Professional Documents
Culture Documents
(ACE)
Version 2.1.1
Lab Guide
Arista Configuration Essentials Lab Guide - 2.1.1
Table of Contents
1 Lab Overview ......................................................................................................... 2
2 Accessing the Lab ................................................................................................... 4
3 CLI & BASH ............................................................................................................. 7
4 Aboot ................................................................................................................... 10
5 Upgrade EOS ........................................................................................................ 18
6 EOS Architecture .................................................................................................. 21
7 Zero Touch Provisioning (ZTP) .............................................................................. 26
8 Multi-Switch CLI ................................................................................................... 32
9 Multi-Chassis LAG (MLAG) .................................................................................... 39
10 BGP Equal Cost Mult-Pathing (ECMP) ................................................................. 49
11 Virtual Extensible LAN (VXLAN) Bridging ............................................................. 57
12 Advanced Event Manager (AEM) ........................................................................ 65
Cli Scheduler .............................................................................................................................................................. 65
Event Handler ............................................................................................................................................................ 67
Event Monitor ............................................................................................................................................................ 70
13 Latency Analyzer (LANZ) ..................................................................................... 72
14 VM Tracer .......................................................................................................... 76
15 Advanced Mirroring ........................................................................................... 83
16 Tap Aggregation ................................................................................................. 92
17 Extensible API (eAPI) ........................................................................................ 109
eAPI Prep (Optional) ............................................................................................................................................. 109
eAPI Lab .................................................................................................................................................................... 111
18 Appendix A: BGP Route Selection Decision Process .......................................... 115
19 Appendix B: Answers to Lab Questions ............................................................. 116
1 Lab Overview
Lab Rules:
NOTE: Configuration management for the lab is controlled through a mix of ZTP, eAPI,
Python, and Perl, scripting, all of which relies on the following configurations to
function:
The lab is constructed such that every pair of switches is connected to the spine switches
in the following fashion:
Each pair is comprised of two switches, starting with the odd-numbered switch. In other
words, the MLAG pairs are as follows:
Step 1
Using your favorite SSH client, SSH to the Linux Lab Server (FQDN provided by
instructor)
NOTE: The SSH examples below show direct ssh connection using command-line, but
programs such as Putty, Secure-CRT, etc. all work fine. They may, however, require
more setup. In addition, all examples use “alab.arista.com,” but your lab rack may be
different. Check with your instructor.
$ ssh st01@alab.arista.com
st01@alab.arista.com's password:
+---------------------------------------+
| Device: A-Lab Linux Host |
| |
| Purpose: Training Class Lab |
| Owner: Training Department |
| Email: training-team@arista.com |
+---------------------------------------+
+--------------------------------------------------------------------+
|To connect to your switch, type the switch name. |
|To connect to the console of your switch, type console switchname. |
| |
|Examples: |
| |
| student-05 # SSH to student-05 as admin |
| console student-05 # Telnet to the console of student-05 |
+--------------------------------------------------------------------+
Step 2
To log out from the Linux Lab Server, simply type “exit”.
st01@ALab-Linux:~$ exit
logout
Connection to alab.arista.com closed.
$
Step 1
For SSH access to your switch from the Linux Lab Server, type “student-xx” (xx
represents your student number).
st01@ALab-Linux:~$ student-01
Warning: Permanently added 'student-01,10.0.0.1' (RSA) to the list of
known hosts.
+---------------------------------------+
| Switch: Student-01 |
| |
| Purpose: Training Lab A (alab) |
| Owner: Training Dept. |
| Email: training-team@arista.com |
+---------------------------------------+
Last login: Fri Aug 22 13:48:46 2014 from 10.0.0.100
Student-01>enable
Student-01#
Step 2
To log out from your switch, simply type “exit”.
Student-01#exit
Connection to student-01 closed.
st01@ALab-Linux:~$
Step 1
From the Linux Lab Server, type “console student-xx”.
Step 2
If/When you are prompted for a username, type “admin” (no quotes) and press enter.
NOTE: You may have to press enter more than once to get a prompt. Also, there will be a
delay when connecting to the console.
Step 3
Once connected, type “enable” to enter enable mode. To disconnect from the console,
press control -], then type quit.
.----------------------------------------------.
| |
| To disconnect, hit control-], then type quit |
| |
'----------------------------------------------'
Trying 10.255.255.200...
Connected to 10.255.255.200.
Escape character is '^]'.
+---------------------------------------+
| Switch: Student-01 |
| |
| Purpose: Training Lab A (alab) |
| Owner: Training Dept. |
| Email: training-team@arista.com |
+---------------------------------------+
Student-01 login: admin
Last login: Tue Aug 19 19:57:33 on ttyS0
Student-01>enable
Student-01#
telnet> quit
Connection closed.
st01@ALab-Linux:~$
End of lab
Step 1
Execute the following CLI commands on your switch to familiarize yourself with the
config.
Show run
Show lldp neighbors
Show interfaces status connected
Show ip route
Step 2
Explore the aliases
Step 3
Feel free to run other various commands you may be familiar with from other platforms.
TASK 2: Enter BASH and get familiar with the file structure.
Step 1
Enter bash on your switch- Type “bash”. To exit bash type “exit”.
Student-05#bash
[admin@Student-05 ~]$
Step 2
Show the interfaces on the switch using the “ifconfig –a” command.
<output omitted>
Step 3
Issue the “top” command. Inspect the output including items such as the load average,
% CPU and % MEM for processes, etc. Break out of top by typing “control-c”.
<output omitted>
Step 4
Change to the flash directory. Type ”cd /mnt/flash”.
Step 5
From /mnt/flash, show the contents of the boot-config file using the “cat boot-config”.
Questions:
1.) What version of EOS will be used when the switch is booted?
End of lab
4 Aboot
Lab Objectives:
WARNING: If you do a fullrecover on your switch, the switch will default to the base
configuration after ZTP requests a config. You will lose anything you have saved
since the beginning of the lab. You will also default to a very old version of EOS,
which you should then upgrade. This is why Aboot is covered so early in the lab.
NOTE: Reboot time for the switches is about three minutes. ZTP requires two
reboots, so count on about six minutes when triggering a ZTP reload.
Step 1
View the boot-config settings using the “show boot-config” command.
Student-05#show boot-config
Software image: flash:/EOS-4.12.5.swi
Console speed: (not set)
Aboot password (encrypted): (not set)
Memory test iterations: (not set)
Step 2
Using the CLI, change the following settings in the boot-config.
secret: Arista
console speed: 9600
Student-05#conf
Student-05(config)#boot secret Arista
Student-05(config)#boot console speed 9600
Student-05(config)#exit
Student-05#
Step 3
View the boot-config settings using the “show boot-config” command.
Student-05#show boot-config
Software image: flash:/EOS-4.12.5.swi
Questions:
Step 1
Connect to your switch on the console using the terminal server. For help, see section
“Connecting to the Lab.”
Step 2
Reboot the switch from the console using the “reload" command.
NOTE: If you are warned that the system configuration has been modified, type “yes” to
save.
Student-05#reload
Proceed with reload? [confirm]
Broadcast message from root@Student-05
(unknown) at 1:15 ...
<output omitted>
Step 3
Watch the terminal as the switch boots. When prompted to enter Aboot, do this by
pressing “Control-C” to enter Aboot.
Aboot# reboot
Requesting syst[ 569.546793] Restarting system.
Arista Networks Inc...
Aboot 2.0.9-1287509
Step 4
Enter the Aboot password you configured in the earler step.
Aboot password:
Welcome to Aboot.
Aboot#
Step 5
Type “help” for a list of commonly used Aboot commands.
Aboot# help
Aboot#
Step 6
Issue the following commands:
cd /mnt/flash
ls EOS*
NOTE: The contents of the flash on your switch may not match the example exactly.
Aboot# cd /mnt/flash
Aboot# ls EOS*
EOS-4.12.1.swi EOS-4.12.5.swi
Aboot#
Step 7
From the list of EOS .swi files, pick one and use the “swiiinfo” command.
BLESSED=1
BUILD_DATE=20130601T155202Z
BUILD_HOST=local1754-224.sjc.aristanetworks.com
SERIALNUM=688851f9-4aac-4f78-81ca-69a8114f172a
SWI_RELEASE=1275950.EOS4121
SWI_VERSION=4.12.1
Step 8
Get a feel for the Aboot busybox shell by looking at some files. Suggestions for
commands to try:
ls
more startup-config
cat boot-config
NOTE: The contents of the flash on your switch may not match the example exactly.
Aboot# ls
EOS-4.12.1.swi boot-config persist startup-config
EOS-4.12.5.swi debug schedule zerotouch-config
!
<output omitted>
Step 1
Edit the boot-config file using VI.
Aboot# vi boot-config
Step 2
Change the Aboot password. On the line that begins with PASSWORD=, change the
password to something invalid. Save and exit by typing “esc”, “:”, “wq”.
CONSOLESPEED=9600
PASSWORD=#!
SWI=flash:/EOS-4.12.5.swi
~
~
~
~
Aboot#
Step 1
Reboot the switch.
Aboot# reboot
Requesting syst[ 569.546793] Restarting system.
Arista Networks Inc...
Step 2
When the switch gets to the "Press control-C to enter Aboot" stage, press “control-c” and
enter the password.
Aboot 2.0.9-1287509
Step 3
After the password fails three times, you should get the following message:
“Type "fullrecover" and press Enter to revert /mnt/flash to factory default state, or just
press Enter to reboot:”
NOTE: The switch will still boot fine with a bad Aboot password - you just cannot enter
Aboot.
NOTE: If the terminal server injects noise into the line, this may cause the switch to
reboot. If that happens, just hit control-c at the prompt and start again.
^CAboot password:
incorrect password
Aboot password:
incorrect password
Aboot password:
incorrect password
Type "fullrecover" and press Enter to revert /mnt/flash to factory
default
state, or just press Enter to reboot:
Step 1
Type “fullrecover”. You should then get this prompt:
Step 2
Type “yes” when you get the prompt “All data on/mnt/flash will be erased…”
Step 3
Watch the switch reload.
TASK 5: Boot the switch using the default factory EOS version.
Step 1
Re-enter Aboot.
Aboot 2.0.9-1287509
Step 2
Boot the factory default image.
NOTE: your version may differ than the example. Boot whatever version is on flash after
the fullrecover (there will only be one).
HINT: If you type ‘boot” then type ‘E + tab’ it will tab complete the version on flash.
NOTE: When the switch boots up, it will be in ZTP mode, let the switch reload one more
time.
Questions:
3.) What EOS version did your switch have after the fullrecover? Ask your partner what
is the version they have after the fullrecover.
4.) Why didn’t you have to enter an Aboot password after the fullrecover?
5.) In this lab, ZTP loads a configuration from the webserver (We'll see this in detail
when we study ZTP). What would be the result if ZTP/DHCP/etc. was not configured?
End of lab
5 Upgrade EOS
Lab Objectives:
NOTE: The fullrecover from the previous Task caused your switch to load the factory
default version of code. The system needs to be upgraded to perform the remaining lab
activities.
Step 1
Copy EOS-4.15.5M.swi from the lab management linux server (10.0.0.100) to your
switch.
Step 2
Verify image is in /mnt/flash.
Student-05#dir flash:
Directory of flash:/
Step 1
Configure the boot config file to point to the new EOS image file.
Step 2
Verify boot-config settings.
Student-05(config)#show boot-config
Software image: flash:/ EOS-4.15.5M.swi
Console speed: (not set)
Aboot password (encrypted): (not set)
Student-05(config)#
Step 3
Reboot the switch.
NOTE: If you are warned that the system configuration has been modified, type “yes” to
save.
Student-05(config)#reload
Proceed with reload? [confirm]
Broadcast message from root@Student-05
(unknown) at 1:48 ...
Restarting system ..
Step 4
Verify system is running on new image.
Student-05#sh ver
Arista DCS-7150S-24-CL-F
Hardware version: 02.00
Serial number: JPE13451306
System MAC address: 001c.7340.4a79
Uptime: 2 minutes
Total memory: 4017088 kB
Free memory: 1654460 kB
Student-05#
Questions
1.) What other ways could you have verified the new EOS image file was successfully
copied to flash?
2.) How else could you have verified the boot-config settings?
End of lab
6 EOS Architecture
Lab Objectives:
• Interact with switch CLI while in BASH
• Demonstrate the functionality of the native Linux kernel using linux tools and
syntax
• Demonstrate stateful fault repair through killing processes and observing them
come back up
NOTE: Many of the things we're doing in this section should NOT be done on production
switches.
TASK 1: Perform some more sophisticated tasks within the BASH shell.
Step 1
Enter bash on your switch.
Student-05#bash
[admin@Student-05 ~]$
Step 2
Using the CLI command, from bash, issue the CLI command “show interface status”.
Step 3
Using the “FastCLI” command, from bash, issue the CLI command show interface status.
Step 4
Issue the same command and redirect the output to a file named “show_int_stat.txt”.
Questions
1.) What is the difference between using Cli and FastCli from the bash shell?
Step 5
Verify your file was created.
[admin@Student-05 ~]$ ls
sh_int_stat.txt
Task 2: View the system processes and demonstrate stateful fault repair.
Step 1
Issue the “pstree” command to get a visual representation of the agents running on the
switch. Note the processes running under the ProcMgr process.
Step 2
Using the “ps” command to fine the process IDs for the following processes:
Copywrite 2012-2016 Arista Networks
No duplication without written consent - Prepared for HPE Trainers 1-31-17 Page 22
Arista Configuration Essentials Lab Guide - 2.1.1
Questions
Arp: ________________
Stp: _________________
Lldp: ________________
Sysdb: _____________
Step 3
From bash, kill the process named “Lldp”.
NOTE: Kill the PID that has this in the output “-d -i --dlopen -p -f -l”.
Step 4
Find the process number for the “Lldp” process again.
Questions
Step 5
Try out some other CLI commands from from the lecture.
End of lab
In this activity you will explore the behavior of Zero Touch Provisioning (ZTP)
including:
• Canceling ZTP
Disabling ZTP
• Enabling ZTP
• Performing ZTP on your lab switch.
Task 1: Force your switch to boot into ZTP mode and cancel ZTP.
Step 1
Connect to your switch on the console using the terminal server. For help, see section
“Connecting to the Lab.”
Step 2
Delete the startup configuration.
Student-05#wr erase
Proceed with erasing startup configuration? [confirm]
Student-05#
Questions
Step 3
Reload the switch. Type “no” when prompted to save the configuration.
Student-05#reload
System configuration has been modified. Save? [yes/no/cancel/diff]:no
Proceed with reload? [confirm]
Broadcast message from root@Student-05
(unknown) at 0:28 ...
<output omitted>
Step 4
When your switch boots, login using the “admin” user (be quick!).
<output omitted>
Step 5
Cancel ZTP using the “zerotouch cancel” command.
NOTE: Because ZTP will succeed (i.e. there is a DHCP server configured to reply) you
need to be quick with the zerotouch cancel command!
localhost>enable
localhost#zerotouch cancel
localhost#Mar 15 00:31:25 localhost ZeroTouch: %ZTP-5-INIT: No startup-
config found, starting Zero Touch Provisioning
Mar 15 00:31:31 localhost ZeroTouch: %ZTP-5-CANCEL: Cancelling Zero
Touch Provisioning
Mar 15 00:31:31 localhost ZeroTouch: %ZTP-5-RELOAD: Rebooting the
system
<output omitted>
Step 6
When the switch boots up, login again using the default “admin” username.
Questions
4.) What would happen if you rebooted the switch right now without saving the running-
config?
Step 1
Check the contents of the “zerotouch-config” file before disabling ZTP.
Step 2
Disable ZTP using the “zerotouch disable” command.
localhost#zerotouch disable
Step 3
Check the contents of the “zerotouch-config” file after disabling ZTP.
Questions
5.) What does disabling ZTP do? What would happen if you rebooted the switch now?
NOTE: Disabling ZTP normally causes a reboot also, but since the “zerotouch cancel”
command was already used, it did not reboot this time.
Step 1
Enable ZTP again.
localhost#bash
Questions:
Step 2
Reload the switch. Type “no” when prompted to save the configuration.
localhost#reload
System configuration has been modified. Save? [yes/no/cancel/diff]:no
Proceed with reload? [confirm]
Broadcast message from root@Student-05
(unknown) at 0:28 ...
<output omitted>
Step 3
Observe your switch performing ZTP.
<output omitted>
NOTE: Your switch will reboot once more during the ZTP process. Please do not
interrupt this process.
Step 4
Verify your switch has a config.
NOTE: If you do not have a running-config then something went wrong. If you are
having issues, delete the startup-config and zerotouch-config file on flash and reload
again. Also, check the ZTP log messages for errors.
WARNING: You will need the ZTP provided config to complete the remaining labs. If it
didn’t work, consult your lab partner or the instructor.
End of lab
8 Multi-Switch CLI
Lab Objectives:
• Configure and observe Multi-Switch CLI operation.
• Send XMPP to a single switch
• Join XMPP groups and send XMPP messages to all switches in a group
• Use Multi-Switch CLI to gather important information from the network.
TASK 1: Configure Multi-Switch CLI and verify connectivity with XMPP server.
Step 1
Configure your switch with the basic XMPP parameters as follows:
Server: 10.0.0.100
User: student-xx (where xx is your switch number [two digits])
NOTE: usernames in xmpp are all lowercase.
Password: Arista
Domain: class.com
Student-01#conf
Student-01(config)#management xmpp
Student-01(config-mgmt-xmpp)#no shut
Student-01(config-mgmt-xmpp)#server 10.0.0.100
Student-01(config-mgmt-xmpp)#domain class.com
Student-01(config-mgmt-xmpp)#user student-01 password Arista
Student-01(config-mgmt-xmpp)#exit
Student-01(config)#
NOTE: You need to exit XMPP config mode for the changes to take effect
Step 2
Verify connectivity to the XMPP server using the “show xmpp status command”.
HINT: If you think everything is configured correctly and you cannot get a connection,
issue a shut command within management xmpp, exit, then issue a no shut command
within management xmpp and exit again. This usually resolves any issues, assuming
correct configuration. See below for exact commands.
management xmpp
shut
exit
management xmpp
no shut
exit
Step 1
Using the “show xmpp neighbors” command, verify what other switches are connected to
the XMPP server.
Step 2
Send a “show version” command to an XMPP neighbor using the “xmpp send student-xx
command show version” (where the xx is the student number of an xmpp neighbor).
Arista DCS-7150S-24-F
Hardware version: 01.02
Serial number: JPE13160943
System MAC address: 001c.732a.e5c2
Uptime: 9 minutes
Total memory: 4017088 kB
Step 1a
If your switch number is an odd number, add your switch to the group named “odd”.
Student-01#conf
Student-01(config)#management xmpp
Student-01(config-mgmt-xmpp)#switch-group odd password Arista
Student-01(config-mgmt-xmpp)#exit
Student-01(config)#
Step 1b
If your switch number is an even number, add your switch to the group named “even”.
Student-02#conf
Student-02(config)#management xmpp
Student-02(config-mgmt-xmpp)#switch-group even password Arista
Student-02(config-mgmt-xmpp)#exit
Student-02(config)#
Step 1
Send the “show version | grep Software” command to the odd OR even group, depending
what group you joined.
Student-02#
TASK 4: Add your switch to the “all” group. Both odd and even switches should
join this group.
Student-01#conf
Student-01(config)#management xmpp
Student-01(config-mgmt-xmpp)#switch-group all password Arista
Student-01(config-mgmt-xmpp)#exit
Student-01(config)#
TASK 5: Use XMPP to discover some useful information within the network
Step 1
Construct an xmpp message to the all group to determine if there are errors on any
student switch uplinks.
<output omitted>
Questions
Step 2
Construct an xmpp message to the all group to determine what switch has the IP address
10.0.0.102.
Example
ip address 10.0.0.102/24
<output omitted>
Questions
Step 3
Construct an xmpp message to the all group to determine which other student switches
recently connected to the xmpp server.
Example:
<output omitted>
Questions
3.) Are other switches connected? If so, what is the timestamp on the first switch that
responded?
TASK 6: Initiate an XMPP session with your lab partner’s switch and run a few
commands.
Copywrite 2012-2016 Arista Networks
No duplication without written consent - Prepared for HPE Trainers 1-31-17 Page 37
Arista Configuration Essentials Lab Guide - 2.1.1
Step1
Use the command “xmpp session student-xx@class.com” where xx is your lab partner’s
student number to initiate an xmpp session to your lab partners switch.
Step 2
With your XMPP session open on your lab partner’s switch, run a few commands.
NOTE: Feel free to experiment - issue any commands that you'd like so long as they are
non-invasive. Do not mess with other student's switches without their permission.
WARNING: YES - the reload now command will work. NO - you should no do that here.
If you and your partner (mlag peer-link) would like t experiment with this, feel free, so
long as you both agree. Write your configs first!
Step 3
Type “exit” to return to your switch’s CLI.
xmpp-student-02#exit
Student-01#
End of lab
Diagram:
NOTE: All switches use the same MLAG and port-channel numbers:
1000 - MLAG peer-link
999 - MLAG uplink to Spine 1&2
Step 1
Configure the port channel/trunk for your peerlink.
Student-05(config)#interface ethernet23-24
Student-05(config-if-Et23-24)#channel-group 1000 mode active
Student-05(config-if-Et23-24)#interface port-channel 1000
Student-05(config-if-Po1000)#switchport mode trunk
Student-05(config-if-Po1000)#exit
Student-05(config)#
Step 2
Configure a VLAN and trunk group used for MLAG peer communications.
Student-05(config)#vlan 4094
Student-05(config-vlan-4094)#trunk group mlagpeer
Student-05(config-vlan-4094)#exit
Student-05(config)#
Step 3
Assign the port channel to the trunk group.
Student-05(config)#int po1000
Student-05(config-if-Po1000)#switchport trunk group mlagpeer
Student-05(config-if-Po1000)#exit
Student-05(config)#
Step 4
Disable spanning-tree on the VLAN used for the MLAG peer.
Step 5
Configure the SVI for peer-to-peer communication according to the chart below.
Switch IP Address
Student-01 10.100.100.1/30
Student-02 10.100.100.2/30
Student-03 10.100.100.5/30
Student-04 10.100.100.6/30
Student-05 10.100.100.9/30
Student-06 10.100.100.10/30
Student-07 10.100.100.13/30
Student-08 10.100.100.14/30
Student-09 10.100.100.17/30
Student-10 10.100.100.18/30
Student-11 10.100.100.21/30
Student-12 10.100.100.22/30
Student-13 10.100.100.25/30
Student-14 10.100.100.26/30
Student-15 10.100.100.29/30
Student-16 10.100.100.30/30
Student-17 10.100.100.33/30
Student-18 10.100.100.34/30
Student-19 10.100.100.37/30
Student-20 10.100.100.38/30
Example for odd numbered “switch-05” (see chart above for your switch’s IP):
Example for even numbered “switch-06” (see chart above for your switch’s IP):
Step 6
Configure local interface and peer address.
Example for odd numbered “switch-05” (see chart above for your switch’s IP):
Student-05(config)#mlag configuration
Student-05(config-mlag)#local-interface vlan 4094
Student-05(config-mlag)#peer-address 10.100.100.10
Example for even numbered “switch-06” (see chart above for your switch’s IP):
Student-06(config)#mlag configuration
Student-06(config-mlag)#local-interface vlan 4094
Student-06(config-mlag)#peer-address 10.100.100.9
Step 7
Configure the domain-id, peer-link & reload-delay on BOTH switches
Student-05(config-mlag)#domain-id mlagDomain
Student-05(config-mlag)#peer-link port-channel 1000
Student-05(config-mlag)#exit
Student-05(config)#
Student-06(config-mlag)#domain-id mlagDomain
Student-06(config-mlag)#peer-link port-channel 1000
Student-06(config-mlag)#exit
Student-06(config)#
Step 8
Configure the MLAG interface (upstream interface to spine) on BOTH switches
Student-05(config)#int eth21-22
Student-05(config-if-Et21-22)#channel-group 999 mode active
Student-05(config-if-Et21-22)#int po999
Student-05(config-if-Po999)#mlag 999
Student-05(config-if-Po999)#exit
Student-05(config)#
Student-06(config)#int eth21-22
Student-06(config-if-Et21-22)#channel-group 999 mode active
Student-06(config-if-Et21-22)#int po999
Student-06(config-if-Po999)#mlag 999
Student-06(config-if-Po999)#exit
Student-06(config)#
Step 1
Execute the following commands to confirm MLAG is operational and the MLAG
interface (upstream interface to spine) is up.
show mlag
show mlag detail
show mlag interfaces
show int po999
Student-05#sh mlag
MLAG Configuration:
domain-id : mlagDomain
local-interface : Vlan4094
peer-address : 10.100.100.10
peer-link : Port-Channel1000
MLAG Status:
state : Active
negotiation status : Connected
peer-link status : Up
local-int status : Up
system-id : 02:1c:73:68:d7:75
MLAG Ports:
Disabled : 0
Configured : 0
Inactive : 0
Active-partial : 0
Active-full : 1
Student-05#
local/remote
mlag desc state local remote
status
---------- ---------- ----------------- ----------- ------------ ------
------
999 active-full Po999 Po999
up/up
Student-05#
MLAG Status:
state : Active
negotiation status : Connected
peer-link status : Up
local-int status : Up
system-id : 02:1c:73:68:d7:75
MLAG Ports:
Disabled : 0
Configured : 0
Inactive : 0
Active-partial : 0
Active-full : 1
NOTE: If MLAG did not come up, work with your lab partner to ensure configs are
correct.
Questions
4.) What is the default value for the MLAG Reload delay? (Hint see output from show
mlag detail)
Step 1
Connect to your switch on the console using the terminal server. For help, see section
“Connecting to the Lab.”
Step 2
Verify which switch is the MLAG primary switch.
Step 3
Reload the MLAG primary switch.
HINT: If you want to see all syslogs generated during the reboot and subsequent MLAG
re-convergence, execute the command “bash sudo tail -f /var/log/messages” on the
secondary switch.
Student-06#reload
If you are performing an upgrade, and the Release Notes for the new
version of EOS indicate that MLAG is not backwards-compatible with the
currently installed version (4.12.4), the upgrade will result in
packet loss.
<output omitted>
Step 4: As the primary switch reboots, check the status of MLAG and MLAG interfaces
on the secondary switch using the following commands:
show mlag
show mlag detail
show mlag interfaces
show int po999
Questions
6.) While the primary is rebooting, what is the status of the MLAG interface(s) on the
secondary switch?
Step 5
After the switch reboots, check the status of MLAG on your switch. Use the following
commands:
show mlag
show mlag detail
show mlag interfaces
show int po999
Student-06#sh mlag
MLAG Configuration:
domain-id : mlagDomain
local-interface : Vlan4094
peer-address : 10.100.100.9
peer-link : Port-Channel1000
MLAG Status:
state : Active
negotiation status : Connected
peer-link status : Up
local-int status : Up
system-id : 02:1c:73:68:d7:75
MLAG Ports:
Disabled : 0
Configured : 0
Inactive : 0
Active-partial : 0
Active-full : 1
Student-06#
MLAG Status:
state : Active
negotiation status : Connected
peer-link status : Up
local-int status : Up
system-id : 02:1c:73:68:d7:75
MLAG Ports:
Disabled : 0
Configured : 0
Inactive : 0
Active-partial : 0
Active-full : 1
Student-06#
local/remote
mlag desc state local remote
status
--------- ---------- -------------------- ----------- ------------ ----
--------
999 active-partial Po999 Po999
down/up
Student-06#sh mlag interfaces
local/remote
mlag desc state local remote
status
---------- ---------- ----------------- ----------- ------------ ------
------
999 active-full Po999 Po999
up/up
Student-06#
Full-duplex, 40Gb/s
Active members in this channel: 4
... Ethernet21 , Full-duplex, 10Gb/s
... Ethernet22 , Full-duplex, 10Gb/s
... PeerEthernet21 , Full-duplex, 10Gb/s
... PeerEthernet22 , Full-duplex, 10Gb/s
Fallback mode is: off
Up 17 minutes, 18 seconds
2 link status changes since last clear
Last clearing of "show interface" counters never
5 minutes input rate 658 bps (0.0% with framing overhead), 1
packets/sec
5 minutes output rate 175 bps (0.0% with framing overhead), 0
packets/sec
1284 packets input, 167652 bytes
Received 0 broadcasts, 1284 multicast
0 input errors, 0 input discards
279 packets output, 45764 bytes
Sent 0 broadcasts, 279 multicast
0 output errors, 0 output discards
Student-06#
Questions
8.) What is the status of the MLAG interfaces on both switches? HINT: use the "show
mlag detail’ and ‘show mlag interfaces’ commands
9.) How long did it take the MLAG interfaces to come up? HINT: to view the status of
the reload-delay, use the ‘show mlag’ command and look at the ‘state’ under ‘MLAG
Status’
End of lab
TASK 1: Complete Prep Work
Step 1
Backup your config so you can reload them later.
sh run > flash:mlag-config.bak
Step 2
De-configure MLAG and erase relevant interface configs.
conf
no mlag configuration
default interface e21-24
int e23-24
shut
TASK 2: Establish IP connectivity to spine switches
Step1
Configure a point-to-point link between your switch and each spine switch
according to the chart below.
Switch Eth21 IP (to spine-1) Eth22 IP (to spine-2)
student-01 10.10.1.2/30 10.10.1.6/30
student-02 10.10.2.2/30 10.10.2.6/30
student-03 10.10.3.2/30 10.10.3.6/30
student-04 10.10.4.2/30 10.10.4.6/30
student-05 10.10.5.2/30 10.10.5.6/30
student-06 10.10.6.2/30 10.10.6.6/30
student-07 10.10.7.2/30 10.10.7.6/30
student-08 10.10.8.2/30 10.10.8.6/30
student-09 10.10.9.2/30 10.10.9.6/30
student-10 10.10.10.2/30 10.10.10.6/30
student-11 10.10.11.2/30 10.10.11.6/30
student-12 10.10.12.2/30 10.10.12.6/30
student-13 10.10.13.2/30 10.10.13.6/30
student-14 10.10.14.2/30 10.10.14.6/30
student-15 10.10.15.2/30 10.10.15.6/30
student-16 10.10.16.2/30 10.10.16.6/30
student-17 10.10.17.2/30 10.10.17.6/30
student-18 10.10.18.2/30 10.10.18.6/30
student-19 10.10.19.2/30 10.10.19.6/30
student-20 10.10.20.2/30 10.10.20.6/30
NOTE: You have to configure “no switchport” before the IP configuration becomes
active on the interfaces.
EXAMPLE (student-01)
Student-01(config)#int e21
Student-01(config-if-Et21)#no switchport
Student-01(config-if-Et21)#ip address 10.10.1.2/30
Student-01(config-if-Et21)#int e22
Student-01(config-if-Et22)#no switchport
Student-01(config-if-Et22)#ip address 10.10.1.6/30
Step 2
Confirm you can ping the remote IP in both subnets. If you can’t, check “show lldp
neighbors” to make sure you have the correct interface, double check IP config,
etc.
EXAMPLE (student-01)
Student-01#ping 10.10.1.1
PING 10.10.1.1 (10.10.1.1) 72(100) bytes of data.
80 bytes from 10.10.1.1: icmp_req=1 ttl=64 time=0.173 ms
65002 i
* 10.1.5.0/24 10.10.1.1 0 100 - 65100
65005 i
* 10.1.6.0/24 10.10.1.1 0 100 - 65100
65006 i
* 10.1.12.0/24 10.10.1.1 0 100 - 65100
65012 i
* > 192.168.100.1/32 10.10.1.1 0 100 - 65100
i
Student-01#sh ip bgp neighbors 10.10.1.5 received-routes
BGP routing table information for VRF default
Router identifier 10.10.1.6, local AS number 65001
Route status codes: s - suppressed, * - valid, > - active, E - ECMP
head, e - ECMP
S - Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL
Nexthop - Link Local Nexthop
Student-01#
3.) Using the chart “BGP Route Selection Decision Process” in Appendix A, determine
why the active route was chosen.
4.) What option do you need to enable to get your router to activate both default
routes from spine1 and spine2? HINT: Check the table in Appendix A.
TASK 4: Configure BGP Multipath
EXAMPLE (student-01)
Student-01(config)#router bgp 65001
Student-01(config-router-bgp)#maximum-paths 32 ecmp 32
Student-01(config-router-bgp)#exit
Student-01(config)#
Question
5.) After enabling BGP Multipath, check the routing table again using “show ip
route” Of the default routes received from the spine switches, which are active
now?
EXAMPLE (student-01)
Student-01(config)#sh ip route 0.0.0.0
Codes: C - connected, S - static, K - kernel,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
R - RIP, I - ISIS, A B - BGP Aggregate, A O - OSPF Summary,
NG - Nexthop Group Static Route
student-03 10.1.3.1/24
student-04 10.1.4.1/24
student-05 10.1.5.1/24
student-06 10.1.6.1/24
student-07 10.1.7.1/24
student-08 10.1.8.1/24
student-09 10.1.9.1/24
student-10 10.1.10.1/24
student-11 10.1.11.1/24
student-12 10.1.12.1/24
student-13 10.1.13.1/24
student-14 10.1.14.1/24
student-15 10.1.15.1/24
student-16 10.1.16.1/24
student-17 10.1.17.1/24
student-18 10.1.18.1/24
student-19 10.1.19.1/24
student-20 10.1.20.1/24
EXAMPLE (student-01)
Student-01(config)#int lo1
Student-01(config-if-Lo1)#ip address 10.1.1.1/24
Questions
6.) Ping the loopback of spine-1 (192.168.100.1). What is the source IP of this ping?
HINT: Establish another ssh session to your swich, go to the bash shell and type
“tcpdump –i et21” and then re-issue the ping from the original session.
7.) Ping the loopback of spine-1 sourced from your interface loopback 1 IP “ping
192.168.100.1 source 10.1.X.1” Why does it fail?
Step 2
Configure a network statement in BGP to adversise your loopback network. Use the
chart below.
Switch Loopback Network
student-01 10.1.1.0/24
student-02 10.1.2.0/24
student-03 10.1.3.0/24
student-04 10.1.4.0/24
student-05 10.1.5.0/24
student-06 10.1.6.0/24
student-07 10.1.7.0/24
student-08 10.1.8.0/24
student-09 10.1.9.0/24
student-10 10.1.10.0/24
student-11 10.1.11.0/24
student-12 10.1.12.0/24
student-13 10.1.13.0/24
student-14 10.1.14.0/24
student-15 10.1.15.0/24
student-16 10.1.16.0/24
student-17 10.1.17.0/24
student-18 10.1.18.0/24
student-19 10.1.19.0/24
student-20 10.1.20.0/24
EXAMPLE (student-01)
Student-01(config)#router bgp 65001
Student-01(config-router-bgp)#network 10.1.1.0/24
Step 3
Re-issue the ping “ping 192.168.100.1 source 10.1.1.1”. If it fails,
troubleshoot. Ensure you are advertising your loopback address to the spine
switches using this command: “sh ip bgp neighbors 10.10.1.1
advertised-routes”
End of Lab
TASK 1: Configure your switches to connect to the DANZ switches
Step 1
Configure an access port in a vlan according to the chart below.
Switch Interface VLAN
student-01 ethernet19 101
student-02 ethernet20 102
student-03 ethernet19 103
student-04 ethernet20 104
student-05 ethernet19 105
student-06 ethernet20 106
student-07 ethernet19 107
student-08 ethernet20 108
student-09 ethernet19 109
student-10 ethernet20 110
student-11 ethernet19 111
student-12 ethernet20 112
student-13 ethernet19 113
student-14 ethernet20 114
student-15 ethernet19 115
student-16 ethernet20 116
student-17 ethernet19 117
student-18 ethernet20 118
student-19 ethernet19 119
student-20 ethernet20 120
EXAMPLE (student-01)
Student-01(config)#int e19
Student-01(config-if-Et19)#switchport access vlan 101
! Access VLAN does not exist. Creating vlan 101
Student-01(config-if-Et19)#
EXAMPLE (student-02)
Student-02(config)#int e20
Student-02(config-if-Et20)#switchport access vlan 102
! Access VLAN does not exist. Creating vlan 102
Student-02(config-if-Et20)#
Step 2
Shutdown the other port connected to the DANZ switch (the one you did not
configure as an access port in the vlan).
NOTE: On odd numbered switches, shutdown eth20, on even numbered switches,
shutdown eth19
EXAMPLE (student-01)
Student-01(config)#int e20
Student-01(config-if-Et20)#shutdown
Student-01(config-if-Et20)#exit
Student-01(config)#
EXAMPLE (student-02)
Student-02(config)#int e19
Student-02(config-if-Et19)#shutdown
Student-02(config-if-Et19)#exit
Student-02(config)#
TASK 2: Confirm connectivity between your switches and the DANZ switches
Step 1
Confirm eth19 is up on the odd numbered switch and and eth20 is up on the even
numbered switch.
EXAMPLE (student-01)
Student-01(config)#sh int e19 | grep proto
Ethernet19 is up, line protocol is up (connected)
EXAMPLE (student-02)
Student-02(config)#sh int e20 | grep proto
Ethernet20 is up, line protocol is up (connected)
Step 2
Confirm correct connectivity via “show lldp neighbors”
NOTE: At this point, your odd numbered switch is single-connected to DANZ-1 and
your even numbered switch is single-connected to DANZ-2. This is to avoid
loops/spanning tree blocking.
Your LLDP neighbors should look like the following:
EXAMPLE: (student-01)
Student-01(config)#sh lldp neighbors | grep -A 5 Port
Port Neighbor Device ID Neighbor Port ID TTL
Et19 DANZ-1 Ethernet1 120
Et21 Spine-1 Ethernet1 120
Et22 Spine-2 Ethernet1 120
Ma1 ALab-Core Ethernet1 120
EXAMPLE: (student-02)
Student-02(config)#sh lldp neighbors | grep -A 5 Port
Port Neighbor Device ID Neighbor Port ID TTL
Et20 DANZ-2 Ethernet2 120
Et21 Spine-1 Ethernet2 120
Et22 Spine-2 Ethernet2 120
Ma1 ALab-Core Ethernet2 120
Step 3
Confirm correct VLAN configuration
EXAMPLE: (student-01)
Student-01(config)#sh vlan
VLAN Name Status Ports
----- -------------------------------- --------- ----------------------
---------
1 default active Et1
101 VLAN0101 active Et19
Student-01(config)#
EXAMPLE: (student-02)
Student-02(config)#sh vlan
VLAN Name Status Ports
----- -------------------------------- --------- ----------------------
---------
1 default active Et1
102 VLAN0102 active Et20
Student-02(config)#
TASK 3: Log into DANZ-1 and run a pre-test PING to DANZ-2
Step 1
To log into DANZ-1. Type “danz-1” from the Linux Lab Management Server.
NOTE: You can get back to the Linux Lab Management Server by either exiting your
switch session or establishing a new ssh connection to the Linux Lab Management
Server.
EXAMPLE (student-01)
Student-01(config)#exit
Student-01#exit
Connection to student-01 closed.
Instructor@ALab-Linux:~$ danz-1
Warning: Permanently added 'danz-1,10.0.0.103' (RSA) to the list of
known hosts.
+---------------------------------------+
| Switch: DANZ-1 |
| |
| Purpose: Advanced Class Lab |
| Owner: Gary A. Donahue |
| Email: gad@aristanetworks.com |
+---------------------------------------+
Last login: Tue Aug 26 08:45:34 2014 from 10.0.0.100
DANZ-1>
Step 2
From DANZ-1, ping 172.16.X.2. (X = the ODD student number)
EXAMPLE
DANZ-1>ping 172.16.1.2
PING 172.16.1.2 (172.16.1.2) 72(100) bytes of data.
From 172.16.1.1 icmp_seq=1 Destination Host Unreachable
From 172.16.1.1 icmp_seq=2 Destination Host Unreachable
From 172.16.1.1 icmp_seq=3 Destination Host Unreachable
From 172.16.1.1 icmp_seq=4 Destination Host Unreachable
From 172.16.1.1 icmp_seq=5 Destination Host Unreachable
Step 2
From DANZ-1, ping 172.16.X.2. (X = the ODD student number)
EXAMPLE
DANZ-1#ping 172.16.1.2
PING 172.16.1.2 (172.16.1.2) 72(100) bytes of data.
80 bytes from 172.16.1.2: icmp_req=1 ttl=64 time=0.177 ms
80 bytes from 172.16.1.2: icmp_req=2 ttl=64 time=0.091 ms
80 bytes from 172.16.1.2: icmp_req=3 ttl=64 time=0.061 ms
80 bytes from 172.16.1.2: icmp_req=4 ttl=64 time=0.114 ms
80 bytes from 172.16.1.2: icmp_req=5 ttl=64 time=0.143 ms
EXAMPLE (student-02)
Student-02#sh vxlan vtep
Remote vteps for Vxlan1:
10.1.1.1
Total number of remote vteps: 1
EXAMPLE (student-01)
Student-01#sh vxlan address-table
Vxlan Mac Address Table
----------------------------------------------------------------------
TASK 9: Restore your MLAG config
Student-01#bash
End of Lab
Cli Scheduler
Step 1
Execute the “show schedule summary” command.
Questions
1.) How often does this scheduler execute and store the ‘show-tech’ command?
2.) What is the max number of log files that will be kept on flash?
3.) In what directory are these files stored? (write as much of the path as you can)
TASK 2: Create and observe a scheduled job with the following parameters:
Name: ShowIntStatus
Executes the command “show interface status” every 60 seconds
Saves a max of 30 files
Step 1
Configure the custom CLI scheduler.
Student-05#conf
Student-05(config)#schedule ShowIntStatus interval 1 max-log-files 30
command show interfaces status
Student-05(config)#exit
Student-05#
Step 2
Verify the scheduler settings with the “show scheduler summary” command.
Step 3
Wait 60 seconds and then view the file(s) the scheduler has created.
Step 3a
Enter bash.
Student-05#bash
[admin@Student-05 ~]$
Step 3b
Navigate to /mnt/flash/schedule.
Step 3c
Your scheduler created a new directory. Navigate to it and check for files.
Step 4
Using “zcat,” open the most recent log file.
<output omitted>
Event Handler
Name: Eth1UpDown
When Eth1 is down, it configures the description to “The link is down”
When Eth1 is up,it configures the description to “The link is up”
Sends a custom syslog message each time the script is run
Step 1
Create the script. Enter bash from the CLI, navigate to /mnt/flash. Type “vi
Eth1UpDown.sh”, type “i” to insert and then type in the script. When finished, type “esc,
: , wq”.
NOTE: Be sure the entire script is correct and the name of your script matches your
config!
Student-05#bash
#!/bin/bash
if [ "$OPERSTATE" = "linkup" ]; then
FastCli -p 15 -c'
conf t
int e1
description The link is up
send log level notifications message Eth1 is up!
'
elif [ "$OPERSTATE" = "linkdown" ]; then
FastCli -p 15 -c'
conf t
int e1
description The link is down
send log level notifications message Eth1 is down!
'
fi
Step 2
Configure the event handler.
Student-05(config)#conf
Student-05(config)#event-handler Eth1UpDown
Student-05(config-handler-Eth1UpDown)#trigger on-intf Ethernet 1
operstatus
Student-05(config-handler-Eth1UpDown)#action bash
/mnt/flash/Eth1UpDown.sh
Student-05(config-handler-Eth1UpDown)#delay 0
Student-05(config-handler-Eth1UpDown)#exit
Student-05(config)#
Step 1
Use the “show event-handler” command to verify configuration.
Student-05#sh event-handler
Event-handler Eth1UpDown
Trigger: on-intf Ethernet1 on operstatus delay 0 seconds
Action: /mnt/flash/Eth1UpDown.sh
Action expected to finish in less than 10 seconds
Last Trigger Activation Time: 5 seconds ago
Total Trigger Activations: 1
Last Action Time: 5 seconds ago
Total Actions: 1
Step 2
Check the description with the “show run interface eth1” command.
Copywrite 2012-2016 Arista Networks
No duplication without written consent - Prepared for HPE Trainers 1-31-17 Page 68
Arista Configuration Essentials Lab Guide - 2.1.1
Step 3
Shut down eth1.
Student-05#conf
Student-05(config)#int e1
Student-05(config-if-Et1)#shut
Student-05(config-if-Et1)#exit
Student-05(config)#
Step 4
Observe the description change.
NOTE: Script should be executed and the change should occur within a few seconds.
Step 5
Bring eth1 back up.
Student-05#conf
Student-05(config)#int e1
Student-05(config-if-Et1)#no shut
Student-05(config-if-Et1)#exit
Student-05(config)#
Step 6
Observe the description change.
NOTE: Script should be executed and change should occur within a few seconds.
Step 7
Using the “show log last 5 min” command, verify your custom syslogs were generated.
Event Monitor
TASK 1: Observe event monitor data for ARP, MAC and ROUTE changes on your
switch.
Step 1
Using the “show event-monitor arp” command, view any arp table changes that have
occurred on your switch.
Step 2
Using the “show event-monitor mac” command, view any mac address table changes that
have occurred on your switch.
Step 3
Using the “show event-monitor route” command, view any route table changes that have
occurred on your switch
2014-03-15 15:19:14|10.0.0.255/32|receiveBcast|0|1|added|4
2014-03-15 15:19:14|10.0.0.5/32|receive|0|1|added|5
2014-03-15 15:19:14|10.0.0.0/32|receiveBcast|0|1|added|6
2014-03-15 15:19:19|10.100.100.8/30|connected|1|0|added|7
2014-03-15 15:19:19|10.100.100.11/32|receiveBcast|0|1|added|8
2014-03-15 15:19:19|10.100.100.9/32|receive|0|1|added|9
2014-03-15 15:19:19|10.100.100.8/32|receiveBcast|0|1|added|10
2014-03-15 15:19:28|10.100.100.10/32|attached|0|1|added|11
Student-05#
TASK 2: Force an update to the route table and inspect the event-monitor data.
Step 1
Add the following static route to your switch:
Student-05#conf
Student-05(config)#ip route 192.168.0.0/24 10.0.0.100
Student-05(config)#
Step 2
Inspect your route change in the event-monitor database.
End of lab
NOTE: The lab is not set up with traffic generators, and generating enough packets to
overwhelm the buffers on these switches is unlikely. As a result, it may be difficult to
show any meaningful output with LANZ in the current lab.
Step 1
Enable LANZ globally.
Student-05#conf
Student-05(config)#queue-monitor length
Student-05(config)#exit
Student-05#
Step 2
On all interfaces, set the queues to the lowest possible values.
Student-05(config)#int e1-$
! Interfaces Ethernet23, Ethernet24 are members of the MLAG peer link
Port-Channel1000
Student-05(config-if-Et1-24)#queue-monitor length thresholds 2 1
Student-05(config-if-Et1-24)#exit
Student-05(config)#
Questions
1.) What do the numbers “2” and “1” represent in the “queue-monitor length thresholds”
command
Step 1
Enter bash
Student-05#bash
[admin@Student-05 ~]$
Step 2
Ping your lab partners MLAG Peer IP using the example ping. Make sure you use the
correct IP Address.
NOTE: This command will send 1,000 20KB packets in the background. You should
repeat this many times to create enough traffic (approx. 10) Make sure you include the
ampersand at the end.
Step 1
Exit bash
Step 2
Inspect the LANZ data using the “show queue-monitor length” and “show queue-monitor
length tx-latency” commands.
congestion
start
(usecs)
-----------------------------------------------------------------------
---------
E 0:00:00.15402 ago Et23(1) 27 2* 0
<output omitted>
<output omitted>
Questions
2.) What interface and traffic class is hitting the LANZ threshold?
3.) During your testing, what is the max number of segments observed? What is this in
bytes?
4.) During your testing, what is the max Tx-Latency induced by buffering?
TASK 4: When you are done and if it’s necessary, clean up the processes.
Step 1
Enter bash
Student-05#bash
[admin@Student-05 ~]$
Step 2
Kill all the ping processes you started. Your output may differ.
End of lab
14 VM Tracer
Lab Objectives:
• Configure and verify VM Tracer
• Inspect various outputs from show commands
• Modify the allowed vlan list and observe
NOTE: In the Alab, there are 5 ESXi hosts attached to the student switches on interface
Ethernet 1 in the following way:
Note: Other labs may have fewer student switches, and thus fewer ESXi hosts. For
example Blab had 10 student switches and therefore only three ESXi hosts.
The VMs are configures as shown in the following drawing. Each switch pair is
configured similarly, though the VM names will vary. Note that the VMs may have port
channels configured which may result in VMs being seen on only one switch due to
hashing.
Step 1
Configure a VM Tracer session with VCenter with the following parameters:
Step 2
Verify VM Tracer session is up
Step 3
Configure Ethernet 1 for vmtracer
Student-01(config)#int e1
Student-01(config-if-Po1)#vmtracer vmware-esx
Student-01(config-if-Po1)#switchport mode trunk
Student-01(config-if-Po1)#exit
Student-01(config)#
TASK 2: Observe information about the VMs on the ESXi host attached to your
switch.
Step 1
Use the “show vmtracer vm” command to display a list of the virtual machines on the
network
Student-01#sho vmtracer vm
VM Name Esx Host
Interface
----------------- ------------------------------------- -------------
E1-Linux-1 10.0.0.201 Et1
Step 2
Use the “sh vmtracer vm detail" command to display detailed information about a
specific VM
Student-01#sho vmtracer vm detail
VM Name : E1-Linux-1
Data Center : A-Lab
Step 3
Use the “show vmtracer interface” to display the hosts and VMs by interface
Student-01#sho vmtracer interface
Ethernet1 : 10.0.0.201/vSwitch1/vmnic1
VM Name VM Adapter Logical Switch / VLAN Status
------------- -------------------- ---------------------- ----------
E1-Linux-1 Network adapter 1 201 Up/Down
Step 4
Use the “show vmtracer all” to view all the VMware hosts and adaptors connected to all
the switches in your topology
Note: This output will vary depending on how many students have configured VM-
Tracer.
Switch : Student-03(10.0.0.3)
Ethernet1 : 10.0.0.201/vSwitch2/vmnic4
VM Name VM Adapter VLAN Status State
E1-Linux-2 Network adapter 1 201 Up/-- --
Switch : Student-11(10.0.0.11)
Ethernet1 : 10.0.0.203/vSwitch2/vmnic4
VM Name VM Adapter VLAN Status State
E3-Linux-2 Network adapter 1 201 Up/-- --
Switch : Student-08(10.0.0.8)
Ethernet1 : 10.0.0.202/vSwitch2/vmnic5
VM Name VM Adapter VLAN Status State
E2-Linux-2 Network adapter 1 201 Up/-- --
Step 5
Use the “show vmtracer interface host” to view information about the physical machines
that host the VMs.
Ethernet1 : 10.0.0.201
Manufacturer: Supermicro
Model: X8STi
CPU type: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
CPUs : 1
CPU Cores: 4
NIC Manufacturer: Intel Corporation
NIC Model: 82571EB Gigabit Ethernet Controller (Copper)
Service Tag: 1234567890
TASK 3: Observe the autovlan feature, re-configure the allowed vlan list and
verify
Step 1
Use the “show vmtracer session” command to verify the autovlan features is enabled
(default) and the range of allowed vlans is 1-4094
Step 2
Use the “show vlan” command to verify the autovlan feature. VLANs that were
dynamically created are marked with an asterisk (*).
Student-01#sho vlan
VLAN Name Status Ports
----- --------------------------- --------- --------------------------
1 default active Et1, Et19, Et20, Et21, Et22
Et23, Et24
201* VLAN0201 active
Step 3
Use the “autovlan disable” and “allowed-vlan” commands to prohibit VLAN 201 from
being learned.
Step 4
Use the “show vmtracer session” command to verify. Note that you may need to exit and
re-enter this configuration mode. Note the list of allowed-vlans.
Step 5
Use the “show vlan” command to verify. Note the lack of VLAN 201.
Student-01(config)#sho vlan
VLAN Name Status Ports
----- ----------------------- --------- -------------------------------
1 default active Et1, Et19, Et20, Et21, Et22
Et23, Et24
Step 6
Reverse the VLAN limitation by allowing only VLAN 201.
Step 5
Use the “show vlan” command to verify. Note the addition of VLAN 201.
Student-01(config)#sho vlan
VLAN Name Status Ports
----- ----------------------- --------- -------------------------------
1 default active Et1, Et19, Et20, Et21, Et22
Et23, Et24
201* VLAN0201 active
End of Lab
15 Advanced Mirroring
Lab Objective:
• Configure a mirror session that sends captured dataplane traffic to the CPU
• Use TCPDUMP to view the capture traffic
Diagram:
TASK 1: Set up Layer 3 interfaces between your switch and the “DANZ” switches.
Step 1
Enable IP routing.
Student-05#conf
Student-05(config)#ip routing
Student-05(config)#
Step 2
Configure ethernet19 and 20 as router L3 interfaces with an IP/mask according to the
table below.
NOTE: All student switches should be connected to DANZ-1 on port ethernet 19 and
DANZ-2 on port 20. Confirm this with “show lldp neighbors” command.
Example (student-05)
Student-05(config)#int e19
Student-05(config-if-Et19)#ip address 192.168.5.2/30
! IP configuration will be ignored while interface Ethernet19 is not a
routed port.
Student-05(config-if-Et19)#no switchport
Student-05(config-if-Et19)#
Student-05(config-if-Et19)#int e20
Student-05(config-if-Et20)#ip address 192.168.5.6/30
! IP configuration will be ignored while interface Ethernet20 is not a
routed port.
Student-05(config-if-Et20)#no switchport
Student-05(config-if-Et20)#exit
Student-05(config)#
Step 3
Verify you can ping both remote ends of the new subnets.
Student-05#ping 192.168.5.1
PING 192.168.5.1 (192.168.5.1) 72(100) bytes of data.
80 bytes from 192.168.5.1: icmp_req=1 ttl=64 time=0.164 ms
80 bytes from 192.168.5.1: icmp_req=2 ttl=64 time=0.043 ms
80 bytes from 192.168.5.1: icmp_req=3 ttl=64 time=0.040 ms
80 bytes from 192.168.5.1: icmp_req=4 ttl=64 time=0.096 ms
80 bytes from 192.168.5.1: icmp_req=5 ttl=64 time=0.047 ms
Step 1
Enter bash on your switch.
Student-05#bash
[admin@Student-05 ~]$
Step 2
Enter the “tcpdump –i et19” command to begin sniffing interface eth19.
Step 3
Establish an additional ssh session with the linux management server. For help, see
“LAB0: Accessing the Lab.”
Step 4
From the linux management server, login into DANZ-1 switch.
NOTE: You don’t need the enable password to complete this lab.
st05@ALab-Linux:~$ danz-1
Warning: Permanently added 'danz-1,10.0.0.103' (RSA) to the list of
known hosts.
+---------------------------------------+
| Switch: DANZ-1 |
| |
| Purpose: Advanced Class Lab |
| Owner: Gary A. Donahue |
| Email: gad@aristanetworks.com |
+---------------------------------------+
Last login: Wed Aug 20 10:05:35 2014 from 10.0.0.100
DANZ-1>
Step 5
With your TCPDUMP still running, ping your IP on eth19 from DANZ-1.
DANZ-1#ping 192.168.5.2
PING 192.168.5.2 (192.168.5.2) 72(100) bytes of data.
80 bytes from 192.168.5.2: icmp_req=1 ttl=64 time=0.152 ms
80 bytes from 192.168.5.2: icmp_req=2 ttl=64 time=0.050 ms
80 bytes from 192.168.5.2: icmp_req=3 ttl=64 time=0.039 ms
80 bytes from 192.168.5.2: icmp_req=4 ttl=64 time=0.038 ms
80 bytes from 192.168.5.2: icmp_req=5 ttl=64 time=0.036 ms
Step 1
Enter the “tcpdump –i et19” command to begin sniffing interface eth19.
Step 2
From DANZ-1, ping 192.168.X.5, where X is your student number. This is the remote
end of the /30 on eth20 and resides on DANZ-2.
DANZ-1>ping 192.168.5.5
PING 192.168.5.5 (192.168.5.5) 72(100) bytes of data.
80 bytes from 192.168.5.5: icmp_req=1 ttl=63 time=0.157 ms
80 bytes from 192.168.5.5: icmp_req=2 ttl=63 time=0.113 ms
80 bytes from 192.168.5.5: icmp_req=3 ttl=63 time=0.104 ms
80 bytes from 192.168.5.5: icmp_req=4 ttl=63 time=0.071 ms
80 bytes from 192.168.5.5: icmp_req=5 ttl=63 time=0.039 ms
Questions
1.) Why didn’t your tcpdump capture the ICMP requests and replies?
TASK 4: Configure and a mirror session that sniffs traffic on eth19 and sends
traffic to CPU.
Step 1
Configure a mirror session with the following paramters:
Student-05#conf
Student-05(config)#monitor session sniff source eth19 both
Student-05(config)#monitor session sniff destination Cpu
Student-05(config)#
Step 2
Use the “show monitor session” command to determine what interface the CPU is
mirroring to.
Session sniff
------------------------
Source Ports
Both: Et19
Destination Ports:
Student-05#
TASK 5: Use TCPDUMP on the mirror interface to sniff pings from DANZ-1 to
DANZ-2.
Step 1
Enter the “tcpdump –i mirror X” command where X equals the number shown from the
“show monitor session” command.
Step 2
From DANZ-1, ping 192.168.X.5, where X is your student number. This is the remote
end of the /30 on eth20 and resides on DANZ-2.
DANZ-1>ping 192.168.5.5
PING 192.168.5.5 (192.168.5.5) 72(100) bytes of data.
80 bytes from 192.168.5.5: icmp_req=1 ttl=63 time=0.157 ms
80 bytes from 192.168.5.5: icmp_req=2 ttl=63 time=0.113 ms
80 bytes from 192.168.5.5: icmp_req=3 ttl=63 time=0.104 ms
80 bytes from 192.168.5.5: icmp_req=4 ttl=63 time=0.071 ms
80 bytes from 192.168.5.5: icmp_req=5 ttl=63 time=0.039 ms
Questions
3.) Explain why your tcpdump now captures the ICMP requests and replies.
4.) What is the maximum amount of traffic that the CPU will receive?
End of lab
16 Tap Aggregation
Lab Objectives:
• Configure the switch for tap aggregation mode
• Configure tap ports
• Configure tool ports
• Using aggregation groups, map tap ports to tool ports
• Observe filtering behavior of using the aggregation groups
• Filtering traffic using traditional ACLs
NOTE: You will need to work closely with your lab partner in this lab. Each switch will
have different configs and each partner will perform different tasks during the lab. Both
switches will be configured for Tap Aggregation Mode, but the odd numbered switch will
act as the Tap Aggregator while the even numbered will act as the Tool/Sniffer.
Diagram:
NOTE: The diagram below depicts basic connectivity. The lab builds off this diagram.
TASK 1: Configure, verify and observe Tap Aggregation mode on BOTH ODD and
EVEN numbered switches.
Copywrite 2012-2016 Arista Networks
No duplication without written consent - Prepared for HPE Trainers 1-31-17 Page 92
Arista Configuration Essentials Lab Guide - 2.1.1
Step 1
Configure tap aggregation mode on both switches in you pair.
Student-05#conf
Student-05(config)#tap aggregation
Student-05(config-tap-agg)#mode exclusive
Student-05(config-tap-agg)#exit
Student-05(config)#
Student-06#conf
Student-06(config)#tap aggregation
Student-06(config-tap-agg)#mode exclusive
Student-06(config-tap-agg)#exit
Student-06(config)#
Step 2
Disable spanning-tree and igmp.
NOTE: While STP and IGMP snooping have no impact on tap/tool interfaces when left
enabled, the recommendation is to disable these two protocols.
Student-05#conf
Student-05(config)#spanning-tree mode none
Student-05(config)#no ip igmp snooping
Student-05(config)#
Student-06#conf
Student-06(config)#spanning-tree mode none
Student-06(config)#no ip igmp snooping
Student-06(config)#
Step 3
Verify your switch is in tap aggregation mode.
Step 4
Using the “show interfaces status” command, observe the interfaces status on your switch
while tap aggregation mode is configured.
<output omitted>
Questions
TASK 2 (FOR ODD NUMBERED SWITCH ONLY): Configure Tap and Tool ports
on the ODD numbered switch.
Diagram:
Step 1
Configure interface Eth19 and Eth20 as a TAP ports.
Student-05#conf
Student-05(config)#default interface eth19-20
Student-05(config)#int eth19-20
Student-05(config-if-Et19-20)#switchport mode tap
Student-05(config-if-Et19-20)#exit
Student-05(config)#
Step 2
Configure interfaces Eth23 and Eth24 as TOOL ports.
Student-05#conf
Student-05(config)#default interface eth23-24
Student-05(config)#int eth23-24
Student-05(config-if-Et23-24)#switchport mode tool
Student-05(config-if-Et23-24)#exit
Student-05(config)#
Step 3
Use the “show interfaces status” command to check the status of your tap and tool ports.
Questions
2.) What happened to the status of the tap and tool ports?
TASK 3 (FOR EVEN NUMBERED SWITCH ONLY): Configure Tap ports on the
EVEN numbered switch.
Diagram:
Step 1
Configure interface Eth23 and Eth24 as a TAP ports.
Student-06#conf
Student-06(config)#default interface eth23-24
Student-06(config)#int eth23-24
Student-06(config-if-Et23-24)#switchport mode tap
Student-06(config-if-Et23-24)#exit
Student-06(config)#
Step 2
Use the “show interfaces status” command to check the status of your tap and tool ports.
Questions
Diagram:
Step 1
Configure tap port Eth19 for tap aggregation group “1”.
Student-05#conf
Student-05(config)#int e19
Student-05(config-if-Et19)#switchport tap default group 1
Student-05(config-if-Et19)#exit
Student-05(config)#
Step 2
Configure tap port Eth20 for tap aggregation group “2”.
Student-05#conf
Student-05(config)#int e20
Student-05(config-if-Et20)#switchport tap default group 2
Student-05(config-if-Et20)#exit
Student-05(config)#
Step 3
Configure tool port Eth23 for tap aggregation group “1”.
Student-05(config)#int e23
Student-05(config-if-Et23)#switchport tool group set 1
Student-05(config-if-Et23)#exit
Student-05(config)#
Step 4
Configure tool port Eth24 for both tap aggregation group “1” and group “2”.
Student-05(config)#int e24
Student-05(config-if-Et24)#switchport tool group set 1
Student-05(config-if-Et24)#switchport tool group add 2
Student-05(config-if-Et24)#exit
Student-05(config)#
Step 5
Use the “show tap aggregation groups” command to verify the tap aggregation group
configuration.
Student-05#
Student-05#show tap aggregation groups
Group Name Tool Members Tap Members
---------------- ------------------ -----------
1 Et23, Et24 Et19
2 Et24 Et20
Student-05#
Diagram:
Session 1:
Name: group_1
Source interface: eth23
Both transmit (tx) and receive (rx) directions
Destination: Cpu
Session 2:
Name: group_1_2
Source interface: eth24
Both transmit (tx) and receive (rx) directions
Destination: Cpu
Step 1
Configure the monitor session named “group_1” that mirrors traffic on eth23 to the Cpu.
Student-06#conf
Student-06(config)#monitor session group_1 source Ethernet23
Student-06(config)#monitor session group_1 destination Cpu
Student-06(config)#exit
Step 2
Configure the monitor session named “group_1_2” that mirrors traffic on eth24 to the
Cpu.
Student-06#conf
Student-06(config)#monitor session group_1_2 source Ethernet24
Student-06(config)#monitor session group_1_2 destination Cpu
Student-06(config)#
Student-06(config)#exit
Step 3
Verify the monitor sessions with the “show monitor sessions” command.
Session group_1
------------------------
Source Ports:
Both: Et23
Destination Ports:
Session group_1_2
------------------------
Source Ports:
Both: Et24
Destination Ports:
NOTE: You will need to have 2 ssh sessions open to your switch to complete this task.
NOTE: Use the output from the “show monitor sessions” to determine the name of the
mirror interfaces (e.g. mirror2, mirror3).
Step 1
From BASH, enter the “tcpdump –i mirror X” command where X equals one of the
numbers shown from the “show monitor session” command.
Step 2
From BASH, enter the “tcpdump –i mirror” command where X equals the other of the
numbers shown from the “show monitor session” command.
NOTE: You may need to wait up to 30 seconds to answer the following questions.
Questions
6.) Where (physically) is the original traffic (i.e. what network link?)
Step 1
One student needs to log into DANZ-1
St05@ALAB-Linux:~$ danz-1
Warning: Permanently added 'danz-1,10.0.0.103' (RSA) to the list of
known hosts.
+---------------------------------------+
| Switch: DANZ-1 |
| |
| Purpose: Advanced Class Lab |
| Owner: Gary A. Donahue |
| Email: gad@aristanetworks.com |
+---------------------------------------+
Last login: Sat Mar 15 18:45:42 2014 from 10.0.0.100
DANZ-1>
Step 2
With tcpdump running on BOTH mirror sessions on the EVEN Numbered switch, ping
192.168.X.2 where X = your student number.
Example Ping:
DANZ-1>ping 192.168.5.2
PING 192.168.5.2 (192.168.5.2) 72(100) bytes of data.
From 192.168.5.1 icmp_seq=1 Destination Host Unreachable
From 192.168.5.1 icmp_seq=2 Destination Host Unreachable
From 192.168.5.1 icmp_seq=3 Destination Host Unreachable
From 192.168.5.1 icmp_seq=4 Destination Host Unreachable
From 192.168.5.1 icmp_seq=5 Destination Host Unreachable
Example packet capture from mirror session w/ source of eth23 on even numbered
“switch-06”
<output omitted>
Example packet capture from mirror session w/ source of eth24 on even numbered
“switch-06”
<output omitted>
Questions
9.) Do you capture the traffic in both mirror sessions? Why or why not?
Diagram:
Step 1
Configure an ACL that denies traffic to 192.168.5.0/24.
Student-05(config)#
Student-05(config)#ip access-list Remove_net_192-168-5-0
Student-05(config-acl-Remove_net_192-168-5-0)#deny ip any
192.168.5.0/24 log
Student-05(config-acl-Remove_net_192-168-5-0)#exit
Student-05(config)#
Step 2
Apply the acl on EGRESS on tool port eth24.
Student-05#conf
Student-05(config)#int e24
Student-05(config-if-Et24)#ip access-group Remove_net_192-168-5-0 out
Student-05(config-if-Et24)#exit
Student-05(config)#
Step 1
With TCPDUMP running on BOTH mirror sessions on the EVEN Numbered switch,
issue a ping from DANZ-1 to 192.168.X.2 where X = your student number.
Example packet capture from mirror session w/ source of eth23 on even numbered
“switch-06”
<output omitted>
Example packet capture from mirror session w/ source of eth24 on even numbered
“switch-06”
Questions
10.) Do you capture the traffic in both mirror sessions? Why or why not?
Step 2
From the ODD numbered switch, use the “sh platform fm6000 acl detail” command to
see your ACL matches/denies.
<output omitted>
Step 1
One student needs to log into DANZ-2.
St05@ALAB-Linux:~$ danz-2
Could not create directory '/home/St05/.ssh'.
Warning: Permanently added 'danz-2,10.0.0.104' (RSA) to the list of
known hosts.
+---------------------------------------+
| Switch: DANZ-2 |
| |
| Purpose: Advanced Class Lab |
| Owner: Gary A. Donahue |
| Email: gad@aristanetworks.com |
+---------------------------------------+
Last login: Mon Mar 31 23:29:21 2014 from 10.0.0.100
DANZ-2>
Step 2
With TCPDUMP running on BOTH mirror sessions on the EVEN Numbered switch,
ping 192.168.X.6 where X = your student number.
DANZ-2>ping 192.168.5.6
PING 192.168.5.6 (192.168.5.6) 72(100) bytes of data.
From 192.168.5.5 icmp_seq=1 Destination Host Unreachable
From 192.168.5.5 icmp_seq=2 Destination Host Unreachable
From 192.168.5.5 icmp_seq=3 Destination Host Unreachable
From 192.168.5.5 icmp_seq=4 Destination Host Unreachable
From 192.168.5.5 icmp_seq=5 Destination Host Unreachable
Example packet capture from mirror session w/ source of eth23 on even numbered
“switch-06”
Example packet capture from mirror session w/ source of eth24 on even numbered
“switch-06”
Questions
11.) Do you capture the traffic in both mirror sessions? Why or why not?
Student-05#conf
Student-05(config)#tap aggregation
Student-05(config-tap-agg)#no mode exclusive
Student-05(config-tap-agg)#exit
Student-05(config)#
End of lab
How to connect to the linux lab server with port forwarding from the command
line:
NOTE: If you cannot get port forwarding to work, it's not a huge deal. You'll still be able
to write eAPI scripts on the linux box. The only think the Port-forwarding gets you is the
ability to see the webpage on the switch.
Step 1
Open an SSH session to the linux box with the following command (if you have an SSH-
enabled OS such as OSX):
Step 2
NOTE: The following instructions are for alab.arista.com. Replace “alab” with the rack
you are working on e.g. blab.
NOTE: xx = your switch number, two digits, padded with zeros (01, 05, 15, etc.)
How to connect to the linux lab server with port forwarding from SecureCRT:
Step 1
Create a new session. The protocol is SSH. The hostname is alab.arista.com.
Step 2
Go to “Properties”, then “Port Forwarding”.
Step 3
Click “Add”, configure according to the following IP addresses. Click “OK” when done.
Student-01: 10.0.0.1
Student-02: 10.0.0.2
Student-03: 10.0.0.3
...
Student-15: 10.0.0.15
etc.
NOTE: This example shows a configuration for Student-01. The name can be anything
you'd like.
Step 4
Connect to the linux lab server using this config.
eAPI Lab
Step 1
Verify your switch has eAPI enabled.
WARNING: If the below config is not present on your switch, add it now. You will need it
to complet this lab.
Step 2
Verify the username “Script” is configured on your switch.
WARNING: If the below config is not present on your switch, please let the instructor
know.
TASK 2: Create a simple python script that retrieves information from your switch.
Step 1
In your home directory on the Linux Lab Server, create the following script.
ALAB-Linux:~$ vi eapi_show.py
#!/usr/bin/python
print response
~
~
~
:wq
Step 2
Give your script execute permissions.
Step 3
Run your script and if necessary, debug.
St05@ALAB-Linux:~$ ./eapi_show.py
[{u'memTotal': 4017088, u'internalVersion': u'4.13.1F-1576566.4131F.2',
u'serialNumber': u'JPE13463510', u'systemMacAddress':
u'00:1c:73:68:d7:f7', u'bootupTimestamp': 1394942980.6761389,
u'memFree': 1474556, u'version': u'4.13.1F', u'modelName': u'DCS-7150S-
24-CL-F', u'internalBuildId': u'f2bbcdc2-58a1-4864-83fb-6341568e499b',
u'hardwareRevision': u'02.00', u'architecture': u'i386'}]
St05@ALAB-Linux:~$
Step 4
Add the following lines to your script (feel free to alter this if you'd like):
Step 5
Re-run the script and if necessary, debug.
TASK 4: Create a python script that requires enable mode and configures your
switch.
Step 1
In your home directory on the linux lab server, create the following script.
ALAB-Linux:~$ vi eapi_conf.py
#!/usr/bin/python
response = switch.runCmds( 1, [
"enable" ,
"configure" ,
"interface ethernet 5",
"description [ I *REALLY* Like Pie! ]" ] ,
"json")
print "Done."
:wq
Step 2
Give your script execute permissions.
Step 3
Run your script and if necessary, debug.
St05@ALAB-Linux:~$ ./eapi_conf.py
Done.
Step 4
Verify your script worked by modifying your original script or create a new one that is
designed to run the command “show interface Ethernet 5”.
NOTE: You need to enter enable mode in your script to run this command.
#!/usr/bin/python
response = switch.runCmds( 1, [
"enable" ,
"show interfaces ethernet 5"
] ,
"text")
print response
~
~
:wq
Step 5
Re-run your script to verify the description was changed.
St05@ALAB-Linux:~$ ./eapi_show.py
[{u'output': u''}, {u'output': u'Ethernet5 is down, line protocol is
notpresent (notconnect)\n Hardware is Ethernet, address is
001c.7368.d7fc (bia 001c.7368.d7fc)\n Description: [ I *REALLY* Like
Pie! ]\n Ethernet MTU 9214 bytes , BW 10000000 kbit\n Full-duplex,
10Gb/s, auto negotiation: off, uni-link: unknown\n 0 link status
changes since last clear\n Last clearing of "show interface" counters
never\n 5 minutes input rate 0 bps (0.0% with framing overhead), 0
packets/sec\n 5 minutes output rate 0 bps (0.0% with framing
overhead), 0 packets/sec\n 0 packets input, 0 bytes\n Received
0 broadcasts, 0 multicast\n 0 runts, 0 giants\n 0 input errors,
0 CRC, 0 alignment, 0 symbol, 0 input discards\n 0 PAUSE input\n
0 packets output, 0 bytes\n Sent 0 broadcasts, 0 multicast\n 0
output errors, 0 collisions\n 0 late collision, 0 deferred, 0
output discards\n 0 PAUSE output\n'}
End of lab
1.) What version of EOS will be used when the switch is booted?
Answer depends on the switch’s boot config
Aboot
3.) What EOS version did your switch have after the fullrecover? Ask your partner what
is the version they have after the fullrecover.
Answers will vary
4.) Why didn’t you have to enter an Aboot password after the fullrecover?
The fullrecovery deleted the contents of the flash which included the boot-config file.
5.) In this lab, ZTP loads a configuration from the webserver (We'll see this in detail
when we study ZTP). What would be the result if ZTP/DHCP/etc. was not configured?
The switch would have the default startup configuration
Upgrade EOS
1.) What other ways could you have verified the new EOS image file was successfully
copied to flash?
Go to BASH, cd /mnt/flash and enter the “ls” command
From the CLI enter the command “bash ls /mnt/flash”
2.) How else could you have verified the boot-config settings?
Go to BASH, cd /mnt/flash and enter the “cat boot-config”
From the CLI enter the command “bash cat /mnt/flash/boot-config”
EOS Architecture
1.) What is the difference between using Cli and FastCli from the bash shell?
Cli spawns an new Cli session, FastCli runs as a daemon and executes commands quicker
than Cli and also uses less memory.
4.) What would happen if you rebooted the switch right now without saving the running-
config?
The switch would enter ZTP mode again. “zerotouch cancel” only cancels ZTP for 1
reload or there is a startup-config on flash.
5.) What does disabling ZTP do? What would happen if you rebooted the switch now?
Disabling ZTP permanently cancels ZTP even when there is no startup-config file on
flash. The switch would not boot into ZTP mode. The switch would present a default
configuration.
Multi-Switch CLI
3.) Are other switches connected? If so, what is the timestamp on the first switch that
responded?
Answers will vary.
4.) What is the default value for the MLAG Reload delay? (Hint see output from show
mlag detail)
300 seconds.
6.) While the primary is rebooting, what is the status of the MLAG interface(s) on the
secondary switch?
Active-partial. But the portchannel is still up and passing traffic on the remaining link.
8.) What is the status of the MLAG interfaces on both switches? HINT: use the ‘show
mlag detail’ and ‘show mlag interfaces’ commands
Active-Full. Up/Up.
9.) How long did it take the MLAG interfaces to come up? HINT: to view the status of
the reload-delay, use the ‘show mlag’ command and look at the ‘state’ under ‘MLAG
Status’
300 seconds.
1.) What routes are you receiving from the spine switches? HINT: use the “show ip bgp
neighbors 10.10.X.X received-routes” command.
You should be receiving two default routes (0.0.0.0/0), one from each of the spine
switches.
2.) Of the default routes (0.0.0.0/0) received from the spine switches, the active/best route
is from which neighbor? Use the “show ip route” command.
Your switch should have made active the default route received from spine-1.
3.) Using the chart “BGP Route Selection Decision Process” in Appendix A, determine
why the active route was chosen.
Lowest Router ID.
4.) What option do you need to enable to get your router to activate both default routes
from spine1 and spine2? HINT: Check the table in Appendix A.
BGP Multi-Path Option
5.) After enabling BGP Multipath, check the routing table again using “show ip route” Of
the default routes received from the spine switches, which are active now?
Both default routes should now be active.
6.) Ping the loopback of spine-1 (192.168.100.1). What is the source IP of this ping?
HINT: Establish another ssh session to your swich, go to the bash shell and type
“tcpdump –i et21” and then re-issue the ping from the original session.
The source IP of these packets is the interface IP which connects to the spine.
7.) Ping the loopback of spine-1 sourced from your interface loopback 1 IP “ping
192.168.100.1 source 10.1.X.1” Why does it fail?
It fails because the spine has no route to your loopback.
HINTS:
- Ensure both vteps are advertising their loopbacks. The vteps must be able to
reach each other.
- Switches need to be on code 4.13.1F or later.
- Ensure the switch crosslink is shutdown.
1.) How often does this scheduler execute and store the ‘show-tech’ command?
60 minutes.
2.) What is the max number of log files that will be kept on flash?
100.
3.) In what directory are these files stored? (write as much of the path as you can)
/mnt/flash/schedule/tech-support
1.) What do the numbers “2” and “1” represent in the “queue-monitor length thresholds”
command?
The first number (2) represents, in buffer segments (480bytes) the high threshold. The
second number (1) represents, in buffer segments (480bytes) the low threshold.
2.) What interface and traffic class is hitting the LANZ threshold?
Answers may vary. It will be either Eth23 or 24, traffic class 1.
3.) During your testing, what is the max number of segments observed? What is this in
bytes?
Answers will vary. Multiple the number of segments by 480 bytes to derive how much
buffer is in use during the LANZ record. For example, if 88 segments were in use, this
means about 42K of packet was buffered during this event.
4.) During your testing, what is the max Tx-Latency induced by buffering?
Answers will vary.
VM Tracer
No Questions
Advanced Mirroring
1.) Why didn’t your tcpdump capture the ICMP requests and replies?
TCPDUMP will only capture traffic that is processed by the local CPU (i.e. control plane
traffic or any packets destined for the local device). It will NOT capture traffic that is
transiting the device (i.e. data plan traffic).
3.) Explain why the tcpdump on the mirror interface captures the ICMP requests and
replies.
Because the monitor session is mirroring all packets (control plane and data plane) traffic
to the Cpu.
4.) What is the maximum amount of traffic that the CPU will receive?
This traffic is shaped at around 100Mbps
Tap Aggregation
2.) What happened to the status of the tap and tool ports?
The ports came up and are showing connected.
6.) Where (physically) is the original traffic (i.e. what network link?)
The link between the DANZ-1 switch and the ODD Numbered switch (should be Eth19
on the ODD Numbered switch.)
9.) Do you capture the traffic in both mirror sessions? Why or why not?
Yes. Because the traffic on Eth19 is identified with agg group tool1 and tool1 is
configured on both tools ports (Eth23 and 24)
10.) Do you capture the traffic in both mirror sessions? Why or why not?
No. The ARP packets are only captured on the Eth23 mirror session. This is because the
egress ACL on the ODD Numbered switch is denying packets to 192.168.5.0/24.
11.) Do you capture the traffic in both mirror sessions? Why or why not?
No. The ARP packets are only capture on the Eth24 mirror session. This is because the
aggregation group “2” is only applied on ODD Numbered switches Eth24.
General Inquiries
Email: info@arista.com
India Ireland
Eastland Citadel 4325 Atlantic Avenue
102, 2nd Floor, Hosur Road Westpark Business Campus
Madiwala Check Post Shannon
Bangalore – 560 095 Co. Clare, Ireland
R&D Office
Singapore
9 Temasek Boulevard
#29-01, Suntec Tower Two
Singapore 038989
Tel: +65 31571367
APAC Administrative Office