Extreme Switching Lab Guide v1.8 (Ebook)

Extreme Networks
Switching Lab Guide

Version 1.8
ok
bo
-e
ks
or
w
et
N
e
m
tre
Ex
Extreme Networks reserves all rights to its materials and the content of the
materials. No material provided by Extreme Networks to a Partner (or Customer, etc.)
may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying and recording, or by any information storage or
retrieval system, or incorporated into any other published work, except for internal use
by the Partner and except as may be expressly permitted in writing by Extreme
Networks.
This document and the information contained herein are intended solely for
informational use. Extreme Networks makes no representations or warranties of any
kind, whether expressed or implied, with respect to this information and assumes no
responsibility for its accuracy or completeness. Extreme Networks, hereby disclaims all
liability and warranty for any information contained herein and all the material and
information herein exists to be used only on an "as is" basis. More specific information
ok
may be available on request. By your review and/or use of the information contained
herein, you expressly release Extreme from any and all liability related in any way to
bo
this information. A copy of the text of this section is an uncontrolled copy, and may
-e
lack important information or contain factual errors. All information herein is Copyright
©Extreme Networks. All rights reserved. All information contain in this document is
subject to change without notice.
ks
or
For additional information refer to:

w
et
http://www.extremenetworks.com/company/legal
N
e
m
tre
Ex
© 2015 Extreme Networks, Inc. All rights reserved . Page 1

Extreme Networks Switching Lab Guide
Contents
Lab 1: Switch Management .......................................................................................... 4
Section A: Accessing the Switch .................................................................................. 5
Section B: Set Switch IP Address .............................................................................. 6
Section C: Establish Second Switch Connection .................................................... 8
Section D: Test Your Configuration............................................................................ 10
Section E: Set Your Console Environment ................................................................ 11
Section F: Administrative Access ............................................................................... 12
Section G: Telnet ....................................................................................................... 15
Section H: Configuration File Management ............................................................... 16
ok
Section I: System Image Download ........................................................................... 20
bo
Section J: Enabling SSH ............................................................................................ 24
Section K: Switch-B, Initial Configuration ................................................................... 27
-e
Lab 2: VLANs ............................................................................................................... 28
ks
Section A: Initial Configuration ................................................................................... 29
Section B: VLAN Configuration .................................................................................. 32
or
Section C: VLAN IP Address Assignment .................................................................. 36

w
Section D: VLAN Security .......................................................................................... 38

et
Lab 3: Spanning Tree .................................................................................................. 39

N

e
Section B: Viewing Spanning Tree............................................................................. 41

m
Section C: Configuring the Root Bridge ..................................................................... 45

tre
Section D: Spanning Tree Rapid Failover .................................................................. 48

Ex
Lab 4: EAPS ................................................................................................................. 49

Section B: Creating and configuring the EAPS Domain ............................................. 52
Section C: Testing EAPS ........................................................................................... 55
Lab 5: EAPS Shared Port (ESP) ................................................................................. 58
Section B: Creating and configuring the EAPS Domain ............................................. 61
Section C: Creating the EAPS Shared Port (ESP) ..................................................... 64
Section D: Testing EAPS Shared Port ....................................................................... 65
Lab 6: Ethernet Ring Protection Switching (G.8032)................................................ 67


Section B: Creating and configuring the ERPS Ring.................................................. 69
Section C: Testing ERPS ........................................................................................... 72
Lab 7: Link Aggregation Groups (LAGs) ................................................................... 76
Section B: Configuring Link Aggregation Groups (LAGs) .......................................... 78
C: Configuring LAG Actor Admin Keys (EOS Switch) ................................................ 84
Lab 8: Multi-Switch Link Aggregation Groups (MLAG) ............................................ 86
Section B: Configuring Link Aggregation Groups (LAGs) .......................................... 88
Section C: Creating Your MLAG ................................................................................ 91
ok
Section D: Testing Your MLAG .................................................................................. 93
bo
-e
ks
or
w
et
N
e
m
tre
Ex

Lab 1: Switch Management

Lab Overview:
In this lab you will manage Extreme EOS and XOS based switches through use of
the switch CLI. You will use the CLI for IP addresses assignment, port
configuration, firmware management, configuration file management, port mirroring
setup, and LLDP deployment.
Resources/Tools:
 Two different types of Extreme switches: (1 EOS, SSA and 2 XOS SummitX
460s)
ok
 2 PCs
bo
Objectives:
-e
When you finish this lab you will be able to connect to a switch and:
 Clear its Configuration
ks
 Set an IP address on a switch
or
 View the basic CLI structure
 Explore system configuration commands
w
 Use different administrative access methods to manage the device:

et
o COM Port
N
o Telnet
o SSH
e
 Save, upload, manipulate and download configuration files

m
 Download and load a different firmware image

tre
Ex
Note: All screen shots included in this lab exercise are for illustrative purposes
only and May Not accurately reflect the actual settings on your switch. Please
follow the procedural explanations in the text when you perform configurations in
this lab.
Note: The CLI structure differs between Extreme EOS Series and XOS Series
Switches. EOS Series and XOS Series CLI commands are specific to the switch
type.
Please see the Appendix A for lab access and configuration details.

Section A: Accessing the Switch
Section A: Open the console connection to Switch-A from PC A
Note: Please see the Appendix, Section B for terminal server details.
172.16.1X1.101
Port 2 PC-D
SSA
172.16.1X1.13
ok
EOS Switch (SSA) Switch-C
bo
Port 5, 20
-e
172.16.1X1.102 22,23
460
ks
XOS Switch (460) Switch-B
or
Port 1,2 Port 3,4

w
Core A Core B
et
N
Port 6,8
e
Port 1,2 Port 3,4

m
XOS Switch (460) Switch-A

tre
172.16.1X1.103 Port 7
Port 5
Ex
460
172.16.1X1.2
PC-A
172.16.1X1.12
PC-B
Note: To successfully complete the switching labs, all switches must be defaulted
to a base configuration prior to configuring them. Please ensure you clear your
switch configuration when instructed to do so.

Section B: Set Switch IP Address
Note: The virtual lab has several established Ethernet connections between your
three switches. These multiple connections mean that Layer 2 loops can occur.
These loops can cause problems for the execution of this lab. For this reason, you
must now: a) load a base configuration that has all physical ports disabled; and b)
enable the ports you will use to connect your switches.
1. On Switch-A (SummitX 460), clear the configuration.
unconfigure switch all
“default.xsf” exists. It will be loaded when the

switch comes up unconfigured. Restore all factory
ok
defaults and reboot? (y/N) Y
bo
2. Type Y. Wait for the switch to reboot
-e
3. Log on as admin with no password once reboot is complete.
4. Enable port connected to PC A and enable the port you will use to connect your
ks
Switch-A (SummitX 460) to your Switch-C (SSA).
or
enable port 5
w
enable port 22
et
N
5. Verify port 22 has been enabled

e
show port 22
m
tre
6. Set the IP address on Switch-A using the command below :
configure vlan Default ipaddress <Switch-A IP

Ex
Address>/24
Group Number Switch-A IP Address

1 172.16.11.103/24
2 172.16.21.103/24
3 172.16.31.103/24
4 172.16.41.103/24
5 172.16.51.103/24
6 172.16.61.103/24
7 172.16.71.103/24
8 172.16.81.103/24
9 172.16.91.103/24
10 172.16.101.103/24

Note: Please refer to the table above for the Switch-A IP address for your group.
7. Use the show ipconfig command to display your configuration.
Use Redirects : Disabled

IpOption LSRR : Enabled
IpOption SSRR : Enabled
IpOption RR : Enabled
IpOption TS : Enabled
IpOption RA : Enabled
Route Sharing : Disabled
Originated Packets : Don't require ipforwarding
Max Shared Gateways : Current: 4 Configured: 4
ok
IRDP:
Advertisement Address: 255.255.255.255 Maximum
bo
Interval: 600
Minimum Interval: 450 Lifetime: 1800 Preference: 0
-e
Interface IP Address Flags nSIA
Default 172.16.111.2 /24 EU----MPuRX--------- 0
ks
Flags: (A) Address Mask Reply Enabled (B) BOOTP Enabled
or
(b) Broadcast Forwarding Enabled

(D) Duplicate address detected on VLAN, (E) Interface Enabled
w
(f) Forwarding Enabled (g) Ignore IP Broadcast Enabled

et
(h) Directed Broadcast Forwarding by Hardware Enabled

(I) IRDP Advertisement Enabled, (M) Send Parameter Problem
N
Enabled
e
(m) Multicast forwarding Enabled, (n) Multinetted VLAN

m
(nSIA ) Number of Secondary IP Addresses

(P) Send Port Unreachables Enabled, (R) Send Redirects
tre
Enabled
(r) Unicast Reverse Path Enabled on at least one port of the
Ex
VLAN
(t) Tentative address, (T) Time Stamp Reply Enabled
(u) Send Unreachables Enabled, (U) Interface Up
(v) VRRP Enabled, (X) Send Time Exceeded Enabled
8. Optionally, use the show configuration vlan or show vlan Default commands
to verify your configuration.

Section C: Establish Second Switch Connection
1. Connect to the console port of your S-Series switch (labeled “Switch-C”)

by launching another terminal session from your PC A Desktop.
Note: Please see the Appendix, Section B for terminal server details.
2. Login as admin and hit Enter at the password prompt, and clear the
configuration using command shown below:
clear config all
ok
This command will reset the system and clear current
bo
configuration.
-e
Are you sure you want to continue (y/n) [n]?
Type Y.
ks
or
3. When the switch reboots, log in as admin. Set up your switch for the
lab by disabling dynamic VLANs (GVRP).
w
et
set gvrp disable

N
4. Disable your physical ports.

e
set port disable *.*.*

m
tre
5. Enable the port that connects your Switch-C (SSA) to your Switch-A
(SummitX 460). Refer back to the initial diagram if needed.
Ex
set port enable ge.1.22
6. Enable the port that connects your SSA to PC D.
7. Configure Switch-C, VLAN 1 with an IP address using the command

shown below:
set ip address <Switch-C IP Address>/24 interface vlan.0.1

Group Number Switch-C IP Address

1 172.16.11.101/24
2 172.16.21.101/24
3 172.16.31.101/24
4 172.16.41.101/24
5 172.16.51.101/24
6 172.16.61.101/24
7 172.16.71.101/24
8 172.16.81.101/24
9 172.16.91.101/24
10 172.16.101.101/24
ok
bo
Note: Please refer to the table above for the Switch-C IP address for your group.
-e
8. Verify IP address has been set for VLAN 1:
ks
or
show running-config
w
et
N
e
m
tre
Ex

Section D: Test Your Configuration
1. Open a connection to virtual PC D.
Note: Please see the Appendix, Section D for details on launching a Virtual PC.
2. . The VSphere window will open. Select VMs & Templates.
3. Assign PC D an IP address based on table below:
ok
Group Number PC D IP Address
1 172.16.11.13/24
bo
2 172.16.21.13/24
3 172.16.31.13/24
-e
4 172.16.41.13/24
5 ks172.16.51.13/24
6 172.16.61.13/24
7 172.16.71.13/24
or
8 172.16.81.13/24
w
9 172.16.91.13/24
et
10 172.16.101.13/24
N
4. Ping Switch-C, your pings should succeed.

e
m
5. From the same PC, ping the Switch-A, This ping should also succeed.
tre
Ex
Note: At the moment all ports on both switches are in a common VLAN, therefore,
the PC and the switches are all in the same Layer 2 network. You will configure
multiple VLANs in later labs.

Section E: Set Your Console Environment
1. On Switch-C, set the prompt to GroupX_Switch-C to make it easier to

recognize to which switch you are connected. Note X represents group
number
set prompt GroupX_Switch-C
2. The switch scrolls all the way until the end of the config file. Set Switch-
C to show you only 20 lines of output at a time:
set length 20 default
3. After a period of inactivity the switch will log you out. To prevent this
ok
issue the following command on Switch-C:
bo
set logout 0 default
-e
4. Set console environment on Switch-A (SummitX 460). Access switch
via its serial interface and login as admin:
ks
a. Change the prompt to GroupX_Switch-A.
b. Disable logout timer
or
c. Save your configuration

w
configure snmp sysName GroupX_Switch-A

et
N
disable idletimeout
e
save
m
tre
Ex

Section F: Administrative Access
In this section of the lab, you will create local user accounts for switch
management.
1. On Switch-C, set and explore your local system user login accounts and
corresponding access levels on the switch. Use the show system
login command to show the default login accounts.
Username Access State Local Login Access Allowed

Only? Start End Days
admin super-user enabled no ***access always allowed***
ro read-only enabled no ***access always allowed***
rw read-write enabled no ***access always allowed***
ok
2. On Switch-C, use the set system login and set password commands
bo
as shown below to configure another username with super-user access.
-e
set system login theboss super-user enable ks
set password theboss
or
Please enter new password: superuser

w
Please re-enter new password: superuser

et
Password changed.
N
Note the password has to be at least 8 characters in length.

e
m
3. Use the show system login command to verify your configuration.

tre
Username Access State Local Login Access Allowed

Only? Start End Days
Ex
admin super-user enabled no ***access always allowed***

ro read-only enabled no ***access always allowed***
rw read-write enabled no ***access always allowed***
theboss super-user enabled no ***access always allowed***
4. Exit out of Switch-C with the exit command, and then log back in using
the new username and password.
Username: theboss
Password: superuser
5. Issue the show users command.

Session User Location

-------- --------------------- --------------------------
* console theboss console (via com.1.1)
 Has the switch prompt changed from when you were logged in as admin?
6. Use the set system login command to attempt to create another
administrative user on the device.
 Are you successful? Why?
7. Log out of the switch, and then log back in using ro as the username.
ok
 How has the switch prompt changed from when you were logged in as ‘admin’
bo
and ‘theboss’?
-e
8. Use the set ? command to view the configuration commands that can
be used as a read-only user.
ks
 What do you notice about the configuration commands that can be used when
or
logged in as ‘ro’? Why?

w
et
9. From the Switch-A serial console create a new user account on the
N
SummitX 460, show the systems user accounts and prove the new
account works.
e
m
10. On Switch-A, explore your local system user login accounts and
tre
corresponding access levels on the switch. Use the show account

command to view the default login accounts.
Ex
User Name Access Login OK Failed

-------------------------------- ---------- -----------
admin R/W 1 0
user RO 0 0
11. Use the create account command as shown below to configure

another user with administrative access.
create account admin theboss <password>

12. Use the show account command to verify your configuration
User Name Access Login OK Failed

-------------------------------- ---------- -----------
admin R/W 1 0
user RO 0 0
theboss R/W 0 0
13. Save your configuration, then exit out of the switch, and then log back in
using the new username and password.
14. Issue the show session command
CLI
ok
# Login Time User
bo
Type Auth Auth Location
================================================================
-e
*10 Wed Apr 30 16:46:41 2014 theboss console local
dis serial ks
15. Use the create account command to attempt to create another
or
administrative user on the device.
w
 Are you successful? Why?

et
N
e
16. Log out of the switch, and then log back in using user as the username.
m
 Has the switch prompt changed from when you were logged in as ‘admin’ and
tre
‘theboss’?
Ex
17. Use the create ? command to view the configuration commands that
can be used as a read-only user.
 What do you notice about the configuration commands that can be used when
logged in as ‘user’? are all commands visible
 Try to execute a command, for example try to create another administrative level
user. What happens?

Section G: Telnet
1. From the desktop of PC D open your console emulator (PuTTy) and attempt
to telnet to Switch-A and Switch-C.
 Was the PC able to Telnet to the switches? (Connectivity should be established.)
2. On Switch-C issue the show telnet command to view the default telnet
configurations for your switch. The output should be as shown below:
Telnet inbound is currently: ENABLED

Telnet outbound is currently: ENABLED
ok
3. On Switch-A issue the show management command. The output
bo
should be similar to what is shown below:
-e
CLI idle timeout : Disabled
CLI max number of login attempts : 3
ks
CLI max number of sessions : 8
CLI paging : Enabled (this session
or
only)
w
CLI space-completion : Disabled (this session

only)
et
CLI configuration logging : Disabled

N
CLI scripting : Disabled (this session

only)
e
CLI scripting error mode : Ignore-Error (this

m
session only)
tre
CLI persistent mode : Persistent (this session

only)
Ex
CLI prompting : Disabled (this session

only)
Telnet access : Enabled (tcp port 23 vr
all)
: Access Profile : not set
SSH Access : ssh module not loaded.
Web access : Disabled (tcp port 80)
4. Terminate your Telnet sessions for Switch-A and Switch-C.

Section H: Configuration File Management
In this section of the lab, we will explore configuration file operations.

1. Establish a console connection to Switch-C
2. Use the dir command to display the current images and files saved in
NVRAM.
Note: Extreme EOS based C-series switches have the capability to store 2
firmware images on the device at any one time. S-series switches can store up
to 4 images, depending on the revision of software you are using. However,
only one of the images is active and used for booting the switch.
dir
ok
Images:
===========================================================
bo
Filename: image1
Version: 07.41.03.0009
-e
Size: 4527490 (bytes)
Date: FRI FEB 10 09:12:42 2012 ks
Filename: Version7 (Active) (Boot)
or
Version: 07.71.02.0005
w
Date: WED MAY 02 11:54:58 2012

et
===========================================================
slot1:
N
JUN 19 2012 13:27:58 4590 core-HiPath-V7-OSPF

e
m
tre
3. How many configuration files are currently saved to slot 1 on your

Ex
switch?
4. On Switch-C, use the following command to save the current device
configuration:
show config outfile slot1/mgmt-labswC
Note: The switch has a limited amount of disk space for saved configurations.
If you receive an error indicating a lack of space, ask your instructor which of
your existing configurations to delete.
5. Use the dir command to verify the file has been properly saved.

6. Upload the saved configuration file over TFTP. From your Switch-C
console Ping PC A to verify IP connectivity between devices. Use table
below to determine your PC A IP address.
Group Number PC A IP Address

1 172.16.11.2/24
2 172.16.21.2/24
3 172.16.31.2/24
4 172.16.41.2/24
5 172.16.51.2/24
6 172.16.61.2/24
7 172.16.71.2/24
8 172.16.81.2/24
ok
9 172.16.91.2/24
10 172.16.101.2/24
bo
7. On Switch-C, use the copy command in CLI to upload the previously
-e
saved file located in slot 1 to PC A via TFTP.
ks
copy slot1/mgmt-labswC tftp://<PC A IP Address>/mgmt-
labswC
or
Note: PC A should have a TFTP server running on it. If PC A does not have a
w
TFTP server on it, please ask your instructor for assistance.

et
N
8. Verify the configuration file was successfully transferred by examining

the C:\tftpboot directory on PC A.
e
9. On Switch-C, delete the mgmt-labsw1 configuration saved in Slot1

m
using the command:

tre
delete slot1/mgmt-labC
Ex
10. Confirm the deletion by using dir.

11. Restore the configuration from the TFTP server to Switch-C, using the
command below:
copy tftp://<PC A IP Address>/mgmt-labswC slot1/mgmt-

labswC
12. Use dir command to verify config has been restored.
Note: Please delete the mgmt-labswC configuration file on Switch-C when you
have finished.

13. Establish a console connection to Switch-A.
14. Use the ls command to display the current files saved on the SummitX
460 switch.
-rw-rw-rw- 1 root 0 165484 May 1 17:56 primary.cfg

-rw-rw-rw- 1 root 0 166984 Apr 8 14:47 backup.cfg
drwxrwxrwx 2 root 0 0 Apr 30 12:56 vmt
1K-blocks Used Available Use%

16384 532 15852 3%
 How many configuration files are currently saved on your switch?
ok
15. On Switch-A, use the save configuration command to save the current
device configuration:
bo
save configuration mgmt-labswA
-e
ks
Do you want to save configuration to mgmt-labswA.cfg? (y/N) Yes
Saving configuration on master ....... done!
or
Configuration saved to mgmt-labswA successfully.
w
The current selected default configuration database to boot up

et
the system(primary.cfg) is different than the one just saved

(mgmt-labswA).
N
e
Do you want to make mgmt-labswA the default database? (y/N) No

m
tre
16. Use the ls command to verify the file has been properly saved.
17. Copy the configuration file that you just created to another file by
Ex
entering the following command
cp mgmt-labswA.cfg mgmt-lab-backup.cfg
Copy file mgmt-labswA.cfg to file mgmt-lab-backup.cfg on

switch? (y/N)Y
Verify the file has been created by entering the ls command.
Rename the backup file, by entering the following command and press <y>
when prompted:

mv mgmt-lab-backup.cfg newname.cfg
18. Verify file has been renamed using ls command
19. Remove newname.cfg by entering the following command, press <y>

when prompted:
rm newname.cfg
20. Verify file has been deleted using ls command

21. On Switch-A, backup the current configuration to the TFTP server by
entering the following command:
ok
tftp put <PC A IP Address> vr VR-Default mgmt-labswA.cfg
bo
mgmt-labswA.cfg
-e
22. Delete the mgmt-labswA.cfg file using the rm command, then verify it
has been deleted using the ls command.
ks
23. Restore the mgmt-labswA.cfg file to Switch-A using the command
below, then verify the file has been restored
or
w
tftp get <PC A IP Address> vr VR-Default mgmt-labswA.cfg

et
mgmt-labswA.cfg
N
e
Note: Please remove the mgmt-labswA configuration file on Switch-A when you
m
have finished.
tre
Ex

Section I: System Image Download
In this section of the lab, you will download firmware to Switch-C (EOS SSA) and
Switch-A (XOS SummitX 460).
Note: A TFTP server is currently running on your PC A. All switch images are
located in the Switch_Images folder on your PC A Desktop. The correct images
will need to be moved to the c:\tftpboot directory on your PC A, for the TFTP
transfer to work.
1. On Switch-C use the dir command to view the current firmware images loaded
on the device.
Images:
ok
================================================================
bo
Filename: image1 (Active) (Boot)
-e
Version: 08.11.04.0006 ks
or
Date: WED APR 02 14:04:52 2014

w
Filename: image2
et
N
Version: 08.01.03.0003
e

m
Date: WED APR 23 11:30:42 2014

tre
 How many firmware images are on your Switch?

Ex
 Which image is running on the device?
2. Delete the non-active image using the delete command:
delete image2
3. On Switch-C, use the copy command to download a firmware image

different from the one the switch is running.
copy tftp://<PC A IP Address>/S-82103-0003 image2

4. Use the dir command to verify this image was successfully

downloaded. Notice the active firmware image is still the next to boot.
5. Use the show version command to display the current version of
firmware running on Switch-C.
6. Configure Switch-C to use the firmware you just downloaded. Use the
set boot system command to choose the newly downloaded version of
firmware as the firmware image to load next time the device boots.
Enter n when you are prompted to reset the switch.
set boot system image2
This command can optionally reset the system to boot the

new image.
Do you want to reset now (y/n) [n]?n
ok
 What label in the ‘dir’ command output denotes the current image?
bo
-e
 Which label denotes which image will be used at the next reboot of the system?
ks
7. Use the reset command to reboot Switch-C and load the new firmware
or
image.
w
reset system
et
Are you sure you want to reload the stack? (y/n y

N
e
8. Upon reboot, use the dir command to display the current image.
m
tre
 Is the SSA now running the new image?

Ex
9. On Switch-A, (SummitX 460), verify the switch’s active image partition

using the show switch command:
SysName: Switch-A
SysLocation: Training
SysContact: Trainer
System MAC: 00:04:96:52:06:FE
System Type: X460-24t
SysHealth check: Enabled (Normal)
Recovery Mode: All
System Watchdog: Enabled
Current Time: Wed Dec 7 13:13:35 2011

Timezone: [Auto DST Enabled] GMT Offset: -480 minutes,

name is PST.
Boot Time: Wed Dec 7 13:08:26 2011
Boot Count: 19
Next Reboot: None scheduled
System UpTime: 5 minutes 8 seconds
Current State: OPERATIONAL
Image Selected: primary
Image Booted: primary
Primary ver: 15.3.2.11
Secondary ver: 15.X.Y.Z
Config Selected: switchX.cfg
Config Booted: default.xsf
ok
Note: The highlighted text above shows the active partition (the booted image).
10. Download the switch OS image file to the non-active partition by
bo
entering the following command and press <y> when prompted.
-e
Note: the most current image for your switch will be located in the tftpboot folder
of your TFTP Server.
ks
or
download image <PC A IP Address> summitX-X.X.X.xos vr
VR-Default secondary
w
et
Do you want to install image after downloading? (y - yes, n -

no, <cr> - cancel) Yes
N
Downloading to
e
Switch..................................................
m
Installing to secondary partition!

Installing to
tre
Switch..........................................................
......
Ex
Image installed successfully

This image will be used only after rebooting the switch!

11. Verify that the software image has been downloaded correctly and
selected as secondary by entering:
show switch
SysName: Switch-A
SysLocation: Training
SysContact: Trainer
System MAC: 00:04:96:52:06:FE
Recovery Mode: All
Timezone: [Auto DST Enabled] GMT Offset: -480 minutes,
ok
name is PST.
bo
Boot Count: 19
-e
System UpTime: 5 minutes 8 seconds
ks
Image Selected: secondary
or

w
Secondary ver: 15.3.2.11

Config Selected: switchX.cfg
et
Config Booted: default.xsf

N
Notice that the secondary image has automatically been selected. This will result in that
e
image being used at the next reboot. The use image command allows you to select the
m
image manually.
tre
12. Reboot Switch-A (so that the downloaded switch OS image can be
loaded) by entering the following command and pressing <y> when
Ex
prompted:
reboot
Are you sure you want to reboot the switch? (y/N) Yes
13. When Switch-A reboots, verify the secondary software image has been
downloaded correctly, installed and is selected as the boot image by
entering the show switch command
Note: If you need to restore the primary image, issue the use image primary
command, and reboot the switch.

Section J: Enabling SSH
1. From your serial session on Switch-C, issue the show ssh command to view
the default SSH setting of your EOS switch.
show ssh
SSH Server status: Disabled
2. To enable SSH on Switch-C, enter the command shown below, then test SSH
access to Switch-C.
set ssh enable
ok
SSH Server status: enabled
bo
-e
Note: In order to enable secure CLI access for both SSH2 and HTTPS, the
SSH2 XOS module needs to be present and loaded on an XOS switch. Now
ks
that you have upgraded your switch you will download the SSH2 module image
and dynamically add secure management capability to the running switch. You
or
will then configure and enable SSH2 operation.

w
et
3. Setting up Secure Management with SSH2, on Switch-A (SummitX 460)

N
e
4. Check to see which version of software is running and also if the SSH2
m
module is installed on your switch, by entering the following command. Make

a note of the version of XOS your switch is running:
tre
show version images

Ex
The following displays:

Card Partition Installation Date Version Name Branch
-----------------------------------------------------------------------------
Switch primary Mon Nov 28 10:36:11 PST 2011 15.3.2.11 summitX-15.3.2.11.xos
v1532b11
Switch secondary Mon Nov 28 10:46:24 PST 2011 15.3.2.11 summitx-15.3.2.11.xos
v1532b11

5. Check the active partition by entering the following command: show switch
SysName: Switch-A
SysLocation: Santa Clara, ATP-Virtual Lab
SysContact: Corporate Systems Engineering
corpse@extremenetworks.com
System MAC: 00:04:96:52:06:FE
Recovery Mode: All
ok
Timezone: [Auto DST Enabled] GMT Offset: -480 minutes, name
is PST.
bo
Boot Count: 23
-e
System UpTime: 20 minutes 8 seconds ks
Image Selected: primary
or
w
Secondary ver: 15.3.2.11

et
Config Selected: primary.cfg

N
Config Booted: primary.cfg

e
Note: In order to dynamically add secure management processes to the switch,

m
the SSH2 module image has to be installed to the active partition. If the image
is installed to the non-active partition, then a reboot will be required to start the
tre
secure management processes. To install a module image, the version must

match the switch OS image you just installed.
Ex
6. Download the correct SSH module to your switch by entering the following
command, Enter <y> when prompted:
download image <PC A IP Address> summitx-XX.X.X.XX-

ssh.xmod vr "VR-Default" primary
Do you want to install image after downloading? (y - yes, n - no, <cr>

- cancel) Yes
Downloading to Switch..
Installing to primary partition!
Installing to Switch.........................

SSL will be usable after restart of thttpd process. Restart snmpMaster

process to
use AES/3DES users for SNMPv3.
Image installed successfully
Note: In addition to SSH2, the SSH image module enables SSL for HTTPS
Web access and adds the AES and 3DES encryption ciphers for SNMPv3.
7. Restart the two processes mentioned above by typing:
restart process thttpd
restart process snmpMaster
ok
bo
8. Check to see which version of software is running and also if the SSH2
module is installed on your switch, by entering the following command. Make
-e
a note of the version of ExtremeXOS your switch is running:
show version images

ks
or
You should have similar output to what is shown below:

w
Card Partition Installation Date Version Name Branch

et
-----------------------------------------------------------------------------
Switch primary Mon Nov 28 10:36:11 PST 2011 15.3.2.11 summitX-15.3.2.11.xos
N
v1532b11
Switch primary Wed Nov 30 00:32:45 PST 2011 15.3.2.11 summitx-15.3.2.11
e
ssh.xmod v1532b11
m
Switch secondary Mon Nov 28 10:46:24 PST 2011 15.3.2.11 summitx-15.3.2.11.xos

tre
9. Activate the SSH module by entering the following command:

Ex
run update
10. Enable SSH2 by entering the following command and press <y> when
prompted to generate theSSH2 key:
enable ssh2
WARNING: Generating new server host key

This could take approximately 10 minutes and cannot be canceled.
Continue?(y/N) Yes
11. Verify that SSH2 is now enabled on the switch by entering the following
command:
show management


CLI idle timeout : Enabled (20 minutes)
CLI max number of login attempts : 2
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Disabled
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
Telnet access : Enabled (tcp port 23 vr all)
SSH access : Enabled (Key valid, tcp port 22 vr all)
Web access : Disabled (tcp port 80)
Total Read Only Communities : 1
ok
Total Read Write Communities : 1
RMON : Disabled
bo
SNMP access : Enabled
: Access Profile Name : not set
SNMP Traps : Enabled
-e
SNMP v1/v2c TrapReceivers : None
ks
Note: SSH2 access is enabled by default for TCP port 22 and for all virtual routers.
or
These settings can be changed by using the port and vr command qualifiers.
w
12. From PC A use your telnet software PuTTy to connect to Switch-C by SSH.
et
13. Accept the certificate presented by the switch to the PC.

N
Section K: Switch-B, Initial Configuration

e
m
tre
1. Access Switch-B (SummitX 460) and default the switch using the
unconfigure switch all command, reboot the switch to default.xsf
Ex
script using steps previously implemented in Lab1.
2. Following reboot, logon to Switch-B and configure switch as shown below:
configure snmp sysName GroupX_Switch-B
disable idletimeout
save
END OF LAB

Lab 2: VLANs
Overview
In this lab, you will become familiar with the creation and configuration of 802.1Q
VLANs on switches 1, 2 and 3.
Resources/Tools:
 3 x Extreme Switches
 2 PCs
ok
Note: This lab was written with 1, EOS, SSA and 2 XOS SummitX 460 switches.
bo
-e
Objectives
At the end of this lab you will be able to:
ks
 Enable physical ports on switches
or
 Create and configure VLANs
 Set the IP address on the switch’s VLANs
w
 Assign physical ports to VLANs as tagged or untagged.

et
N
e
m
this lab.
tre
Ex
Important Note: Please see the Appendix A for lab access and configuration
details.

Section A: Initial Configuration
1. Establish a console connection to each of your three switches
2. On Switch-A verify ports 5 and 22 are still enabled

3. On Switch-C verify ports ge.1.2 and ge.1.22 are still enabled
4. Enable port 6 on Switch-A and save your configuration.
enable port 6
5. Enable port 6 on Switch-B and save your configuration.
ok
enable port 6
bo
-e
Note: Refer to the network diagram for switch to switch cabling information.
ks
or
PC D
172.16.x1.13/24
w
Switch-C (SSA)
172.16.x1.101/24
et
Port 2
N
e
Port 22
m
Switch-B (SummitX 460)

tre
172.16.x1.102/24
Port 6
Ex
Port 22
Port 6
Port 5 Switch-A (SummitX 460)

172.16.xx1.103/24
PC-A
172.16.x1.2/24

6. Display the current VLAN configuration on all switches, using the show vlan
command.
 What VLAN(s) are configured on the switches as part of the default

configuration?
7. On Switch-C, (EOS SSA), issue the show vlan static command and
compare it to the results of the show vlan command. Note that the output of
the two commands will differ. If you are not clear on why this is, it will be
explained later in the lab.
8. Configure IP address on Switch-B (SummitX 460) using command below:
configure vlan Default ipaddress <Switch-B IP

Address>/24
ok
bo
Group Number Switch-B IP Address
-e
1 172.16.11.102/24
2 172.16.21.102/24
3 172.16.31.102/24
ks
4 172.16.41.102/24
or
5 172.16.51.102/24
6 172.16.61.102/24
w
7 172.16.71.102/24
et
8 172.16.81.102/24
N
9 172.16.91.102/24
10 172.16.101.102/24
e
m
tre
Note: Please refer to the table above for the Switch-B IP address for your group.
Ex
9. Please save your configuration.
10. Verify that an IP address has been assigned to the default VLAN on Switch-B,
with the show vlan command.
11. From your PC A and PC-D ping all 3 switches to verify connectivity.
12. Ping between PCs, pings should be successful.
 Were your pings successful? (Connectivity should be established.)

13. Use the show mac type learned command on Switch-C and the show fdb
command on Switches 2 & 3 to display the contents of each switch’s Layer 2
forwarding databases (FDB). Locate the entry for PC A and PC-D’s MAC
addresses
14. For Switch-C:
show mac type learned
MAC Address FID Port Type

----------------- ---- ------------- --------
00-18-8B-B1-51-49 1 ge.1.2 Learned
00-24-E8-F9-BA-AC 1 ge.1.22 Learned
ok
15. For switches A & B:
bo
show fdb
-e
Mac Vlan Age Flags Port / Virtual Port List
------------------------------------------------------------------------------
00:1f:45:40:27:b8 Default(0001) 0209 d m
ks 6
00:1f:45:40:27:b9 Default(0001) 0002 d m 22
or
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,
x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B -
w
Egress Blackhole,
et
b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN

translation,
N
D - drop packet, h - Hardware Aging, o - IEEE 802.1ah Backbone MAC,

S - Software Controlled Deletion, r - MSRP
e
Total: 2 Static: 0 Perm: 0 Dyn: 2 Dropped: 0 Locked: 0 Locked with Timeout:

m
0
FDB Aging time: 300
tre
Ex

Section B: VLAN Configuration
In this section of the lab, you will:

 Create a new VLAN on your 3 switches.
 Add untagged ports to your new VLAN.
 Add tagged ports to your VLAN.
 Configure an IP addresses for the new VLAN
Create VLANs and Add Ports

VLAN Table Switch A & B:
Switch-A/VLAN Switch-A/VLAN Switch-B/VLAN Switch-B/VLAN
Group Number
Name Tag Name Tag
ok
1 10 10
bo
2 20 20
3 30 30
-e
4 40 40
5 Data 50
ks Data 50
6 60 60
7 70 70
or
8 80 80
w
9 90 90
et
10 100 100
N
VLAN Table Switch-C:

e
Switch-C/VLAN
Group Number
m
Number
tre
1 10
2 20
Ex
3 30
4 40
5 50
6 60
7 70
8 80
9 90
10 100

1. On Switch-C (EOS, SSA), issue the set vlan create command and create
VLAN X0 on your switch, where X represents your group number. Please refer
to VLAN table above for detailed VLAN configuration information
set vlan create <Your Group VLAN Number>
2. Display the newly created VLAN on Switch-C.
show vlan <Your Group VLAN>
VLAN : X0 Status : Enabled

FID : X0 Name :
VLAN Type: Permanent Last change: 2012-07-19 14:31:49
Egress Ports:
None.
ok
Forbidden Egress Ports:
None.
bo
Untagged Ports:
None.
-e
ks
3. On Switch-C, assign the PC D port to your VLAN as untagged using the set
port vlan command.
or
set port vlan ge.1.2 <Your Group VLAN Number> modify-

w
egress
et
N
Note: The above command will remove the port from any other VLANs’ ingress
e
list where it is untagged and place it into your group VLAN egress list as
m
untagged.
tre
4. Assign port 22 as tagged to your group VLAN using the set vlan egress
Ex
command.
set vlan egress <Your Group VLAN> ge.1.22 tag
5. On Switch-C, display the PVID of the port where PC D is connected.
show port vlan ge.1.2

6. On Switch-C, display the configuration of you VLAN.
show vlan <Your Group VLAN Number>
VLAN : X0 Status : Enabled

FID : X0 Name :
Egress Ports:
ge.1.2, ge.1.22
None.
Untagged Ports:
ge.1.2
Note: From the above output, we can see, ge.1.2 is now assigned to the VLAN
ok
on Switch-C as untagged and ge.1.22 is assigned as tagged.
bo
7. Attempt to ping Switch-C from PC D.
-e
 Was your ping successful? Why? (The ping should not succeed.)
ks
or
8. Attempt to ping PC-D from your PC A.
w
 Was your ping successful? Why? (The ping should not succeed.)
et
N
9. View the FDB of switches A and C by using the show fdb (SummitX 460)
e
m
command and show mac type learned (SSA).

tre
 What VLANs are the MAC addresses of PC A and PC-D associated with?
Ex
10. On Switches A & B issue the command create vlan to create a VLAN
named Data.
create vlan Data tag <Your Group VLAN tag>
Note: Please refer to VLAN tables above for detailed VLAN configuration
information

11. On Switch-A assign ports 6 & 22 to VLAN Data as tagged,
configure vlan Data add ports 6,22 tagged
12. On Switch-B assign port 6 to VLAN Data as tagged,
configure vlan Data add ports 6 tagged
13. On Switch-A assign port 5 as an untagged port to VLAN Data using

commands shown below:
ok
configure vlan Default delete ports 5
bo
configure vlan Data add ports 5 untagged
-e
ks
Note: To assign a port as untagged to a VLAN, the port must first be deleted
from its existing VLAN membership. Port 5 is currently assigned to the Default
or
VLAN. Tagged ports do not have to be deleted from their existing VLAN
w
membership.
et
N
14. Verify you can ping from PC A to PC-D, the pings should work.
 Why do pings work?
e
m
15. Attempt to ping from PCs to all 3 switches, the pings should fail.
tre
Ex
 Why do pings fail?
16. Review the current VLAN/IP address configuration on all 3 switches using
previously executed commands.
 Does the newly created VLAN have an IP address associated to it?
 What VLAN is your PC A and PC-D currently in?

Section C: VLAN IP Address Assignment
In this section of the lab (for all 3 switches), you will assign the newly created
VLAN an IP address.
1. On Switch-C (EOS, SSA), issue the set ip address command to configure an

IP address for VLAN XO.
clear ip interface vlan.0.1
set ip address <Switch-C IP Address>/24 interface

vlan.0.<Your Group VLAN Number>
ok
Note: The 172.16.x1.101 address is currently in use by VLAN 1, and it will
bo
need to be cleared off that VLAN interface before you can use it on your new
group VLAN.
-e
2. On Switches A & B issue the configure vlan <vlan_name> ipaddress
ks
command to configure an IP address for VLAN Data. Remember to save
your configuration!
or
unconfigure vlan Default ipaddress

w
et
configure vlan Data ipaddress 172.16.xx1.10X/24

N
Note: The 172.16.x1.102 & 172.16.x1.103 addresses are currently in use by

e
the Default VLAN, and they will need to be removed off that VLAN interface
m
before you can assign the address to VLAN Data.

tre
3. Verify your IP address configuration using the show running-config

Ex
command on Switch-C, and the show vlan command on Switches A & B.
4. Verify that your PCs can now ping all 3 switches.
5. Verify that you can successfully ping between switches.
 Why are all pings now successful?
6. On Switch-C issue the show vlan command. Note that ge.1.2 is present in
the output of the command.

VLAN : XO Status : Enabled

FID : XO Name : Data
Egress Ports:
host.0.1, ge.1.2, ge.1.22
None.
Untagged Ports:
ge.1.2
7. Disable port 2 on Switch-C.
ok
set port disable ge.1.2
bo
8. Re-issue the show vlan command. Note that ge.1.2 is NO longer present in
-e
the output of the command.

ks
or

w
FID : XO Name : (none)

et

Egress Ports:
N
host.0.1,ge.1.22
e

m
None.
Untagged Ports:
tre
Ex
9. On Switch-C, issue the show vlan static command for your VLAN. Note that
ge.1.2 is present in the output of the command.
show vlan static <Your Group VLAN Number>

FID : XO Name : (none)
Egress Ports:
host.0.1,ge.1.2, ge.1.22
None.
Untagged Ports:
ge.1.2

Note: It is important to understand that on Extreme Switches that run the EOS
operating system, if a port does not have link, it is not displayed on a VLAN’s
egress list using the show vlan command. Also, if a port is in a blocking state
due to spanning tree, or dormant as a result of being in a LAG, it will not be
displayed on a VLAN’s egress list using the show vlan command. The show
vlan static command, however, will show the static settings of all ports,
regardless of their link status or spanning tree state.
10. Re-enable port 2 on Switch-C and confirm PC D connectivity to the network.
Section D: VLAN Security
ok
On Extreme EOS based switches, all ports are assigned to VLAN 1 by default. On
Extreme XOS based switches all ports are assigned the Default VLAN by default.
bo
If the VLANs are not in use, it is considered to be a a security risk to leave ports
actively assigned to these VLANs. As a best practice, you should remove all user
-e
ports from VLAN 1 (EOS Switches) and the Default VLAN on XOS Switches. This
section of the lab will show you the commands necessary to accomplish this.
ks
or
1. On Switch-C, observe the current state of VLAN 1 with the show vlan static 1
command.
w
et
show vlan static 1

N
2. To clear all ports from VLAN 1 on an EOS Switch:

e
clear vlan egress 1 *.*.*

m
tre
3. Verify ports have been cleared with the show vlan static 1 command.
4. On Switches A and B, observe the current state of the Default VLAN with the
Ex
show vlan default command.

5. To clear all ports from the Default VLAN on an XOS Switch:
configure vlan Default delete ports all
6. Verify ports have been cleared with the show vlan default command.
7. Please save your configuration on Switches A & B, with the save command.
End of Lab

Lab 3: Spanning Tree

Overview
In this lab you will learn how to configure IEEE 802.1w Rapid Spanning Tree on
Extreme EOS & XOS switches.
Resources/Tools:
 2 PCs
Objectives
ok
bo
 Force a particular device to be the root bridge in your topology
-e
 Analyze rapid failover scenarios in STP
ks
Current Network Setup:
or
w
PC D
172.16.x1.13/24
et
Switch-C (SSA)
172.16.x1.101/24
N
Port 2
e
Port 5
m
Port 22 Port 5
tre
Switch-B(SummitX 460)
172.16.x1.102/24
Ex
Port 6
Port22
Port 6
Port 5 Switch-A(SummitX 460)

172.16.x1.103/24
PC A
172.16.x1.2/24

Note: The virtual lab has several established Ethernet connections between your
three switches. Follow the steps below to set up your switches for this lab.
1. On Switch-C (EOS SSA), add port 5 to your newly created VLAN as tagged
using command below. Verify ports were added with the show vlan static
command.
set vlan egress <Your Group VLAN Number> ge.1.5 tagged
2. On Switch-C enable port 5.
ok
bo
3. On Switch-A (SummitX 460), configure Spanning Tree using the commands
shown below, then save your configuration.
-e
create stpd stpd1 ks
configure stpd stpd1 mode dot1w
or
configure stpd stpd1 add vlan Data ports 6,22

w
et
configure stpd stpd1 ports link-type point-to-point 6,22

N
configure stpd stpd1 tag <Your Group VLAN tag>

e
enable stpd stpd1

m
tre
Note: The configuration shown above is only an example and may not
Ex
accurately reflect your group VLAN configuration. Please refer to VLAN table in
Lab 2, for detailed VLAN information related to your group.

4. On Switch-B, configure Spanning Tree using the commands shown below,

then save your configuration.
create stpd stpd1
configure stpd stpd1 mode dot1w
configure stpd stpd1 add vlan Data ports 5,6
configure stpd stpd1 ports link-type point-to-point 5,6
configure stpd stpd1 tag <Your Group VLAN tag>
enable stpd stpd1
ok
Note: Extreme XOS switches have Spanning Tree disabled by default and
Extreme EOS switches have Spanning Tree enabled by default.
bo
5. On Switch-B enable port 5:
-e
enable port 5 ks
6. Verify you can ping between all of your devices.
or
w
et
Section B: Viewing Spanning Tree

N
1. View the spanning tree state of Switch-C using the show spantree stats
e
command. You should have output similar to what is shown below :

m
Spanning tree status - enabled

tre
Spanning tree instance - 0

Designated Root MacAddr - 00-04-96-8b-f8-ff
Ex
Designated Root Priority - 32768

Designated Root Cost - 20000
Designated Root Port - ge.1.22
Root Max Age - 20 sec
Root Hello Time - 2 sec
Root Forward Delay - 15 sec
Bridge ID MAC Address - 00-1f-45-fb-a9-02
Bridge ID Priority - 32768
Bridge Max Age - 20 sec
Bridge Hello Time - 2 sec
Bridge Forward Delay - 15 sec
Topology Change Count - 8
Time Since Top Change - 00 days 00:05:36
Max Hops - 20

 What is the Bridge ID for Switch-C?
 What is the MAC address of the Root Bridge?
 What is the cost from Switch-C to the Root Bridge?
7. View the spanning tree states of Switch -C for port 5 & 22 using the command
shown below:
show spantree stats port ge.1.5;ge.1.22
ok
Spanning tree status - enabled
Spanning tree instance - 0
bo
Designated Root MacAddr - 00-04-96-8b-f8-ff
Designated Root Priority - 32768
-e
Designated Root Cost - 20000
Designated Root Port - ge.1.22
ks
Root Max Age - 20 sec
Root Hello Time - 2 sec
or
Root Forward Delay - 15 sec
Bridge ID MAC Address - 00-1f-45-fb-a9-02
w
Bridge ID Priority - 32768

et
Bridge Max Age - 20 sec

N
Bridge Hello Time - 2 sec

Bridge Forward Delay - 15 sec
e
Topology Change Count - 8

m
Time Since Top Change - 00 days 00:03:46

Max Hops - 20
tre
SID Port State Role Cost Priority

Ex
--- ---------- ---------------- ----------- -------- ------

0 ge.1.5 Blocking Alternate 20000 128
0 ge.1.22 Forwarding Root 20000 128
 Which ports are blocking?
 Which ports are forwarding?
 What does the output tell us about the Layer 2 forwarding path for Switch-C?
8. Additionally, use the show spantree portadmin command, view spanning

tree state for ports on Switch-C.

show spantree portadmin portge.1.5;ge.1.22
Port ge.1.5 has portadmin set to enable

Port ge.1.22 has portadmin set to enable
9. Issue the show stpd stpd1 command on Switches A and B. You should
have output similar to what is shown below:
Stpd: stpd1 Stp: ENABLED Number of

Ports: 2
Rapid Root Failover: Disabled
Operational Mode: 802.1W Default
Binding Mode: EMISTP
ok
802.1Q Tag: 10
Ports: 6,22
bo
Participating Vlans: Data
Auto-bind Vlans: (none)
-e
Bridge Priority: 32768
BridgeID: 80:00:00:04:96:97:90:08
Designated root: 80:00:00:04:96:8b:f8:ff
ks
RootPathCost: 20000 Root Port: 19
or
MaxAge: 20s HelloTime: 2s
ForwardDelay: 15s
w
CfgBrMaxAge: 20s CfgBrHelloTime: 2s

et
CfgBrForwardDelay: 15s
Topology Change Time: 35s Hold time:
N
1s
e
Topology Change Detected: FALSE Topology

m
Change: FALSE
Number of Topology Changes: 6
tre
Time Since Last Topology Change: 335s

Ex
10. Using the appropriate show commands, can you determine which switch (A,
B, or C), is the Root Bridge?

11. Issue the show stpd stpd1 port command on Switches A and B to
determine the port Spanning Tree state for the 2 switches.
Port Mode State Cost Flags

Priority Port ID Designated Bridge
6 EMISTP FORWARDING 20000 eRppaw---- 128 8013
80:00:00:04:96:8b:f8:ff
22 EMISTP FORWARDING 20000 eDpp-w---- 128 8015
80:00:00:04:96:97:90:08
Total Ports: 2
------------------------- Flags: ----------------------------

1: e=Enable, d=Disable
2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
ok
4: (Oper. type) b=broadcast, p=point-to-point, e=edge
5: p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
bo
7: i = edgeport inconsistency
8: S = edgeport safe guard active
-e
s = edgeport safe guard configured but inactive
8: G = edgeport safe guard bpdu restrict active in
802.1w and mstp
ks
g = edgeport safe guard bpdu restrict active in
802.1d
or
9: B = Boundary, I = Internal
w
 Which ports on are blocking and which are forwarding on Switches A & B?
et
N
12. Check the spanning tree mode on Switch-C.

e
m
show spantree version

tre
Force Version is mstp

Ex
 What version of STP is Switch-C running?
13. On Switches A & B, verify Spanning Tree mode using the show stpd stpd1
command.
 What operational mode are Switches A & B running?
 Do the Switches STP versions match, if not do they need to match?

Section C: Configuring the Root Bridge
In this section of the lab we will take steps that ensure a specific switch becomes
the Root Bridge. You will lower Switch-A’s bridge priority so it becomes the Root
Bridge in the topology. You will then lower Switch-B’s bridge priority to a value
higher than Switch-A, but lower than Switch-C priority. This will ensure that
Switch-B becomes the Root Bridge in the event that Switch-A fails.
1. On Switch-A, set the bridge priority to 4096 using the configure stpd
command.
configure stpd "stpd1" priority 4096
ok
2. Verify this setting using the show stpd command.
bo
-e
show stpd "stpd1"
ks
Stpd: stpd1 Stp: ENABLED Number of Ports: 2
Rapid Root Failover: Disabled
or
Operational Mode: 802.1W Default Binding Mode:

w
EMISTP
802.1Q Tag: 10
et
Ports: 6,22
Participating Vlans: Data
N
Auto-bind Vlans: (none)

Bridge Priority: 4096
e
BridgeID: 20:00:00:04:96:97:90:08
m
Designated root: 20:00:00:04:96:97:90:08

RootPathCost: 0 Root Port: ----
tre
MaxAge: 20s HelloTime: 2s ForwardDelay: 15s

CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s
Ex
Topology Change Time: 35s Hold time: 1s

Topology Change Detected: FALSE Topology Change: FALSE
Number of Topology Changes: 3
Time Since Last Topology Change: 3733s
 Is Switch-A now the Root Bridge? How can you tell it is the Root Bridge?
3. View the spanning tree port states for Switch-A ports 6 & 22.
show stpd "stpd1" ports 6,22

Port Mode State Cost Flags Priority Port ID Designated

Bridge
10:00:00:04:96:97:90:08
10:00:00:04:96:97:90:08
Total Ports: 2
------------------------- Flags: ----------------------------

1: e=Enable, d=Disable
2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type) b=broadcast, p=point-to-point, e=edge
5: p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
7: i = edgeport inconsistency
ok
8: S = edgeport safe guard active
s = edgeport safe guard configured but inactive
8: G = edgeport safe guard bpdu restrict active in 802.1w
bo
and mstp
g = edgeport safe guard bpdu restrict active in 802.1d
-e
9: B = Boundary, I = Internal
10: r = restricted role, t = active role

ks
 All ports should be in a forwarding state. Why should ports 6 & 22 be in a
or
forwarding state on Switch-A?

w
4. On Switch-C, use the show spantree stats active command to view its
et
current Spanning Tree state.

N
 What is Switch-C’s current Root Port?

e
m
 Why is it the Root Port?

tre
Ex
5. Test connectivity between all devices in your lab setup, you should be able to
ping successfully.
6. On Switch-B, set the bridge priority to 8192. By doing this, the device will
have second lowest Bridge ID in the topology, and will become Root Bridge if
Switch-A fails.
configure stpd "stpd1" priority 8192

7. Verify the priority has been set by using the show stpd "stpd1" command.
8. Determine the Root Port of Switch-B by using the show stpd "stpd1" ports
command.
 What is Switch-B’s current Root Port?
 Why is it the Root Port?
9. Use the network diagram below and correct show commands, to indicate
blocking and forwarding ports in your lab environment for all switches.
Current Network Setup:
ok
bo
PC D
172.16.x1.13/24
Switch-C (SSA)
-e
172.16.x1.101/24
Port 2 ks
Port 5
Port 22
or
Port 5
Switch-B(SummitX 460)
w
172.16.x1.102/24
et
Port 6
N
Port22
e
m
Port 6
tre
Port 5 Switch-A(SummitX 460)

172.16.x1.103/24
Ex
PC A
172.16.x1.2/24

Section D: Spanning Tree Rapid Failover
The 802.1s and 802.1w protocols possess the advantages of rapid failover
capability. In this section of the lab, you will force a link failure on Switch-C for port
22 (Root Port to Switch-A). This will cause a re-span of the topology, since port 22
is currently being used as the forwarding path to Switch-B.
1. From PC A on Switch-A, continuously ping PC-D on Switch-C. The pings

should succeed.
2. On Switch-C, using the show spantree stat active command, verify that port
22 is the Root Port.
3. On Switch-C, using the set port disable command, disable port 22.
ok
4. Verify that the Root Port for Switch-C has changed by issuing the show
bo
spantree stat active command. The Root Port should now be port 5
-e
5. Verify that pings from PC A to PC-D are still working.
6. Important! Re-enable port 22 on Switch-C. ks
7. Important! Disable port 5 on both Switch-B and Switch-C.
or
w
et
N
End of Lab
e
m
tre
Ex

Lab 4: EAPS
Lab Overview:
In this lab you will use multiple Extreme XOS based switches to configure an EAPS
domain on top of a single ring topology.
Resources/Tools:
 Two different types of Extreme switches: (1 EOS SSA, and 3 XOS SummitX
460s)
 2 PCs
ok
Objectives:
bo
-e
 Create an EAPS domain
 Add control VLAN and any protected VLANs to the domain
 Configure your switch to be the master node in the EAPS ring
ks
 Configure the inter-switch ports to be primary or secondary ports
or
 Enable EAPS globally.

 Enable the EAPS domain
w
 Verify the EAPS configuration and status

et
 Test the ring recovery

N
e
m
tre
this lab.
Ex

In this section of the lab, you will enable ports to establish a physical Ethernet Ring
among the XOS SummitX switches, and create a Control VLAN required to
support EAPS operation.
PC D
172.16.x1.13/24
Switch-C (SSA)
Port 2
ok
Port 22
bo
Switch-B
172.16.x1.102/24
-e
Port 1 SummitX 460
Port 6
Port 22
ks
Switch-A
172.16.x1.103/24 Port 6
or
(SummitX 460)
w
Port 5 Port 1
et
N
PC A
Core A
172.16.x1.2/24
e
172.16.x1.1/24
m
SummitX 460
tre
Note: Please refer to the network map for details regarding switch-to-switch
physical connectivity
Ex
Note: The Core Switch (Core A) has been pre-configured by the Instructor as a
Transit Node for all EAPS Domains.

EAPS Domain Information:

Control Control
Group EAPS Protected Protected
VLAN VLAN
Number Domain VLAN VLAN Tag
Tag
1 10 11
2 20 21
3 30 31
4 40 41
ED Data Control
5 50 51
6 60 61
7 70 71
8 80 81
9 90 91
ok
10 100 101
bo
Note: Please refer to the EAPS Domain Information table, for EAPS configuration
-e
details.
ks
1. On Switches A & B using the commands shown below, create a VLAN named
or
Control and add ports. Tag the VLAN, according to the Control VLAN
w
information provided in the EAPS Domain Information table shown above.

et
Switch-A:
N
create vlan Control tag <Your Groups Control VLAN Tag>

e
m
config vlan Control add port 1,6 tagged

tre
Ex
Switch-B:
create vlan Control tag <Your Groups Control VLAN Tag>
config vlan Control add port 1,6 tagged
2. Use the show vlan <vlan name> command to verify your configuration.

3. On Switch-A, add port 1 to your Data VLAN as tagged, and verify your
configuration with the appropriate show command.
4. On Switch-B, add port 1 to your Data VLAN as tagged, and verify your
configuration with the appropriate show command.
Section B: Creating and configuring the EAPS Domain
ok
In this section of the lab, you will implement the necessary steps required to
bo
create, configure, enable, and verify the operation of your EAPS domain.
-e
Note: EAPS configuration is NOT required on the Core switch, EAPS configuration
of this switch was completed by the Instructor. ks
1. On Switches A & B, create your EAPS Domain using the command show
or
below.
w
create eaps ED
et
N
5. Configure Switch-A as the EAPS master node using the command shown
e
below.
m
configure eaps ED mode master

tre
Ex
6. Configure Switch-B as a transit node using the command shown below:
configure eaps ED mode transit
7. On Switch-A, configure port 6 as the primary port for your EAPS Domain, and
port 1 as the secondary port
configure eaps ED primary port 6
configure eaps ED secondary port 1

8. On Switch-B configure port 6 as the secondary port for your EAPS Domain,
and configure port 1 as primary.
configure eaps ED secondary port 6
configure eaps ED primary port 1
9. Verify the EAPS configuration on both switches using the show eaps
<eapsDomain> command.
show eaps ED
ok
bo
Name: ED Priority: Normal
State: Idle Running: No
-e
Enabled: No Mode: Master
Primary port: 6 Port status: Unknown Tag status:
Undetermined
ks
Secondary port: 1 Port status: Unknown Tag status:
or
Undetermined
Hello Egress Port: Primary
w
Hello timer interval: 1 sec 0 millisec

et
Fail timer interval: 3 sec 0 millisec

Fail Timer expiry action: Send alert
N
Last valid EAPS update: None till now.

e
EAPS Domain's Controller Vlan: Unassigned

m
EAPS Domain's Protected Vlan(s): Unassigned

Number of Protected Vlans: 0
tre
Ex
10. On Switches A & B, add the Control VLAN to your EAPS Domain.
configure eaps ED add control vlan Control
11. On Switches A & B, add the protected VLAN to your EAPS Domain.
configure eaps ED add protected vlan Data
12. On Switches A & B, enable EAPS globally.
enable eaps

13. On Switches A & B, enable your EAPS Domain.
enable eaps ED
14. On Switches A & B, enable EAPS fast-convergence.
configure eaps fast-convergence on
15. On Switch-A enable port 1 to Core A switch.

16. On Switch-B, enable port 1 to Core A switch.
17. Save your configuration.
18. On Switches A & B, verify EAPS status, your output should be similar to what
is shown below depending on the switch you are looking at.
ok
show eaps ED
bo
-e
State: Complete Running: Yes
Enabled: Yes Mode: Master
ks
Primary port: 6 Port status: Up Tag status: Tagged
Secondary port: 1 Port status: Blocked Tag status:
or
Tagged
w

et

N

Last update: From Master Id 00:04:96:52:07:37, at Sun
e
Nov 20 19:02:39 2011

m
EAPS Domain has following Controller Vlan:

tre
Vlan Name VID

ControlX X
Ex
EAPS Domain has following Protected Vlan(s):

Vlan Name VID
DataX X
Note: The EAPS state will show “Complete” on the Master Node indicating
the ring is functional, and the secondary port is “Blocked” to prevent a Layer 2
loop. If you execute the show eaps ED command on the Transit Node, Link-
Up indicates the ring is good.

Section C: Testing EAPS
In this section of the lab, you will test your EAPS configuration to ensure data
traffic is not impacted by a ring failure.
Arrows represent
data path when
PC D ring is complete
172.16.x1.13/24
Switch-C (SSA)
Port 2
ok
Switch-B
Port 22 SummitX 460
bo
-e
Port 1 Port 6
Port 22
ks
Switch-A
(SummitX 460) Port 6
or
w
Port 5 Port 1
et
N
PC A
172.16.x1.2/24 Core A
e
SummitX 460
m
tre
Ex
1. From PC D which is attached to Switch-C, open a continuous ping to the Core

A switch, (172.16.x1.1) the pings should succeed.
Note: Refer to Network diagram for flow of traffic when EAPS ring is complete.

2. On Switch-A, display port statistics for ring ports 1 & 6.
show port 1,6 statistics
3. Reset the counters by pressing the <0> key.
Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx Pkt Rx Pkt

State Count Count Count Count Bcast Mcast
================================================================================
1 A 119 12226 200 8352 0 0
6 A 2000 51960 6100 10700 1 0
================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
ok
bo
Note: On Switch-A (once you reset counters), you should notice that port 6,
(the non-blocking port on the ring), is reporting higher traffic than port 1, (the
-e
blocking port on the ring). This is because port 6 is seeing ping traffic (at the
rate of 1 per second) is also seeing EAPS hello packets (also at the rate of 1
ks
per second), where port 1 is only seeing EAPS hello packets.
or
4. On Switch-A, disable port 6 (your primary ring port).

w
5. Display the current status of EAPS with the show eaps command.
et
N
EAPS Enabled: Yes

EAPS Fast-Convergence: On
e
EAPS Display Config Warnings: On

m
EAPS Multicast Add Ring Ports: Off

EAPS Multicast Send IGMP Query: On
tre
EAPS Multicast Temporary Flooding: Off

EAPS Multicast Temporary Flooding Duration: 15 sec
Number of EAPS instances: 1
Ex
# EAPS domain configuration :

--------------------------------------------------------------------------------
Domain State Mo En Pri Sec Control-Vlan VID Count Prio
--------------------------------------------------------------------------------
ED Failed M Y 19 1 Control (X) 1 N

6. Display the current status of your EAPS Domain with the show eaps ED
command.

State: Failed Running: Yes
Primary port: 6 Port status: Down Tag status: Tagged
Secondary port: 1 Port status: Up Tag status: Tagged
Last update: From Master Id 00:04:96:52:07:37, at Sun Nov 20 19:12:46
2011
Vlan Name VID
ok
ControlX X
bo
Vlan Name VID
DataX X
-e
The ring state is now Failed and the secondary
ks
Note: The ring state is now Failed and the secondary port status has been
changed to Up. Ping traffic should continue to pass!
or
w
et
7. Verify ping traffic is now using port 1 on Switch-A using the show port 1,6
statistics command. Clear port counters and you should notice that port 1 is
N
reporting higher traffic than before. This is because it is passing the ping
traffic.
e
m
8. On Switch-A, re-enable the EAPS domain primary port 6 to show that the re-
convergence works.
tre
9. Verify that your EAPS domain has transitioned back into the “Complete” state
Ex
using appropriate show commands.
End of Lab

Lab 5: EAPS Shared Port (ESP)

Lab Overview:
This lab exercise tests your ability to configure two EAPS domains on two adjacent
network rings sharing a common link. Each EAPS domain has a common
protected VLAN. A common link failure creates a failure in each domain and a
“super loop” if EAPS Shared Port is not configured.
Resources/Tools:
 Two different types of Extreme switches: (1 EOS SSA, and 4 XOS SummitX
ok
460s)

bo
2 PCs
-e
Objectives:
ks
 Create an EAPS domain
or
 Add control and protected VLANs to the domain
 Enable EAPS globally
w
 Enable the EAPS domain

et
 Verify the EAPS configuration and status

N
 Implement EAPS Shared Port

 Verify the ESP status
e
 Test the rings recovery

m
tre
Ex
this lab.

among the XOS SummitX switches, and create a Control VLAN required to
support EAPS operation.
PC D
172.16.x1.13/24
Switch-C (SSA)
ok
Port 2
bo
Port 22
-e
Switch-B
172.16.x1.102/24
Port 1 SummitX 460
Port 6
ks
Port 22
or
Port 3
Switch-A
w
172.16.x1.103/24 Port 6
(SummitX 460)
et
Port 5 Port 3
Port 1
N
e
PC A
m
172.16.x1.2/24
tre
Ex
Core A
Core B
172.16.x1.1/24
172.16.x1.254/24
SummitX 460
SummitX 460
Note: Please refer to the network map for details regarding switch-to-switch
physical connectivity.
Note: The Core Switches have been pre-configured by the Instructor as Transit
Nodes for all EAPS Domains.

EAPS Domain Information:

Control Control
Group EAPS Protected
VLAN VLAN
Number Domain VLAN
Tag
1 211
2 221
3 231
4 241
5 ED2 Data Control2 251
6 261
7 271
8 281
9 291
10 2101
ok
bo
Note: Please refer to the EAPS Domain Information table for EAPS configuration
-e
details.
ks
1. On Switches A & B using the commands shown below, create a VLAN named
Control2. Tag the VLAN according to Control VLAN information provided in
or
EAPS Domain Information table provided at the beginning of the lab.
w
Switch-A
et
N
create vlan Control2 tag tag <Your Groups Control2 VLAN

Tag>
e
m
config vlan Control2 add port 3,6 tagged

tre
Switch-B:
Ex
create vlan Control2 tag tag <Your Groups Control2 VLAN

Tag>
config vlan Control2 add port 3,6 tagged
2. Use the show vlan command to verify your configuration of your new control
VLAN.
3. On Switch-A, add port 3 to your Data VLAN as tagged.

4. On Switch-B, add port 3 to your Data VLAN as tagged.
Section B: Creating and configuring the EAPS Domain
create, configure, enable, and verify the operation of an additional EAPS domain.
Note: EAPS configuration is NOT required on the Core switches, EAPS
ok
configuration of this Core A and Core B was completed by the Instructor.
bo
1. On Switches A & B, create your additional EAPS Domain using the command
-e
show below.
create eaps ED2

ks
or
6. Configure Switch-B as the EAPS master node using the command shown
w
below:
et
configure eaps ED2 mode master

N
e
7. Configure Switch-A as a transit node using the command shown below:

m
configure eaps ED2 mode transit

tre
Ex
8. On Switch-B, configure port 6 as the primary port for your EAPS Domain, and
port 3 as the secondary port.
configure eaps ED2 primary port 6
configure eaps ED2 secondary port 3
9. On Switch-A configure port 6 as the secondary port for your EAPS Domain,
and configure port 3 as primary.
configure eaps ED2 secondary port 6
configure eaps ED2 primary port 3

10. Verify the EAPS configuration on both switches using the show eaps
<eapsDomain> command.
show eaps ED2
Name: ED2 Priority: Normal

State: Idle Running: No
Enabled: No Mode: Master
Primary port: 6 Port status: Unknown Tag status:
Undetermined
Secondary port: 3 Port status: Unknown Tag status:
Undetermined
ok
bo
Last valid EAPS update: None till now.
EAPS Domain's Controller Vlan: Unassigned
-e
EAPS Domain's Protected Vlan(s): Unassigned
ks
or
11. On Switches A & B, add the Control VLAN to your EAPS Domain.
w
configure eaps ED2 add control vlan Control2

et
N
12. On Switches A & B, add the protected VLAN to your EAPS Domain.
e
configure eaps ED2 add protected vlan Data

m
tre
13. On Switches A & B, enable your EAPS Domain

Ex
enable eaps ED2
14. On Switch-B enable port 3 to Core B switch.
15. On Switch-A, enable port 3 to Core B switch.

16. On Switches A & B, verify EAPS status for your newly created EAPS domain,
as well as the EAPS domain created in previous lab. Your output should be
similar to what is shown below depending on the switch you are on, and the
EAPS domain you are viewing.
show eaps ED2
Name: ED2 Priority: Normal

State: Complete Running: Yes
Primary port: 6 Port status: Up Tag status: Tagged
Secondary port: 3 Port status: Blocked Tag status:
Tagged
ok
bo
Last update: From Master Id 00:04:96:52:07:37, at Sun
Nov 20 19:02:39 2011
-e
Vlan Name VID
ks
Control2 X
or
Vlan Name VID

w
Data X
et
N
Note: The EAPS state will be displayed as “Complete” on the Master Node
indicating the ring is functional, and the secondary port is “Blocked” to prevent a
e
Layer 2 loop. If you execute the show eaps EDX command on the Transit
m
Node, Link-Up indicates the ring is good.

tre
Ex

Section C: Creating the EAPS Shared Port (ESP)
In this section of the lab you will create an EAPS Shared Port instance on your
switches, as instructed below.
EAPS Shared Port Values:

EAPS ESP Controller ESP Partner
ESP Link ID
Shared Port
6 1 Switch-B Switch-A
ok
bo
-e
ks
1. On Switches A & B, create the EAPS Shared Port Instance on your Switch by
or
typing the following commands on its CLI:
w
create eaps shared-port 6

et
N
2. On Switches A & B, configure the EAPS Shared Port Link-ID with the
command below:
e
m
configure eaps shared-port 6 link-id 1

tre
Ex
3. Configure Switch-B as the ESP Controller
configure eaps shared-port 6 mode controller
4. Configure Switch-A, as the ESP Partner
configure eaps shared-port 6 mode partner
5. Verify your EAPS shared port configuration on both Switches 2 & 3, using the
command show below:
show eaps shared-port

Switch-B Output:
EAPS shared-port count: 1
------------------------------------------------------------------------
Link Domain Vlan
RB RB
Shared-port Mode Id Up State count count Nbr State Id
------------------------------------------------------------------------
6 Controller "Y" Y Ready 2 1 Yes None None
------------------------------------------------------------------------
Switch-A Output:
------------------------------------------------------------------------
Link Domain Vlan
ok
RB RB
bo
------------------------------------------------------------------------
6 Partner "Y" Y Ready 2 1 Yes None None
-e
------------------------------------------------------------------------
ks
Section D: Testing EAPS Shared Port
or
w
In this section of the lab, you will test your EAPS configuration to ensure data
et
traffic is not impacted by a ring failure. When the shared port fails, the secondary
port of each master node unblocks. The new topology introduces a broadcast loop
N
spanning the both rings (ED & ED2); it is the Controllers responsibility to block this
e
loop.
m
tre
1. From your PC D which is attached to Switch-C, open continuous pings to Core

A (172.16.x1.1) and Core B (172.16.x1.254). The pings should succeed.
Ex
2. Simulate a failure on the Shared Link port between Switches A & B by

disabling port 6 on Switch-B using command show below:
disable port 6
Note: Ping traffic should not fail.
3. Verify the effect of disabling Port 6 (the shared port) with the show eaps
shared-port command.

Switch-B Output:
------------------------------------------------------------------------
Link Domain Vlan
RB RB
------------------------------------------------------------------------
6 Controller "Y" Y Blocking 2 1 Yes None None
------------------------------------------------------------------------
Note: For the failure scenario simulated above, the Controller and Partner
nodes immediately detect the loop, and the controller does the following,
selects an active-open port for protected VLAN communications, and then
Blocks protected VLAN communications on all segment ports except the active-
open port. Switch-B (the shared port controller) should be blocking at this time.
ok
bo
4. Additionally, display the current state of your EAPS Domains (ED & ED2)
showing the show eaps <domain name> command.
-e
5. Re-enable port 6, and verify that the network re-converge using appropriate
show commands. The EAPS Domains should return to their previous states.
ks
6. Important! On Switches A & B, disable port 1, to the Core A switch
or
7. Important! On Switches A & B, disable port 3, to the Core B switch
w
8. Important! On Switches A & B, disable EAPS Domains ED & ED2 and EAPS
et
globally using commands shown below:

N
disable eaps ED
e
disable eaps ED2

m
tre
disable eaps
Ex
9. Important! On Switches A & B, delete EAPS Domains ED & ED2 using

commands shown below:
delete eaps ED
delete eaps ED2
10. Verify your EAPS configuration has been removed for the previously
configured Domains:
show configuration eaps
End of Lab

Lab 6: Ethernet Ring Protection Switching

(G.8032)
Lab Overview:
This lab exercise tests your ability to configure Ethernet Ring Protection Switching
(ERPS) in a single ring topology. ERPS is an industry standard Layer 2 loop
prevention protocol that is similar to Extreme’s EAPS.
Objectives
ok
 Create an ERPS ring
bo
 Add a control VLAN and any protected VLANs to the ERPS ring
-e
 Configure your switch to be the Ring Protection Link (RPL) Owner node in the
ERPS ring
 Configure the inter-switch ports to be ring ports east and west
ks
 Enable ERPS globally
or
 Enable the ERPS ring
 Verify the ERPS configuration and status using various show commands
w
 Test the ring recovery

et
N
e
m
tre
Ex

among the XOS SummitX to support ERPS operation.
PC D
172.16.x1.13/24
Switch-C (SSA)
Port 2
ok
Port 22
bo
Switch-B
172.16.x1.102/24
-e
Port 1 Port 6 SummitX 460
Port 22
ks
Switch-A
172.16.x1.103/24 Port 6
or
(SummitX 460)
w
Port 5 Port 1
et
PC A
N
172.16.x1.2/24
e
m
tre
Core A
172.16.x1.1/24
Ex
SummitX 460
Note: Please refer network map for details regarding switch-to-switch physical
connectivity.
Note: The Core Switch (Core A), has been pre-configured by the Instructor as a
Ring Node for the ERPS Ring.

Section B: Creating and configuring the ERPS Ring
create, configure, enable, and verify the operation of your ERPS Ring.
Note: ERPS configuration is NOT required on the Core switch, ERPS

configuration of the Core A switch was completed by the Instructor.
ERPS Ring Information:

Group Protected Control
ERPS Ring
Number VLAN VLAN
1
2
ok
3
4
bo
5
6 Ring-1 Data Control
-e
7
8 ks
9
10
or
w
et
Note: Please refer to the ERPS Ring Information table, for ERPS configuration
details.
N
e
m
1. On Switches A & B, create your ERPS ring using the command show below.
tre
Ex
create erps Ring-1
2. On Switch-A, configure port 6 as the east ring port for your ERPS ring:
configure erps Ring-1 ring-port east 6
3. On Switch-A, configure port 1 as the west ring port for your ERPS ring:
configure erps Ring-1 ring-port west 1

4. On Switch-A, add the control VLAN to the ERPS ring by entering the following
command:
configure erps Ring-1 add control vlan Control
5. On Switch-A, add the protected VLAN by entering the following command:
configure erps Ring-1 add protected vlan Data
6. On Switch-A, configure the ERPS Ring Protection Link (RPL) port as port 1,
by typing the following command:
configure erps Ring-1 protection-port 1
ok
bo
Note: The RPL will be the blocking port on the ring!
-e
7. On Switch-A, set the “Wait To Restore” timer to 1 second, by typing the
following command:
ks
configure erps Ring-1 timer wait-to-restore 1000
or
w
8. On Switch-B, configure port 1 as the east ring port for your ERPS ring:
et
N
configure erps Ring-1 ring-port east 1

e
m
9. On Switch-B, configure port 6 as the west ring port for your ERPS ring:
tre
configure erps Ring-1 ring-port west 6

Ex
10. On Switch-B, set the “Wait To Restore” timer to 1 second, by typing the
following command:
configure erps Ring-1 timer wait-to-restore 1000
11. On Switch-B, Add the control VLAN to the ERPS ring by entering the
following command:
configure erps Ring-1 add control vlan Control
12. On Switch-B, add the protected VLAN by entering the following command:
configure erps Ring-1 add protected vlan Data

13. On Switches A & B enable ERPS globally by typing the following command:
enable erps
14. On Switches A & B enable ERPS for your newly created ring by typing the
following command:
enable erps Ring-1
15. On Switches A & B, enable port 1 to switch Core A.

17. Verify the ERPS configuration on both switches using the show erps
command.
ok
show erps Ring-1
bo
Name: Ring-1
Operational State: Idle Node Type: RPL Owner, Revertive
-e
Configured State : Enabled
East Ring Port : 6 MepId: 0 Remote MepId: 0 Status: Unblocked
West Ring Port : +1 MepId: 0 Remote MepId: 0 Status: Blocked
ks
Periodic timer interval: 5000 millisec (Enabled)
or
Hold-off timer interval: 0 millisec (Enabled)
Guard timer interval : 500 millisec (Enabled)
w
WTB timer interval : 5500 millisec (Enabled)

et
WTR timer interval : 1000 millisec (Enabled)

Ring MD Level : ----
N
CCM Interval East : 1000 millisec

e
CCM Interval West : 1000 millisec

m
Notify Topology Change : -------

Subring Mode : Virtual Channel
tre
ERPS Control Vlan: Control VID:X

Topology Change Propogation List: None
Ex
Topology Change Propogation : Disabled

ERPS Ring's Sub-Ring(s): None
ERPS Ring has following Protected Vlan(s):
Vlan Name VID Data
(+) RPL Protection Port, (^) RPL Neighbor Port
Note: If you are viewing Switch-A, you will notice that the ERPS state is “Idle” and the
west ring port is “Blocked” to prevent a Layer 2 loop. The west ring port is blocked,
because it has been configured as the Ring Protection Link (RPL).

Section C: Testing ERPS
In this section of the lab, you will test your ERPS configuration to ensure data
traffic is not impacted by a ring failure.
Arrows represent
data path when
ring is complete
PC D
ok
172.16.x1.13/24
Switch-C (SSA)
bo
Port 2
-e
Port 22 ks Switch-B
172.16.x1.102/24
Port 1
or
Port 6 SummitX 460
w
Port 22
et
Switch-A
172.16.x1.103/24 Port 6
N
(SummitX 460)
Port 5
e
Port 1
m
PC A
tre
172.16.x1.2/24
Ex
Core A
172.16.x1.1/24
SummitX 460
1. From your PC D which is attached to Switch-C, open a continuous ping to Core

A (172.16.x1.1), the pings should succeed.
Note: Refer to Network diagram for flow of traffic when ERPS ring is complete.


State Count Count Count Count Bcast Mcast
================================================================================
1 A 119 12226 200 8352 0 0
6 A 2000 51960 6100 10700 1 0
================================================================================
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
ok
Note: On Switch-A (once you reset counters), you should notice that port 6 (the
non-blocking port on the ring), is reporting higher traffic than port 1 (the
bo
blocking port on the ring). This is because port 6 is seeing ping traffic (at the
rate of 1 per second) in addition to ERPS control traffic, where port 1 is only
-e
seeing ERPS control traffic.
ks
4. On Switch-A, disable port 6. By disabling port 6, the RPL port (1), will go to a
or
non-blocking state.
w
5. Display the current status of ERPS with the show erps command.
et
show erps
N
e
ERPS Enabled: Yes

m
ERPS Display Config Warnings: On

ERPS Multicast Add Ring Ports: Off
tre
ERPS Multicast Send IGMP Query: On

ERPS Multicast Temporary Flooding: Off
Ex
ERPS Multicast Temporary Flooding Duration: 15 sec

Number of ERPS instances: 1
# ERPS ring configuration :
----------------------------------------------------------------------
Ring State Type East West Control-Vlan VID
----------------------------------------------------------------------
Ring-1 Protection R r 6 +1 Control (X)
----------------------------------------------------------------------
where State: Init/Idle/Protection/Manual-Switch/Force-Switch/Pending
Type: (I) Interconnected node, (N) RPL Neighbor,
(R) RPL Owner, (X) Ring node
Flags: (n) Non-revertive, (r) Revertive,
(f) Force Switch Port, (m) Manual Switch Port

show erps Ring-1
Name: Ring-1
Operational State: Protection Node Type: RPL Owner, Revertive
Configured State : Enabled
East Ring Port : 6 MepId: 0 Remote MepId: 0 Status: Blocked
West Ring Port : +1 MepId: 0 Remote MepId: 0 Status: unblocked
Periodic timer interval: 5000 millisec (Enabled)
Hold-off timer interval: 0 millisec (Enabled)
Guard timer interval : 500 millisec (Enabled)
WTB timer interval : 5500 millisec (Enabled)
WTR timer interval : 1000 millisec (Enabled)
Ring MD Level : ----
CCM Interval East : 1000 millisec
ok
CCM Interval West : 1000 millisec
Notify Topology Change : -------
bo
Subring Mode : Virtual Channel
ERPS Control Vlan: controlX VID:X
-e
Topology Change Propogation List: None
Topology Change Propogation : Disabled ks
ERPS Ring's Sub-Ring(s): None
ERPS Ring has following Protected Vlan(s):
or
Vlan Name VID DataX
w

et
(f) Force Switch Port, (m) Manual Switch Port

N
e
Notice that the ERPS state is now “Protection” and the west ring port is
m
“Unblocked” as a result of the port 6 failure.

tre

Ex

State Count Count Count Count
Bcast Mcast
=============================================================================
1 A 119 12226 200 8352 0 0
6 A 2000 51960 6100 10700 1
0
=============================================================================

Note: On Switch-A (once you reset counters), you should notice that port 1,
(the non-blocking port on the ring), is reporting higher traffic than port 6, (the
failed port on the ring). This is because port 1 is seeing ping traffic (at the rate
of 1 per second) in addition to ERPS control traffic, where port 6 is in a failed
state. Additionally, your pings from your from PC-D to Core A should not have
failed.
8. Stop ping traffic between from PC-D.
9. Important! Disable port 1 on Switches A & B with the disable port

command.
10. Important! Disable ERPS Ring-1 and ERPS globally, then delete the ring
using the delete erps <ring name> command.
ok
bo
-e
End of Lab ks
or
w
et
N
e
m
tre
Ex

Lab 7: Link Aggregation Groups (LAGs)

Overview
In this lab, you will become familiar with the principles and concepts behind
802.3ad Link Aggregation on Extreme EOS and XOS switches.
Resources/Tools:
 2 PCs
Objectives
ok
bo
 Create a LAG dynamically, using Link Aggregation Control Protocol (LACP)
-e
 Assign specific ports to a specific LAG using aadminkeys
 Test LAG operation in various error conditions including link failures and
ks
enabling/disabling of LACP
or
NOTE: All screen shots included in this lab exercise are for illustrative purposes
w
only and may not accurately reflect the actual settings on your switch. Please
et
N
this lab.
e
m
tre
Ex

PC D
172.16.x1.13/24
Switch-C (SSA)
172.16.xx1.101/24
Port 2
Ports 22-23
Switch-B (SummitX 460)

172.16.x1.102/24
Port 6
ok
Ports 22-23
Port 6
bo
Port 5 Switch-A (SummitX 460)
-e
172.16.x1.103/24
ks
PC A
172.16.xx1.2/24
or
w
1. Establish a console connection to each of your three switches.

et
N
e
2. On Switch-C issue the commands show below:

m
set port enable lag.0.*

tre

Ex
3. On Switch-C, verify LACP is enabled globally with the show lacp command.
If the Global Link Aggregation state is disabled on Switch-C, enable it using
the set lacp enable command.
4. On Switch-C enabled LACP at the port level for ports 22 & 23, using the
command below:
set port lacp port ge.1.22-23 enable

5. Verify LACP port status for ports 22 & 23, on Switch-C using the command
shown below:
show port lacp port ge.1.22-23 status detail
Global Link Aggregation state : Enabled
Port Instance: ge.1.22 Port enable state: Enabled

ActorPort: 5 PartnerAdminPort: 1
ActorSystemPriority: 32768 PartnerOperPort: 1
ActorPortPriority: 32768 PartnerAdminSystemPriority: 32768
ActorAdminKey: 32768 PartnerOperSystemPriority: 32768
ActorOperKey: 32768 PartnerAdminPortPriority: 32768
ActorAdminState: -----GLA PartnerOperPortPriority: 32768
ActorOperState: -F---GLA PartnerAdminKey: 1
ActorSystemID: 00:1F:45:40:27:B8 PartnerOperKey: 1
SelectedAggID: None PartnerAdminState: -----GSA
AttachedAggID: None PartnerOperState: -----GSA
ok
MuxState: Detached PartnerAdminSystemID: 00:00:00:00:00:00
DebugRxState: Portdisable PartnerOperSystemID: 00:00:00:00:00:00
Global Link Aggregation state : Enabled
bo
-e
ActorAdminKey: 32768 PartnerOperSystemPriority:
ks 32768
ActorAdminState: -----GLA PartnerOperPortPriority: 32768
ActorOperState: -F---GLA PartnerAdminKey: 1
or
ActorSystemID: 00:1F:45:40:27:B8 PartnerOperKey: 1
SelectedAggID: None PartnerAdminState: -----GSA
w
AttachedAggID: None PartnerOperState: -----GSA

MuxState: Detached PartnerAdminSystemID: 00:00:00:00:00:00
et
DebugRxState: Portdisable PartnerOperSystemID: 00:00:00:00:00:00

N
Section B: Configuring Link Aggregation Groups (LAGs)

e
m
For this part of the exercise you will create a dynamic Link Aggregation Group
tre
between Switch-A and Switch-C (using ports 22 & 23), and verify that the LAG is
configured and operating correctly.
Ex
1. On Switch-A, use the command shown below to create a port sharing group
using ports 22 & 23 as members.
enable sharing 22 grouping 22,23 algorithm address-based

lacp
The following output is displayed:
Warning: Any config on the master port is lost (STP, IGMP

Filter, IGMP Static Group,MAC-Security, etc. etc.)
Note: The suffix lacp specifies that the newly created link aggregation group
will be dynamic.

6. Enable port 23 on Switch-A:

enable port 23
8. Verify that the Link Aggregation Group is enabled and up on Switch-A by

entering the show sharing command. You should have output similar to that
below:
Load Sharing Monitor
Config Current Agg Ld Share Ld Share Agg Link Link Up
Master Master Control Algorithm Group Mbr State
Transitions
=============================================================================
ok
22 22 LACP L2 22 Y A 1
L2 23 Y A 1
bo
=============================================================================
Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback
Load Sharing Algorithm: (L2) Layer 2 address based
-e
(L3_L4) Layer 3 address and Layer 4 port based
Number of load sharing trunks: 1 ks
9. Verify that the Link Aggregation Group is enabled and up on Switch-C, by
or
entering the show lacp command:
w
et
show lacp
N
Global Link Aggregation state: enabled

e
Single Port LAGs: disabled

m
Aggregator: lag.0.1
tre
Actor Partner
System Identifier: 00:1F:45:40:27:B8 00:04:96:35:81:A9
Ex
System Priority: 32768 0

Admin Key: 32768
Oper Key: 32768 1022
Attached Ports: ge.1.22 ge.1.23
Note: You should have physical ports attached to the lag as shown above.
LAGs may not form using the first LAG on EOS switches; you may need to look
at other LAGs to see which LAG has formed dynamically.
 How many LAGs in total are displayed on Switch-C when you issue the show
lacp command?

 What is the LAG number of the current operational LAG on Switch-C?
 Have any physical ports attached to a LAG on Switch-C?
Note: On Extreme EOS type switches, LAGs will form automatically if LACP is
enabled at the global and port level. In the later parts of this lab, we will
implement configuration steps to ensure, ports ge.1.22 & ge.1.23, are always
associated with LAG, lag.0.1. This will be done through the use of
aadminkeys.
10. On Switch-C, verify that ports 22 & 23 are in a Dormant state and verify
speed of LAG, using the show port status ge.1.22-23;lag.0.1 command.
ok
Alias Oper Admin Speed
Port (truncated) Status Status (bps) Duplex Type
--------- ------------ ------- ------- --------- ------- ------------
bo
ge.1.22 dormant Up 1.0G full BaseT RJ45/PoE
ge.1.23 dormant Up 1.0G full BaseT RJ45/PoE
-e
lag.0.1 Up Up 2.0G full lag
Note: On Extreme EOS type switches, a port status of Dormant indicates a

ks
physical port has been added to a LAG.
or
 What is the current speed of your LAG?

w
11. On Switch-A, verify the dynamic link aggregation configuration by entering the
et
following command:
N
show lacp lag 22

e
m
Lag Actor Actor Partner Partner Partner Agg Actor

tre
Sys-Pri Key MAC Sys-Pri Key Count MAC

--------------------------------------------------------------------------------
22 0 0x03fe 00:1f:45:40:27:b8 32768 0x8000 2 00:04:96:35:81:a9
Ex
Port list:
Member Port Rx Sel Mux Actor Partner

Port Priority State Logic State Flags Port
--------------------------------------------------------------------------------
22 0 Current Selected Collect-Dist A-GSCD-- 22
23 0 Current Selected Collect-Dist A-GSCD-- 23
================================================================================
Actor Flags: A-Activity, T-Timeout, G-Aggregation, S-Synchronization
C-Collecting, D-Distributing, F-Defaulted, E-Expired

12. On Switch-A, verify the identity of the load sharing master port for the LAG, by
entering the following command:
show port 22,23 information
Port Flags Link ELSM Link Num Num Num Jumbo QOS Load
State /OAM UPS STP VLAN Proto Size profile Master
====================================================================================
22 Em-la---e--fMB---x- active - / - 1 1 2 1 9216 none 22 a
23 Em-la---e--fMB---x- active - / - 1 1 2 1 9216 none 22 a
====================================================================================
 Which port is the Master Port for your LAG?
ok
13. On Switch-C, use the show port lacp port port-string status detail
bo
command to verify the LAG port configuration.
-e
show port lacp port ge.1.22 status detail
ks
or
Global Link Aggregation state : enabled

w

et

N

ActorAdminKey: 32768 PartnerOperSystemPriority: 32768
e

m
ActorAdminState: -----GlA PartnerOperPortPriority: 32768

ActorOperState: --DCSGlA PartnerAdminKey: 272
tre
ActorSystemID: 00-1f-45-fb-aa-7c PartnerOperKey: 32768

SelectedAggID: lag.0.1 PartnerAdminState: --DCS-lp
Ex
AttachedAggID: lag.0.1 PartnerOperState: --DCSGlA

MuxState: Distributing PartnerAdminSystemID: 00-00-00-00-00-00
DebugRxState: Current PartnerOperSystemID: 00-1f-45-fb-aa-10
14. Verify the Link Aggregation Control Protocol (LACP) activity by entering the
following commands on Switch-A and Switch-C:

Switch-A:
show lacp counters
LACP PDUs dropped on non-LACP ports : 0

LACP Bulk checkpointed msgs sent : 0
LACP Bulk checkpointed msgs recv : 0
LACP PDUs checkpointed sent : 0
LACP PDUs checkpointed recv : 0
Lag Member Rx Rx Drop Rx Drop Rx Drop Tx Tx

Group Port Ok PDU Err Not Up Same MAC Sent Ok Xmit Err
---------------------------------------------------------------------------
22 22 192 0 0 0 204 0
23 191 0 0 0 203 0
ok
=================================================================
bo
Switch-C:
-e
show port lacp port ge.1.22-23 counters
Port Instance: ge.1.22

ks
LACPDUsRx: 20 MarkerPDUsRx: 0
or
LACPDUsTx: 23 MarkerPDUsTx: 0
IllegalRx: 0 MarkerResponsePDUsRx: 0
w
UnknownRx: 0 MarkerResponsePDUsTx: 0
ActorSyncTransitionCount: 3 PartnerSyncTransitionCount: 1
et
ActorChangeCount: 3 PartnerChangeCount: 0
ActorChurnCount: 0 PartnerChurnCount: 0
N
ActorChurnState: noChurn PartnerChurnState: noChurn

MuxState: distributing
e
MuxReason: Selected = SELECTED and PSync = TRUE and PColl = TRUE

m
Port Instance: ge.1.23

tre
LACPDUsRx: 35 MarkerPDUsRx: 0
LACPDUsTx: 38 MarkerPDUsTx: 0
Ex
IllegalRx: 0 MarkerResponsePDUsRx: 0
UnknownRx: 0 MarkerResponsePDUsTx: 0
ActorSyncTransitionCount: 3 PartnerSyncTransitionCount: 2
ActorChangeCount: 5 PartnerChangeCount: 0
ActorChurnCount: 0 PartnerChurnCount: 0
ActorChurnState: noChurn PartnerChurnState: noChurn
MuxState: distributing
MuxReason: Selected = SELECTED and PSync = TRUE and PColl = TRUE

15. On Switch-C, display general LAG port information for physical ports 22 and
23.
show port lacp port ge.1.22-23 status summary
Global Link Aggregation state : enabled
Port Aggr Actor System Partner System

Pri: System ID: Key: Pri: System ID: Key:
ge.1.22 lag.0.1 [(32768,001f45fbaa7c,32768),(32768,001f45fbaa10,32768)]
ge.1.23 lag.0.1 [(32768,001f45fbaa7c,32768),(32768,001f45fbaa10,32768)]
 What is Switch-C’s partner key value?
 Do the Actor and Partner keys need to match for the LAG to function?
ok
bo
16. Test IP connectivity between Switch-A and Switch-C. Ping between switches.
(Pings should fail.)
-e
Note: The Layer 2 forwarding between Switch-A and Switch-C is via the LAG.
ks
On Switch-A (XOS type), the LAG is automatically associated with your VLAN
as tagged, because its Master Port, port 22 was previously assigned the VLAN
or
Data as tagged. On Switch-C (EOS type), the LAG must be manually assigned
to the LAG as tagged or untagged.
w
et
N
17. On Switch-C, examine VLAN X0 with the show vlan static <Your Group
VLAN Number> command, is your LAG currently assigned to the VLAN?
e
m
18. On Switch-C, assign your LAG to your group VLAN as tagged, using the
tre
command shown below:

Ex
set vlan egress <Your Group VLAN Number> lag.0.1 tagged
19. Verify the LAG has been assigned to the VLAN using the show vlan XO or
show vlan static XO command.
Note: The pings between Switch-A and Switch-C should now be working.

C: Configuring LAG Actor Admin Keys (EOS Switch)
Because LAGs are dynamic, it is often helpful to link ports to a specific LAG
number. This helps prevent misconfiguration. The method to achieve this
configuration on Extreme EOS Switches is to set the Actor Admin Key, (called
aadminkey), to a specific number, and then to assign that same aadminkey to the
LAG and its associated physical ports. Extreme recommends you execute this type
of configuration on EOS type switches when implementing LAGs.
1. On Switch-C, set the aadminkey to map your physical ports and LAG using the
commands shown below.
set port lacp port ge.1.22-23 aadminkey 3000
set lacp aadminkey lag.0.1 3000
ok
bo
Note: The operational LAG on your switch might not be lag.0.1, make sure you
-e
verify which LAG port is up and operational so ports 22 & 23 are keyed correctly.
ks
2. Issue the show lacp command view your LAG configuration.
show lacp lag.0.1

or
w
Global Link Aggregation state: enabled

et
Single Port LAGs: disabled

N
Aggregator: lag.0.1
Actor Partner
e
System Identifier: 00:1f:45:fb:aa:10

m
00:1f:45:fb:aa:7c
tre
System Priority: 32768 32768

Admin Key: 3000
Ex
Oper Key: 3000 32768

Attached Ports: ge.1.22-23
Standby Ports: None.
Note: It may take several seconds for the physical ports to re-attach to the
LAG.
3. Verify keys are set at the port level via the show port lacp port ge.1.22-23
status detail command.

4. For additional configuration verification on Switch-C, use the show config

port command and the show config lacp command. Your output should be
similar to what is shown below.
show config port
!
#***** NON-DEFAULT CONFIGURATION *****
#port
set port lacp port ge.1.22 aadminkey 3000
set port lacp port ge.1.23 aadminkey 3000
show config lacp

!
ok
#***** NON-DEFAULT CONFIGURATION *****
bo
#lacp
set lacp aadminkey lag.0.1 3000
-e
Note: Ports 22 & 23 are now permanently keyed to LAG lag.0.1 as a result of
ks
the previous configuration.
or
5. Verify you can ping between all devices in your network.

w
et
End of Lab
N
e
m
tre
Ex

Lab 8: Multi-Switch Link Aggregation

Groups (MLAG)
Overview
In this lab, you will become familiar with the principles and concepts behind Multi-
Switch Link Aggregation (MLAG) on Extreme XOS switches. You will implement a
redundant core-edge infrastructure capable of withstanding a core failure without
major traffic loss.
Resources/Tools:
ok

bo
2 PCs
-e
Objectives
ks
 Create an configure the ISC VLAN
or
 Create LAGs and add them to the appropriate VLANs
 Create the ISC peers
w
 Create the MLAG peers

et
 Verify the MLAG configuration

N
 Test the connectivity and the resilience

e
m
NOTE: All screen shots included in this lab exercise are for illustrative purposes
tre
only and may not accurately reflect the actual settings on your switch. Please
Ex
this lab.

Switch-C (SSA)
172.16.x1.101/24
Port 2
PC D
172.16.x1.13/24 Ports 22-23 Port 5 & 20
LAG
ok
bo
MLAG
Ports 22-23 Port 5 & 20
-e
Port 6 & 8
ks Port 6 & 8
ISC
Port 5 Switch-B (SummitX 460)
or
Switch-A (SummitX 460)
172.16.x1.102/24
172.16.x1.103/24
w
et
PC A
N
172.16.x1.2/24
e
m
1. On Switch-C using commands show below; enable ports 5 & 20 and verify
tre
their operational status with the appropriate show command.

Ex
2. On Switch-C enable LACP at the port level for ports 5 & 20, using the set
port lacp port ge.1.5;ge.1.20 enable command.
3. Verify LACP port status for ports 5 & 20, on Switch-C using the show port
lacp port ge.1.5;ge.1.20 status detail command.

4. On Switch-C, set the aadminkey to map physical ports 5 & 20 to your

operational LAG using the commands shown below.
set port lacp port ge.1.5;ge.1.20 aadminkey 3000
5. On Switch-B, add ports 5 & 20 to the Data VLAN as tagged. DO NOT enable
these port until instructed to do so.
configure vlan Data add port 5,20 tag
ok
Section B: Configuring Link Aggregation Groups (LAGs)
bo
For this part of the exercise you will create the VLANs and Link Aggregation
-e
Groups required to implement MLAG functionality on your XOS SummitX switches.
ks
1. On Switch-B, using the command shown below to create a port sharing group
using ports 5 & 20 as members.
or
w

et
lacp
N
e

m

tre

Ex
2. On both Switch-A and Switch B, using the commands shown below to create
a port sharing group using ports 6 & 8 as members, and add the sharing
group to the Data VLAN.

lacp


3. On both Switch-A and Switch B enable port 8 and ensure that a LAG has
formed between the two switches using the appropriate commands.
enable port 8
4. On Switches A & B, create an ISC VLAN and assign the appropriate Tag and
IP Address based on ISC VLAN Table shown below:
ISC VLAN Table:

Group ISC VLAN Switch-A Switch-B
ISC VLAN
Number Tag IP ADDR IP ADDR
1 192.168.1.1/24 192.168.1.2/24
2 192.168.2.1/24 192.168.2.2/24
ok
3 192.168.3.1/24 192.168.3.2/24
bo
4 192.168.4.1/24 192.168.4.2/24
-e
5 192.168.5.1/24 192.168.5.2/24
ISC 1001
6 ks 192.168.6.1/24 192.168.6.2/24
7 192.168.7.1/24 192.168.7.2/24
8 192.168.8.1/24 192.168.8.2/24
or
9 192.168.9.1/24 192.168.9.2/24
w
10 192.168.10.1/24 192.168.10.2/24
et
N
e
5. On Switches A & B, create and Tag your ISC VLAN using commands shown
m
below:
tre
create vlan ISC tag 1001

Ex
6. On Switches A & B, add your inter-switch connections to the ISC VLAN as

tagged
configure vlan ISC add port 6 tag

7. On Switches A & B, assign the ISC VLAN an IP Address as outlined in the

ISC VLAN Table.
Switch-A:
configure vlan ISC ipaddress 192.168.X.1/24
Switch-B:
configure vlan ISC ipaddress 192.168.X.2/24
Note: The X in the IP address above represents your group number.
ok
8. Verify the configuration of your newly create VLAN using the appropriate
bo
show commands.
-e
9. On Switches A & B, verify your LAG configuration using the command shown
ks
below. The output below will vary depending on the switch you are viewing.
or
show port sharing

w
Load Sharing Monitor

et
N
Config Current Agg Ld Share Ld Share Agg Link Link Up

e
Master Master Control Algorithm Group Mbr State

m
Transitions
tre
============================================================================
6 6 LACP L2 6 Y A 0
Ex
L2 8 Y A 0
22 22 LACP L2 22 Y A 0
L2 23 Y A 0
============================================================================
Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback
Load Sharing Algorithm: (L2) Layer 2 address based, (L3) Layer 3 address
based
(L3_L4) Layer 3 address and Layer 4 port based

Section C: Creating Your MLAG
For this part of the exercise, on Switches A & B, you will create the MLAG
structure based on existing LAGs and VLANs.
1. For MLAGs to work, the switches that are participating in the functionality need
to know who their MLAG peer is. Use the following commands to setup an
MLAG peer relationship between Switches A & B:
Switch-A:
Create mlag peer Switch-B
ok
Configure mlag peer Switch-B ipaddress 192.168.x.2
bo
enable mlag port 22 peer Switch-B id 1
-e
Switch-B:
ks
Create mlag peer Switch-A
or
w
Configure mlag peer Switch-A ipaddress 192.168.x.1

et
enable mlag port 5 peer Switch-A id 1

N
Note: X in the IP address above represents your group number.

e
m
tre
Note: VLAN ISC will be used as the Inter-Switch Connection to MLAG peer.
Ex
2. Complete configuration of your MLAG on Switches A & B by associating the

LAGs connected to Switch-C, with a unique ID. Refer to the following table for
MLAG ID information.
Note: The MLAG ID must match between Switches A & B.

3. Verify the configuration on both switches with the command shown below.
show configuration vsm
Module vsm configuration.
create mlag peer "Switch-B"
configure mlag peer "Switch-B" ipaddress 192.168.x.2 vr

VR-Default
enable mlag port 20 peer "Switch-B" id 1
ok
4. On Switch-B, enable ports 5, & 20 using the commands shown below and
verify their operational status.
bo
-e
enable port 5,20 ks
5. Verify on Switches A & B that the MLAG is operational:
or
w
Show mlag ports

et
N
Local Local Remote

MLAG Local Link Remote Peer Fail Fail
e
Id Port State Link Peer Status Count Count

m
========================================================================
Y 22 A Up Switch-B Up 0 0
tre
========================================================================
Local Link State: A - Active, D - Disabled, R - Ready, NP - Port not present
Ex
Remote Link : Up - One or more links are active on the remote switch,
Down - No links are active on the remote switch,
N/A - The peer has not communicated link state for this MLAG
port
Number of Multi-switch Link Aggregation Groups : 1
Convergence control : Conserve Access Lists

Section D: Testing Your MLAG
For this part of the exercise you will generate continuous ping traffic between PC A
and PC-D, and you will disable MLAG ports and verify the effect it has on the
traffic.
1. On PC A and PC-D turn on continuous pings between the two PCs, and
monitor your pings.
2. On Switch-B, disable ports 5 & 20 using the disable port command. The
pings should continue to run without interruption.
3. On Switch-B, re-enable ports 5 & 20.
ok
bo
4. On Switch-A, disable ports 22 & 23 using the disable port command. The
pings should continue to run without interruption.
-e
On Switch-A, disable ports 6 & 8, (the ISC ports) using the disable port
ks
command. The pings should continue to run without interruption, but they may
feel depending on which LAG member port Switch-A has chosen to distribute
or
the frame over.

w
et
Note: Depending on the load sharing and MAC address combinations used for
N
each switch’s hashing algorithm, the ping may or may not continue
uninterrupted. This demonstrates how important the ISC port is, which is why
e
it’s usually configured as a LAG.

m
tre
End of Labs
Ex

ok
bo
-e
ks
or
w
et
N
e
m
tre
Ex

Extreme Switching Lab Guide v1.8 (Ebook)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Extreme Switching Lab Guide v1.8 (Ebook)

Uploaded by

Copyright:

Available Formats

Extreme Networks

Switching Lab Guide

For additional information refer to:

© 2015 Extreme Networks, Inc. All rights reserved . Page 1

Section C: VLAN IP Address Assignment .................................................................. 36

Section D: VLAN Security .......................................................................................... 38

Lab 3: Spanning Tree .................................................................................................. 39

Section A: Initial Configuration ................................................................................... 40

Section B: Viewing Spanning Tree............................................................................. 41

Section C: Configuring the Root Bridge ..................................................................... 45

Section D: Spanning Tree Rapid Failover .................................................................. 48

Lab 4: EAPS ................................................................................................................. 49

© 2015 Extreme Networks, Inc. All rights reserved . Page 2

Section A: Initial Configuration ................................................................................... 68

© 2015 Extreme Networks, Inc. All rights reserved . Page 3

Lab 1: Switch Management

 Use different administrative access methods to manage the device:

 Save, upload, manipulate and download configuration files

 Download and load a different firmware image

© 2015 Extreme Networks, Inc. All rights reserved . Page 4

Section A: Accessing the Switch

Section A: Open the console connection to Switch-A from PC A

Port 1,2 Port 3,4

Port 1,2 Port 3,4

XOS Switch (460) Switch-A

© 2015 Extreme Networks, Inc. All rights reserved . Page 5

Section B: Set Switch IP Address

1. On Switch-A (SummitX 460), clear the configuration.

unconfigure switch all

“default.xsf” exists. It will be loaded when the

5. Verify port 22 has been enabled

6. Set the IP address on Switch-A using the command below :

configure vlan Default ipaddress <Switch-A IP

Group Number Switch-A IP Address

© 2015 Extreme Networks, Inc. All rights reserved . Page 6

Use Redirects : Disabled

(b) Broadcast Forwarding Enabled

(f) Forwarding Enabled (g) Ignore IP Broadcast Enabled

(h) Directed Broadcast Forwarding by Hardware Enabled

(m) Multicast forwarding Enabled, (n) Multinetted VLAN

(nSIA ) Number of Secondary IP Addresses

© 2015 Extreme Networks, Inc. All rights reserved . Page 7

Section C: Establish Second Switch Connection

1. Connect to the console port of your S-Series switch (labeled “Switch-C”)

set gvrp disable

4. Disable your physical ports.

set port disable *.*.*

set port enable ge.1.22

6. Enable the port that connects your SSA to PC D.

set port enable ge.1.2

7. Configure Switch-C, VLAN 1 with an IP address using the command

© 2015 Extreme Networks, Inc. All rights reserved . Page 8

Group Number Switch-C IP Address

© 2015 Extreme Networks, Inc. All rights reserved . Page 9

Section D: Test Your Configuration

1. Open a connection to virtual PC D.

2. . The VSphere window will open. Select VMs & Templates.

3. Assign PC D an IP address based on table below:

4. Ping Switch-C, your pings should succeed.

© 2015 Extreme Networks, Inc. All rights reserved . Page 10

Section E: Set Your Console Environment

1. On Switch-C, set the prompt to GroupX_Switch-C to make it easier to

set prompt GroupX_Switch-C

set port disable ..*

admin super-user enabled no access always allowed