Arista Essentials

Multi-Switch CLI
Multi-Switch CLI Concepts
Multi-Switch CLI
• Single point of administration, monitoring and management across Arista Network infrastructure
• XMPP (RFC 3920, 3921) standard-based
• Enables CLI commands to be sent participating switch or group of switches
• Manage your network with XMMP client running in your mobile device of computer

XMPP
• Architecture is known to scale well (10,000+ switches)
• Authentication from XMPP
• Authorization from local switch or external AAA (Radius or TACACS+)
• SSL/TLS is supported to encrypt connection
• Every command and response are logged
• Real-time and Free!
Multi-Switch CLI Concepts
Switch Groups
• can be based on functions, models or locations
• Task can be based on information gathering – EOS version, MAC, IP, LLDP neighbors
• Task can be based on troubleshooting – correlate events across multiple switches
• Task can be based on Configuration – QoS, ACL, VLANs, force to ZTP etc

Requirements
• Ejabberd or any XMPP server.
• Multiple XMPP servers can be set up in active-active mode for redundancy
• EOS version is pre 4.12.3, required to install CloudVision.swix
• EOS version is post 4.12.3, no swix required
Multi-Switch CLI Operations
Authentication Authorization and Accounting (AAA)
1. The domain of the incoming message is checked if it belongs to the same domain
2. Messages from outside domain are not accepted and result in the switch error message back to the user
3. The incoming command messages are executed on the switch with a default privilege level of 1 or whatever the
session privilege configuration is set to. If no AAA is configured and the switch is configured to connect to the XMPP
client, any message received is executed with privilege level 1 by default.
4. If integrated with AAA, the user id is stripped from the request (leaf-01@zurien.com) will result in a lookup of user
(leaf-01) and the AAA agent of the switch is consulted in order to obtain the user's privilege level and role
5. If the user doesn't exist locally or remotely (when group "tacacs" or "radius" is used), the command fails authorization.
If the user does exist (for group "local", via the "username" command), their XMPP session is authorized.
6. The local user and group information is obtained as configured, and the XMPP agent switches to that User ID/Group ID
for the duration of the user's command(s).
Multi-Switch CLI Configuration
a518 5d47 39cc 7294
10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4

Leaf-01 Leaf-02 Leaf-03 Leaf-04

all@conference.zurien.com

e1 e2 e3 e4

Management
e20
Linux Host
XMPP Server XMPP Server Configuration

zuiren.com
Domain

leaf-01 / Arista
Username / Passwords leaf-02 / Arista
10.0.0.100 leaf-03 / Arista
leaf-04 / Arista
Multi-Switch CLI Configuration
Connecting to XMPP Server
Leaf-01(config)#management xmpp
Leaf-01(config-mgmt-xmpp)#no shut
Leaf-01(config-mgmt-xmpp)#server 10.0.0.100
Leaf-01(config-mgmt-xmpp)#domain zurien.com
Leaf-01(config-mgmt-xmpp)#user leaf-01 password Arista
Leaf-01(config-mgmt-xmpp)#exit

Joining a Group
Leaf-01(config)#management xmpp
Leaf-01(config-mgmt-xmpp)#switch-group all@conference.zurien.com password Arista
Leaf-01(config-mgmt-xmpp)#exit
Multi-Switch CLI Configuration
Add Session privilege
Leaf-01(config)#management xmpp
Leaf-01(config-mgmt-xmpp)#session privilege 15
Leaf-01(config-mgmt-xmpp)#exit

To view other switches connection to XMPP server

Leaf-01(config)#show xmpp neighbors
Neighbor State Time Since Last Change
------------------------------ --------------- -------------------------
leaf-02@zurien.com present 5 days, 17:08:30 ago
leaf-03@zurien.com present 5 days, 17:08:30 ago
leaf-04@zurien.com present 5 days, 17:08:30 ago

To verify group configuration

Leaf-01(config)#show xmpp switch-group
all@conference.zurien.com
Multi-Switch CLI Configuration
To interact directly to a switch via XMPP
Leaf-01#xmpp session leaf-02@zurien.com
xmpp-leaf-02#sh run | grep hostname
response from: leaf-02@zurien.com
--------------------------------------------------

hostname leaf-02
xmpp-leaf-02#

To interact directly to a group switch via XMPP

Leaf-01#xmpp session all@conference.zurien.com
xmpp-odd#sh ver | grep -i software
response from: leaf-02@zurien.com
--------------------------------------------------
Software image version: 4.22.6M
response from: leaf-03@zurien.com
--------------------------------------------------
Software image version: 4.22.6M
response from: leaf-04@zurien.com
--------------------------------------------------
Software image version: 4.22.6M
<snip>
Multi-Switch CLI Configuration
To verify connection with XMPP Server
Leaf-01(config)# show xmpp status

To view other switches connection to XMPP server

Leaf-01(config)# show xmpp neighbors

To verify group configuration

Leaf-01(config)# show xmpp switch-group

To send XMPP command to a group of switch

Leaf-01# xmpp send all@conference.zurien.com command show version

To send XMPP command to a single switch

Leaf-01# xmpp send leaf-02@zurien.com command show version

To interact directly to a switch via XMPP

Leaf-01# xmpp session leaf-03@zurien.com

To interact directly to a group switch via XMPP

Leaf-01# xmpp session all@conference.class