Professional Documents
Culture Documents
ok
bo
-e
ks
or
w
et
N
e
m
tre
Ex
Extreme Networks reserves all rights to its materials and the content of the
materials. No material provided by Extreme Networks to a Partner (or Customer, etc.)
may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying and recording, or by any information storage or
retrieval system, or incorporated into any other published work, except for internal use
by the Partner and except as may be expressly permitted in writing by Extreme
Networks.
This document and the information contained herein are intended solely for
informational use. Extreme Networks makes no representations or warranties of any
kind, whether expressed or implied, with respect to this information and assumes no
responsibility for its accuracy or completeness. Extreme Networks, hereby disclaims all
liability and warranty for any information contained herein and all the material and
information herein exists to be used only on an "as is" basis. More specific information
ok
may be available on request. By your review and/or use of the information contained
herein, you expressly release Extreme from any and all liability related in any way to
bo
this information. A copy of the text of this section is an uncontrolled copy, and may
-e
lack important information or contain factual errors. All information herein is Copyright
©Extreme Networks. All rights reserved. All information contain in this document is
subject to change without notice.
ks
or
http://www.extremenetworks.com/company/legal
N
e
m
tre
Ex
Contents
Lab 1: Switch Management .......................................................................................... 4
Section A: Accessing the Switch .................................................................................. 5
Section B: Set Switch IP Address .............................................................................. 6
Section C: Establish Second Switch Connection .................................................... 8
Section D: Test Your Configuration............................................................................ 10
Section E: Set Your Console Environment ................................................................ 11
Section F: Administrative Access ............................................................................... 12
Section G: Telnet ....................................................................................................... 15
Section H: Configuration File Management ............................................................... 16
ok
Section I: System Image Download ........................................................................... 20
bo
Section J: Enabling SSH ............................................................................................ 24
Section K: Switch-B, Initial Configuration ................................................................... 27
-e
Lab 2: VLANs ............................................................................................................... 28
ks
Section A: Initial Configuration ................................................................................... 29
Section B: VLAN Configuration .................................................................................. 32
or
ok
Section D: Testing Your MLAG .................................................................................. 93
bo
-e
ks
or
w
et
N
e
m
tre
Ex
Resources/Tools:
Two different types of Extreme switches: (1 EOS, SSA and 2 XOS SummitX
460s)
ok
2 PCs
bo
Objectives:
-e
When you finish this lab you will be able to connect to a switch and:
Clear its Configuration
ks
Set an IP address on a switch
or
View the basic CLI structure
Explore system configuration commands
w
o COM Port
N
o Telnet
o SSH
e
Note: All screen shots included in this lab exercise are for illustrative purposes
only and May Not accurately reflect the actual settings on your switch. Please
follow the procedural explanations in the text when you perform configurations in
this lab.
Note: The CLI structure differs between Extreme EOS Series and XOS Series
Switches. EOS Series and XOS Series CLI commands are specific to the switch
type.
Please see the Appendix A for lab access and configuration details.
Note: Please see the Appendix, Section B for terminal server details.
172.16.1X1.101
Port 2 PC-D
SSA
172.16.1X1.13
ok
EOS Switch (SSA) Switch-C
bo
Port 5, 20
-e
172.16.1X1.102 22,23
460
ks
XOS Switch (460) Switch-B
or
Core A Core B
et
N
Port 6,8
e
172.16.1X1.103 Port 7
Port 5
Ex
460
172.16.1X1.2
PC-A
172.16.1X1.12
PC-B
Note: To successfully complete the switching labs, all switches must be defaulted
to a base configuration prior to configuring them. Please ensure you clear your
switch configuration when instructed to do so.
Note: The virtual lab has several established Ethernet connections between your
three switches. These multiple connections mean that Layer 2 loops can occur.
These loops can cause problems for the execution of this lab. For this reason, you
must now: a) load a base configuration that has all physical ports disabled; and b)
enable the ports you will use to connect your switches.
ok
defaults and reboot? (y/N) Y
bo
2. Type Y. Wait for the switch to reboot
-e
3. Log on as admin with no password once reboot is complete.
4. Enable port connected to PC A and enable the port you will use to connect your
ks
Switch-A (SummitX 460) to your Switch-C (SSA).
or
enable port 5
w
enable port 22
et
N
show port 22
m
tre
Address>/24
Note: Please refer to the table above for the Switch-A IP address for your group.
7. Use the show ipconfig command to display your configuration.
ok
IRDP:
Advertisement Address: 255.255.255.255 Maximum
bo
Interval: 600
Minimum Interval: 450 Lifetime: 1800 Preference: 0
-e
Interface IP Address Flags nSIA
Default 172.16.111.2 /24 EU----MPuRX--------- 0
ks
Flags: (A) Address Mask Reply Enabled (B) BOOTP Enabled
or
Enabled
e
Enabled
(r) Unicast Reverse Path Enabled on at least one port of the
Ex
VLAN
(t) Tentative address, (T) Time Stamp Reply Enabled
(u) Send Unreachables Enabled, (U) Interface Up
(v) VRRP Enabled, (X) Send Time Exceeded Enabled
8. Optionally, use the show configuration vlan or show vlan Default commands
to verify your configuration.
Note: Please see the Appendix, Section B for terminal server details.
2. Login as admin and hit Enter at the password prompt, and clear the
configuration using command shown below:
clear config all
ok
This command will reset the system and clear current
bo
configuration.
-e
Are you sure you want to continue (y/n) [n]?
Type Y.
ks
or
3. When the switch reboots, log in as admin. Set up your switch for the
lab by disabling dynamic VLANs (GVRP).
w
et
5. Enable the port that connects your Switch-C (SSA) to your Switch-A
(SummitX 460). Refer back to the initial diagram if needed.
Ex
ok
bo
Note: Please refer to the table above for the Switch-C IP address for your group.
-e
8. Verify IP address has been set for VLAN 1:
ks
or
show running-config
w
et
N
e
m
tre
Ex
Note: Please see the Appendix, Section D for details on launching a Virtual PC.
ok
Group Number PC D IP Address
1 172.16.11.13/24
bo
2 172.16.21.13/24
3 172.16.31.13/24
-e
4 172.16.41.13/24
5 ks172.16.51.13/24
6 172.16.61.13/24
7 172.16.71.13/24
or
8 172.16.81.13/24
w
9 172.16.91.13/24
et
10 172.16.101.13/24
N
5. From the same PC, ping the Switch-A, This ping should also succeed.
tre
Ex
Note: At the moment all ports on both switches are in a common VLAN, therefore,
the PC and the switches are all in the same Layer 2 network. You will configure
multiple VLANs in later labs.
2. The switch scrolls all the way until the end of the config file. Set Switch-
C to show you only 20 lines of output at a time:
3. After a period of inactivity the switch will log you out. To prevent this
ok
issue the following command on Switch-C:
bo
set logout 0 default
-e
4. Set console environment on Switch-A (SummitX 460). Access switch
via its serial interface and login as admin:
ks
a. Change the prompt to GroupX_Switch-A.
b. Disable logout timer
or
disable idletimeout
e
save
m
tre
Ex
In this section of the lab, you will create local user accounts for switch
management.
1. On Switch-C, set and explore your local system user login accounts and
corresponding access levels on the switch. Use the show system
login command to show the default login accounts.
ok
2. On Switch-C, use the set system login and set password commands
bo
as shown below to configure another username with super-user access.
-e
set system login theboss super-user enable ks
set password theboss
or
Password changed.
N
4. Exit out of Switch-C with the exit command, and then log back in using
the new username and password.
Username: theboss
Password: superuser
Has the switch prompt changed from when you were logged in as admin?
6. Use the set system login command to attempt to create another
administrative user on the device.
7. Log out of the switch, and then log back in using ro as the username.
ok
How has the switch prompt changed from when you were logged in as ‘admin’
bo
and ‘theboss’?
-e
8. Use the set ? command to view the configuration commands that can
be used as a read-only user.
ks
What do you notice about the configuration commands that can be used when
or
9. From the Switch-A serial console create a new user account on the
N
SummitX 460, show the systems user accounts and prove the new
account works.
e
m
10. On Switch-A, explore your local system user login accounts and
tre
13. Save your configuration, then exit out of the switch, and then log back in
using the new username and password.
14. Issue the show session command
CLI
ok
# Login Time User
bo
Type Auth Auth Location
================================================================
-e
*10 Wed Apr 30 16:46:41 2014 theboss console local
dis serial ks
15. Use the create account command to attempt to create another
or
administrative user on the device.
w
16. Log out of the switch, and then log back in using user as the username.
m
Has the switch prompt changed from when you were logged in as ‘admin’ and
tre
‘theboss’?
Ex
17. Use the create ? command to view the configuration commands that
can be used as a read-only user.
What do you notice about the configuration commands that can be used when
logged in as ‘user’? are all commands visible
Try to execute a command, for example try to create another administrative level
user. What happens?
Section G: Telnet
1. From the desktop of PC D open your console emulator (PuTTy) and attempt
to telnet to Switch-A and Switch-C.
2. On Switch-C issue the show telnet command to view the default telnet
configurations for your switch. The output should be as shown below:
ok
3. On Switch-A issue the show management command. The output
bo
should be similar to what is shown below:
-e
CLI idle timeout : Disabled
CLI max number of login attempts : 3
ks
CLI max number of sessions : 8
CLI paging : Enabled (this session
or
only)
w
session only)
tre
Note: Extreme EOS based C-series switches have the capability to store 2
firmware images on the device at any one time. S-series switches can store up
to 4 images, depending on the revision of software you are using. However,
only one of the images is active and used for booting the switch.
dir
ok
Images:
===========================================================
bo
Filename: image1
Version: 07.41.03.0009
-e
Size: 4527490 (bytes)
Date: FRI FEB 10 09:12:42 2012 ks
Filename: Version7 (Active) (Boot)
or
Version: 07.71.02.0005
Size: 5927902 (bytes)
w
===========================================================
slot1:
N
switch?
4. On Switch-C, use the following command to save the current device
configuration:
Note: The switch has a limited amount of disk space for saved configurations.
If you receive an error indicating a lack of space, ask your instructor which of
your existing configurations to delete.
5. Use the dir command to verify the file has been properly saved.
6. Upload the saved configuration file over TFTP. From your Switch-C
console Ping PC A to verify IP connectivity between devices. Use table
below to determine your PC A IP address.
ok
9 172.16.91.2/24
10 172.16.101.2/24
bo
7. On Switch-C, use the copy command in CLI to upload the previously
-e
saved file located in slot 1 to PC A via TFTP.
ks
copy slot1/mgmt-labswC tftp://<PC A IP Address>/mgmt-
labswC
or
Note: PC A should have a TFTP server running on it. If PC A does not have a
w
delete slot1/mgmt-labC
Ex
Note: Please delete the mgmt-labswC configuration file on Switch-C when you
have finished.
14. Use the ls command to display the current files saved on the SummitX
460 switch.
ok
15. On Switch-A, use the save configuration command to save the current
device configuration:
bo
save configuration mgmt-labswA
-e
ks
Do you want to save configuration to mgmt-labswA.cfg? (y/N) Yes
Saving configuration on master ....... done!
or
Configuration saved to mgmt-labswA successfully.
w
16. Use the ls command to verify the file has been properly saved.
17. Copy the configuration file that you just created to another file by
Ex
cp mgmt-labswA.cfg mgmt-lab-backup.cfg
Rename the backup file, by entering the following command and press <y>
when prompted:
mv mgmt-lab-backup.cfg newname.cfg
rm newname.cfg
ok
tftp put <PC A IP Address> vr VR-Default mgmt-labswA.cfg
bo
mgmt-labswA.cfg
-e
22. Delete the mgmt-labswA.cfg file using the rm command, then verify it
has been deleted using the ls command.
ks
23. Restore the mgmt-labswA.cfg file to Switch-A using the command
below, then verify the file has been restored
or
w
mgmt-labswA.cfg
N
e
Note: Please remove the mgmt-labswA configuration file on Switch-A when you
m
have finished.
tre
Ex
In this section of the lab, you will download firmware to Switch-C (EOS SSA) and
Switch-A (XOS SummitX 460).
Note: A TFTP server is currently running on your PC A. All switch images are
located in the Switch_Images folder on your PC A Desktop. The correct images
will need to be moved to the c:\tftpboot directory on your PC A, for the TFTP
transfer to work.
1. On Switch-C use the dir command to view the current firmware images loaded
on the device.
Images:
ok
================================================================
bo
Filename: image1 (Active) (Boot)
-e
Version: 08.11.04.0006 ks
Size: 16326045 (bytes)
or
Filename: image2
et
N
Version: 08.01.03.0003
e
delete image2
ok
What label in the ‘dir’ command output denotes the current image?
bo
-e
Which label denotes which image will be used at the next reboot of the system?
ks
7. Use the reset command to reboot Switch-C and load the new firmware
or
image.
w
reset system
et
8. Upon reboot, use the dir command to display the current image.
m
tre
SysName: Switch-A
SysLocation: Training
SysContact: Trainer
System MAC: 00:04:96:52:06:FE
System Type: X460-24t
SysHealth check: Enabled (Normal)
Recovery Mode: All
System Watchdog: Enabled
Current Time: Wed Dec 7 13:13:35 2011
ok
Note: The highlighted text above shows the active partition (the booted image).
10. Download the switch OS image file to the non-active partition by
bo
entering the following command and press <y> when prompted.
-e
Note: the most current image for your switch will be located in the tftpboot folder
of your TFTP Server.
ks
or
download image <PC A IP Address> summitX-X.X.X.xos vr
VR-Default secondary
w
et
Downloading to
e
Switch..................................................
m
Switch..........................................................
......
Ex
11. Verify that the software image has been downloaded correctly and
selected as secondary by entering:
show switch
SysName: Switch-A
SysLocation: Training
SysContact: Trainer
System MAC: 00:04:96:52:06:FE
System Type: X460-24t
SysHealth check: Enabled (Normal)
Recovery Mode: All
System Watchdog: Enabled
Current Time: Wed Dec 7 13:13:35 2011
Timezone: [Auto DST Enabled] GMT Offset: -480 minutes,
ok
name is PST.
Boot Time: Wed Dec 7 13:08:26 2011
bo
Boot Count: 19
Next Reboot: None scheduled
-e
System UpTime: 5 minutes 8 seconds
Current State: OPERATIONAL
ks
Image Selected: secondary
Image Booted: primary
or
Notice that the secondary image has automatically been selected. This will result in that
e
image being used at the next reboot. The use image command allows you to select the
m
image manually.
tre
12. Reboot Switch-A (so that the downloaded switch OS image can be
loaded) by entering the following command and pressing <y> when
Ex
prompted:
reboot
Are you sure you want to reboot the switch? (y/N) Yes
13. When Switch-A reboots, verify the secondary software image has been
downloaded correctly, installed and is selected as the boot image by
entering the show switch command
Note: If you need to restore the primary image, issue the use image primary
command, and reboot the switch.
1. From your serial session on Switch-C, issue the show ssh command to view
the default SSH setting of your EOS switch.
show ssh
2. To enable SSH on Switch-C, enter the command shown below, then test SSH
access to Switch-C.
ok
SSH Server status: enabled
bo
-e
Note: In order to enable secure CLI access for both SSH2 and HTTPS, the
SSH2 XOS module needs to be present and loaded on an XOS switch. Now
ks
that you have upgraded your switch you will download the SSH2 module image
and dynamically add secure management capability to the running switch. You
or
4. Check to see which version of software is running and also if the SSH2
m
5. Check the active partition by entering the following command: show switch
SysName: Switch-A
SysLocation: Santa Clara, ATP-Virtual Lab
SysContact: Corporate Systems Engineering
corpse@extremenetworks.com
System MAC: 00:04:96:52:06:FE
System Type: X460-24t
SysHealth check: Enabled (Normal)
Recovery Mode: All
System Watchdog: Enabled
Current Time: Wed Dec 7 14:30:23 2011
ok
Timezone: [Auto DST Enabled] GMT Offset: -480 minutes, name
is PST.
bo
Boot Time: Wed Dec 7 14:10:15 2011
Boot Count: 23
-e
Next Reboot: None scheduled
System UpTime: 20 minutes 8 seconds ks
Current State: OPERATIONAL
Image Selected: primary
or
Image Booted: primary
Primary ver: 15.3.2.11
w
the SSH2 module image has to be installed to the active partition. If the image
is installed to the non-active partition, then a reboot will be required to start the
tre
6. Download the correct SSH module to your switch by entering the following
command, Enter <y> when prompted:
Note: In addition to SSH2, the SSH image module enables SSL for HTTPS
Web access and adds the AES and 3DES encryption ciphers for SNMPv3.
ok
bo
8. Check to see which version of software is running and also if the SSH2
module is installed on your switch, by entering the following command. Make
-e
a note of the version of ExtremeXOS your switch is running:
-----------------------------------------------------------------------------
Switch primary Mon Nov 28 10:36:11 PST 2011 15.3.2.11 summitX-15.3.2.11.xos
N
v1532b11
Switch primary Wed Nov 30 00:32:45 PST 2011 15.3.2.11 summitx-15.3.2.11
e
ssh.xmod v1532b11
m
run update
10. Enable SSH2 by entering the following command and press <y> when
prompted to generate theSSH2 key:
enable ssh2
show management
ok
Total Read Write Communities : 1
RMON : Disabled
bo
SNMP access : Enabled
: Access Profile Name : not set
SNMP Traps : Enabled
-e
SNMP v1/v2c TrapReceivers : None
ks
Note: SSH2 access is enabled by default for TCP port 22 and for all virtual routers.
or
These settings can be changed by using the port and vr command qualifiers.
w
12. From PC A use your telnet software PuTTy to connect to Switch-C by SSH.
et
1. Access Switch-B (SummitX 460) and default the switch using the
unconfigure switch all command, reboot the switch to default.xsf
Ex
disable idletimeout
save
END OF LAB
Lab 2: VLANs
Overview
In this lab, you will become familiar with the creation and configuration of 802.1Q
VLANs on switches 1, 2 and 3.
Resources/Tools:
3 x Extreme Switches
2 PCs
ok
Note: This lab was written with 1, EOS, SSA and 2 XOS SummitX 460 switches.
bo
-e
Objectives
At the end of this lab you will be able to:
ks
Enable physical ports on switches
or
Create and configure VLANs
Set the IP address on the switch’s VLANs
w
Note: All screen shots included in this lab exercise are for illustrative purposes
only and May Not accurately reflect the actual settings on your switch. Please
e
follow the procedural explanations in the text when you perform configurations in
m
this lab.
tre
Ex
Important Note: Please see the Appendix A for lab access and configuration
details.
enable port 6
ok
enable port 6
bo
-e
Note: Refer to the network diagram for switch to switch cabling information.
ks
or
PC D
172.16.x1.13/24
w
Switch-C (SSA)
172.16.x1.101/24
et
Port 2
N
e
Port 22
m
172.16.x1.102/24
Port 6
Ex
Port 22
Port 6
PC-A
172.16.x1.2/24
6. Display the current VLAN configuration on all switches, using the show vlan
command.
7. On Switch-C, (EOS SSA), issue the show vlan static command and
compare it to the results of the show vlan command. Note that the output of
the two commands will differ. If you are not clear on why this is, it will be
explained later in the lab.
8. Configure IP address on Switch-B (SummitX 460) using command below:
ok
bo
Group Number Switch-B IP Address
-e
1 172.16.11.102/24
2 172.16.21.102/24
3 172.16.31.102/24
ks
4 172.16.41.102/24
or
5 172.16.51.102/24
6 172.16.61.102/24
w
7 172.16.71.102/24
et
8 172.16.81.102/24
N
9 172.16.91.102/24
10 172.16.101.102/24
e
m
tre
Note: Please refer to the table above for the Switch-B IP address for your group.
Ex
10. Verify that an IP address has been assigned to the default VLAN on Switch-B,
with the show vlan command.
11. From your PC A and PC-D ping all 3 switches to verify connectivity.
13. Use the show mac type learned command on Switch-C and the show fdb
command on Switches 2 & 3 to display the contents of each switch’s Layer 2
forwarding databases (FDB). Locate the entry for PC A and PC-D’s MAC
addresses
ok
15. For switches A & B:
bo
show fdb
-e
Mac Vlan Age Flags Port / Virtual Port List
------------------------------------------------------------------------------
00:1f:45:40:27:b8 Default(0001) 0209 d m
ks 6
00:1f:45:40:27:b9 Default(0001) 0002 d m 22
or
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,
x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B -
w
Egress Blackhole,
et
0
FDB Aging time: 300
tre
Ex
ok
1 10 10
bo
2 20 20
3 30 30
-e
4 40 40
5 Data 50
ks Data 50
6 60 60
7 70 70
or
8 80 80
w
9 90 90
et
10 100 100
N
Switch-C/VLAN
Group Number
m
Number
tre
1 10
2 20
Ex
3 30
4 40
5 50
6 60
7 70
8 80
9 90
10 100
1. On Switch-C (EOS, SSA), issue the set vlan create command and create
VLAN X0 on your switch, where X represents your group number. Please refer
to VLAN table above for detailed VLAN configuration information
ok
Forbidden Egress Ports:
None.
bo
Untagged Ports:
None.
-e
ks
3. On Switch-C, assign the PC D port to your VLAN as untagged using the set
port vlan command.
or
egress
et
N
Note: The above command will remove the port from any other VLANs’ ingress
e
list where it is untagged and place it into your group VLAN egress list as
m
untagged.
tre
4. Assign port 22 as tagged to your group VLAN using the set vlan egress
Ex
command.
Note: From the above output, we can see, ge.1.2 is now assigned to the VLAN
ok
on Switch-C as untagged and ge.1.22 is assigned as tagged.
bo
7. Attempt to ping Switch-C from PC D.
-e
Was your ping successful? Why? (The ping should not succeed.)
ks
or
8. Attempt to ping PC-D from your PC A.
w
Was your ping successful? Why? (The ping should not succeed.)
et
N
9. View the FDB of switches A and C by using the show fdb (SummitX 460)
e
m
What VLANs are the MAC addresses of PC A and PC-D associated with?
Ex
10. On Switches A & B issue the command create vlan to create a VLAN
named Data.
Note: Please refer to VLAN tables above for detailed VLAN configuration
information
ok
configure vlan Default delete ports 5
bo
configure vlan Data add ports 5 untagged
-e
ks
Note: To assign a port as untagged to a VLAN, the port must first be deleted
from its existing VLAN membership. Port 5 is currently assigned to the Default
or
VLAN. Tagged ports do not have to be deleted from their existing VLAN
w
membership.
et
N
14. Verify you can ping from PC A to PC-D, the pings should work.
Why do pings work?
e
m
15. Attempt to ping from PCs to all 3 switches, the pings should fail.
tre
Ex
16. Review the current VLAN/IP address configuration on all 3 switches using
previously executed commands.
In this section of the lab (for all 3 switches), you will assign the newly created
VLAN an IP address.
ok
Note: The 172.16.x1.101 address is currently in use by VLAN 1, and it will
bo
need to be cleared off that VLAN interface before you can use it on your new
group VLAN.
-e
2. On Switches A & B issue the configure vlan <vlan_name> ipaddress
ks
command to configure an IP address for VLAN Data. Remember to save
your configuration!
or
the Default VLAN, and they will need to be removed off that VLAN interface
m
6. On Switch-C issue the show vlan command. Note that ge.1.2 is present in
the output of the command.
ok
set port disable ge.1.2
bo
8. Re-issue the show vlan command. Note that ge.1.2 is NO longer present in
-e
the output of the command.
host.0.1,ge.1.22
e
None.
Untagged Ports:
tre
Ex
9. On Switch-C, issue the show vlan static command for your VLAN. Note that
ge.1.2 is present in the output of the command.
Note: It is important to understand that on Extreme Switches that run the EOS
operating system, if a port does not have link, it is not displayed on a VLAN’s
egress list using the show vlan command. Also, if a port is in a blocking state
due to spanning tree, or dormant as a result of being in a LAG, it will not be
displayed on a VLAN’s egress list using the show vlan command. The show
vlan static command, however, will show the static settings of all ports,
regardless of their link status or spanning tree state.
ok
On Extreme EOS based switches, all ports are assigned to VLAN 1 by default. On
Extreme XOS based switches all ports are assigned the Default VLAN by default.
bo
If the VLANs are not in use, it is considered to be a a security risk to leave ports
actively assigned to these VLANs. As a best practice, you should remove all user
-e
ports from VLAN 1 (EOS Switches) and the Default VLAN on XOS Switches. This
section of the lab will show you the commands necessary to accomplish this.
ks
or
1. On Switch-C, observe the current state of VLAN 1 with the show vlan static 1
command.
w
et
3. Verify ports have been cleared with the show vlan static 1 command.
4. On Switches A and B, observe the current state of the Default VLAN with the
Ex
6. Verify ports have been cleared with the show vlan default command.
7. Please save your configuration on Switches A & B, with the save command.
End of Lab
Resources/Tools:
3 x Extreme Switches
2 PCs
Objectives
ok
bo
At the end of this lab you will be able to:
Force a particular device to be the root bridge in your topology
-e
Analyze rapid failover scenarios in STP
ks
Current Network Setup:
or
w
PC D
172.16.x1.13/24
et
Switch-C (SSA)
172.16.x1.101/24
N
Port 2
e
Port 5
m
Port 22 Port 5
tre
Switch-B(SummitX 460)
172.16.x1.102/24
Ex
Port 6
Port22
Port 6
PC A
172.16.x1.2/24
Note: The virtual lab has several established Ethernet connections between your
three switches. Follow the steps below to set up your switches for this lab.
1. On Switch-C (EOS SSA), add port 5 to your newly created VLAN as tagged
using command below. Verify ports were added with the show vlan static
command.
ok
set port enable ge.1.5
bo
3. On Switch-A (SummitX 460), configure Spanning Tree using the commands
shown below, then save your configuration.
-e
create stpd stpd1 ks
configure stpd stpd1 mode dot1w
or
Note: The configuration shown above is only an example and may not
Ex
accurately reflect your group VLAN configuration. Please refer to VLAN table in
Lab 2, for detailed VLAN information related to your group.
ok
Note: Extreme XOS switches have Spanning Tree disabled by default and
Extreme EOS switches have Spanning Tree enabled by default.
bo
5. On Switch-B enable port 5:
-e
enable port 5 ks
6. Verify you can ping between all of your devices.
or
w
et
1. View the spanning tree state of Switch-C using the show spantree stats
e
7. View the spanning tree states of Switch -C for port 5 & 22 using the command
shown below:
ok
Spanning tree status - enabled
Spanning tree instance - 0
bo
Designated Root MacAddr - 00-04-96-8b-f8-ff
Designated Root Priority - 32768
-e
Designated Root Cost - 20000
Designated Root Port - ge.1.22
ks
Root Max Age - 20 sec
Root Hello Time - 2 sec
or
Root Forward Delay - 15 sec
Bridge ID MAC Address - 00-1f-45-fb-a9-02
w
What does the output tell us about the Layer 2 forwarding path for Switch-C?
9. Issue the show stpd stpd1 command on Switches A and B. You should
have output similar to what is shown below:
ok
802.1Q Tag: 10
Ports: 6,22
bo
Participating Vlans: Data
Auto-bind Vlans: (none)
-e
Bridge Priority: 32768
BridgeID: 80:00:00:04:96:97:90:08
Designated root: 80:00:00:04:96:8b:f8:ff
ks
RootPathCost: 20000 Root Port: 19
or
MaxAge: 20s HelloTime: 2s
ForwardDelay: 15s
w
CfgBrForwardDelay: 15s
Topology Change Time: 35s Hold time:
N
1s
e
Change: FALSE
Number of Topology Changes: 6
tre
10. Using the appropriate show commands, can you determine which switch (A,
B, or C), is the Root Bridge?
11. Issue the show stpd stpd1 port command on Switches A and B to
determine the port Spanning Tree state for the 2 switches.
Total Ports: 2
ok
4: (Oper. type) b=broadcast, p=point-to-point, e=edge
5: p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
bo
7: i = edgeport inconsistency
8: S = edgeport safe guard active
-e
s = edgeport safe guard configured but inactive
8: G = edgeport safe guard bpdu restrict active in
802.1w and mstp
ks
g = edgeport safe guard bpdu restrict active in
802.1d
or
9: B = Boundary, I = Internal
w
Which ports on are blocking and which are forwarding on Switches A & B?
et
N
13. On Switches A & B, verify Spanning Tree mode using the show stpd stpd1
command.
In this section of the lab we will take steps that ensure a specific switch becomes
the Root Bridge. You will lower Switch-A’s bridge priority so it becomes the Root
Bridge in the topology. You will then lower Switch-B’s bridge priority to a value
higher than Switch-A, but lower than Switch-C priority. This will ensure that
Switch-B becomes the Root Bridge in the event that Switch-A fails.
1. On Switch-A, set the bridge priority to 4096 using the configure stpd
command.
ok
2. Verify this setting using the show stpd command.
bo
-e
show stpd "stpd1"
ks
Stpd: stpd1 Stp: ENABLED Number of Ports: 2
Rapid Root Failover: Disabled
or
EMISTP
802.1Q Tag: 10
et
Ports: 6,22
Participating Vlans: Data
N
BridgeID: 20:00:00:04:96:97:90:08
m
Is Switch-A now the Root Bridge? How can you tell it is the Root Bridge?
3. View the spanning tree port states for Switch-A ports 6 & 22.
Total Ports: 2
ok
8: S = edgeport safe guard active
s = edgeport safe guard configured but inactive
8: G = edgeport safe guard bpdu restrict active in 802.1w
bo
and mstp
g = edgeport safe guard bpdu restrict active in 802.1d
-e
9: B = Boundary, I = Internal
4. On Switch-C, use the show spantree stats active command to view its
et
5. Test connectivity between all devices in your lab setup, you should be able to
ping successfully.
6. On Switch-B, set the bridge priority to 8192. By doing this, the device will
have second lowest Bridge ID in the topology, and will become Root Bridge if
Switch-A fails.
7. Verify the priority has been set by using the show stpd "stpd1" command.
8. Determine the Root Port of Switch-B by using the show stpd "stpd1" ports
command.
9. Use the network diagram below and correct show commands, to indicate
blocking and forwarding ports in your lab environment for all switches.
ok
bo
PC D
172.16.x1.13/24
Switch-C (SSA)
-e
172.16.x1.101/24
Port 2 ks
Port 5
Port 22
or
Port 5
Switch-B(SummitX 460)
w
172.16.x1.102/24
et
Port 6
N
Port22
e
m
Port 6
tre
PC A
172.16.x1.2/24
The 802.1s and 802.1w protocols possess the advantages of rapid failover
capability. In this section of the lab, you will force a link failure on Switch-C for port
22 (Root Port to Switch-A). This will cause a re-span of the topology, since port 22
is currently being used as the forwarding path to Switch-B.
ok
4. Verify that the Root Port for Switch-C has changed by issuing the show
bo
spantree stat active command. The Root Port should now be port 5
-e
5. Verify that pings from PC A to PC-D are still working.
6. Important! Re-enable port 22 on Switch-C. ks
7. Important! Disable port 5 on both Switch-B and Switch-C.
or
w
et
N
End of Lab
e
m
tre
Ex
Lab 4: EAPS
Lab Overview:
In this lab you will use multiple Extreme XOS based switches to configure an EAPS
domain on top of a single ring topology.
Resources/Tools:
Two different types of Extreme switches: (1 EOS SSA, and 3 XOS SummitX
460s)
2 PCs
ok
Objectives:
bo
When you finish this lab you will be able to connect to a switch and:
-e
Create an EAPS domain
Add control VLAN and any protected VLANs to the domain
Configure your switch to be the master node in the EAPS ring
ks
Configure the inter-switch ports to be primary or secondary ports
or
Note: All screen shots included in this lab exercise are for illustrative purposes
m
only and May Not accurately reflect the actual settings on your switch. Please
tre
follow the procedural explanations in the text when you perform configurations in
this lab.
Ex
In this section of the lab, you will enable ports to establish a physical Ethernet Ring
among the XOS SummitX switches, and create a Control VLAN required to
support EAPS operation.
PC D
172.16.x1.13/24
Switch-C (SSA)
Port 2
ok
Port 22
bo
Switch-B
172.16.x1.102/24
-e
Port 1 SummitX 460
Port 6
Port 22
ks
Switch-A
172.16.x1.103/24 Port 6
or
(SummitX 460)
w
Port 5 Port 1
et
N
PC A
Core A
172.16.x1.2/24
e
172.16.x1.1/24
m
SummitX 460
tre
Note: Please refer to the network map for details regarding switch-to-switch
physical connectivity
Ex
Note: The Core Switch (Core A) has been pre-configured by the Instructor as a
Transit Node for all EAPS Domains.
ok
10 100 101
bo
Note: Please refer to the EAPS Domain Information table, for EAPS configuration
-e
details.
ks
1. On Switches A & B using the commands shown below, create a VLAN named
or
Control and add ports. Tag the VLAN, according to the Control VLAN
w
Switch-A:
N
Switch-B:
2. Use the show vlan <vlan name> command to verify your configuration.
3. On Switch-A, add port 1 to your Data VLAN as tagged, and verify your
configuration with the appropriate show command.
4. On Switch-B, add port 1 to your Data VLAN as tagged, and verify your
configuration with the appropriate show command.
ok
In this section of the lab, you will implement the necessary steps required to
bo
create, configure, enable, and verify the operation of your EAPS domain.
-e
Note: EAPS configuration is NOT required on the Core switch, EAPS configuration
of this switch was completed by the Instructor. ks
1. On Switches A & B, create your EAPS Domain using the command show
or
below.
w
create eaps ED
et
N
5. Configure Switch-A as the EAPS master node using the command shown
e
below.
m
7. On Switch-A, configure port 6 as the primary port for your EAPS Domain, and
port 1 as the secondary port
8. On Switch-B configure port 6 as the secondary port for your EAPS Domain,
and configure port 1 as primary.
9. Verify the EAPS configuration on both switches using the show eaps
<eapsDomain> command.
show eaps ED
ok
bo
Name: ED Priority: Normal
State: Idle Running: No
-e
Enabled: No Mode: Master
Primary port: 6 Port status: Unknown Tag status:
Undetermined
ks
Secondary port: 1 Port status: Unknown Tag status:
or
Undetermined
Hello Egress Port: Primary
w
10. On Switches A & B, add the Control VLAN to your EAPS Domain.
11. On Switches A & B, add the protected VLAN to your EAPS Domain.
enable eaps
enable eaps ED
ok
show eaps ED
bo
Name: ED Priority: Normal
-e
State: Complete Running: Yes
Enabled: Yes Mode: Master
ks
Primary port: 6 Port status: Up Tag status: Tagged
Secondary port: 1 Port status: Blocked Tag status:
or
Tagged
w
Note: The EAPS state will show “Complete” on the Master Node indicating
the ring is functional, and the secondary port is “Blocked” to prevent a Layer 2
loop. If you execute the show eaps ED command on the Transit Node, Link-
Up indicates the ring is good.
In this section of the lab, you will test your EAPS configuration to ensure data
traffic is not impacted by a ring failure.
Arrows represent
data path when
PC D ring is complete
172.16.x1.13/24
Switch-C (SSA)
Port 2
ok
Switch-B
Port 22 SummitX 460
bo
-e
Port 1 Port 6
Port 22
ks
Switch-A
(SummitX 460) Port 6
or
w
Port 5 Port 1
et
N
PC A
172.16.x1.2/24 Core A
e
SummitX 460
m
tre
Ex
Note: Refer to Network diagram for flow of traffic when EAPS ring is complete.
ok
bo
Note: On Switch-A (once you reset counters), you should notice that port 6,
(the non-blocking port on the ring), is reporting higher traffic than port 1, (the
-e
blocking port on the ring). This is because port 6 is seeing ping traffic (at the
rate of 1 per second) is also seeing EAPS hello packets (also at the rate of 1
ks
per second), where port 1 is only seeing EAPS hello packets.
or
5. Display the current status of EAPS with the show eaps command.
et
N
6. Display the current status of your EAPS Domain with the show eaps ED
command.
ok
ControlX X
EAPS Domain has following Protected Vlan(s):
bo
Vlan Name VID
DataX X
Number of Protected Vlans: 1
-e
The ring state is now Failed and the secondary
ks
Note: The ring state is now Failed and the secondary port status has been
changed to Up. Ping traffic should continue to pass!
or
w
et
7. Verify ping traffic is now using port 1 on Switch-A using the show port 1,6
statistics command. Clear port counters and you should notice that port 1 is
N
reporting higher traffic than before. This is because it is passing the ping
traffic.
e
m
8. On Switch-A, re-enable the EAPS domain primary port 6 to show that the re-
convergence works.
tre
9. Verify that your EAPS domain has transitioned back into the “Complete” state
Ex
End of Lab
Resources/Tools:
Two different types of Extreme switches: (1 EOS SSA, and 4 XOS SummitX
ok
460s)
bo
2 PCs
-e
Objectives:
ks
When you finish this lab you will be able to connect to a switch and:
Create an EAPS domain
or
Add control and protected VLANs to the domain
Enable EAPS globally
w
Note: All screen shots included in this lab exercise are for illustrative purposes
only and May Not accurately reflect the actual settings on your switch. Please
follow the procedural explanations in the text when you perform configurations in
this lab.
In this section of the lab, you will enable ports to establish a physical Ethernet Ring
among the XOS SummitX switches, and create a Control VLAN required to
support EAPS operation.
PC D
172.16.x1.13/24
Switch-C (SSA)
ok
Port 2
bo
Port 22
-e
Switch-B
172.16.x1.102/24
Port 1 SummitX 460
Port 6
ks
Port 22
or
Port 3
Switch-A
w
172.16.x1.103/24 Port 6
(SummitX 460)
et
Port 5 Port 3
Port 1
N
e
PC A
m
172.16.x1.2/24
tre
Ex
Core A
Core B
172.16.x1.1/24
172.16.x1.254/24
SummitX 460
SummitX 460
Note: Please refer to the network map for details regarding switch-to-switch
physical connectivity.
Note: The Core Switches have been pre-configured by the Instructor as Transit
Nodes for all EAPS Domains.
ok
bo
Note: Please refer to the EAPS Domain Information table for EAPS configuration
-e
details.
ks
1. On Switches A & B using the commands shown below, create a VLAN named
Control2. Tag the VLAN according to Control VLAN information provided in
or
EAPS Domain Information table provided at the beginning of the lab.
w
Switch-A
et
N
Switch-B:
Ex
2. Use the show vlan command to verify your configuration of your new control
VLAN.
In this section of the lab, you will implement the necessary steps required to
create, configure, enable, and verify the operation of an additional EAPS domain.
ok
configuration of this Core A and Core B was completed by the Instructor.
bo
1. On Switches A & B, create your additional EAPS Domain using the command
-e
show below.
6. Configure Switch-B as the EAPS master node using the command shown
w
below:
et
8. On Switch-B, configure port 6 as the primary port for your EAPS Domain, and
port 3 as the secondary port.
9. On Switch-A configure port 6 as the secondary port for your EAPS Domain,
and configure port 3 as primary.
10. Verify the EAPS configuration on both switches using the show eaps
<eapsDomain> command.
ok
Fail timer interval: 3 sec 0 millisec
Fail Timer expiry action: Send alert
bo
Last valid EAPS update: None till now.
EAPS Domain's Controller Vlan: Unassigned
-e
EAPS Domain's Protected Vlan(s): Unassigned
Number of Protected Vlans: 0
ks
or
11. On Switches A & B, add the Control VLAN to your EAPS Domain.
w
12. On Switches A & B, add the protected VLAN to your EAPS Domain.
e
16. On Switches A & B, verify EAPS status for your newly created EAPS domain,
as well as the EAPS domain created in previous lab. Your output should be
similar to what is shown below depending on the switch you are on, and the
EAPS domain you are viewing.
ok
Fail timer interval: 3 sec 0 millisec
Fail Timer expiry action: Send alert
bo
Last update: From Master Id 00:04:96:52:07:37, at Sun
Nov 20 19:02:39 2011
-e
EAPS Domain has following Controller Vlan:
Vlan Name VID
ks
Control2 X
EAPS Domain has following Protected Vlan(s):
or
Data X
Number of Protected Vlans: 1
et
N
Note: The EAPS state will be displayed as “Complete” on the Master Node
indicating the ring is functional, and the secondary port is “Blocked” to prevent a
e
Layer 2 loop. If you execute the show eaps EDX command on the Transit
m
In this section of the lab you will create an EAPS Shared Port instance on your
switches, as instructed below.
6 1 Switch-B Switch-A
ok
bo
-e
ks
1. On Switches A & B, create the EAPS Shared Port Instance on your Switch by
or
typing the following commands on its CLI:
w
2. On Switches A & B, configure the EAPS Shared Port Link-ID with the
command below:
e
m
5. Verify your EAPS shared port configuration on both Switches 2 & 3, using the
command show below:
Switch-B Output:
EAPS shared-port count: 1
------------------------------------------------------------------------
Link Domain Vlan
RB RB
Shared-port Mode Id Up State count count Nbr State Id
------------------------------------------------------------------------
6 Controller "Y" Y Ready 2 1 Yes None None
------------------------------------------------------------------------
Switch-A Output:
EAPS shared-port count: 1
------------------------------------------------------------------------
Link Domain Vlan
ok
RB RB
Shared-port Mode Id Up State count count Nbr State Id
bo
------------------------------------------------------------------------
6 Partner "Y" Y Ready 2 1 Yes None None
-e
------------------------------------------------------------------------
ks
Section D: Testing EAPS Shared Port
or
w
In this section of the lab, you will test your EAPS configuration to ensure data
et
traffic is not impacted by a ring failure. When the shared port fails, the secondary
port of each master node unblocks. The new topology introduces a broadcast loop
N
spanning the both rings (ED & ED2); it is the Controllers responsibility to block this
e
loop.
m
tre
disable port 6
3. Verify the effect of disabling Port 6 (the shared port) with the show eaps
shared-port command.
Switch-B Output:
EAPS shared-port count: 1
------------------------------------------------------------------------
Link Domain Vlan
RB RB
Shared-port Mode Id Up State count count Nbr State Id
------------------------------------------------------------------------
6 Controller "Y" Y Blocking 2 1 Yes None None
------------------------------------------------------------------------
Note: For the failure scenario simulated above, the Controller and Partner
nodes immediately detect the loop, and the controller does the following,
selects an active-open port for protected VLAN communications, and then
Blocks protected VLAN communications on all segment ports except the active-
open port. Switch-B (the shared port controller) should be blocking at this time.
ok
bo
4. Additionally, display the current state of your EAPS Domains (ED & ED2)
showing the show eaps <domain name> command.
-e
5. Re-enable port 6, and verify that the network re-converge using appropriate
show commands. The EAPS Domains should return to their previous states.
ks
6. Important! On Switches A & B, disable port 1, to the Core A switch
or
7. Important! On Switches A & B, disable port 3, to the Core B switch
w
8. Important! On Switches A & B, disable EAPS Domains ED & ED2 and EAPS
et
disable eaps ED
e
disable eaps
Ex
delete eaps ED
10. Verify your EAPS configuration has been removed for the previously
configured Domains:
End of Lab
Objectives
ok
At the end of this lab you will be able to:
Create an ERPS ring
bo
Add a control VLAN and any protected VLANs to the ERPS ring
-e
Configure your switch to be the Ring Protection Link (RPL) Owner node in the
ERPS ring
Configure the inter-switch ports to be ring ports east and west
ks
Enable ERPS globally
or
Enable the ERPS ring
Verify the ERPS configuration and status using various show commands
w
In this section of the lab, you will enable ports to establish a physical Ethernet Ring
among the XOS SummitX to support ERPS operation.
PC D
172.16.x1.13/24
Switch-C (SSA)
Port 2
ok
Port 22
bo
Switch-B
172.16.x1.102/24
-e
Port 1 Port 6 SummitX 460
Port 22
ks
Switch-A
172.16.x1.103/24 Port 6
or
(SummitX 460)
w
Port 5 Port 1
et
PC A
N
172.16.x1.2/24
e
m
tre
Core A
172.16.x1.1/24
Ex
SummitX 460
Note: Please refer network map for details regarding switch-to-switch physical
connectivity.
Note: The Core Switch (Core A), has been pre-configured by the Instructor as a
Ring Node for the ERPS Ring.
In this section of the lab, you will implement the necessary steps required to
create, configure, enable, and verify the operation of your ERPS Ring.
ok
3
4
bo
5
6 Ring-1 Data Control
-e
7
8 ks
9
10
or
w
et
Note: Please refer to the ERPS Ring Information table, for ERPS configuration
details.
N
e
m
1. On Switches A & B, create your ERPS ring using the command show below.
tre
Ex
2. On Switch-A, configure port 6 as the east ring port for your ERPS ring:
3. On Switch-A, configure port 1 as the west ring port for your ERPS ring:
4. On Switch-A, add the control VLAN to the ERPS ring by entering the following
command:
6. On Switch-A, configure the ERPS Ring Protection Link (RPL) port as port 1,
by typing the following command:
ok
bo
Note: The RPL will be the blocking port on the ring!
-e
7. On Switch-A, set the “Wait To Restore” timer to 1 second, by typing the
following command:
ks
configure erps Ring-1 timer wait-to-restore 1000
or
w
8. On Switch-B, configure port 1 as the east ring port for your ERPS ring:
et
N
9. On Switch-B, configure port 6 as the west ring port for your ERPS ring:
tre
10. On Switch-B, set the “Wait To Restore” timer to 1 second, by typing the
following command:
11. On Switch-B, Add the control VLAN to the ERPS ring by entering the
following command:
12. On Switch-B, add the protected VLAN by entering the following command:
13. On Switches A & B enable ERPS globally by typing the following command:
enable erps
14. On Switches A & B enable ERPS for your newly created ring by typing the
following command:
ok
show erps Ring-1
bo
Name: Ring-1
Operational State: Idle Node Type: RPL Owner, Revertive
-e
Configured State : Enabled
East Ring Port : 6 MepId: 0 Remote MepId: 0 Status: Unblocked
West Ring Port : +1 MepId: 0 Remote MepId: 0 Status: Blocked
ks
Periodic timer interval: 5000 millisec (Enabled)
or
Hold-off timer interval: 0 millisec (Enabled)
Guard timer interval : 500 millisec (Enabled)
w
Note: If you are viewing Switch-A, you will notice that the ERPS state is “Idle” and the
west ring port is “Blocked” to prevent a Layer 2 loop. The west ring port is blocked,
because it has been configured as the Ring Protection Link (RPL).
In this section of the lab, you will test your ERPS configuration to ensure data
traffic is not impacted by a ring failure.
Arrows represent
data path when
ring is complete
PC D
ok
172.16.x1.13/24
Switch-C (SSA)
bo
Port 2
-e
Port 22 ks Switch-B
172.16.x1.102/24
Port 1
or
Port 6 SummitX 460
w
Port 22
et
Switch-A
172.16.x1.103/24 Port 6
N
(SummitX 460)
Port 5
e
Port 1
m
PC A
tre
172.16.x1.2/24
Ex
Core A
172.16.x1.1/24
SummitX 460
Note: Refer to Network diagram for flow of traffic when ERPS ring is complete.
ok
Note: On Switch-A (once you reset counters), you should notice that port 6 (the
non-blocking port on the ring), is reporting higher traffic than port 1 (the
bo
blocking port on the ring). This is because port 6 is seeing ping traffic (at the
rate of 1 per second) in addition to ERPS control traffic, where port 1 is only
-e
seeing ERPS control traffic.
ks
4. On Switch-A, disable port 6. By disabling port 6, the RPL port (1), will go to a
or
non-blocking state.
w
5. Display the current status of ERPS with the show erps command.
et
show erps
N
e
Name: Ring-1
Operational State: Protection Node Type: RPL Owner, Revertive
Configured State : Enabled
East Ring Port : 6 MepId: 0 Remote MepId: 0 Status: Blocked
West Ring Port : +1 MepId: 0 Remote MepId: 0 Status: unblocked
Periodic timer interval: 5000 millisec (Enabled)
Hold-off timer interval: 0 millisec (Enabled)
Guard timer interval : 500 millisec (Enabled)
WTB timer interval : 5500 millisec (Enabled)
WTR timer interval : 1000 millisec (Enabled)
Ring MD Level : ----
CCM Interval East : 1000 millisec
ok
CCM Interval West : 1000 millisec
Notify Topology Change : -------
bo
Subring Mode : Virtual Channel
ERPS Control Vlan: controlX VID:X
-e
Topology Change Propogation List: None
Topology Change Propogation : Disabled ks
ERPS Ring's Sub-Ring(s): None
ERPS Ring has following Protected Vlan(s):
or
Vlan Name VID DataX
Number of Protected Vlans: 1
w
Notice that the ERPS state is now “Protection” and the west ring port is
m
Note: On Switch-A (once you reset counters), you should notice that port 1,
(the non-blocking port on the ring), is reporting higher traffic than port 6, (the
failed port on the ring). This is because port 1 is seeing ping traffic (at the rate
of 1 per second) in addition to ERPS control traffic, where port 6 is in a failed
state. Additionally, your pings from your from PC-D to Core A should not have
failed.
ok
bo
-e
End of Lab ks
or
w
et
N
e
m
tre
Ex
Resources/Tools:
3 x Extreme Switches
2 PCs
Objectives
ok
bo
At the end of this lab you will be able to:
Create a LAG dynamically, using Link Aggregation Control Protocol (LACP)
-e
Assign specific ports to a specific LAG using aadminkeys
Test LAG operation in various error conditions including link failures and
ks
enabling/disabling of LACP
or
NOTE: All screen shots included in this lab exercise are for illustrative purposes
w
only and may not accurately reflect the actual settings on your switch. Please
et
follow the procedural explanations in the text when you perform configurations in
N
this lab.
e
m
tre
Ex
PC D
172.16.x1.13/24
Switch-C (SSA)
172.16.xx1.101/24
Port 2
Ports 22-23
ok
Ports 22-23
Port 6
bo
Port 5 Switch-A (SummitX 460)
-e
172.16.x1.103/24
ks
PC A
172.16.xx1.2/24
or
w
3. On Switch-C, verify LACP is enabled globally with the show lacp command.
If the Global Link Aggregation state is disabled on Switch-C, enable it using
the set lacp enable command.
4. On Switch-C enabled LACP at the port level for ports 22 & 23, using the
command below:
5. Verify LACP port status for ports 22 & 23, on Switch-C using the command
shown below:
ok
MuxState: Detached PartnerAdminSystemID: 00:00:00:00:00:00
DebugRxState: Portdisable PartnerOperSystemID: 00:00:00:00:00:00
Global Link Aggregation state : Enabled
bo
Port Instance: ge.1.23 Port enable state: Enabled
ActorPort: 6 PartnerAdminPort: 1
-e
ActorSystemPriority: 32768 PartnerOperPort: 1
ActorPortPriority: 32768 PartnerAdminSystemPriority: 32768
ActorAdminKey: 32768 PartnerOperSystemPriority:
ks 32768
ActorOperKey: 32768 PartnerAdminPortPriority: 32768
ActorAdminState: -----GLA PartnerOperPortPriority: 32768
ActorOperState: -F---GLA PartnerAdminKey: 1
or
ActorSystemID: 00:1F:45:40:27:B8 PartnerOperKey: 1
SelectedAggID: None PartnerAdminState: -----GSA
w
For this part of the exercise you will create a dynamic Link Aggregation Group
tre
between Switch-A and Switch-C (using ports 22 & 23), and verify that the LAG is
configured and operating correctly.
Ex
1. On Switch-A, use the command shown below to create a port sharing group
using ports 22 & 23 as members.
Note: The suffix lacp specifies that the newly created link aggregation group
will be dynamic.
ok
22 22 LACP L2 22 Y A 1
L2 23 Y A 1
bo
=============================================================================
Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback
Load Sharing Algorithm: (L2) Layer 2 address based
-e
(L3_L4) Layer 3 address and Layer 4 port based
Number of load sharing trunks: 1 ks
9. Verify that the Link Aggregation Group is enabled and up on Switch-C, by
or
entering the show lacp command:
w
et
show lacp
N
Aggregator: lag.0.1
tre
Actor Partner
System Identifier: 00:1F:45:40:27:B8 00:04:96:35:81:A9
Ex
Note: You should have physical ports attached to the lag as shown above.
LAGs may not form using the first LAG on EOS switches; you may need to look
at other LAGs to see which LAG has formed dynamically.
How many LAGs in total are displayed on Switch-C when you issue the show
lacp command?
Note: On Extreme EOS type switches, LAGs will form automatically if LACP is
enabled at the global and port level. In the later parts of this lab, we will
implement configuration steps to ensure, ports ge.1.22 & ge.1.23, are always
associated with LAG, lag.0.1. This will be done through the use of
aadminkeys.
10. On Switch-C, verify that ports 22 & 23 are in a Dormant state and verify
speed of LAG, using the show port status ge.1.22-23;lag.0.1 command.
ok
Alias Oper Admin Speed
Port (truncated) Status Status (bps) Duplex Type
--------- ------------ ------- ------- --------- ------- ------------
bo
ge.1.22 dormant Up 1.0G full BaseT RJ45/PoE
ge.1.23 dormant Up 1.0G full BaseT RJ45/PoE
-e
lag.0.1 Up Up 2.0G full lag
11. On Switch-A, verify the dynamic link aggregation configuration by entering the
et
following command:
N
Port list:
12. On Switch-A, verify the identity of the load sharing master port for the LAG, by
entering the following command:
Port Flags Link ELSM Link Num Num Num Jumbo QOS Load
State /OAM UPS STP VLAN Proto Size profile Master
====================================================================================
22 Em-la---e--fMB---x- active - / - 1 1 2 1 9216 none 22 a
23 Em-la---e--fMB---x- active - / - 1 1 2 1 9216 none 22 a
====================================================================================
> indicates Port Display Name truncated past 8 characters
ok
13. On Switch-C, use the show port lacp port port-string status detail
bo
command to verify the LAG port configuration.
-e
show port lacp port ge.1.22 status detail
ks
or
14. Verify the Link Aggregation Control Protocol (LACP) activity by entering the
following commands on Switch-A and Switch-C:
Switch-A:
ok
=================================================================
bo
Switch-C:
-e
show port lacp port ge.1.22-23 counters
UnknownRx: 0 MarkerResponsePDUsTx: 0
ActorSyncTransitionCount: 3 PartnerSyncTransitionCount: 1
et
ActorChangeCount: 3 PartnerChangeCount: 0
ActorChurnCount: 0 PartnerChurnCount: 0
N
LACPDUsRx: 35 MarkerPDUsRx: 0
LACPDUsTx: 38 MarkerPDUsTx: 0
Ex
IllegalRx: 0 MarkerResponsePDUsRx: 0
UnknownRx: 0 MarkerResponsePDUsTx: 0
ActorSyncTransitionCount: 3 PartnerSyncTransitionCount: 2
ActorChangeCount: 5 PartnerChangeCount: 0
ActorChurnCount: 0 PartnerChurnCount: 0
ActorChurnState: noChurn PartnerChurnState: noChurn
MuxState: distributing
MuxReason: Selected = SELECTED and PSync = TRUE and PColl = TRUE
15. On Switch-C, display general LAG port information for physical ports 22 and
23.
Do the Actor and Partner keys need to match for the LAG to function?
ok
bo
16. Test IP connectivity between Switch-A and Switch-C. Ping between switches.
(Pings should fail.)
-e
Note: The Layer 2 forwarding between Switch-A and Switch-C is via the LAG.
ks
On Switch-A (XOS type), the LAG is automatically associated with your VLAN
as tagged, because its Master Port, port 22 was previously assigned the VLAN
or
Data as tagged. On Switch-C (EOS type), the LAG must be manually assigned
to the LAG as tagged or untagged.
w
et
N
17. On Switch-C, examine VLAN X0 with the show vlan static <Your Group
VLAN Number> command, is your LAG currently assigned to the VLAN?
e
m
18. On Switch-C, assign your LAG to your group VLAN as tagged, using the
tre
19. Verify the LAG has been assigned to the VLAN using the show vlan XO or
show vlan static XO command.
Note: The pings between Switch-A and Switch-C should now be working.
Because LAGs are dynamic, it is often helpful to link ports to a specific LAG
number. This helps prevent misconfiguration. The method to achieve this
configuration on Extreme EOS Switches is to set the Actor Admin Key, (called
aadminkey), to a specific number, and then to assign that same aadminkey to the
LAG and its associated physical ports. Extreme recommends you execute this type
of configuration on EOS type switches when implementing LAGs.
1. On Switch-C, set the aadminkey to map your physical ports and LAG using the
commands shown below.
ok
bo
Note: The operational LAG on your switch might not be lag.0.1, make sure you
-e
verify which LAG port is up and operational so ports 22 & 23 are keyed correctly.
ks
2. Issue the show lacp command view your LAG configuration.
Aggregator: lag.0.1
Actor Partner
e
00:1f:45:fb:aa:7c
tre
Note: It may take several seconds for the physical ports to re-attach to the
LAG.
3. Verify keys are set at the port level via the show port lacp port ge.1.22-23
status detail command.
!
#***** NON-DEFAULT CONFIGURATION *****
#port
set port lacp port ge.1.22 aadminkey 3000
set port lacp port ge.1.23 aadminkey 3000
ok
#***** NON-DEFAULT CONFIGURATION *****
bo
#lacp
set lacp aadminkey lag.0.1 3000
-e
Note: Ports 22 & 23 are now permanently keyed to LAG lag.0.1 as a result of
ks
the previous configuration.
or
End of Lab
N
e
m
tre
Ex
Resources/Tools:
ok
3 x Extreme Switches
bo
2 PCs
-e
Objectives
At the end of this lab you will be able to:
ks
Create an configure the ISC VLAN
or
Create LAGs and add them to the appropriate VLANs
Create the ISC peers
w
NOTE: All screen shots included in this lab exercise are for illustrative purposes
tre
only and may not accurately reflect the actual settings on your switch. Please
follow the procedural explanations in the text when you perform configurations in
Ex
this lab.
Switch-C (SSA)
172.16.x1.101/24
Port 2
PC D
172.16.x1.13/24 Ports 22-23 Port 5 & 20
LAG
ok
bo
MLAG
Ports 22-23 Port 5 & 20
-e
Port 6 & 8
ks Port 6 & 8
ISC
Port 5 Switch-B (SummitX 460)
or
Switch-A (SummitX 460)
172.16.x1.102/24
172.16.x1.103/24
w
et
PC A
N
172.16.x1.2/24
e
m
1. On Switch-C using commands show below; enable ports 5 & 20 and verify
tre
2. On Switch-C enable LACP at the port level for ports 5 & 20, using the set
port lacp port ge.1.5;ge.1.20 enable command.
3. Verify LACP port status for ports 5 & 20, on Switch-C using the show port
lacp port ge.1.5;ge.1.20 status detail command.
5. On Switch-B, add ports 5 & 20 to the Data VLAN as tagged. DO NOT enable
these port until instructed to do so.
ok
Section B: Configuring Link Aggregation Groups (LAGs)
bo
For this part of the exercise you will create the VLANs and Link Aggregation
-e
Groups required to implement MLAG functionality on your XOS SummitX switches.
ks
1. On Switch-B, using the command shown below to create a port sharing group
using ports 5 & 20 as members.
or
w
lacp
N
e
2. On both Switch-A and Switch B, using the commands shown below to create
a port sharing group using ports 6 & 8 as members, and add the sharing
group to the Data VLAN.
3. On both Switch-A and Switch B enable port 8 and ensure that a LAG has
formed between the two switches using the appropriate commands.
enable port 8
4. On Switches A & B, create an ISC VLAN and assign the appropriate Tag and
IP Address based on ISC VLAN Table shown below:
ok
3 192.168.3.1/24 192.168.3.2/24
bo
4 192.168.4.1/24 192.168.4.2/24
-e
5 192.168.5.1/24 192.168.5.2/24
ISC 1001
6 ks 192.168.6.1/24 192.168.6.2/24
7 192.168.7.1/24 192.168.7.2/24
8 192.168.8.1/24 192.168.8.2/24
or
9 192.168.9.1/24 192.168.9.2/24
w
10 192.168.10.1/24 192.168.10.2/24
et
N
e
5. On Switches A & B, create and Tag your ISC VLAN using commands shown
m
below:
tre
Switch-A:
Switch-B:
ok
8. Verify the configuration of your newly create VLAN using the appropriate
bo
show commands.
-e
9. On Switches A & B, verify your LAG configuration using the command shown
ks
below. The output below will vary depending on the switch you are viewing.
or
Transitions
tre
============================================================================
6 6 LACP L2 6 Y A 0
Ex
L2 8 Y A 0
22 22 LACP L2 22 Y A 0
L2 23 Y A 0
============================================================================
Load Sharing Algorithm: (L2) Layer 2 address based, (L3) Layer 3 address
based
For this part of the exercise, on Switches A & B, you will create the MLAG
structure based on existing LAGs and VLANs.
1. For MLAGs to work, the switches that are participating in the functionality need
to know who their MLAG peer is. Use the following commands to setup an
MLAG peer relationship between Switches A & B:
Switch-A:
ok
Configure mlag peer Switch-B ipaddress 192.168.x.2
bo
enable mlag port 22 peer Switch-B id 1
-e
Switch-B:
ks
Create mlag peer Switch-A
or
w
Note: VLAN ISC will be used as the Inter-Switch Connection to MLAG peer.
Ex
3. Verify the configuration on both switches with the command shown below.
ok
4. On Switch-B, enable ports 5, & 20 using the commands shown below and
verify their operational status.
bo
-e
enable port 5,20 ks
5. Verify on Switches A & B that the MLAG is operational:
or
w
========================================================================
Y 22 A Up Switch-B Up 0 0
tre
========================================================================
Local Link State: A - Active, D - Disabled, R - Ready, NP - Port not present
Ex
Remote Link : Up - One or more links are active on the remote switch,
Down - No links are active on the remote switch,
N/A - The peer has not communicated link state for this MLAG
port
Number of Multi-switch Link Aggregation Groups : 1
Convergence control : Conserve Access Lists
For this part of the exercise you will generate continuous ping traffic between PC A
and PC-D, and you will disable MLAG ports and verify the effect it has on the
traffic.
1. On PC A and PC-D turn on continuous pings between the two PCs, and
monitor your pings.
2. On Switch-B, disable ports 5 & 20 using the disable port command. The
pings should continue to run without interruption.
ok
bo
4. On Switch-A, disable ports 22 & 23 using the disable port command. The
pings should continue to run without interruption.
-e
On Switch-A, disable ports 6 & 8, (the ISC ports) using the disable port
ks
command. The pings should continue to run without interruption, but they may
feel depending on which LAG member port Switch-A has chosen to distribute
or
Note: Depending on the load sharing and MAC address combinations used for
N
each switch’s hashing algorithm, the ping may or may not continue
uninterrupted. This demonstrates how important the ISC port is, which is why
e
End of Labs
Ex
ok
bo
-e
ks
or
w
et
N
e
m
tre
Ex