all modules exceeds the unallocated power in the system. If the next PD requesting power is of a higher configured PoE priority than an already powered port.Power Delivery a PoE module without disabling the device first. PDs are denied power based on the individual port’s configured PoE priority.

PoE To reset the disconnect precedence value to the default value of deny port to the switch. To set the PoE port priority. the power is removed from that port and can be used only by ports on the same slot. use the following command: unconfigure inline-power disconnect-precedence PoE Port Priority Summit X450e-48p. Summit X250e-48p switches. the switch disconnects those PDs with lower PoE port priorities when the reserved switch or slot power budget is exceeded. The switch withdraws power (or disconnects) those ports with the highest port number (s). If you configure the disconnect precedence of the switch as lowest priority. On the Summit X450e-48p. The highest port number has the lowest PoE priority. and modular switches. use the following command: configure inline-power priority [critical | high | low] ports <port_list> To reset the PoE priority of the ports to the default value of low. or critical. use the following command: unconfigure inline-power priority ports [all | <port_list>] If several PDs have the same configured PoE port priority. use the following command: show inline-power info ports When a port is disconnected or otherwise moves into a fault state. SNMP generates an event (after you configure SNMP and a log message is created). when a port enters a fault state because of a class violation or if you set the operator limit lower than the amount requested by the PD. including disconnected or faulted ports. available only to other ports on the same slot or stand-alone switch. again. On all PoE devices. Summit X250e-48p. Software Version 12. To display the status of PoE ports. it cannot be redistributed to other slots on modular switches. you can configure the PoE priority for each port as low. and Modular Switches only. The port stays in the fault state until you disable that port. high. the system continues supplying power to PDs with higher PoE port priorities. The power removed is. the default value is low.3 . when a port is disconnected. the highest port number is the lowest PoE priority. the priority is determined by the port number. The power from the disconnected port is not redistributed to any other slot. That is. or reconfigure the operator limit to be high enough to satisfy the PD requirements. 346 ExtremeXOS Concepts Guide. the system removes power from that port. or disconnect the attached PD. Port Disconnect or Fault On modular PoE switches.

On modular switches. These are PDs that do not comply with the IEEE 802. On the Summit X450e-48p. you cannot configure it differently for each PoE module. You can also configure the system to log an Event Management System (EMS) message when the usage threshold is crossed (refer to Chapter 11. The default value is 70%. the threshold measurement applies only to the percentage per slot of measured power to budgeted power use. this power-cycling occurs without returning the power to the slot’s reserved power budget. To power cycle specified ports. Software Version 12.” for more information on EMS). use the following commands: reset inline-power ports <port_list> Ports are immediately depowered and repowered. This function allows you to reset PDs without losing their claim to the reserved power budget. PoE Usage Threshold The system generates an SNMP event when any slot or stand-alone switch has consumed a specified percentage of that slot’s reserved power budget or of the entire power for the stand-alone switch. this threshold percentage is set to be the same for each PoE slot. You must enable the switch to detect legacy devices. ExtremeXOS Concepts Guide. although the threshold percentage of measured to budgeted power applies to all PoE modules. use the following command: unconfigure inline-power usage-threshold Legacy Devices ExtremeXOS software allows the use of non-standard PDs with the switch. “Status Monitoring and Statistics. discover. Detecting a PD through capacitance is used only if the following two conditions are both met: ● ● Legacy PD detection is enabled. use the following command: configure inline-power usage-threshold <threshold> To reset the threshold that causes the system to generate an SNMP event and EMS message per slot to 70% for measured power compared to budgeted power. Summit X250e-48p. it does not apply to the amount of power used switchwide. The system detects non-standard PDs using a capacitance measurement. power-up cycle.3 347 . maintaining current power allocations on modular switches.Power Delivery Port Power Reset You can set ports to experience a power-down. The system unsuccessfully attempted to discover the PD using the standard resistance measurement method. To configure the threshold percentage of budgeted power used on a slot or the total power on a standalone switch that causes the system to generate an SNMP event and EMS message. You configure the detection of legacy PoE devices per slot. the default value is disabled. On modular switches. you can configure this threshold to generate events from 1% to 99% consumption of the reserved power budget. and modular PoE switches.3af standard.

Refer to the ExtremeXOS Command Reference Guide for complete information on using the CLI commands. and display PoE settings at the system. and port level. The range is 3000 to 16800 mW. the power is withdrawn from that port and the port moves into a fault state.4 W per port. which limits how much power a PD can draw from that port by using the following command: configure inline-power operator-limit <milliwatts> ports [all |<port_list>] If the measured power for a specified port exceeds the port’s operator limit.PoE To enable the switch to use legacy PDs on a modular switch. you must have a powered switch or chassis and module. or PoE.3 . You set the operator limit on specified ports. if your chassis has an inline power module and there is not enough power to supply a slot. that slot will not power on. Software Version 12. To reset the power limit allowed for PDs to the default value of 15. use the following command: enable inline-power legacy To disable the non-standard power detection method that allows the switch to use legacy PDs on a modular switch. the slot will not function in data-only mode without enough power for inline power. To enable inline power. Configuring PoE PoE supports a full set of configuration and monitoring commands that allow you to configure. NOTE On a module switch. and the default value is 15400 mW. the system returns an error message. 348 ExtremeXOS Concepts Guide. use the following command: enable inline-power legacy slot <slot> To enable the switch to use legacy PDs on a stand-alone switch. use the following command: disable inline-power legacy PoE Operator Limits You set the power limit that a PD can draw on the specified ports. slot. use the following command: disable inline-power legacy slot <slot> To disable the non-standard power detection method that allows the switch to use legacy PDs on a stand-alone switch. use the following command: unconfigure inline-power operator-limit ports [all |<port_list>] If you attempt to set an operator-limit outside the accepted range. manage.

On modular switches and Summit X450e-48p and X250e-48p switches. you must accomplish the following tasks: ● ● Enable inline power to the system. even if the assigned power is not entirely used. use the following commands: disable inline-power disable inline-power slot <slot> disable inline-power ports [all | <port_list>] Disabling the inline power to a PD immediately removes power from the PD. you reserve power for a given slot. apply labels to PoE ports. For Summit X450e-48p and X250e-48p switches. configure the disconnect precedence for the PDs in the case of excessive power demands. On modular switches and Summit X450e-48p and X250e-48p switches. On Summit X450e-48p and Summit X250e-48p switches (whether or not included in a SummitStack) which operate with the optional EPS-600 PSU. if your chassis has an inline power module and there is not enough power to supply a slot. reserve power to the switch or slot using a power budget. you must reconfigure each slot for the power budget you want. you can configure the switch to use legacy PDs. the power is not dynamically reallocated among PoE modules. On modular PoE switches. use the following command: show inline-power Reserving Power Summit X450e-48p or Summit X250e-48p Switches or a Slot on Modular Switches Only. slot. To disable inline power to the switch. or PoE. apply specified PoE limits to ports. slot. the power budget is set by the capability of the power supplies connected.3 349 . Enabling Inline Power You enable inline power to the switch.Configuring PoE To configure inline power. the slot will not function in data-only mode without enough power for inline power. Software Version 12. Configure the threshold for initiating system alarms on power usage. To reallocate power among the slots. and/or port. or port. or port using the following commands: enable inline-power enable inline-power slot <slot> enable inline-power ports [all | <port_list>] NOTE On modular switches. The power reserved for a given slot cannot be used by any other PoE slots. ● ● Additionally. the internal PSU is capable of 405 ExtremeXOS Concepts Guide. that slot will not power on. slot (on modular switches). and configure the switch to allow you to reset a PD without losing its power allocation. To display the configuration for inline power.

and you configure one method for the entire switch. The minimum reserved power budget you can configure is 37 W for an enabled slot. and the port’s state moves from Power to Searching. and whichever method is in place applies to all PoE slots in the switch. Summit X250e-48p or Modular Switches Only NOTE The switch generates an SNMP event if a PD goes offline. NOTE Extreme Networks recommends that you fully populate a single PoE module with PDs until the power usage is just below the usage threshold. When the actual power used by the PDs on a switch or slot exceeds the power budgeted for that switch or slot. (Refer to the Summit Family Switches Hardware Installation Guide for complete information on power availability with this optional unit. Using the lowest priority method of disconnect precedence. On modular switches. use the following command: show inline-power slot <slot> To display the power budget for a Summit X450e-48p or X250e-48p switch. the switch refuses power to PDs. you can configure a power budget of 0. instead of spacing PDs evenly across PoE modules. The available disconnect precedence methods are: ● ● Deny port Lowest priority The default value is deny port. the switch simply denies power to the next PD requesting power from the slot. (Refer to “Configuring the PoE Port Priority” for information on port priorities. This is called the disconnect precedence method. use the following command: unconfigure inline-power budget slot <slot> To display the reserved power budget for the PoE modules. and the maximum is 768 W. use the following command: show inline-power Setting the Disconnect Precedence Summit X450e-48p.PoE watts of PoE power. There are two methods used by the switch to refuse power to PDs. If inline power on the slot is disabled. the default power budget is 50 W per slot. Software Version 12. the switch disconnects the PDs connected to ports configured with lower PoE priorities. regardless of that port’s PoE priority or port number.3 . Using this method. To reset the power budget for a PoE module to the default value of 50 W.) You do not have to disable the PoE devices to reconfigure the power budgets.) 350 ExtremeXOS Concepts Guide. You must configure SNMP to generate this event.

use the following command: show inline-power configuration ports <port_list> Configuring the Usage Threshold The system generates an SNMP event after a preset percentage of the reserved power for any slot or total power for a stand-alone switch is actually used by a connected PD. using the algorithm you selected with the disconnect ports command. To configure PoE port priority. newly inserted PDs are not powered when the actual delivered power for the switch or module is within approximately 19 W of the configured inline power budget for that switch or slot. Configuring the PoE Port Priority Summit X450e-48p. use the following command: show inline-power To reduce the chances of ports fluctuating between powered and non-powered states. actual aggregate power can be delivered up to the configured inline power budget for the switch or slot (for example. This preset percentage is called the usage threshold and is the percentage of the measured power to the budgeted power for each slot or total power for a stand-alone switch. when delivered power from ports increases or when the configured inline power budget for the slot is reduced). use the following command: configure inline-power priority [critical | high | low] ports <port_list> To reset the port priority to the default value of low. That is.Configuring PoE When several ports have the same PoE priority. That is. High. the lower port numbers have higher PoE priorities. until the measured inline power for the slot is lower than the reserved inline power. If several ports have the same PoE priority. the switch withdraws power (or disconnects) those ports with the highest port number(s). ExtremeXOS Concepts Guide. However. Summit X250e-48p.3 351 . Software Version 12. To configure the disconnect precedence for the switch. use the following command: unconfigure inline-power disconnect-precedence To display the currently configured disconnect precedence. use the following command: configure inline-power disconnect-precedence [deny-port | lowest-priority] To return the disconnect precedence to the default value of deny port. the lower port numbers have higher PoE priorities. or critical. the system allocates power to those ports with the highest priorities first. the switch withdraws power (or disconnects) those ports with the highest port number(s). You Can Configure The Poe Port Priority To Be Low. The system keeps dropping ports. The default value is low. and Modular Switches Only. use the following command: unconfigure inline-power priority ports [all | <port_list>] To display the PoE port priorities. If you configure the disconnect precedence as lowest priority and the PDs request power in excess of the switch’s or slot’s reserved power budget.

To configure the usage threshold. use the following command: disable inline-power legacy slot <slot> To display the status of legacy detection. To enable the switch to detect legacy. To configure the operator limit. non-standard PDs.3 . That is.3af standard. in milliwatts (mW). the system sends an event. you cannot configure the detection method per slot. you set the threshold for sending the event for the entire switch. use the following command: show inline-power Configuring the Switch to Detect Legacy PDs The PoE device can detect non-standard. you must specifically enable the switch to detect these non-standard PDs. The switch detects PDs through capacitance only if both of the following conditions are met: ● ● The legacy detection method is enabled. You can configure the usage threshold to be any integer between 1% and 99%.PoE On modular switches. If the operator limit for a specified port is less than the power drawn by the legacy PD. use the following command: show inline-power Configuring the Operator Limit You configure the maximum amount of power that the specified port can deliver to the connected PD. and the range is 3000 to 16800 mW. The default value is 15400 mW. However. after any PoE module passes the configured threshold. which does not detect legacy PDs. legacy PDs. The default value for this usage threshold is 70%. This configuration applies to the entire switch. using a capacitance measurement. The switch unsuccessfully attempted to discover the PD using the standard resistance measurement method. the legacy PD is denied power. use the following command: enable inline-power legacy slot <slot> To reset the switch to the default value. use the following command: configure inline-power usage-threshold <threshold> To reset the usage threshold to 70%. use the following command: unconfigure inline-power usage-threshold To display the currently configured usage threshold. which do not conform to the IEEE 802. use the following command: configure inline-power operator-limit <milliwatts> ports [all |<port_list>] 352 ExtremeXOS Concepts Guide. the default value for this detection method is disabled. Software Version 12. although the percentage of used to budgeted power is measured by each PoE module.

Backplane link to Backup is also Active ExtremeXOS Concepts Guide. This section describes how to add an S-PoE daughter card to an EXOS configuration that has already been saved without PoE capabilities. To assign a label to PoE ports. use the following command: unconfigure inline-power operator-limit ports [all |<port_list>] To display the current operator limit on each port. use the following command: configure inline-power label <string> ports <port_list> To rename a port or to return it to a blank label.Configuring PoE To reset the operator limit to the default value of 15.4 W. reissue the command. To display the PoE port labels. The following output displays the results of the show slot command with slot 4 configured: BD-8810. use the following command: reset inline-power ports <port_list> Adding an S-PoE Daughter Card to an Existing Configuration G48Tc and G48Te2 I/O Modules for the Black Diamond 8800 Series Switches.Backplane link to Master is Active B . Software Version 12.3 353 . The example in this section uses the G48Te2 module. use the following command: show inline-power configuration ports <port_list> Power Cycling Connected PDs To power cycle a connected PD without losing the power allocated to its port.6 # show slot Slots Type Configured State Ports Flags ------------------------------------------------------------------------------Slot-1 G48Tc G48Tc Operational 48 MB Slot-2 Empty 0 Slot-3 Empty 0 Slot-4 G48Te2 G48Te2 Operational 48 MB Slot-5 G8Xc G8Xc Operational 8 MB Slot-6 10G1Xc 10G1Xc Operational 1 MB Slot-7 10G4X 10G4X Operational 4 MB Slot-8 Empty 0 Slot-9 Empty 0 Slot-10 Empty 0 MSM-A MSM-48c Operational 0 MSM-B MSM-48c Operational 0 Flags: M . use the following command: show inline-power configuration ports <port_list> Configuring PoE Port Labels You can assign labels to a single or group of PoE ports using a string of up to 15 characters.

Warning> MSM-A: Powering on mismatch card .Warning> MSM-B: Powering on mismatch card .Slot Disabled I .Insufficient Power (refer to "show power budget") To configure a module for the PoE daughter card.3 . 2 Attach the PoE daughter card to the G48Te2 module (as described in installation document provided with the daughter card).PoE D . NOTE You must configure the slot as (PoE) before the power feature is accessible or enabled. follow these steps: 1 Remove the G48Te2 module.cfg: G48Te2 actual: G48Te2(PoE) 4 Change the slot module type to include POE by executing the command configure slot 4 module G48Te2 (PoE). Software Version 12.cfg: G48Te2 actual: G48Te2(PoE) <Warn:HAL. The following output displays the results of the show slot command after the card is attached: * BD-8810.Card.Card. 3 Re-insert G48Te2 module with the PoE daughter card attached.20 # show slot Slots Type Configured State Ports Flags ------------------------------------------------------------------------------Slot-1 G48Tc G48Tc Operational 48 MB Slot-2 Empty 0 Slot-3 Empty 0 Slot-4 G48Te2(PoE) G48Te2 Operational 48 MB Slot-5 G8Xc G8Xc Operational 8 MB Slot-6 10G1Xc 10G1Xc Operational 1 MB Slot-7 10G4X 10G4X Operational 4 MB Slot-8 Empty 0 Slot-9 Empty 0 Slot-10 Empty 0 MSM-A MSM-48c Operational 0 MSM-B MSM-48c Operational 0 Flags : M B D I Backplane link to Master is Active Backplane link to Backup is also Active Slot Disabled Insufficient Power (refer to "show power budget") You can expect to see the following log messages generated by the system after you have attached the card: <Warn:HAL. The following output displays the results of the show slot command after this command has been executed: * BD-8810.20 # show slot Slots Type Configured State Ports Flags ------------------------------------------------------------------------------Slot-1 G48Tc G48Tc Operational 48 MB Slot-2 Empty 0 Slot-3 Empty 0 Slot-4 G48Te2(PoE) G48Te2(PoE) Operational 48 MB 354 ExtremeXOS Concepts Guide.

Software Version 12. available for budgeting. and statistics for the system. in watts. To clear the statistics and reset the counters to 0. System power surplus—The surplus amount of power on the system. After this threshold has been passed on any slot. shown as a percentage of budgeted power. the system sends an SNMP event and logs a message. use the following command: clear inline-power stats ports [all | <port_list>] Displaying System Power Information You can display the status of the inline power for the system and. available for budgeting if one power supply is lost. and port levels. Displaying System PoE Status To display the PoE status for the switch. for additional information. ● ● ● ExtremeXOS Concepts Guide. Displaying PoE Settings and Statistics You can display the PoE status.3 355 . Clearing Statistics You can clear the PoE statistics for specified ports or for all ports. Redundant power surplus—The amount of power on the system. configuration. slot. use the following command: show inline-power The command provides status for the following areas: ● ● Configured inline power status—The status of the inline power for the switch: enabled or disabled.Displaying PoE Settings and Statistics Slot-5 Slot-6 Slot-7 Slot-8 Slot-9 Slot-10 MSM-A MSM-B Flags : M B D I G8Xc 10G1Xc 10G4X G8Xc 10G1Xc 10G4X Operational Operational Operational Empty Empty Empty Operational Operational 8 1 4 0 0 0 0 0 MB MB MB MSM-48c MSM-48c - Backplane link to Master is Active Backplane link to Backup is also Active Slot Disabled Insufficient Power (refer to "show power budget") 5 Save the configuration by executing the command save configuration. display the power budget of the switch. in watts. System power usage threshold—The configured power usage threshold for each slot. Disconnect precedence—The method of denying power to PDs if the budgeted power on any slot is exceeded.

The output indicates the following inline power status information for each slot: ● Inline power status—The status of inline power. that is currently being used by the slot. The status conditions are: ■ ■ Enabled Disabled Operational Not operational Disabled Subsystem failure Card not present Slot disabled ● Firmware status—The operational status of the slot. The status conditions are: ■ ■ Enabled Disabled Operational Not operational Disabled Subsystem failure Card not present Slot disabled ● Firmware status—The operational status of the slot. you can view the distribution of power. that is available to the slot. that is reserved and available to the slot. Displaying Slot PoE Status To display PoE status for each slot. as well as currently required and allocated power. on the entire modular switch including the power supplies by using the following command: show power budget Displaying Slot PoE Information on Modular Switches You can display PoE status and statistics per slot. 356 ExtremeXOS Concepts Guide. that is currently being used by the slot.3 . The status conditions are: ■ ■ ■ ■ ■ ■ ● ● Budgeted power—The amount of power. in watts. in watts. in watts.PoE ● Legacy mode—The status of the legacy mode. which allows detection of non-standard PDs. in watts. use the following command: show inline-power slot <slot> The command provides the following information: ● Inline power status—The status of inline power. Measured power—The amount of power. Software Version 12. Measured power—The amount of power. Displaying System Power Data Additionally. The status conditions are: ■ ■ ■ ■ ■ ■ ● ● Budgeted power—The amount of inline power.

3 357 . use the following command: show inline-power stats The command provides the following information: ● Firmware status—Displays the firmware state: ■ ■ ■ ■ Operational Not operational Disabled Subsystem failure ● ● ● Firmware revision—Displays the revision number of the PoE firmware Total ports powered—Displays the number of ports powered on specified slot Total ports awaiting power—Displays the number of remaining ports in the slot that are not powered Total ports faulted—Displays the number of ports in a fault state Total ports disabled—Displays the number of ports in a disabled state ● ● Displaying Port PoE Information You can display the PoE configuration. status. and statistics per port. Software Version 12. use the following command: show inline-power stats slot <slot> The command provides the following information: ● Firmware status—Displays the firmware state: ■ ■ ■ ■ ■ ■ Operational Not operational Disabled Subsystem failure Card not present Slot disabled ● ● ● Firmware revision—Displays the revision number of the PoE firmware Total ports powered—Displays the number of ports powered on specified slot Total ports awaiting power—Displays the number of remaining ports in the slot that are not powered Total ports faulted—Displays the number of ports in a fault state Total ports disabled—Displays the number of ports in a disabled state ● ● Displaying PoE Status and Statistics on Stand-alone Switches To display the PoE statistics for the switch.Displaying PoE Settings and Statistics Displaying Slot PoE Statistics on Modular Switches To display the PoE statistics for each slot. ExtremeXOS Concepts Guide.

for inline power on the port. Power—Displays the measured power.3 . Software Version 12. drawn by the PD. in milliamperes. use the following command: show inline-power configuration ports <port_list> This command provides the following information: ● Config—Indicates whether the port is enabled to provide inline power: ■ ■ Enabled: The port can provide inline power. ● ● Operator Limit—Displays the configured limit. Displaying Port PoE Status To display the PoE status per port. Fault—Displays the fault value: ■ ■ ■ ■ ■ ■ ● ● ● None UV/OV fault UV/OV spike Over current Overload Undefined 358 ExtremeXOS Concepts Guide. Label—Displays a text string. Disabled: The port cannot provide inline power. in watts. associated with the port (15 characters maximum). in milliwatts. if any.PoE Displaying Port PoE Configuration To display PoE configuration for each port. A value from 0 to 2 is valid for ports that are in a searching or discovered state. Curr—Displays the measured current. supplied to the PD. use the following command: show inline-power info {detail} ports <port_list> This command provides the following information: ● State—Displays the port power state: ■ ■ ■ ■ ■ ■ ■ Disabled Searching Delivering Faulted Disconnected Other Denied “-----”: disabled or searching “class0”: class 0 device “class1”: class 1 device “class2”: class 2 device “class3”: class 3 device “class4”: class 4 device ● PD’s power class—Displays the class type of the connected PD: ■ ■ ■ ■ ■ ■ ● Volts—Displays the measured voltage.

Detail output displays the following information: ● ● ● ● ● ● ● ● ● ● ● ● ● Configured Admin State Inline Power State MIB Detect Status Label Operator Limit PD Class Max Allowed Power Measured Power Line Voltage Current Fault Status Detailed Status Priority Displaying Port PoE Statistics To display the PoE statistics for each port. A2D failure Sample. A2D failure Classify. use the following command: show inline-power stats ports <port_list> The command provides the following information: ● State—Displays the port power state: ■ ■ ■ ■ ■ ■ ■ Disabled Searching Delivering Faulted Disconnected Other Denied “-----”: disabled or searching “class0”: class 0 device ● PD’s power class—Displays the class type of the connected PD: ■ ■ ExtremeXOS Concepts Guide.3 359 . A2D failure Device fault.Displaying PoE Settings and Statistics ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Underload HW fault Discovery resistance fail Operator limit violation Disconnect Discovery resistance. Software Version 12. A2D failure Force on error The detail command lists all inline power information for the selected ports.

Software Version 12.PoE ■ ■ ■ ■ ● ● ● ● ● “class1”: class 1 device “class2”: class 2 device “class3”: class 3 device “class4”: class 4 device Absent—Displays the number of times the port was disconnected InvSig—Displays the number of times the port had an invalid signature Denied—Displays the number of times the port was denied Over-current—Displays the number of times the port entered an overcurrent state Short—Displays the number of times the port entered undercurrent state 360 ExtremeXOS Concepts Guide.3 .

ExtremeXOS software includes many command line interface (CLI) show commands that display information about different switch functions and facilities. statistics can help you get the best out of your network.3 361 . Viewing Port Statistics ExtremeXOS software provides a facility for viewing port statistical information. The summary information lists values for the current counter for each port on each operational module in the system. ExtremeXOS Concepts Guide. This information may be useful for your technical support representative if you have a problem. If you keep simple daily records. see the appropriate chapter in this guide. NOTE For more information about show commands for a specific ExtremeXOS feature. you can see trends emerging and notice problems arising before they cause major network faults. In this way. Software Version 12. Overview The status monitoring facility provides information about the switch. The switch automatically refreshes the display (this is the default behavior).11 Status Monitoring and Statistics This chapter includes the following sections: ● ● ● ● ● ● ● ● ● ● ● ● ● ● Overview on page 361 Viewing Port Statistics on page 361 Viewing Port Errors on page 362 Using the Port Monitoring Display Keys on page 364 Viewing VLAN Statistics on page 364 Performing Switch Diagnostics on page 365 Using the System Health Checker on page 376 Setting the System Recovery Level on page 382 Using ELSM on page 393 Viewing Fan Information on page 403 Viewing the System Temperature on page 404 Using the Event Management System/Logging on page 406 Using sFlow on page 418 Using RMON on page 425 Viewing statistics on a regular basis allows you to see how well your network is performing.

Transmitted Byte Count (TX Byte Count)—The total number of data bytes successfully transmitted by the port. Received Multicast (RX Mcast)—The total number of frames received by the port that are addressed to a multicast address. Loopback (L)—The port is configured for WANPHY loopback. To view port statistics. Software Version 12. This setting is not saved. use the following command: show ports {<port_list> | stack-ports <stacking-port-list>} statistics {no-refresh} The switch collects the following port statistical information: ● Link State—The current state of the link. Received Packet Count (RX Pkt Count)—The total number of good packets that have been received by the port. This number includes bytes contained in the Frame Check Sequence (FCS). Values are displayed to nine digits of accuracy. Received Broadcast (RX Bcast)—The total number of frames received by the port that are addressed to a broadcast address. Options are: ■ ■ ■ ■ Active (A)—The link is present at this port. but excludes bytes in the preamble. you must specify the no-refresh parameter each time you want a snapshot of the port errors. To view port transmit errors.Status Monitoring and Statistics You can also display a snapshot of the real-time port statistics at the time you issue the command and view the output in a page-by-page mode. therefore. use the following command: show ports {<port_list> | stack-ports <stacking-port-list>} txerrors {no-refresh} 362 ExtremeXOS Concepts Guide. you must specify the norefresh parameter each time you want a snapshot of the port statistics. Ready (R)—The port is ready to accept a link. Received Byte Count (RX Byte Count)—The total number of bytes that were received by the port. therefore. You can also display a snapshot of the port errors at the time you issue the command and view the output in a page-by-page mode. including bad or lost frames. ● Transmitted Packet Count (TX Pkt Count)—The number of packets that have been successfully transmitted by the port. ● ● ● ● ● You can also view port statistics for SummitStack stacking ports using the following command: show ports stack-ports {<stacking-port-list>} statistics {no-refresh} Viewing Port Errors The switch keeps track of errors for each port and automatically refreshes the display (this is the default behavior).3 . Not Present (NP)—The port is configured. This setting is not saved. but the module is not installed in the slot (modular switches only).

Options are: ■ ■ ■ ■ Active (A)—The link is present at this port. Loopback (L)—The port is in Loopback mode. Not Present (NP)—The port is configured.522 bytes. Transmit Lost Frames (TX Lost)—The total number of transmit frames that do not get completely transmitted because of buffer problems (FIFO underflow). ● ● ● ● ● ● ExtremeXOS Concepts Guide. Receive Alignment Errors (RX Align)—The total number of frames received by the port with a CRC error and not containing an integral number of octets. Not Present (NP)—The port is configured. Receive Fragmented Frames (RX Frag)—The total number of frames received by the port that were of incorrect length and contained a bad FCS value. Receive Oversize Frames (RX Over)—The total number of good frames received by the port greater than the supported maximum length of 1. Link State—The current state of the link. Software Version 12.3 363 . Transmit Parity Frames (TX Parity)—The bit summation has a parity mismatch. but the module is not installed in the slot (modular switches only). Transmit Late Collisions (TX Late Coll)—The total number of collisions that have occurred after the port’s transmit window has expired. regardless of whether a device connected to the port participated in any of the collisions. Ready (R)—The port is ready to accept a link. Receive Frames Lost (RX Lost)—The total number of frames received by the port that were lost because of buffer overflow in the switch. Receive Jabber Frames (RX Jabber)—The total number of frames received by the port that were greater than the support maximum length and had a Cyclic Redundancy Check (CRC) error. but the module is not installed in the slot (modular switches only).Viewing Port Errors The switch collects the following port transmit error information: ● ● Port Number—The number of the port. Ready (R)—The port is ready to accept a link. Loopback (L)—The port is configured for WANPHY loopback. Transmit Errored Frames (TX Errors)—The total number of frames that were not completely transmitted by the port because of network errors (such as late collisions or excessive collisions). ■ ● Receive Bad CRC Frames (RX CRC)—The total number of frames received by the port that were of the correct length but contained a bad FCS value. Transmit Deferred Frames (TX Deferred)—The total number of frames that were transmitted by the port after the first transmission attempt was deferred by other network traffic. use the following command: show ports {<port_list> | stack-ports <stacking-port-list>} rxerrors {no-refresh} The switch collects the following port receive error information: ● ● Port Number Link State—The current state of the link. Options are: ■ ■ ■ Active (A)—The link is present at this port. Receive Undersize Frames (RX Under)—The total number of frames received by the port that were less than 64 bytes long. ● ● ● ● ● To view port receive errors. ● Transmit Collisions (TX Coll)—The total number of collisions seen by the port.

Cycles through the following screens: • Packets per second • Bytes per second • Percentage of bandwidth NOTE: Available only using the show ports utilization command. Table 43: Port Monitoring Display Keys with Auto-Refresh Disabled Key Q [Space] Description Exits from the screen.3 . Table 42: Port Monitoring Display Keys with Auto-Refresh Enabled Key(s) U D [Esc] 0 [Space] Description Displays the previous page of ports. Table 43 describes the keys used to control the displays that appear if you use any of the show ports commands and specify the no-refresh parameter. To configure the switch to start counting VLAN statistics. 364 ExtremeXOS Concepts Guide. use the following commands: clear counters configure ports monitor vlan Up to four VLANs can be monitored on the same port by issuing the command up to four times. Clears all counters.Status Monitoring and Statistics For SummitStack stacking ports. you can also view transmit and receive errors with the following commands: show ports stack-ports {<stacking-port-list>} txerrors {no-refresh} show ports stack-ports {<stacking-port-list>} rxerrors {no-refresh} Information displayed is identical to the details displayed for non-stacking ports. Using the Port Monitoring Display Keys Table 42 describes the keys used to control the displays that appear if you use any of the show ports commands without specifying the no-refresh parameter (this is the default behavior). Software Version 12. Viewing VLAN Statistics ExtremeXOS software provides the facility for viewing VLAN statistics at the port level and at the VLAN level on BlackDiamond 12800 series switches. Exits from the screen. Displays the next page of ports. Displays the next page of ports.

To view VLAN statistics at the VLAN level. Rx Frames Count—The total number of frames successfully received by the port. To stop counting VLAN statistics use the following command: unconfigure ports monitor vlan Performing Switch Diagnostics The switch provides a facility for running normal or extended diagnostics. Running diagnostics affects system operation.3 365 . Tx Byte Count—The total number of bytes that were transmitted by the port. Rx Frames Count—The total number of frames successfully received by the port. On the BlackDiamond 12800 series switches. Tx Byte Count—The total number of bytes that were transmitted by the port. and an extended routine performs extensive ASIC. Rx Byte Count—The total number of bytes that were received by the port. you can troubleshoot and resolve network issues. On BlackDiamond 10808 switches. you run the diagnostic routine on the switch or on the stacking ports. Rx Byte Count—The total number of bytes that were received by the port. BlackDiamond 20808 and BlackDiamond 8800 series switches. Tx Total Frames—The total number of frames that were transmitted by the port. you must power on the External Power Supply (EPS) when it is connected to the switch. Tx Total Frames—The total number of frames that were transmitted by the port. a normal routine performs a simple ASIC and packet loopback test on all ports. By running and viewing the results from diagnostic tests. Software Version 12. you run the diagnostic routine on Input/Output (I/O) modules or management modules (MSMs/MMs) without affecting the operation of the rest of the system. In simple terms. ExtremeXOS Concepts Guide. On the Summit family switches.Performing Switch Diagnostics To view VLAN statistics at the port level. use the following command: show vlan statistics The switch collects and displays the following statistics: ● ● ● ● ● VLAN—The designated VLAN. and packet loopback tests. ASIC-memory. the switch is unavailable during the diagnostic test. Running the switch or stacking port diagnostic routine affects system operation. NOTE Before running diagnostics. you run the diagnostic routine on all installed I/O modules and the primary MSM. use the following command: show ports vlan statistics The switch collects and displays the following statistics: ● ● ● ● ● ● Port—The designated port. The switch does not test the backup MSM on the BlackDiamond 12804. VLAN—The associated VLANs.

If you run diagnostics on an MSM/MM.Status Monitoring and Statistics When you run diagnostics on an I/O module. When the diagnostic test is complete. External ports can send and receive packets. an MSM/MM. 366 ExtremeXOS Concepts Guide. When the diagnostic test is complete. Data and control fabric connectivity is active (modular switches only). the switch verifies that the: ● ● ● Registers can be written to and read from correctly. that module is taken offline while the diagnostics test is performed. When you run diagnostics on the SummitStack stacking ports. The remainder of this section describes the following topics: ● ● ● ● ● Running Diagnostics on page 366 BlackDiamond 12800 Series Switches on page 367 SummitStack or Summit Family Switches on page 368 Observing LED Behavior During a Diagnostic Test on page 369 Displaying Diagnostic Test Results on page 376 Running Diagnostics BlackDiamond 10808. confirm that both MSMs/MMs are synchronized using the show switch command. initiate failover using the run msm-failover command. Software Version 12. Before initiating failover. Traffic to and from the ports on that I/O module is temporarily unavailable. the I/O module is reset and becomes operational again. After the MSM/MM completes the diagnostic routine and reboots. NOTE ● ● ● Before running slot diagnostics on a modular switch. Memory addresses are accessed correctly. the switch completes a hardware test to ensure that the stacking ports are operational. that module is taken offline while the diagnostic test is performed. and BlackDiamond 8800 Series Switches If you run the diagnostic routine on an I/O module. the backup MSM/MM assumes the role of the primary and takes over switch operation. you can initiate failover from the new primary MSM/MM to the original primary MSM/MM. running. see “Understanding System Redundancy—Modular Switches and SummitStack Only” on page 73. or a Summit family switch. hardware controllers. BlackDiamond 20808. use the show switch command to confirm that both MSMs/MMs are up. Sensors. and synchronized before running diagnostics on the second MSM/MM. and LEDs are working correctly. If you run diagnostics on the primary MSM/MM. you must have at least one MSM/MM installed in the chassis. After you run the diagnostic routine on the first MSM/ MM.3 . Run diagnostics on one MSM/MM at a time. Application-Specific Integrated Circuit (ASICs) and Central Processing Unit (CPUs) operate as required. the MSM/MM reboots and becomes operational again. If the MSMs/MMs are synchronized. For more detailed information about system redundancy and MSM/MM failover.

use the enable slot <slot> command to bring the module back online and operational. If you run diagnostics on a module that is not offline. the diagnostic routine tests the I/O subsystem of the MSM. you can use the disable slot <slot> {offline} command to force the module to enter the offline state which takes the switch fabric and ports offline. Console access is available during extended diagnostics. the system attempts to bring the I/O module back online. BlackDiamond 8806 switch—if you run diagnostics on slots 3 and 4 with an MSM installed in those slots. To run diagnostics on I/O or MSM/MM modules. ExtremeXOS Concepts Guide. ASIC-memory. After the diagnostic routine has finished.Performing Switch Diagnostics After the switch runs the diagnostic routine. Both switch fabric and management ports are taken offline during diagnostics. During a diagnostic routine. BlackDiamond 8800 Series Switches Only—Before running diagnostics on a module. NOTE BlackDiamond 8810 switch —If you run diagnostics on slots 5 and 6 with an MSM installed in those slots. If you have a Power over Ethernet (PoE) module installed. BlackDiamond 8800 series switches—To run diagnostics on the management portion of the master MSM. ● A | B—Specifies the slot letter of the primary MSM. the I/O modules are reset. which tests the functionality of the inline power adapter. traffic to and from the ports on the I/O modules is unavailable. the switch does not test the backup MSM. The CPU is not tested. use the following command: run diagnostics [extended | normal | stack-port] {slot [<slot> | A | B]} Where the following is true: ● extended—Takes the switch fabric and ports offline and performs extensive ASIC. If a backup MSM is present. the switch also performs an extended PoE test. BlackDiamond 12800 Series Switches If you run the diagnostic routine on the BlackDiamond 12800 series switches. The diagnostic routine is performed when the system reboots. specify slot A or B. Running diagnostics affects system operation. and packet loopback tests. When the diagnostic test is complete. the diagnostic routine occurs on all of the installed I/O modules and the primary MSM. Extended diagnostic tests take a maximum of 15 minutes. When the diagnostic test is complete. the switch automatically takes the switch fabric and ports offline when you use the run diagnostics [extended | normal | stack-port] {slot [<slot> | A | B]} command. When the diagnostic routine runs on the I/O modules. Software Version 12. the system can be offline from 5 to 25 minutes depending on the number of modules installed and the type of diagnostic test performed. ● <slot>—Specifies the slot number of an I/O module. the diagnostic routine tests the I/O subsystem of the MSM. ● normal—Takes the switch fabric and ports offline and performs a simple ASIC and packet loopback test on all ports. test results are saved in the module’s EEPROM and messages are logged to the syslog.3 367 .

the switch reboots again. Once the diagnostics routine is complete.. you need a dedicated stacking cable that connects stack port 1 to stack port 2. You need to disable stacking on the switch to be tested. Console access is available during extended diagnostics. Normal diagnostic tests take a minimum of 5 minutes. the switch rejoins the stack. If you have a backup MSM installed. you can run diagnostics on the new primary MSM. enable stacking mode. use the following command: run diagnostics [extended | normal | stack-port] {slot [<slot> | A | B]} 368 ExtremeXOS Concepts Guide.3 . which are located at the rear of the switch. ● normal—Takes the switch fabric and ports offline and performs a simple ASIC and packet loopback test on all ports. When the diagnostic test is complete. After the switch runs the diagnostic routine. If you run the diagnostic routine on Summit family switches. you must failover to the backup MSM. ASIC-memory.Status Monitoring and Statistics When the diagnostic routine runs on the primary MSM. that module is taken offline. it enters the reset state and remains in this state until the primary MSM finishes the diagnostic tests. the diagnostic routine runs on all of the installed I/O modules in addition to the new primary MSM. The CPU is not tested. thereby relinquishing primary MSM status to the backup. Upon completion of the diagnostic tests. test results saved to the switch’s EEPROM and messages are logged to the syslog. SummitStack or Summit Family Switches Diagnostics cannot be run on a SummitStack. For more detailed information about system redundancy and MSM failover. reboot the switch before logging in. During the test. Remember. This Bit Error Rate Test (BERT) provides an analysis of the number of bits transmitted in error. the primary MSM reboots the backup MSM and then reboots itself. Log in. the switch reboots and then performs the diagnostic test. the switch reboots and becomes operational again. To run diagnostics on the backup MSM. Upon reboot. use the following command: run diagnostics [extended | normal | stack-port] {slot [<slot> | A | B]} Where the following is true: ● extended—Takes the switch fabric and ports offline and performs extensive ASIC. and packet loopback tests. You can then use the show diagnostics command to see the last diagnostic result of any or all switches in the SummitStack. traffic to and from the ports on the switch is temporarily unavailable. Extended diagnostic tests take a maximum of 25 minutes. To run diagnostics on Summit family switches. After the switch runs the diagnostic routine. The switch performs a hardware test to confirm that the stack ports are operational. The stacking cable is available from Extreme Networks. see “Understanding System Redundancy—Modular Switches and SummitStack Only” on page 73. traffic to and from the ports on the switch is temporarily unavailable. After failover. and then run the diagnostics. test results are saved in the each module’s EEPROM and messages are logged to the syslog. and reboot the switch again. To run the diagnostic routine on the stack ports. Software Version 12. To run diagnostics on all of the installed I/O modules and the primary MSM.

3 369 . MSM/MM. During normal operation. and packet loopback tests. During normal operation. The LED behavior described in this section relates only to the behavior associated with a diagnostic test. or other severe module error. Software Version 12. ● ● normal—Reboots the switch and performs a simple ASIC and packet loopback test on all ports. see the hardware documentation which is listed in the Preface. Table 45: BlackDiamond 10808 Switch MSM LED Behavior LED SYS Color Amber blinking Amber Indicates Diagnostic test in progress. or the diagnostic test is terminated. LED activity occurs during and immediately following the test. MSM LED Behavior—BlackDiamond 10808 Switch Table 45 describes the BlackDiamond 10808 switch MSM LED behavior during a diagnostic test. or a Summit family switch. stack-port—Performs a BERT on the stacking ports and reboots the switch. Diagnostic failure has occurred. Table 44: BlackDiamond 10808 Switch I/O Module LED Behavior LED DIAG Status Color Amber blinking Amber Amber blinking Indicates Diagnostic test in progress. After the MSM completes the diagnostic test.Performing Switch Diagnostics Where the following is true: ● extended—Reboots the switch and performs extensive ASIC. ASIC-memory. MSM/MM. the DIAG LED is off and the Status LED blinks green. the DIAG and the Status LEDs are reset. diagnostic failure. or the diagnostic test is terminated. the SYS LED is reset. For more detailed information about all of the I/O module. After the I/O module completes the diagnostic test. Observing LED Behavior During a Diagnostic Test Whether you run a diagnostic test on an I/O module. Diagnostic failure has occurred. Extended diagnostic tests take a maximum of 5 minutes. I/O Module LED Behavior—BlackDiamond 10808 Switch Table 44 describes the BlackDiamond 10808 switch I/O module LED behavior during a diagnostic test. Configuration error. and switch LEDs. The CPU is not tested. the status LED blinks green. code version error. ExtremeXOS Concepts Guide.

• Diagnostic test has passed. Diagnostic test has passed. this state indicates: • Diagnostic test in progress on the primary MSM. Diagnostic test in progress. code version error. the DIAG and the Status LEDs are reset. MSM LED Behavior—BlackDiamond 8800 Series Switches This section describes the MSM behavior during a diagnostic test. Amber/Green blinking Diagnostic failure has occurred. 370 ExtremeXOS Concepts Guide. LED behavior during a diagnostict test on the primary MSM. • Diagnostic failure has occurred.3 . Depending the situation. • Diagnostic test has passed. • Diagnostic failure has occurred. the DIAG LED is off and the Status LED blinks green. diagnostic failure.Status Monitoring and Statistics I/O Module LED Behavior—BlackDiamond 8800 Series Switches Table 46 describes the BlackDiamond 8800 series switch I/O module LED behavior during a diagnostic test. Sys/Stat Off/Off Depending on the situation. or diagnostic failure has occurred. Diagnostic failure has occurred. • Diagnostic test has passed. Table 47: BlackDiamond 8800 Series Switch MSM-48 LED Behavior During Diagnostic Test on Primary MSM MSM Primary LED ERR Color Off Indicates Depending on the situation. Software Version 12. Configuration error. ENV Off Depending on the situation. Table 47 describes the BlackDiamond 8800 series switch MSM-48 LED behavior during a diagnostic test on the primary MSM. Amber blinking Mstr/Diag Green/Off Off/Green Diagnostic test is in progress on the primary MSM. Table 46: BlackDiamond 8800 Series Switch I/O Module LED Behavior LED DIAG Color Amber blinking Amber Green Stat Amber blinking Off Indicates Diagnostic test in progress. or other severe module error. this state indicates: • Diagnostic test in progress on the primary MSM. this state indicates: • Diagnostic test in progress on the primary MSM. During normal operation. or the diagnostic test is terminated. Diagnostic failure has occurred. After the I/O module completes the diagnostic test. this state indicates: • Diagnostic test has passed.

Amber blinking Mstr Greenf Off Diagnostic test is in progress on the primary MSM. Diagnostic failure has occurred. ExtremeXOS Concepts Guide. Sys Off Depending on the situation. • Diagnostic test has passed. Depending the situation. • Diagnostic failure has occurred. this state indicates: • Diagnostic test has passed. • Diagnostic test has passed. ENV Off Depending on the situation. this state indicates: • Diagnostic test in progress on the primary MSM.3 371 . • Diagnostic test has passed. this state indicates: • Diagnostic test in progress on the primary MSM.Performing Switch Diagnostics Table 47: BlackDiamond 8800 Series Switch MSM-48 LED Behavior During Diagnostic Test on Primary MSM (Continued) MSM Backup LED ERR Color Off Indicates Depending on the situation. Mstr/Diag Off/Off Green/Green Green/Off Sys/Stat Off/Green blinking Off/Off Amber/Green blinking Diagnostic failure has occurred. this state indicates: • Diagnostic test in progress on the primary MSM. Diagnostic test has passed. ENV Off Depending on the situation. • Diagnostic test has passed. this state indicates: • Diagnostic test in progress on the primary MSM. Software Version 12. Amber Diagnostic failure has occurred. Table 48: BlackDiamond 8800 Series Switch MSM-G8X LED Behavior During Diagnostic Test on Primary MSM MSM Primary LED ERR Color Off Indicates Depending on the situation. this state indicates: • Diagnostic test in progress on the primary MSM. Diagnostic failure has occurred. Diagnostic test in progress on the primary MSM. • Diagnostic failure has occurred. • Diagnostic failure has occurred. • Diagnostic test has passed. Diagnostic test in progress on the primary MSM. • Diagnostic failure has occurred. Diagnostic test has passed. Table 48 describes the BlackDiamond 8800 series switch MSM-G8X LED behavior during a diagnostic test on the primary MSM.

Diagnostic test has passed. this state indicates: • Diagnostic test in progress on the backup MSM. • Diagnostic test has passed. Depending on the situation.3 . Software Version 12. Diagnostic test in progress on the primary MSM. • Diagnostic failure has occurred. • Diagnostic failure has occurred. ENV Off Depending on the situation. this state indicates: • Diagnostic test in progress on the primary MSM. this state indicates: • Diagnostic test in progress on the backup MSM. • Diagnostic test has passed. Mstr Off Green Green Sys Off Off Amber Diagnostic failure has occurred. • Diagnostic test has passed. Sys/Stat Primary ERR Off/Green Off/Off Amber Diagnostic test in progress on the backup MSM. LED behavior during a diagnostict test on the backup MSM. Table 49: BlackDiamond 8800 Series Switch MSM-48 LED Behavior During Diagnostic Test on Backup MSM MSM Backup LED ERR Color Off Indicates Depending on the situation. this state indicates: • Diagnostic test in progress on the backup MSM. • Diagnostic test has passed. Diagnostic test in progress on the primary MSM. Mstr/Diag Off/Green Depending on the situation. • Diagnostic test has passed. this state indicates: • Diagnostic test in progress on the primary MSM. • Diagnostic test has passed. ENV Off Depending on the situation. • Diagnostic test has passed. 372 ExtremeXOS Concepts Guide.Status Monitoring and Statistics Table 48: BlackDiamond 8800 Series Switch MSM-G8X LED Behavior During Diagnostic Test on Primary MSM (Continued) MSM Backup LED ERR Color Off Indicates Depending on the situation. Diagnostic test has passed. this state indicates: • Diagnostic test in progress on the backup MSM. Table 49 describes the BlackDiamond 8800 series switch MSM-48 LED behavior during a diagnostic test on the backup MSM. this state indicates: • Diagnostic test in progress on the backup MSM. Diagnostic failure has occurred. ENV Off Depending on the situation. Diagnostic test has passed.

• Diagnostic test has passed. • Diagnostic test has passed. this state indicates: • Diagnostic test in progress on the backup MSM. Sys Off Depending on the situation. this state indicates: • Diagnostic test in progress on the backup MSM. Mstr Off Depending on the situation. ENV Off Depending on the situation. Table 50 describes the BlackDiamond 8800 series switch MSM-G8X LED behavior during a diagnostic test on the backup MSM. • Diagnostic test has passed. this state indicates: • Diagnostic test in progress on the backup MSM. • Diagnostic test has passed. • Diagnostic test has passed. • Diagnostic test has passed. • Diagnostic test has passed. Diagnostic test has passed. this state indicates: • Diagnostic test in progress on the backup MSM. this state indicates: • Diagnostic test in progress on the backup MSM. this state indicates: • Diagnostic test in progress on the backup MSM.Performing Switch Diagnostics Table 49: BlackDiamond 8800 Series Switch MSM-48 LED Behavior During Diagnostic Test on Backup MSM (Continued) MSM LED Mstr/Diag Color Green/Off Indicates Depending on the situation. this state indicates: • Diagnostic test in progress on the backup MSM. Mstr Green Depending on the situation. this state indicates: • Diagnostic test in progress on the backup MSM. Software Version 12. • Diagnostic test has passed.3 373 . Depending on the situation. • Diagnostic test has passed. ENV Off Depending on the situation. ExtremeXOS Concepts Guide. this state indicates: • Diagnostic test in progress on the backup MSM. Syst Primary ERR Off Off Amber Diagnostic test in progress on the backup MSM. Sys/Stat Off/Green blinking Depending on the situation. Table 50: BlackDiamond 8800 Series Switch MSM-G8X LED Behavior During Diagnostic Test on Backup MSM MSM Backup LED ERR Color Off Indicates Depending on the situation.

Normal operation for diagnostics. the DIAG and the Status LEDs are reset. the SYS LED is reset. NOTE You cannot mix R-series and non R-series MSM or I/O modules in the chassis. After the MSM completes the diagnostic test. Diagnostic failure has occurred. the DIAG LED is off and the Status LED blinks green. NOTE You cannot mix R-series and non R-series MSM or I/O modules in the chassis. diagnostic failure. Table 51: BlackDiamond 12800 Series Switch I/O Module LED Behavior LED DIAG Status Color Amber blinking Amber Amber blinking Indicates Diagnostic test in progress. Table 52: BlackDiamond 12800 Series Switch MSM LED Behavior LED SYS MSTR Color Amber blinking Amber Off Indicates Diagnostic test in progress. Software Version 12. or the diagnostic test is terminated. the SYS LED blinks green. code version error.3 . or other severe module error. During normal operation. or the diagnostic test is terminated. During normal operation.Status Monitoring and Statistics I/O Module LED Behavior—BlackDiamond 12800 Series Switches Table 51 describes the I/O module LED behavior during a diagnostic test for the R-series and non Rseries I/O modules installed in the BlackDiamond 12800 series switches. Configuration error. MSM LED Behavior—BlackDiamond 12800 Series Switches Table 52 describes the MSM LED behavior during a diagnostic test for the R-series and non R-series MSM modules installed in the BlackDiamond 12800 series switches. Diagnostic failure has occurred. 374 ExtremeXOS Concepts Guide. the LED returns to blinking amber. If you start another diagnostic test. After the I/O modules complete the diagnostic test.

Configuration error. or other severe module error. MM Port Link is down MM Port Link is up.Performing Switch Diagnostics I/O Blades LED Behavior—BlackDiamond 20808 Switch Table 53 describes the BlackDiamond 20808 switch I/O Blades LED behavior during a diagnostic test. XFM LED Behavior—BlackDiamond 20808 Switch Table 55 describes the BlackDiamond 20808 switch XFM LED behavior during a diagnostic test. diagnostics failure. Table 55: BlackDiamond 20808 Switch XFM LED Behavior LED Status Color Green blinking Indicates Normal operation is occurring. Normal operation Diagnostics in progress Diagnostic failure Link up Disabled Packet activity Link down MM LED Behavior—BlackDiamond 20808 Switch Table 54 describes the BlackDiamond 20808 switch MM LED behavior during a diagnostic test. Environment (temperature. ExtremeXOS Concepts Guide. Module is operating as master. power supply) is operating properly Environmental failure has occurred. Diagnostic failure has occurred. Normal operation is occurring. A critical software error has been logged since power up. Table 54: BlackDiamond 20808 Switch MM LED Behavior LED SYS Color Green blinking Amber blinking Amber Off MSTR ENV ERR Link/ Activity Green Amber Green Amber Amber Off Off Green Amber Indicates Normal operation is occurring. Module is operating as slave. Diagnostic test is in progress. No power. Switch is not receiving power. code version error. Software Version 12.3 375 . fan. Packet activity is occurring. Table 53: BlackDiamond 20808 Switch I/O Blades LED Behavior LED Status Color Green blinking Amber blinking Off DIAG Off Amber blinking Amber Port x Green Green blinking Amber blinking Off Indicates Normal operation.

Table 56: Summit Family Switch LED Behavior LED MGMT Color Green blinking Amber blinking Indicates Normal operation is occurring. While diagnostic tests are running. power supply controllers. the MGMT LED blinks amber. the software performs a proactive. Power present.Status Monitoring and Statistics Table 55: BlackDiamond 20808 Switch XFM LED Behavior (Continued) LED Color Amber blinking Off Power Green Off Indicates Configuration error. power supplies. including I/O and management module processes. or component. During normal operation. LED Behavior—Summit Family Switches Table 56 describes the Summit family switches LED behavior during a diagnostic test. and fans. Depending on your platform. use the following command: show diagnostics {slot [<slot> | A | B]} NOTE The slot. or other severe module error. and B parameters are available only on modular switches. No power. A. backplane connection. Software Version 12.3 . preventive search for problems by polling and reporting the health of system components. the MGMT LED continues to blink amber. the system health checker notifies you of a possible hardware fault. If a diagnostic test fails. Using the System Health Checker The system health checker is a useful tool to monitor the overall health of your system. This section describes the system health check functionality of the following platforms: ● ● ● ● ● BlackDiamond 10808 switch BlackDiamond 12800 series switches BlackDiamond 20808 switch BlackDiamond 8800 series switches Summit family switches 376 ExtremeXOS Concepts Guide. Diagnostic test in progress. diagnostics failure. the MGMT LED blinks green. No power. code version error. Displaying Diagnostic Test Results To display the status of the last diagnostic test run on the switch. By isolating faults to a specific module. control plane.

diagnostic packets are enabled by default and the system health checker tests the packet path for a specific I/O module every 5 seconds by default.) On the BlackDiamond 20808 switch. The system automatically corrects correctable memory errors and kills packets that encounter checksum and parity errors during processing. contact Extreme Networks Technical Support.3 377 . and I/O modules by periodically sending diagnostic packets and checking the validity of the looped back diagnostic packets. When you enable this feature. BlackDiamond 12800 Series Switches and BlackDiamond 20808 Switch Only The BlackDiamond 10808 switch. and checksum error counts. as well as packets that encountered checksum and parity errors. By reading and processing the registers.Using the System Health Checker This section also describes the following topics: ● ● ● ● Enabling Diagnostic Packets on the Switch—Modular Switches Only on page 378 Configuring Diagnostic Packets on the Switch—Modular Switches Only on page 379 Disabling Diagnostic Packets on the Switch—Modular Switches Only on page 379 Displaying the System Health Check Setting—All Platforms on page 379 Understanding the System Health Checker BlackDiamond 10808 Switch. (The other I/O modules with backplane diagnostic packets disabled continue polling every 60 seconds by default. In summary. CPU. On the BlackDiamond 10808 and 12800 series switches. the system health checker detects and associates faults to specific system ASICs. The data path is protected by checksums and parity checks. Errored packets are not propagated through the system. The system health checker polls and tracks the ASIC counters that collect correctable and uncorrectable packet memory errors. occurs every 60 seconds or on the BlackDiamond 20808 only. Occasional increments of these counters does not mean faulty hardware is detected or that hardware requires replacement. The ASICs maintain counts of correctable and uncorrectable memory errors. If you see persistent increments of these counters. you can enable the system health checker to check the backplane. and diagnostic packets. see the following sections: ■ ■ ● Enabling Diagnostic Packets on the Switch—Modular Switches Only on page 378 Configuring Diagnostic Packets on the Switch—Modular Switches Only on page 379 ExtremeXOS Concepts Guide. two modes of health checking are available: polling. BlackDiamond 12800 and BlackDiamond 20808 series switches support extensive error-checking and monitoring capabilities. In a running system. backplane diagnostic packets are disabled by default. Packet and system memories are protected by an error correction code (ECC). some of these error counts may show non-zero values. The primary responsibility of the system health checker is to monitor and poll the ASIC error registers. Software Version 12. checksum errors. tracks. The system health checker processes. and reads the memory. the system health checker tests the packet path for a specific I/O module every 6 seconds by default. and parity errors on a per ASIC basis. In addition. ECC is capable of correcting all single-bit errors and detecting all other memory errors. parity. every 5 seconds. The MSM sends and receives diagnostic packets from the I/ O module to determine the state and connectivity. These methods are briefly described in the following: ● Polling is always enabled on the system and by default. For more information about enabling and configuring diagnostic packets.

If you see an error. the polling value is not a user-configured parameter. contact Extreme Networks Technical Support. 378 ExtremeXOS Concepts Guide. The system health checker polls the control plane health between MSMs and I/O modules. see the following sections: ■ ■ ● Enabling Diagnostic Packets on the Switch—Modular Switches Only on page 378 Configuring Diagnostic Packets on the Switch—Modular Switches Only on page 379 System health check errors are reported to the syslog. the health checker notifies the MSM. the processes running on the switch. BlackDiamond 8800 Series Switches Only On BlackDiamond 8800 series switches. There are no health checking tests related to the stacking links in a SummitStack. the system health checker stops sending backplane diagnostic packets.Status Monitoring and Statistics System health check errors are reported to the syslog. Polling is always enabled on the system and occurs in the background every 10 seconds. Backplane diagnostic packets are disabled by default. the CPUs on the MSM modules. Two modes of health checking are available: polling (also known as control plane health checking) and backplane diagnostic packets (also known as data plane health checking). System health check errors are reported to the syslog. Unlike the modular platforms. These methods are briefly described in the following: ● Polling is always enabled on the system and occurs every 5 seconds by default. If you see an error. and checks the health of applications and processes running on the I/O module. monitors memory levels on the I/O module. contact Extreme Networks Technical Support. If the system health checker detects an error. If you see an error. only polling is available on Summit family switches. the I/O modules. For more information about enabling and configuring backplane diagnostics. The polling value is not a user-configured parameter. monitors the health of the I/O module. the system health checker tests the backplane. The MSM sends and receives diagnostic packets from the I/O module to determine the state and connectivity. contact Extreme Networks Technical Support. and the power supply controllers by periodically forwarding packets and checking for the validity of the forwarded packets. the system health checker tests the packet path every 6 seconds for the specified slot. the system health checker tests the data link for a specific I/O module every 5 seconds by default. If you disable backplane diagnostics. Software Version 12.3 . the system health checker polls and reads the switch fabric and CPU registers. use the following command: enable sys-health-check slot <slot> ● BlackDiamond 10808 and the BlackDiamond 12800 series switches—By default. Summit Family Switches Only On Summit family switches. If you enable this feature. Enabling Diagnostic Packets on the Switch—Modular Switches Only To enable diagnostic packets.

use the following command: show switch As previously described. Doing so can cause excessive CPU utilization. BlackDiamond 10808. Software Version 12. displayed as SysHealth check. Only polling is enabled. Disabling Diagnostic Packets on the Switch—Modular Switches Only To disable diagnostic packets. or BlackDiamond 12800 series switch. including polling and how ExtremeXOS software handles faults on the switch. polling is always enabled on the switch.3 379 . ● Displaying the System Health Check Setting—All Platforms To display the system health check setting. The polling setting appears as Enabled. and the fault handling setting appears in parenthesis next to the polling setting. The system health check setting. NOTE Enabling backplane diagnostic packets increases CPU utilization and competes with network traffic for resources. use the following command: disable sys-health-check slot <slot> ● BlackDiamond 10808 and BlackDiamond 12800—By default. Configuring Diagnostic Packets on the Switch—Modular Switches Only To configure the frequency of sending backplane diagnostic packets on a BlackDiamond 8800. see the following sections: “Configuring Hardware Recovery—SummitStack and Summit Family ExtremeXOS Concepts Guide. Only polling is enabled. cseries. shows the polling setting and how ExtremeXOS handles faults. the system health checker tests the data link (BlackDiamond 8800 original-series modules) or the 10 Gbps links (BlackDiamond 8000 a-series.Using the System Health Checker ● BlackDiamond 8800 series switches—By default. use the following command: configure sys-health-check interval <interval> To configure the frequency of sending diagnostic packets on a BlackDiamond 20808 switch. BlackDiamond 8800 series switches—By default. and e-series modules) every 5 seconds for the specified slot. use the following command: configure sys-health-check packet interval <seconds> NOTE Extreme Networks does not recommend configuring an interval of less than the default interval. the system health checker discontinues sending diagnostic packets and returns the polling frequency to 60 seconds on the specified slot. the system health checker discontinues sending backplane diagnostic packets to the specified slot. For more information about the fault handling setting.

6 seconds is the default for sending backplane diagnostic packets. BlackDiamond 20808. 2 Configure backplane diagnostic packets to be sent every 7 seconds and update the polling rate to 7 seconds using the following command: configure sys-health-check interval 7 NOTE Extreme Networks does not recommend configuring an interval of less than 6 seconds. Software Version 12. BlackDiamond 12800. see the chapter “Commands for Status Monitoring and Statistics” in the ExtremeXOS Command Reference Guide.com.3 . the system health check setting appears as SysHealth check: Enabled (Normal): SysName: SysName: SysLocation: SysContact: System MAC: SysHealth check: Recovery Mode: System Watchdog: TechPubs Lab BD-8810Rack3 support@extremenetworks. Examples on the BlackDiamond 10808 and BlackDiamond 12800 Series Switches This section describes a series of two examples for: ● ● Enabling and configuring backplane diagnostics Disabling backplane diagnostics Enabling and Configuring Backplane diagnostics. and BlackDiamond 8800 series switches. For more detailed information about the system health check commands. +1 888 257 3000 00:04:96:1F:A2:60 Enabled (Normal) None Enabled System Health Check Examples: Diagnostics—Modular Switches Only This section provides examples for using the system health checker on BlackDiamond 10808. Doing this can cause excessive CPU utilization. The following example: ● ● ● Enables backplane diagnostic packets on slot 3 Modifies the polling interval from 60 seconds to 6 seconds Configures backplane diagnostic packets to be sent every 7 seconds and polling to occur every 7 seconds enable sys-health-check slot 3 1 Enable backplane diagnostic packets on slot 3 using the following command: When you enable backplane diagnostic packets on slot 3.Status Monitoring and Statistics Switches Only” on page 383 and “Configuring Module Recovery—Modular Switches Only” on page 386. In the following truncated output from a BlackDiamond 8810 switch. 380 ExtremeXOS Concepts Guide. the polling timer changes from its current default value of 60 seconds to 6 seconds.

Software Version 12. and the polling interval goes from 7 seconds to 70 seconds. The following example: ● ● Enables diagnostic packets on slot 3 Configures diagnostic packets to be sent every 7 seconds (default is 30 seconds) and polling to occur every 7 seconds (default is 20 seconds) Use the following procedure: 1 Enable diagnostic packets on slot 3 using the following command: enable sys-health-check slot 3 When you enable diagnostic packets on slot 3. Disabling Diagnostics. Doing this can cause excessive CPU utilization. To return to the "default" settings of sending diagnostic packets every 30 seconds (when enabled) use the following command: configure sys-health-check packet interval 30 ExtremeXOS Concepts Guide. To return to the "default" settings of sending backplane diagnostic packets every 6 seconds (when enabled) and polling the system every 60 seconds. Building upon the previous example.3 381 . the following example disables diagnostics on slot 3: disable sys-health-check slot 3 Diagnostic packets are no longer sent.Using the System Health Checker Disabling Backplane Diagnostics. the interval currently in effect does not change. Building upon the previous example. 2 Configure diagnostic packets to be sent every 7 seconds using the following command: configure sys-health-check packet interval 7 3 Configure the polling rate to 7 seconds using the following command: configure sys-health-check register-access interval 7 NOTE Extreme Networks does not recommend configuring an interval of less than the default interval. the following example disables backplane diagnostics on slot 3: disable sys-health-check slot 3 Backplane diagnostic packets are no longer sent. specify 6 for the interval using the following command: configure sys-health-check interval 6 Examples on the BlackDiamond 20808 Switch This section describes a series of two examples for: ● ● Enabling and configuring diagnostics Disabling diagnostics Enabling and Configuring diagnostics.

or I/O module to take action if a fault detection exception occurs. NOTE You configure MSM/MM and I/O module recovery only on BlackDiamond 10808. BlackDiamond 12800. the health checker sends the backplane diagnostics packets every 7 seconds.Status Monitoring and Statistics To return to the “default” settings of polling the system every 20 seconds. The next time you enable backplane diagnostic packets. configure the frequency of sending backplane diagnostic packets to 5 seconds using the following command: configure sys-health-check interval 5 Setting the System Recovery Level Depending on your switch model. To return to the "default" setting of 5 seconds. MSM/MM. 2 Configure backplane diagnostic packets to be sent every 7 seconds using the following command: configure sys-health-check interval 7 NOTE Extreme Networks does not recommend configuring an interval of less than 5 seconds. the following example disables backplane diagnostics on slot 3: disable sys-health-check slot 3 Backplane diagnostic packets are no longer sent. Software Version 12.3 . Disabling Backplane Diagnostics. and I/O modules. MSM/MM. and BlackDiamond 8800 series switches. the timer runs at the default rate of 5 seconds. Building upon the previous example. BlackDiamond 20808. Doing this can cause excessive CPU utilization. 382 ExtremeXOS Concepts Guide. use the following command: configure sys-health-check register-access interval 20 Example on the BlackDiamond 8800 Series Switch This section describes a series of two examples for: ● ● Enabling and configuring backplane diagnostics Disabling backplane diagnostics Enabling and Configuring Backplane Diagnostics. but the configured interval for sending backplane diagnostic packets remains at 7 seconds. The following example: ● ● Enables backplane diagnostic packets on slot 3 Configures backplane diagnostic packets to be sent every 7 seconds enable sys-health-check slot 3 1 Enable backplane diagnostic packets on slot 3 using the following command: When you enable backplane diagnostic packets on slot 3. The following sections describe how to set the software and hardware recovery levels on the switch. you can configure the switch.

● none—Configures the system to take no action if a software task exception occurs. including the software recovery level. which can cause unexpected switch behavior.3 383 . The system does not reboot. ExtremeXOS Concepts Guide. automatically reboot. The default setting is all. Extreme Networks strongly recommends using the default setting. using the following command: configure sys-recovery-level [all | none] Where the following is true: ● all—Configures ExtremeXOS to log an error to the syslog and automatically reboot the system after any software task exception. Displaying the Software Recovery Setting To display the software recovery setting on the switch. On a SummitStack. NOTE Use this parameter only under the guidance of Extreme Networks Technical Support personnel.com. or shut down if the switch detects a hardware fault. The following truncated output from a Summit X450 series switch displays the software recovery setting (displayed as Recovery Mode): SysName: SysLocation: SysContact: System MAC: Recovery Mode: System Watchdog: TechPubs Lab support@extremenetworks. the sys-recovery-level setting applies to all active nodes. +1 888 257 3000 00:04:96:1F:A4:0E All Enabled NOTE All platforms display the software recovery setting as Recovery Mode. Configuring Hardware Recovery—SummitStack and Summit Family Switches Only You can configure Summit family switches or SummitStack to take no action. use the following command: show switch This command displays general switch information. Software Version 12.Setting the System Recovery Level This section describes the following topics: ● ● ● Configuring Software Recovery on page 383 Configuring Hardware Recovery—SummitStack and Summit Family Switches Only on page 383 Configuring Module Recovery—Modular Switches Only on page 386 Configuring Software Recovery You can configure the system to either take no action or to automatically reboot the switch after a software task exception.

system reset. however. system reboot.3 . ● shutdown—Configures the switch to shut down upon detecting a hardware fault. All ports are taken offline in response to the reported errors. To view the system health check settings on the switch. error. For detailed information about this command.1 # When an exclamation point (!) appears in front of the command line prompt. The following is a sample shutdown message: Are you sure you want to shutdown on errors? (y/n) Enter y to confirm this action and configure the hardware recovery level. You can configure how ExtremeXOS handles a detected fault depending on the sys-recovery-level setting. system reset. and system shutdown messages to the syslog.Status Monitoring and Statistics To configure how the switch recovers from hardware problems on a stand-alone Summit family switch. To configure how ExtremeXOS handles faults. ExtremeXOS software logs ● fault. Software Version 12. use the following command: configure sys-recovery-level switch [none | reset | shutdown] To configure hardware recovery on a particular active node in the SummitStack. Enter n or press [Enter] to cancel this action. Messages Displayed at the Startup Screen If you configure the shutdown feature and a hardware error is detected. ExtremeXOS software logs fault and error messages to the syslog. See “Clearing the Shutdown State” on page 385 for more information. and system reboot messages to the syslog. the system displays an explanatory message on the startup screen. If the switch shuts down. The default setting is reset. it remains in this state across additional reboots or power cycles until you explicitly clear the shutdown state. ExtremeXOS logs fault. use the configure sys-health-check all level [normal | strict] command. The switch does not reboot or shut down. Use the "clear sys-recovery-level" command to restore all ports. it indicates that the entire stand-alone switch is shut down as a result of your hardware recovery configuration and a switch error. use the show switch command as described in “Displaying the System Health Check Setting—All Platforms” on page 379. use the following command: configure sys-recovery-level slot Where the following is true: ● none—Configures the switch to maintain its current state regardless of the detected fault. see the ExtremeXOS Command Reference Guide. 384 ExtremeXOS Concepts Guide. the switch prompts you to confirm this action. reset—Configures the switch to reboot upon detecting a hardware fault. the management port remains operational for debugging purposes only. The following truncated sample output shows the startup screen if a stand-alone switch is shut down as a result of the hardware recovery configuration: All switch ports have been shut down. error. Confirmation Messages Displayed If you configure the hardware recovery setting to either none (ignore) or shut down. ! SummitX450-24x.

+1 888 257 3000 00:04:96:1F:A5:71 All. To clear the shutdown state. If you keep the default behavior or return to reset.3 385 . use the following command: show switch If you change the hardware recovery setting from the default (reset) to either none (ignore) or shutdown.com. the output displays “Ignore” to indicate that no corrective actions will occur on the switch. “Shutdown” appears only if you configure the hardware recovery setting to shut down. ExtremeXOS Concepts Guide. the output only displays the software recovery mode. Ignore Enabled To see the output of "show switch" command for a particular node other than the master. If you configure the hardware recovery setting to none. The following is a sample confirmation message: Are you sure you want to clear sys-recovery-level? (y/n) Enter y to confirm this action and clear the shutdown state. the switch expands the Recovery Mode output to include a description of the hardware recovery mode. If you configure the hardware recovery setting to reset. the switch is operational. If you configure the hardware recovery setting to shut down. the output displays “Shutdown” to indicate that the switch will shut down if fault detection occurs. use the reboot command to bring the switch and ports back online. “Ignore” appears only if you configure the hardware recovery setting to none. use the command: clear sys-recovery-level slot <slot> The switch prompts you to confirm this action. and the switch enters the shutdown state. After you use the reboot command. the Recovery Mode output lists only the software recovery setting. you should log into that node and run the "show switch" command. Clearing the Shutdown State If you configure the switch to shut down upon detecting a hardware fault. The following truncated output from a Summit X450 series switch displays the software recovery and hardware recovery settings (displayed as Recovery Mode): SysName: SysLocation: SysContact: System MAC: Recovery Mode: System Watchdog: TechPubs Lab support@extremenetworks. Software Version 12. After you clear the shutdown state. you must explicitly clear the shutdown state and reboot for the switch to become functional.Setting the System Recovery Level Displaying the Hardware Recovery Setting To display the hardware recovery setting. use the following command: clear sys-recovery-level On a SummitStack. Enter n or press [Enter] to cancel this action.

After the maximum number of resets. or if dual MSMs/MMs are installed failover to the other MSM/MM if the switch detects a hardware fault. This enhanced level of recovery detects faults in the ASICs as well as packet buses. see “Module Recovery Actions—BlackDiamond 8800 Series Switches Only” on page 387. On BlackDiamond 8800 series switches. see the ExtremeXOS Command Reference Guide. and system reboot messages to the syslog. the switch does not reboot the module. ExtremeXOS logs fault and error messages to the syslog and notifies you that the errors are ignored. BlackDiamond 20808. The default setting is reset. ● reset—Configures the offending MSM/MM or I/O module to reset upon fault detection. This does not guarantee that the module remains operational. On BlackDiamond 10808.Status Monitoring and Statistics Configuring Module Recovery—Modular Switches Only You can configure the MSMs/MMs or I/O modules installed in BlackDiamond 10808. NOTE When the sys-recovery-level is set to none. however. an offending I/O module is reset a maximum of five times. ExtremeXOS logs fault. You can configure how ExtremeXOS handles a detected fault based on the configuration of the configure sys-recovery-level slot <slot_number> [none | reset | shutdown] command. 386 ExtremeXOS Concepts Guide. the MSMs/MMs remain operational for debugging purposes only. ExtremeXOS logs fault. automatically reset. or BlackDiamond 8800 series switches to take no action. The offending MSM/MM or I/O module is not reset. and BlackDiamond 20808 series switches. To view the system health check settings on the switch. and system shutdown messages to the syslog.3 . For more information. error. use the configure sys-health-check all level [normal | strict] command. error. Software Version 12. On the modules configured for shutdown. however. For detailed information about this command. Depending on your configuration. shutdown. use the following command: configure sys-recovery-level slot <slot_number> [none | reset | shutdown] Where the following is true: ● none—Configures the MSM/MM or I/O module to maintain its current state regardless of the detected fault. system reset. running msm-failover does not reboot the current MSM. BlackDiamond 12800. BlackDiamond 12800. system reset. the I/O module is permanently taken offline. all ports in the slot are taken offline in response to the reported errors. An offending MSM/MM is reset any number of times and is not permanently taken offline. system reboot. To configure module recovery. an offending I/O module is reset a maximum of three times. To configure how ExtremeXOS handles faults. the switch resets the offending MSM/MM or I/O module if a hardware fault detection occurs. ● shutdown—Configures the switch to shut down all slots/modules configured for shutdown upon fault detection. use the show switch command as described in “Displaying the System Health Check Setting—All Platforms” on page 379. take ports offline in response to errors.

The following is a sample shutdown message: Are you sure you want to shutdown on errors? (y/n) Enter y to confirm this action and configure the hardware recovery level. see “Clearing the Shutdown State” on page 392. ● ● Hardware—This indicates the hardware that you may have installed in your switch. the columns display the following information: ● Module Recovery Setting—This is the parameter used by the configure sys-recovery-level slot command to distinguish the module recovery behavior. the module is reset a maximum of five times before it is taken permanently offline. From left to right. If you configure one or more slots to shut down and the switch detects a hardware fault. the system displays an explanatory message on the startup screen. all ports in all of the configured shut down slots are taken offline in response to the reported errors.) The affected I/O module remains in the shutdown state across additional reboots or power cycles until you explicitly clear the shutdown state. if you configure a module recovery setting of reset for an I/O module. Software Version 12. Action Taken—This describes the action the hardware takes based on the module recovery setting. Understanding the Shut Down Recovery Mode You can configure the switch to shut down one or more I/O modules upon fault detection by specifying the shutdown option.1 # When an exclamation point (!) appears in front of the command line prompt. it indicates that one or more slots shut down as a result of your system recovery configuration and a switch error.3 387 . (MSMs/MMs are available for debugging purposes only. however. If a module enters the shutdown state. For more information about clearing the shutdown state. The following truncated sample output shows the startup screen if any of the slots in a modular switch are shut down as a result of the system recovery configuration: The I/O modules in the following slots are shut down: 1. Messages Displayed at the Startup Screen If you configure the shutdown feature and a hardware error is detected.Setting the System Recovery Level Confirmation Messages Displayed If you configure the hardware recovery setting to either none (ignore) or shutdown. Enter n or press [Enter] to cancel this action. the switch prompts you to confirm this action. the module actually reboots and the show slot command displays the state of the slot as Initialized. For example. Module Recovery Actions—BlackDiamond 8800 Series Switches Only Table 57 describes the actions module recovery takes based on your module recovery setting. the ports are shut down and taken offline.3 Use the "clear sys-recovery-level" command to restore I/O modules ! BD-8810. ExtremeXOS Concepts Guide.

I/O Module The I/O module remains powered on in its current state. After you clear the shutdown state. After you clear the shutdown state. “Clearing the Shutdown State” on page 392. BlackDiamond 12800 and BlackDiamond 20808 Series Switches Only Table 58 describes the actions module recovery takes based on your module recovery and software recovery settings. For more information see. the switch does not reboot the module. The switch sends error messages to the log and notifies you that the errors are ignored. For more information see. however. This does not guarantee that the module remains operational. however. When the module comes up. you must clear the shutdown state using the clear sys-recovery-level command for the MSM to become operational. Resets the MSM. 388 ExtremeXOS Concepts Guide. you must reset each affected I/O module or reboot the switch. Dual MSM The MSM remains powered on in its current state. “Clearing the Shutdown State” on page 392. Dual MSM The MSMs are available for debugging purposes only (the I/O ports also go down). however. I/O Module Reboots the I/O module. Resets the primary MSM and fails over to the backup MSM. reset Single MSM Dual MSM I/O Module shutdown Single MSM The MSM is available for debugging purposes only (the I/O ports also go down). This does not guarantee that the module remains operational. however. For example. Hardware Action Taken Module Recovery Actions—BlackDiamond 10808. the switch does not reboot the module. the I/O module is permanently taken offline. you must reboot the switch. you must clear the shutdown state using the clear sys-recovery-level command for the MSM to become operational. you must reboot the switch. This does not guarantee that the module remains operational. Resets the I/O module a maximum of five times. the module is reset a maximum of three times before it is taken permanently offline. “Clearing the Shutdown State” on page 392. For more information see. the switch does not reboot the module. Software Version 12. After you clear the shutdown state. if you configure a module recovery setting of reset and a system recovery setting of all for an I/O module.3 .Status Monitoring and Statistics Table 57: Module Recovery Actions for the BlackDiamond 8800 Series Switches Module Recovery Setting none Single MSM The MSM remains powered on in its current state. however. the ports remain inactive because you must clear the shutdown state using the clear sys-recovery-level command for the I/O module to become operational. After the fifth time.

Setting the System Recovery Level From left to right. BlackDiamond 12800 Series Switches. and the BlackDiamond 20808 Switch Module Recovery Setting reset System Recovery Setting all Single MSM/MM Dual MSM/MM I/O Module Resets the MSM/MM. After you clear the shutdown state. After the third time. Resets the MSM/MM. After you clear the shutdown state. Resets the I/O module a maximum of three times. you must clear the shutdown state using the clear sysrecovery-level command for the MSM/ MM to become operational. Hardware—This lists the hardware that you may have installed in your switch Action Taken—This describes the action the hardware takes based on the module recovery and software recovery settings. you must clear the shutdown state using the clear sysrecovery-level command for the MSM/ MM to become operational. however. Resets the primary MSM and fails over to the backup MSM/MM. The MSM/MM is available for debugging purposes only. “Clearing the Shutdown State” on page 392.3 389 . For more information see. Fails over to the backup MSM/MM. Resets the I/O module. the columns display the following information: ● Module Recovery Setting—This is the parameter used by the configure sys-recovery-level slot command to distinguish the module recovery behavior. Hardware Action Taken reset none Single MSM/MM Dual MSM/MM I/O Module shutdown all Single MSM/MM ExtremeXOS Concepts Guide. Dual MSM/MM The MSMs/MMs are available for debugging purposes only. however. For more information see. the I/O module is permanently taken offline. Software Version 12. you must reboot the switch. ● ● Table 58: Module Recovery Actions for the BlackDiamond 10808 Switch. you must reboot the switch. “Clearing the Shutdown State” on page 392. ● System Recovery Setting—This is the parameter used by the configure sys-health-check packet interval command to distinguish the software recovery behavior.

If you configure the module recovery setting to shut down. “Clearing the Shutdown State” on page 392. When the module comes up. The “E” flag appears only if you configure the module recovery setting to shut down. you must reset each affected I/O module or reboot the switch. After you clear the shutdown state. If you configure the module recovery setting to none. all of the configured slots enter the shutdown state and remain in that state until explicitly cleared. After you clear the shutdown state. “Clearing the Shutdown State” on page 392. Displaying the Module Recovery Setting To display the module recovery setting. For more information see. and the BlackDiamond 20808 Switch (Continued) Module Recovery Setting System Recovery Setting Hardware I/O Module Action Taken Reboots the I/O module. the ports remain inactive because you must clear the shutdown state using the clear sys-recovery-level command for the I/O module to become operational. Reboots the I/O module. 390 ExtremeXOS Concepts Guide. For more information see. shutdown none Single MSM/MM Dual MSM/MM I/O Module The MSM/MM is available for debugging purposes only.3 . you must reset each affected I/O module or reboot the switch. The “e” flag appears only if you configure the module recovery setting to none.Status Monitoring and Statistics Table 58: Module Recovery Actions for the BlackDiamond 10808 Switch. the ports remain inactive because you must clear the shutdown state using the clear sys-recovery-level command for the I/O module to become operational. use the following command: show slot The show slot output includes the shutdown configuration. BlackDiamond 12800 Series Switches. the output displays an “E” flag that indicates any errors detected on the slot disables all ports on the slot. the output displays an “e” flag that indicates no corrective actions will occur for the specified MSM/MM or I/O module. The MSMs/MMs are available for debugging purposes only. When the module comes up. Software Version 12. NOTE If you configure one or more slots for shut down and the switch detects a hardware fault on one of those slots.

the output displays an “e” flag that indicates no corrective actions will occur for the specified MSM/MM or I/O module.Slot Secured Insufficient Power (refer to "show power budget") Errors on slot will be ignored (no corrective action initiated) Errors on slot will disable all ports on slot NOTE In ExtremeXOS 11. Displaying Detailed Module Recovery Information To display the module recovery setting for a specific port on a module.4 v1150b4 G48Pe 48 Shutdown Flags : M . S .3 391 . The “e” flag appears only if you configure the module recovery setting to none. Software Version 12.0. including the current recovery mode.5. if you configure the module recovery setting to none.4 and earlier. In this example.Setting the System Recovery Level The following sample output displays the module recovery action. The following truncated output displays the module recovery setting (displayed as Recovery Mode) for the specified slot: Slot-10 information: State: Download %: Flags: Restart count: Serial number: Hw Module Type: SW Version: SW Build: Configured Type: Ports available: Recovery Mode: Operational 100 MB S E 0 (limit 5) 800158-00-01 06014-00022 G48Pe 11. notice the flags identified for slot 10: Slots Type Configured State Ports Flags ------------------------------------------------------------------------------Slot-1 G48P G48P Operational 48 MB S Slot-2 G24X G24X Operational 24 MB S Slot-3 G48T G48T Operational 48 MB S Slot-4 Empty 0 Slot-5 G8X G8X Operational 8 MB S Slot-6 G8X G8X Operational 8 MB S Slot-7 Empty 0 Slot-8 G48Te G48Te Operational 48 MB S Slot-9 G48Ta Operational 48 MB S Slot-10 G48Pe G48Pe Operational 48 MB S E MSM-A MSM-G8X Operational 0 S MSM-B MSM-G8X Operational 0 S Flags : M B D I e E Backplane link