Sie sind auf Seite 1von 254

ExtremeXOS Operations and Configuration Lab Guide with PuTTY, Rev.12.

Extreme Networks, Inc.


3585 Monroe Street
Santa Clara, California 95051
(888) 257-3000
(408) 579-2800
http://www.extremenetworks.com
Part number: DOC-01665 Rev 02

AccessAdapt, Alpine, BlackDiamond, ESRP, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere,
Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare,
ExtremeWorks, ExtremeXOS, the Go Purple Extreme Solution, Sentriant, ServiceWatch, ScreenPlay, Summit,
SummitStack, Unified Access Architecture, Unified Access RF Manager, UniStack, Universal Port, the Extreme
Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive logo, the Summit logos, the
Powered by ExtremeXOS logo, and the Color Purple, among others, are trademarks or registered trademarks of
Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries.
Adobe, Flash, and Macromedia are registered trademarks of Adobe Systems Incorporated in the U.S. and/or other
countries. AutoCell is a trademark of AutoCell. Avaya is a trademark of Avaya, Inc. Merit is a registered trademark
of Merit Network, Inc. Internet Explorer is a registered vctrademark of Microsoft Corporation. Mozilla Firefox is a
registered trademark of the Mozilla Foundation. sFlow is a registered trademark of sFlow.org. Solaris and Java are
trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
Specifications are subject to change without notice.
All other registered trademarks, trademarks, and service marks are property of their respective owners.
2009 Extreme Networks, Inc. All Rights Reserved.

ii

ExtremeXOS Operation and Configuration, Rev. 12.1

Table of Contents
PuTTY Console Configuration
Student Objectives .................................................................................................................... vii
Part 1: Clear the Registry ........................................................................................................... vii
Part 2: Fill the Registry with Extremes Saved Sessions................................................................ viii
Part 3: Run the PuTTY Executable............................................................................................... ix
Part 4: Establish Initial Connection to the Virtual PC ..................................................................... xi
Part 5: Virtual PC Tips ............................................................................................................... xii

Lab 1: Initial Switch Configuration Lab


Student Objectives .....................................................................................................................
Part 1: Logging In, Initializing, and Configuring the Switch Name...................................................
Part 2: Adding Users and Saving the Configuration........................................................................
Part 3: Limiting CLI Sessions, Failed Logins, and Telnet Access .....................................................

1
2
6
8

Lab 2: Switch Management Lab


Student Objectives ...................................................................................................................
Part 1: Verifying the Switch Status and Configuration ..................................................................
Part 2: Configuring IP Access....................................................................................................
Part 3: Backing Up Configuration Files and Downloading Images ..................................................
Part 4: Editing ASCII-formatted Configuration Files on a PC .........................................................
Part 5: Editing ASCII-formatted Configuration Files on the Switch ................................................
Part 6: Accessing the Bootstrap and BootRom Menus ..................................................................

13
14
15
17
21
23
26

Lab 3: Layer 1 Configuration Lab


Student Objectives ...................................................................................................................
Part 1: Setting Up for Auto-Negotiation, Half-Duplex, and Full-Duplex ..........................................
Part 2: Auto-Negotiation, Half-Duplex, and Full-Duplex ...............................................................
Part 3: Configuring the Client Workstation and Testing the Default Gateway...................................
Part 4: Configuring Dynamic Address-based Load Sharing............................................................
Part 5: Enabling the Link-Layer Discovery Protocol ......................................................................

29
30
31
33
37
43

Lab 4: Configuring a Stacked Switch Demonstration........................................................................ 45

ExtremeXOS Operation and Configuration, Rev. 12.1

iii

Table of Contents

Lab 5: Layer 2 Forwarding Lab


Student Objectives ................................................................................................................... 47
Part 1: Setting Up for Populating the Forwarding Database .......................................................... 48
Part 2: Populating the Forwarding Database................................................................................ 49
Part 3: Locking Learning............................................................................................................51
Part 4: Limiting Learning .......................................................................................................... 55
Part 5: Enabling Extreme Link Status Monitoring ........................................................................ 57

Lab 6: Port-based VLAN Configuration Lab


Student Objectives ...................................................................................................................
Part 1: Setting Up for Creating a Port-Based VLAN......................................................................
Part 2: Creating a Port-Based VLAN ...........................................................................................
Part 3: Adding Ports to a VLAN .................................................................................................
Part 4: Configuring the Client Workstation ..................................................................................
Part 5: Extending the VLAN Across Multiple Switches .................................................................

59
60
61
62
63
66

Lab 7: Tagged VLAN Configuration Lab


Student Objectives ................................................................................................................... 69
Part 1: Setting Up for Configuring a Tagged VLAN and Adding Tagged and Untagged Ports ............. 70
Part 2: Configuring the Client Workstation .................................................................................. 71
Part 3: Configuring a Tagged VLAN and Adding Tagged and Untagged Ports ..................................75
Part 4: Adding a Second Tagged VLAN and Trunked Ports ........................................................... 77
Part 5: Adding Additional Tagged Ports ...................................................................................... 79
Part 6: Reconfiguring the Client Workstation............................................................................... 81

Lab 8: Spanning Tree Configuration Lab


Student Objectives ...................................................................................................................
Part 1: Setting Up for Spanning Tree Configuration .....................................................................
Part 2: Configuring the Client Workstation ..................................................................................
Part 3: Creating and Validating a Spanning Tree Domain..............................................................
Part 4: Changing and Validating Bridge Priority ...........................................................................

83
85
86
90
94

Lab 9: Basic EAPS Configuration Lab


Student Objectives ................................................................................................................... 97
Part 1: Creating the EAPS Control VLAN..................................................................................... 99
Part 2: Creating and Configuring the EAPS Domain ................................................................... 101
Part 3: Verifying the EAPS Domain Configuration and Operation ................................................. 102
Part 4: Configuring the Client Workstation ................................................................................ 103
Part 5: Testing the EAPS Configuration .................................................................................... 107

iv

ExtremeXOS Operation and Configuration, Rev. 12.1

Table of Contents

Lab 10: Static Route/IP Forwarding Configuration Lab


Student Objectives .................................................................................................................111
Part 1: Setting Up for Creating Router Interfaces ...................................................................... 112
Part 2: Creating Router Interfaces.............................................................................................113
Part 3: Enabling IP Forwarding and Creating a Default Route ..................................................... 115
Part 4: Configuring the Client Workstation ................................................................................ 117
Part 5: Verifying and Testing IP Forwarding and the Static Route................................................ 121

Lab 11: Routing Information Protocol (RIP) Configuration Lab


Student Objectives .................................................................................................................
Part 1: Setting Up for Verifying the Router Interfaces ................................................................
Part 2: Verifying the Router Interfaces......................................................................................
Part 3: Enabling IP Forwarding and Adding VLANs to RIP ..........................................................
Part 4: Enabling RIP and Verifying Protocol Operation ...............................................................
Part 5: Configuring the Client Workstation ................................................................................
Part 6: Verifying and Testing IP Forwarding and RIP.................................................................

123
124
125
126
128
132
136

Lab 12: Open Shortest Path First (OSPF) Configuration Lab


Student Objectives .................................................................................................................
Part 1: Setting Up for Verifying the Router Interfaces ................................................................
Part 2: Verifying the Router Interfaces......................................................................................
Part 3: Enabling IP Forwarding and Configuring OSPF ...............................................................
Part 4: Enabling OSPF and Verifying the Protocol Operation .......................................................
Part 5: Configuring the Client Workstation ................................................................................
Part 6: Verifying and Testing IP Forwarding and OSPF ...............................................................

139
140
141
142
145
147
151

Lab 13: Netlogin Using Local MAC Address Authentication Configuration Lab
Student Objectives ................................................................................................................. 155
Part 1: Setting up for Netlogin ................................................................................................ 156
Part 2: Configuring the Client Workstation ................................................................................ 157
Part 3: Displaying the Network Login Configuration ................................................................... 161
Part 4: Configuring the Network Login VLAN............................................................................. 161
Part 5: Configuring MAC Address Authentication....................................................................... 161
Part 6: Managing the Authorized MAC Addresses ...................................................................... 162
Part 7: Testing the Configuration .............................................................................................163
Part 8: Just in Case.... ............................................................................................................164

ExtremeXOS Operation and Configuration, Rev. 12.1

Table of Contents

Lab 14: Universal Port Configuration Lab


Student Objectives .................................................................................................................169
Part 1: Setting Up for Loading and Validating the Netlogin Configuration ....................................170
Part 2: Loading and Validating the Netlogin Configuration.......................................................... 171
Part 3: Configuring the Client Workstations............................................................................... 173
Part 4: Creating the Universal Port Profiles and Binding to an Event ...........................................181
Part 5: Universal Port, Netlogin, and MAC-Based Authentication ................................................ 183
Part 6: Triggering and Validating the Event Profile..................................................................... 184

Lab 15: Quality of Service (QoS) Configuration Lab


Student Objectives .................................................................................................................
Part 1: Creating the EAPS Control VLAN...................................................................................
Part 2: Configuring the Client Workstations...............................................................................
Part 3: Best-Effort Traffic Modeling .........................................................................................
Part 4: Configuring Quality of Service, Assigning it to a VLAN, and Verifying Priority Service .........

189
191
193
199
202

Lab 16: Switch Diagnostics Lab


Student Objectives .................................................................................................................
Part 1: Resetting the Switch to Factory Default .........................................................................
Part 2: Monitoring Processes...................................................................................................
Part 3: Terminating and Restarting Processes ...........................................................................
Part 4: Running Normal Diagnostics ........................................................................................
Part 5: Running Extended Diagnostics .....................................................................................

205
206
208
210
211
214

Lab 17: Network Troubleshooting Lab


Student Objectives ................................................................................................................. 217
Part 1: Setting Up the Lab Switch ...........................................................................................218
Part 2: Configuring the Client Workstation ................................................................................219
Error Identification and Resolution Worksheet ...........................................................................223

Appendix A: Lab Network Diagrams .............................................................................................. 225

vi

ExtremeXOS Operation and Configuration, Rev. 12.1

PuTTY Console Configuration


PuTTY, developed by Simon Tatham, is a client program for the SSH, Telnet, and Rlogin network
protocols that are used to run a remote session on a computer, over a network. PuTTY implements the
client end of that session: that is, the end at which the session is displayed, rather than the end at which
it runs.
We are using SSH and host keys for maximum security. Saved sessions, which contain a full set of
configuration options plus a host name and protocol, have been preconfigured to provide quick access
to switches and virtual PCs used in the labs.
Follow the instructions below to configure PuTTY, which enables access to the lab switches and virtual
PCs.

Student Objectives
In this lab, you will:

Clear the Simon Tatham directory from the registry (do this only if it already exists on your PC).

Fill the registry with Extremes saved sessions by opening PuTTY_master.reg.

Run the PuTTY executable.

Load preconfigured PuTTY profile settings and select the proper key.

Establish an initial connection to your switch and virtual PC.

Part 1: Clear the Registry


1 The instructor provides the two required PuTTY files via jump drive. Move those files directly onto
your desktop. They are extreme_puttyA.reg (or extreme_puttyB.reg) and putty.exe.
2 The instructor provides the remote authentication password and assigns student numbers SS_1
through SS_6.
Remote authentication password for this class is: _______________________.
You are assigned SS - _____.
3 From the Start Menu, choose Run... In the run window type regedit and click OK.

ExtremeXOS Operation and Configuration, Rev. 12.1

vii

PuTTY Console Configuration

4 To clear any previous version of Saved Sessions/Keys from the registry. When the Registry Editor
window opens look for Simon Tatham in the registry. Navigate to:
My Computer > HKEY_CURRENT_USER > Software > Simon Tatham
5 To clear any previous version of Saved Sessions/Keys from the registry - look for Simon Tatham in
the registry. If you do not have an entry for Simon Tatham in your registry proceed to step 7.
6 Highlight Simon Tatham; right-click and select Delete.

Part 2: Fill the Registry with Extremes Saved Sessions


7 Double-click on the extreme-puttyA.reg (or extreme-puttyB.reg) file on your desktop.

viii

ExtremeXOS Operation and Configuration, Rev. 12.1

PuTTY Console Configuration


8 When you see this message click Yes.

9 When you see this message click OK.

Part 3: Run the PuTTY Executable


10 Double-click on the Putty.exe application on your desktop. Notice that there are many preconfigured
Saved Sessions as shown below:

ExtremeXOS Operation and Configuration, Rev. 12.1

ix

PuTTY Console Configuration

11 Using the number assigned to you by the instructor, SS-1 through SS-6, double-click on SS- {your
number} in the Saved Sessions window.
12 When you see the PuTTY Security Alert window open- click Yes.

13 When the switch console window opens, enter [the remote authentication password obtained from
your instructor] then press Enter twice.
14 To log on to the switch, enter the following:
Login: admin
password: no password -- press Enter again, this brings up SS-X (Student Switch-1 shown).

ExtremeXOS Operation and Configuration, Rev. 12.1

PuTTY Console Configuration

Part 4: Establish Initial Connection to the Virtual PC


The RD-X Saved Session allows you to tunnel through and connect to your Virtual PCs.
15 Double-click on Putty.exe then double-click on RD-X in Saved Sessions.
Enter [the remote authentication password obtained from your instructor] then press Enter twice..
When the $ appears the Remote Desktop Connection Tunnel is open. Leave this window open.

16 Go to your Start Menu > Programs > Accessories > Remote Desktop Connection.
17 In the Computer: window enter: 127.0.0.1:101X, where X is the number assigned by your instructor
(1-6), and select Connect. This example shows Student One's Virtual PC.

18 When Log On to Windows prompt appears, type User Name: student and Password: student

ExtremeXOS Operation and Configuration, Rev. 12.1

xi

PuTTY Console Configuration


Once connected, you can control your Virtual PC as long as the RD-X tunnel remains open.
This completes the initial connection to your switch and a Virtual PC. You will use this pre-configured
connection throughout the course. Proceed with the lab when directed by your instructor.

Part 5: Virtual PC Tips


Closing the virtual machine connection:

If you choose to close the remote desktop connection to 127.0.0.101X, the best practice is to logoff the
virtual PC using Start Menu > Logoff.

Rebooting the virtual machine(ALT-CTRL-END):

xii

If for some reason the virtual machine needs to be rebooted, hold down on the ALT-CTRL-END
keys and then select the Shutdown tab and choose restart.

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab

Student Objectives
This lab provides you with hands-on experience using the Command Line Interface (CLI) to configure
secure user accounts.
At the end of this lab, you will be able to:

Login to the switch

Assign a name to the switch

Create a new user account

Save changes to the active switch configuration

Change, test, verify, and reset user access settings

Change and verify SNMP access privileges

Change and verify Telnet settings

Figure 1: Initial Switch Configuration Lab

Refer to the values in Table 1 to configure switch parameters for this lab.

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab

Table 1: Lab Groups and Switch Names


Lab Group Number

Functional Name

Switch Name

Sales Management

SAM_1

Executive Staff

EXC_2

Accounting

ACT_3

Manufacturing Floor

MFG_4

Engineering

ENG_5

Human Resources

HUR_6

Part 1: Logging In, Initializing, and Configuring the


Switch Name
In this exercise you will enter configuration parameters for your switch.
1 Maximize the switch console window or launch your switchs saved session profile and login with
the credentials admin and no password, press the Enter key.

2 At the command prompt enter:


unconfigure switch all

3 Enter y when asked this question: Restore all factory defaults and reboot? (y/N)

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab


4 A switch that is in the process of booting, displays the following:
Loading EXOS Image ...|
Running Image ...
Starting ExtremeXOS 12.1.0b61
Copyright (C) 1996-2008 Extreme Networks. All rights reserved.
Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; 6,618,388;
6,034,957; 6,859,438; 6,912,592; 6,954,436; 6,977,891; 6,980,550;
6,981,174; 7,003,705; 7,017,082; 7,046,665; 7,126,923; 7,142,509;
7,149,217; 7,152,124; 7,154,861; 7,245,619; 7,245,629; 7,269,135.
(pending-AAA) login:

The (pending-AAA) login: prompt is a restricted login made available while the switch is still in the
process of loading remaining software components. Logging in at this point will not provide access
to switch management and configuration, and attempting to use standard login accounts will result
in failure. Wait until you see the following prompt before proceeding:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key until the system displays the login prompt.
6 Enter admin.
The password prompt displays.
7 The switch will not have an admin password configured. Press the Enter key.
The following displays:
This switch currently has all management methods enabled for security
reasons. Please answer these questions about the security settings you
would like to use.
Telnet is enabled by default. Telnet is unencrypted and has been the trget
of security exploits in the past.
Would you like to disable Telnet? [y/N]

8 Enter n and press the Enter key.


The following displays:
SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be
configured to eliminate this problem.
Would you like to disable SNMP? [y/N]:

9 Enter y and press the Enter key.


10 The following displays:
All ports are enabled by default. In some secure applications, it maybe
more desirable for the ports to be turned off.
Would you like unconfigured ports to be turned off by default? [y/N]:

11 Enter y and press the Enter key.

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab


12 When asked to change the default failsafe account username and password, enter no and press the
Enter key.
13 When asked if you would like to permit failsafe account access via the management port enter no.
A message outlining actions that would increase the security of your network follows, then the
command line prompt appears again.
14 Display the default switch management configuration, by entering the following command:
show management
The following displays:
CLI idle timeout
CLI max number of login attempts
CLI max number of sessions
CLI paging
CLI space-completion
CLI configuration logging
CLI scripting
CLI scripting error mode
CLI persistent mode
Telnet access
SSH access
all)
Total Read Only Communities
Total Read Write Communities
RMON
SNMP access
SNMP Traps
SNMP v1/v2c TrapReceivers
SNMP stats:
0
SNMP traps:

:
:
:
:
:
:
:
:
:
:
:
:

Enabled (20 minutes)


3
8
Enabled (this session only)
Disabled (this session only)
Disabled
Disabled (this session only)
Ignore-Error (this session only)
Persistent (this session only)
Enabled (tcp port 23 vr all)
Access Profile : not set
Disabled (Key invalid, tcp port 22 vr

:
:
:
:
:
:
:
:

Access Profile : not set


1
1
Disabled
Disabled
Access Profile Name : not set
Enabled
None

InPkts 0

OutPkts

Gets
Sent

GetNexts 0
Sets
AuthTraps Enabled

0
0

Errors 0

AuthErrors

15 Configure the SNMP system name of the switch, by entering the following command:
configure snmp sysname <switch name>
Where <switch name> is the switch name identified for your lab group in Table 1.
16 The command line prompt with the new system name displays.
* X450a-24t.2 # configure snmp sysname <switch name>
* <switch name>.3 #

17 Verify that all the data ports are disabled, by entering the following command:
show ports configuration

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab


The system displays the configurable physical attributes for each port on the switch as shown below:
Port Configuration Monitor
Wed Feb 20 20:43:20
2008
Port
Virtual
Port Link Auto
Speed
Duplex
Flow Load
Media
router
State State Neg Cfg Actual Cfg Actual Cntrl Master Pri Red
===============================================================================
1
VR-Default D
R
ON AUTO
AUTO
UTP
2
VR-Default D
R
ON AUTO
AUTO
UTP
3
VR-Default D
R
ON AUTO
AUTO
UTP
4
VR-Default D
R
ON AUTO
AUTO
UTP
5
VR-Default D
R
ON AUTO
AUTO
UTP
6
VR-Default D
R
ON AUTO
AUTO
UTP
7
VR-Default D
R
ON AUTO
AUTO
UTP
8
VR-Default D
R
ON AUTO
AUTO
UTP
9
VR-Default D
R
ON AUTO
AUTO
UTP
10
VR-Default D
R
ON AUTO
AUTO
UTP
11
VR-Default D
R
ON AUTO
AUTO
UTP
12
VR-Default D
R
ON AUTO
AUTO
UTP
13
VR-Default D
R
ON AUTO
AUTO
UTP
14
VR-Default D
R
ON AUTO
AUTO
UTP
15
VR-Default D
R
ON AUTO
AUTO
UTP
16
VR-Default D
R
ON AUTO
AUTO
UTP
===============================================================================
Link Status : A-Active, R-Ready, NP-Port Not Present, L-Loopback
Port State: D-Disabled, E-Enabled, Media: !-Unsupported Optic Module
0->Clear Counters U->page up D->page down ESC->exit

18 Press the Esc key. Display the login session, by entering the following command:
show session
The switch reports all active sessions, including the user name, they type of access, and the level of
authorization as shown below:
CLI
#
Login Time
User
Type
Auth
Auth Location
================================================================================
*1
Wed Feb 20 20:36:31 2008 admin
console local dis serial

19 Enable SNMP access to the switch, by entering the following command:


enable snmp access
20 Display the switch management configuration, by entering the following command:
show management

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab


The following displays:
CLI idle timeout
CLI max number of login attempts
CLI max number of sessions
CLI paging
CLI space-completion
CLI configuration logging
CLI scripting
CLI scripting error mode
CLI persistent mode
Telnet access
SSH access
Total Read Only Communities
Total Read Write Communities
RMON
SNMP access
SNMP Traps
SNMP v1/v2c TrapReceivers
SNMP stats:
SNMP traps:

InPkts 0
Gets
0
Sent
0

:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

Enabled (20 minutes)


3
8
Enabled (this session only)
Disabled (this session only)
Disabled
Disabled (this session only)
Ignore-Error (this session only)
Persistent (this session only)
Enabled (tcp port 23 vr all)
Access Profile : not set
Disabled (Key invalid, tcp port 22 vr all)
Access Profile : not set
1
1
Disabled
Enabled
Access Profile Name : not set
Enabled
None

OutPkts
0
Errors 0
GetNexts 0
Sets
0
AuthTraps Enabled

AuthErrors 0

21 Notice the new configuration setting for SNMP access, it is now enabled.

Part 2: Adding Users and Saving the Configuration


In this exercise you will create additional users and save your configuration as the primary.
1 Create a new administrator level user account, by entering the following command:
create account admin ADMIN_X
Where X is your lab group number assigned in Table 1.
The system displays the following prompt:
Password:

2 Leave the password blank by pressing the Enter key again.


The following prompt displays:
Reenter Password:

3 Press the Enter key again.


4 Verify the new user account information by entering the following command:
show accounts

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab


The user account information displays:
User Name
Access LoginOK Failed
-------------------------------- ------ ------admin
R/W
1
user
RO
0
ADMIN_X
R/W
0

-----0
0
0

5 Save the configuration to nonvolatile storage, by entering the following command:


save primary
6 The following displays:
No default configuration database has been selected to boot up the system.
Save configuration will set the new configuration as the default database.
The configuration file primary.cfg already exists.
Do you want to save configuration to primary.cfg and overwrite it? (y/n)

7 Enter y.
The following displays:
Saving configuration ........ done!
Configuration saved to primary.cfg successfully.

8 Log out of the switch, by entering the following command:


logout
The login prompt displays.
9 Login as the new user, ADMIN_X, created in Part 2, Step 1 above.
Remember that both login names and passwords are case-sensitive.
10 Display the login session, by entering the following command:
show session
The following displays:
CLI
#
Login Time
User
Type
Auth
Auth Location
================================================================================
*2
Mon Aug 25 10:26:47 2008 ADMIN_X console local dis serial

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab

Part 3: Limiting CLI Sessions, Failed Logins, and Telnet


Access
In this exercise you will set controls for login sessions. This includes setting the maximum number of
CLI sessions per user, the number of times a user can log in incorrectly, and Telnet access parameters.
1 Display the switch management configuration, by entering the following command:
show management
CLI idle timeout
CLI max number of login attempts
CLI max number of sessions
CLI paging
CLI space-completion
CLI configuration logging
CLI scripting
CLI scripting error mode
CLI persistent mode
Telnet access
SSH access
Total Read Only Communities
Total Read Write Communities
RMON
SNMP access
SNMP Traps
SNMP v1/v2c TrapReceivers
SNMP stats:
SNMP traps:

InPkts 0
Gets
0
Sent
0

:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

Enabled (20 minutes)


3
8
Enabled (this session only)
Disabled (this session only)
Disabled
Disabled (this session only)
Ignore-Error (this session only)
Persistent (this session only)
Enabled (tcp port 23 vr all)
Access Profile : not set
Disabled (Key invalid, tcp port 22 vr all)
Access Profile : not set
1
1
Disabled
Enabled
Access Profile Name : not set
Enabled
None

OutPkts
0
Errors 0
GetNexts 0
Sets
0
AuthTraps Enabled

AuthErrors 0

2 Notice the configuration settings for CLI max number of login attempts, CLI max number of
sessions, and Telnet access.
3 Limit the number of CLI sessions to 2, by entering the following command:
configure cli max-sessions 2
4 Limit the number of login attempts to two, by entering the following command:
configure cli max-failed-logins 2
5 Limit Telnet connections to the virtual router VR-MGMT, by entering the following command:
configure telnet vr vr-mgmt
6 Enable the lockout on login failure feature, by entering the following command:
configure account ADMIN_X password-policy lockout-on-login-failures on
Where ADMIN_X is the name of the account created in Part 2, Step 1.

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab


7 Display the switch management configuration, by entering the following command:
show management
CLI idle timeout
CLI max number of login attempts
CLI max number of sessions
CLI paging
CLI space-completion
CLI configuration logging
CLI scripting
CLI scripting error mode
CLI persistent mode
Telnet access
SSH access
Total Read Only Communities
Total Read Write Communities
RMON
SNMP access
SNMP Traps
SNMP v1/v2c TrapReceivers
SNMP stats:
SNMP traps:

InPkts 0
Gets
0
Sent
0

:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

Enabled (20 minutes)


2
2
Enabled (this session only)
Disabled (this session only)
Disabled
Disabled (this session only)
Ignore-Error (this session only)
Persistent (this session only)
Enabled (tcp port 23 vr VR-Mgmt)
Access Profile : not set
Disabled (Key invalid, tcp port 22 vr all)
Access Profile : not set
1
1
Disabled
Enabled
Access Profile Name : not set
Enabled
None

OutPkts
0
Errors 0
GetNexts 0
Sets
0
AuthTraps Enabled

AuthErrors 0

8 Notice the configuration changes between this display and the previous for CLI max number of
login attempts, CLI max number of sessions, and Telnet access.
9 Save the configuration to nonvolatile storage, by entering the following command:
save primary
The following displays:
The configuration file primary.cfg already exists.
Do you want to save configuration to primary.cfg and overwrite it? (y/n)

10 Enter y.
The following displays:
Saving configuration ........ done!
Configuration saved to primary.cfg successfully.

11 Log out of the switch, by entering the following command:


logout
The system displays the login prompt.
12 Attempt to log in as the new user created in Part 2, Step 1 above, but use an invalid password (the
current password is null).
Remember that both login names and passwords are case-sensitive.
13 Repeat the login attempt with an invalid password.
After the second failed login attempt, the following message displays:
Login incorrect
Maximum number of login attempts reached!
Account locked out! Please contact the administrator to remove the lock.

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab


14 Log back in using the original admin credentials:
user name: admin
password: <enter>
15 Display the user account information for the switch by entering the following command:
show accounts
The system displays the user account information as shown below:
User Name
Access LoginOK
-------------------------------- ------ ------admin
R/W
2
user
RO
0
ADMIN_X*
R/W
1
(*) - Account locked

Failed
-----0
0
2

16 Clear the lock on the flagged account by entering the following command:
clear account ADMIN_X lockout
17 Restore the number of CLI sessions to 8, by entering the following command:
configure cli max-sessions 8
18 Restore Telnet connections to the all virtual routers, by entering the following command:
configure telnet vr all
19 Display the switch management configuration, by entering the following command:
show management
The following displays:
CLI idle timeout
CLI max number of login attempts
CLI max number of sessions
CLI paging
CLI space-completion
CLI configuration logging
CLI scripting
CLI scripting error mode
CLI persistent mode
Telnet access
SSH access
Total Read Only Communities
Total Read Write Communities
RMON
SNMP access
SNMP Traps
SNMP v1/v2c TrapReceivers
SNMP stats:
SNMP traps:

InPkts 0
Gets
0
Sent
0

:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

Enabled (20 minutes)


2
8
Enabled (this session only)
Disabled (this session only)
Disabled
Disabled (this session only)
Ignore-Error (this session only)
Persistent (this session only)
Enabled (tcp port 23 vr all)
Access Profile : not set
Disabled (Key invalid, tcp port 22 vr all)
Access Profile : not set
1
1
Disabled
Enabled
Access Profile Name : not set
Enabled
None

OutPkts
0
Errors 0
GetNexts 0
Sets
0
AuthTraps Enabled

AuthErrors 0

20 Notice the entries for CLI max number of sessions and Telnet access.
21 Save the configuration to nonvolatile storage, by entering the following command:
save primary

10

ExtremeXOS Operation and Configuration, Rev. 12.1

Initial Switch Configuration Lab


The following displays:

No default configuration database has been selected to boot up the system.


Save configuration will set the new configuration as the default database.
The configuration file primary.cfg already exists.
Do you want to save configuration to primary.cfg and overwrite it? (y/N)

22 Enter y.
The following displays:
Saving configuration ........ done!
Configuration saved to primary.cfg successfully.

23 Log out of the switch, by entering the following command:


logout

ExtremeXOS Operation and Configuration, Rev. 12.1

11

Initial Switch Configuration Lab

12

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Management Lab

Student Objectives
This lab provides you with a hands-on experience configuring the switch for basic IP management and
to transfer configuration files.
At the end of this lab, you will be able to:

Identify ExtremeXOS software, switch boot images, and configuration files.

Save the switch configuration.

Assign an IP address to a VLAN.

Backup the switch configuration.

Upload the current configuration as a command script.

Edit and load command scripts.

Download a software image.

Figure 1: Switch Management Lab

ExtremeXOS Operation and Configuration, Rev. 12.1

13

Switch Management Lab


Refer to the values in Table 1 to configure switch parameters for this lab.

Table 1: Lab Groups and VLAN IP Addresses


Lab Group

Functional Name

Switch Name

VLAN Name

VLAN IP Address

Sales Management

SAM_1

Mgmt

192.168.0.11/24

Executive Staff

EXC_2

Mgmt

192.168.0.12/24

Accounting

ACT_3

Mgmt

192.168.0.13/24

Manufacturing Floor

MFG_4

Mgmt

192.168.0.14/24

Engineering

ENG_5

Mgmt

192.168.0.15/24

Human Resources

HUR_6

Mgmt

192.168.0.16/24

Part 1: Verifying the Switch Status and Configuration


1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF02-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

14

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Management Lab


7 Display the switch status by entering the following command:
show switch
The following is a generic example of the system display:
SysName:
SysLocation:
SysContact:
System MAC:

<Switch Name from Lab #2 Table>

SysHealth check:
Recovery Mode:
System Watchdog:

Enabled (Normal)
All
Enabled

Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:

Wed Feb 20 00:37:24 2008


[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Fri Feb 15 00:00:00 2008
1
None scheduled

Current State:
Image Selected:
Image Booted:
Primary ver:
Secondary ver:

OPERATIONAL
primary
primary
12.1.0.0
12.1.0.0

Config Selected:
Config Booted:

primary.cfg
Factory Default

primary.cfg

Created by ExtremeXOS version 12.1.0.0


99316 bytes saved on Tue Feb 19 16:34:27 2008

support@extremenetworks.com, +1 888 257 3000


NN:NN:NN:NN:NN:NN

8 For your switch, notice the entries for the following parameters: system name, MAC address,
system boot time, software image selected, software image booted, switch configuration selected,
switch configuration booted, and the date the primary configuration was last saved.

Part 2: Configuring IP Access


This exercise shows you how to assign an IP address to the management VLAN and save the
configuration.
1 Display the status of the dedicated management VLAN by entering the following command:
show vlan mgmt

ExtremeXOS Operation and Configuration, Rev. 12.1

15

Switch Management Lab


The following displays:
VLAN Interface with name Mgmt created by user
Admin State:
Enabled
Tagging:
802.1Q Tag 4095
Virtual router: VR-Mgmt
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Flood Rate Limit QosProfile:
None configured
Ports:
1.
(Number of active ports=1)
Untag: Mgmt-port on Mgmt is down

2 Assign an IP address to VLAN Mgmt by entering the following command:


configure vlan mgmt ipaddress 192.168.0.1X/24
Where X is the value assigned to each lab group in Table 1.
Correctly configuring the interface results in the following message being displayed:
IP interface for VLAN Mgmt has been created.

3 Verify the IP address and mask of VLAN Mgmt by entering the following command:
show vlan mgmt
Now the default VLAN configuration displays with the Primary IP address and mask:
VLAN Interface with name Mgmt created by user
Admin State:
Enabled
Tagging:
802.1Q Tag 4095
Virtual router: VR-Mgmt
Primary IP
: 192.168.0.1X/24
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Flood Rate Limit QosProfile:
None configured
Ports:
1.
(Number of active ports=1)
Untag: Mgmt-port on Mgmt is active

4 Use PING to test for IP connectivity between the lab switch and the TFTP server. At the command
prompt, enter the following:
ping vr vr-mgmt 192.168.0.101
5 Notice that, because the mgmt VLAN is not a member of the default virtual router, the virtual router
vr-mgmt must be specified in the command.
6 Display the history of commands for the current session by entering the following command:
history
The command history displays.
7 Use the command recall function by pressing the up arrow key to display the show switch
command again and press the Enter key. The switch management configuration displays.

16

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Management Lab


8 Save the base lab configuration to nonvolatile storage, by entering the following command:
save configuration switch_X
Where X is your lab group number found in Table 1.
If the system informs you that this config already exists and asks if you wish to save it - enter yes.

The configuration file switch_X.cfg already exists.


Do you want to save configuration to switch_X.cfg and overwrite it? (y/N) Yes
Saving configuration on master ......... done!
Configuration saved to switch_X.cfg successfully.

9 Enter n at the following prompt because we do not want to make this the default configuration:
The current selected default configuration database to boot up the system
(Lab_ECF02-X.cfg) is different than the one just saved (switch_X.cfg).
Do you want to make switch_4.cfg the default database? (y/N) No

The following displays:


Default configuration database selection cancelled.

Part 3: Backing Up Configuration Files and


Downloading Images
In this exercise you will use the copy command to back up files and download configuration files from
a TFTP server.
1 Copy the primary configuration file used in the Initial Switch Configuration Lab by entering the
following command:
cp primary.cfg switch_X.cfg
Where X is the value assigned to your group in Table 1.
2 Enter y at the following prompt:
Copy config primary.cfg to config switch_X.cfg on switch? (y/N) Yes

3 Verify the file has been created by entering the following command:
ls

ExtremeXOS Operation and Configuration, Rev. 12.1

17

Switch Management Lab


The following is a sample file list display:
-rw-rw-rw-rw-rw-rw-rw-r--r--rw-r--r--rw-rw-rw-rw-r--r--rw-rw-rw-rw-rw-rw-

1
1
1
1
1
1
1
1

root
root
root
root
root
root
root
root

0
0
0
0
0
0
0
0

136986
117497
1400
2341
114209
67
114231
114231

Jun
Aug
Jul
Jul
Aug
Jul
Aug
Aug

13
20
28
28
8
11
25
28

08:09
09:26
14:20
14:22
08:37
02:44
09:58
11:12

Lab_IGP06-4.cfg
Lab_NTLGN-4.cfg
MFG_4a.xsf
MFG_4b.xsf
TFTPMAN-4.cfg
pim-crp.pol
primary.cfg
switch_X.cfg

4 Rename the test file, by entering the following command:


mv switch_X.cfg newname.cfg
5 Enter y at the following prompt:
Rename config switch_X.cfg to config newname.cfg on switch? (y/N) Yes

6 Verify the file has been created by entering the following command:
ls
The list of files displays:
-rw-rw-rw-rw-rw-rw-rw-r--r--rw-r--r--rw-rw-rw-rw-rw-rw-rw-r--r--rw-rw-rw-

1
1
1
1
1
1
1
1

root
root
root
root
root
root
root
root

0
0
0
0
0
0
0
0

136986
117497
1400
2341
114209
114231
67
114231

Jun
Aug
Jul
Jul
Aug
Aug
Jul
Aug

13
20
28
28
8
28
11
25

08:09
09:26
14:20
14:22
08:37
11:12
02:44
09:58

Lab_IGP06-4.cfg
Lab_NTLGN-4.cfg
MFG_4a.xsf
MFG_4b.xsf
TFTPMAN-4.cfg
newname.cfg
pim-crp.pol
primary.cfg

7 Remove the file by entering the following command:


rm newname.cfg
Enter y at the following prompt:

Remove newname.cfg from switch? (y/n)

8 Verify the file has been removed, by entering the following command:
ls
The list of files displays:
-rw-rw-rw-rw-rw-rw-rw-r--r--rw-r--r--rw-rw-rw-rw-r--r--rw-rw-rw-

18

1
1
1
1
1
1
1

root
root
root
root
root
root
root

0
0
0
0
0
0
0

136986
117497
1400
2341
114209
67
114231

Jun
Aug
Jul
Jul
Aug
Jul
Aug

13
20
28
28
8
11
25

08:09
09:26
14:20
14:22
08:37
02:44
09:58

Lab_IGP06-4.cfg
Lab_NTLGN-4.cfg
MFG_4a.xsf
MFG_4b.xsf
TFTPMAN-4.cfg
pim-crp.pol
primary.cfg

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Management Lab


9 Backup the current configuration to a TFTP server by entering the following command:
tftp 192.168.0.101 -v vr-mgmt -p -l primary.cfg -r upload_X.cfg
The file transfer progress displays:
Uploading upload_X.cfg to 192.168.0.101 ......done!

NOTE
Wait here until the instructor verifies that the configuration file has been successfully copied to the TFTP upload
directory.

10 Upon the instructors direction, download the first image file by entering the following command:
download image 192.168.0.101 summitX450-11.6.4.11.xos vr vr-mgmt secondary
Enter n at the following prompt:
Do you want to install image after downloading? (y - yes, n - no, <cr> - cancel)

The following displays:


Downloading to Switch.....................................................

11 Verify that the secondary software image version is on the switch by entering the following
command:
show switch
12 Install the downloaded image to the secondary image location by entering the following command:
install image summitX450-11.6.4.11.xos secondary
The following displays:
Installing to Switch...............................................................
...................................................................................
...................................................................................

13 Verify the secondary software image version on the switch by entering the following command:
show switch

ExtremeXOS Operation and Configuration, Rev. 12.1

19

Switch Management Lab


The following displays:
SysName:
SysLocation:
SysContact:
System MAC:
System Type:

SAM_1

SysHealth check:
Recovery Mode:
System Watchdog:

Enabled (Normal)
All
Enabled

Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:

Thu Aug 28 14:44:04 2008


[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Thu Aug 28 09:04:44 2008
233
None scheduled
5 hours 39 minutes 20 seconds

Current State:
Image Selected:
Image Booted:
Primary ver:
Secondary ver:

OPERATIONAL
secondary
primary
12.1.1.4
11.6.4.11

support@extremenetworks.com, +1 888 257 3000


00:04:96:27:B7:57
X450a-24t

14 Restore the current image by entering the following command to download the second image file:
download image 192.168.0.101 summitX-12.1.1.4.xos vr vr-mgmt secondary
Enter n at the following prompt:
Do you want to install image after downloading? (y - yes, n - no, <cr> - cancel)

The following displays:


Downloading to Switch...............................................

15 Verify that the secondary software image version is on the switch by entering the following
command:
show switch
16 Install the downloaded image to the secondary image location by entering the following command:
install image summitX-12.1.1.4.xos secondary
The following displays:
Installing to Switch...............................................................
...................................................................................
...................................................................................

17 Verify the secondary software image version on the switch by entering the following command:
show switch

20

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Management Lab


The following displays:
SysName:
SysLocation:
SysContact:
System MAC:
System Type:

SAM_1

SysHealth check:
Recovery Mode:
System Watchdog:

Enabled (Normal)
All
Enabled

Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:

Thu Aug 28 14:44:04 2008


[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Thu Aug 28 09:04:44 2008
233
None scheduled
5 hours 39 minutes 20 seconds

Current State:
Image Selected:
Image Booted:
Primary ver:
Secondary ver:

OPERATIONAL
secondary
primary
12.1.1.4
12.1.1.4

support@extremenetworks.com, +1 888 257 3000


00:04:96:27:B7:57
X450a-24t

Part 4: Editing ASCII-formatted Configuration Files on a


PC
In this exercise you will learn how to edit your configuration files and change your system contact
information.
1 Upload the current configuration in ASCII format to a TFTP server on your network by entering the
following command:
upload configuration 192.168.0.101 DL-switch_X.xsf vr vr-mgmt
Where X is the value assigned to your group in Table 1.
The following displays:
Uploading DL-switch_X.xsf to 192.168.0.101 ... done!

NOTE
The instructor will demonstrate how to use a text editor to edit the configuration and change the system contact
(SysContact) information in an uploaded file.

2 Download a pre-modified configuration file by entering the following command:


tftp get 192.168.0.101 vr vr-mgmt ECF02_test_download.xsf ECF02.xsf

ExtremeXOS Operation and Configuration, Rev. 12.1

21

Switch Management Lab


The following displays:

Downloading ECF02.xsf to switch... done!

3 Show the list of files on the switch and verify that ECF02.xsf is there:
ls
4 Verify the current system contact by entering the following command:
show switch
The following display is an example from Lab Group 1s switch:
SysName:
SysLocation:
SysContact:
System MAC:
System Type:

SAM_1

SysHealth check:
Recovery Mode:
System Watchdog:

Enabled (Normal)
All
Enabled

Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:

Thu Aug 28 14:44:04 2008


[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Thu Aug 28 09:04:44 2008
233
None scheduled
5 hours 39 minutes 20 seconds

Current State:
Image Selected:
Image Booted:
Primary ver:

OPERATIONAL
primary
primary
12.1.1.4

support@extremenetworks.com, +1 888 257 3000


00:04:96:27:B7:57
X450a-24t

5 Load the ASCII-formatted configuration file on the switch, by entering the following command
which is case-sensitive:
load script ECF02.xsf
Commands in the script display. Ignore any error messages.
6 Verify the new system contact by entering the following command:
show switch

22

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Management Lab


The following display is an example from Lab Group 1s switch:
SysName:
SysLocation:
SysContact:
System MAC:
System Type:

SAM_1

SysHealth check:
Recovery Mode:
System Watchdog:

Enabled (Normal)
All
Enabled

Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:

Thu Aug 28 14:21:31 2008


[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Thu Aug 28 09:04:28 2008
547
None scheduled
5 hours 17 minutes 3 seconds

Current State:
Image Selected:
Image Booted:

OPERATIONAL
primary
primary

Extreme Networks tames chaos at the edge!


00:04:96:27:B6:61
X450a-24t

7 Delete the script file by entering the following command:


rm ECF02.xsf
Enter y at the following prompt:
Remove ECF02.xsf from switch? (y/N)

Part 5: Editing ASCII-formatted Configuration Files on


the Switch
1 Create a new command script by entering the following command:
edit script newscript.xsf
2 This will launch the on-switch vi editor. Type i to begin inserting text. Immediately after, enter the
following and use quotes around the functional name:
configure snmp syslocation <functional name>
Where <functional name> is one of the six found posted at the beginning of this lab in Table 1
(Sales Management, Executive Staff, Manufacturing Floor, Accounting, Engineering,
Human Resources).
Press the Esc key to enter vi command mode; then exit and save the file by entering the vi command
:wq
3 Display all the files on the switch to verify the new file was created by entering the following
command:
ls

ExtremeXOS Operation and Configuration, Rev. 12.1

23

Switch Management Lab


The following displays:

-rw-r--r--rw-r--r--rw-rw-rw-

1 root
1 root
1 root

0
0
0

47 Aug 28 14:18 newscript.xsf


67 Jul 11 02:44 pim-crp.pol
114231 Aug 25 09:58 primary.cfg

4 Verify the current system location by entering the following command:


show switch
The following display is an example from Lab Group 1s switch:
SysName:
SysLocation:
SysContact:
System MAC:
System Type:

SAM_1

SysHealth check:
Recovery Mode:
System Watchdog:

Enabled (Normal)
All
Enabled

Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:

Thu Aug 28 14:21:31 2008


[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Thu Aug 28 09:04:28 2008
547
None scheduled
5 hours 17 minutes 3 seconds

Current State:
Image Selected:
Image Booted:

OPERATIONAL
primary
primary

Extreme Networks tames chaos at the edge!


00:04:96:27:B6:61
X450a-24t

5 Load the newscript.xsf script by entering the following command:


load script newscript.xsf
6 Verify the new system location by entering the following command:
show switch

24

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Management Lab


The following display is an example from Lab Group 1s switch:
SysName:
SysLocation:
SysContact:
System MAC:
System Type:

SAM_1
Sales Management
Extreme Networks tames chaos at the edge!
00:04:96:27:B6:61
X450a-24t

SysHealth check:
Recovery Mode:
System Watchdog:

Enabled (Normal)
All
Enabled

Current Time:
Timezone:
Boot Time:
Boot Count:
Next Reboot:
System UpTime:

Thu Aug 28 14:27:28 2008


[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Thu Aug 28 09:04:28 2008
547
None scheduled
5 hours 23 minutes

Current State:
Image Selected:
Image Booted:
Primary ver:

OPERATIONAL
primary
primary
12.1.1.4

7 Delete the script file by entering the following command:


rm newscript.xsf
Enter y at the following prompt:
Remove newscript.xsf from switch? (y/N)

8 Save the configuration to nonvolatile memory by entering the following command:


save primary
Enter y at the following prompt:
Do you want to save configuration to primary.cfg and overwrite it? (y/N) Yes
Saving configuration on master ....... done!
Configuration saved to primary.cfg successfully.

Enter y at the following prompt:

The current selected default configuration database to boot up the system


(Lab_ECF02-X.cfg) is different than the one just saved (primary.cfg).
Do you want to make primary.cfg the default database? (y/N) Yes
The selected configuration will take effect after the next switch reboot.

ExtremeXOS Operation and Configuration, Rev. 12.1

25

Switch Management Lab

Part 6: Accessing the Bootstrap and BootRom Menus


In this exercise you will reboot the switch and access the bootstrap and bootrom menus to load an
alternate image.
1 Reboot the switch by entering the following command:
reboot
2 Enter y at the following prompt:
Are you sure you want to reboot the switch? (y/n)

The following displays:


Sending SIGTERM to all processes.
Sending SIGKILL to all processes.
Please stand by while rebooting the system.

3 While the switch is rebooting, hold down the SPACE key. The switch resets and displays the
following bootstrap prompt:
BootStrap>

4 Enter h to display the help menu:


boot
enable
h
help
?
loader
reboot
rz

boot a loader
enable features
on-line help
on-line help
on-line help
Sets which BootLoader BootStrap will boot
Reboot system (hard reset)
zmodem download

5 Boot the switch by entering the following command:


boot
The following displays:

Starting Default Bootloader ...

6 While the switch is rebooting, hold down the SPACE key. The switch resets and displays the
following bootRom prompt:
BootRom>

26

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Management Lab


7 Enter h to display the help menu:
boot
loader
reboot
rz
show
config
enable
h
help
?
hi
dir
cd
pwd
ping
configip
showip
download

boot an image
Sets which BootLoader BootStrap will boot
Reboot system (hard reset)
zmodem download
display information
select configuration
enable features
on-line help
on-line help
on-line help
display command history
list contents of CF directory
change working CF directory
print working CF directory
ping remote host
configure the bootloader ip address
show the configuration of the bootloader ip address
download an image

8 Boot the switch by entering the following command:


boot
The switch completes a normal boot cycle.

ExtremeXOS Operation and Configuration, Rev. 12.1

27

Switch Management Lab

28

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 1 Configuration Lab

Student Objectives
This lab provides you with hands-on experience to configure physical port parameters, create a
dynamic Link Aggregation group that uses the address-based aggregation algorithm, and enable LLDP.
At the end of this lab, you will be able to:

Configure and test auto-negotiation and port duplexing

Create a dynamic Link Aggregation group that uses the address-based algorithm

Verify the Link Aggregation operation

Enable LLDP

Verify LLDP operation

Figure 1: Layer 1 Configuration Lab

ExtremeXOS Operation and Configuration, Rev. 12.1

29

Layer 1 Configuration Lab


Refer to the values listed in Table 1 to configure switch parameters for this lab.

Table 1: Lab Groups and VLAN IP Addresses


Lab Group

Switch Name

VLAN Name

VLAN IP Address

Lab Group PC IP Address

SAM_1

Default

10.0.1.11/24

10.0.1.21/24

EXC_2

Default

10.0.1.12/24

10.0.1.22/24

ACT_3

Default

10.0.1.13/24

10.0.1.23/24

MFG_4

Default

10.0.1.14/24

10.0.1.24/24

ENG_5

Default

10.0.1.15/24

10.0.1.25/24

HUR_6

Default

10.0.1.16/24

10.0.1.26/24

Part 1: Setting Up for Auto-Negotiation, Half-Duplex,


and Full-Duplex
1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF03-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

30

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 1 Configuration Lab


5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

Part 2: Auto-Negotiation, Half-Duplex, and Full-Duplex


1 Assign your IP address to the Default VLAN by entering the following command:
configure vlan default ipaddress 10.0.1.1X/24
Where X is the address and subnet mask assigned to VLAN Default for your lab group as shown in
Table 1.
2 Enable port 13 by entering the following command:
enable ports 13
3 Use the PING command to verify that the switch can communicate with Core Switch A by entering
the following:
ping 10.0.1.1
The following displays:
Ping(ICMP) 10.0.1.1: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.0.1.1: icmp_seq=0 ttl=255 time=10 ms
16 bytes from 10.0.1.1: icmp_seq=1 ttl=255 time=7.051 ms
16 bytes from 10.0.1.1: icmp_seq=2 ttl=255 time=1.933 ms
16 bytes from 10.0.1.1: icmp_seq=3 ttl=255 time=2.007 ms

4 Turn off auto negotiation, set the speed to 10 Mbps, and set the duplex to half by entering the
following command:
configure port 13 auto off speed 10 duplex half
5 Use the PING command again to test if the switch can still communicate with the upstream switch:
ping 10.0.1.1
The following displays:
Ping(ICMP) 10.0.1.1: 4 packets, 8 data bytes, interval 1 second(s).
44 bytes from 10.0.1.11: icmp_seq=3 Destination Host Unreachable
--- 10.0.1.1 ping statistics --4 packets transmitted, 0 received, 100% loss
round-trip min/avg/max = 0/0/0 ms

6 Turn auto negotiation back on, by entering the following command:


configure port 13 auto on

ExtremeXOS Operation and Configuration, Rev. 12.1

31

Layer 1 Configuration Lab


7 Use the PING command again to see if connectivity to Core Switch A has been restored:
ping 10.0.1.1
The following displays:
Ping(ICMP) 10.0.1.1: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.0.1.1: icmp_seq=0 ttl=255 time=7.494 ms
16 bytes from 10.0.1.1: icmp_seq=1 ttl=255 time=1.811 ms
16 bytes from 10.0.1.1: icmp_seq=2 ttl=255 time=6.866 ms
16 bytes from 10.0.1.1: icmp_seq=3 ttl=255 time=6.970 ms
--- 10.0.1.1 ping statistics --4 packets transmitted, 4 received, 0% loss
round-trip min/avg/max = 1/5/7 ms

32

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 1 Configuration Lab

Part 3: Configuring the Client Workstation and Testing


the Default Gateway
The following instructions will guide you in setting up the client workstation. If your RD-X connection
to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility:

2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

ExtremeXOS Operation and Configuration, Rev. 12.1

33

Layer 1 Configuration Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

34

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 1 Configuration Lab


7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF03-X batch file, where X is your lab group number assigned in Table 1

This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:

8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

ExtremeXOS Operation and Configuration, Rev. 12.1

35

Layer 1 Configuration Lab


9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:

Notice that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC.

36

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 1 Configuration Lab

Part 4: Configuring Dynamic Address-based Load


Sharing
In this exercise you will create a dynamic link aggregation group and verify that dynamic load sharing
is configured and operating correctly.
1 Wait until the instructor has loaded the config file for this part of the lab before proceeding.
2 On instructors direction enable switch port 24, the port connected to the lab PC, by entering the
following command:
enable ports 24
3 Open a DOS window on the Lab Group PC and use the PING command to verify that the PC can
communicate with the lab switch by entering the following:
ping 10.0.1.1X
Where X is your lab group number found in Table 1.
The following displays:
Pinging 10.0.1.1X with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.0.1.1X:
10.0.1.1X:
10.0.1.1X:
10.0.1.1X:

bytes=32
bytes=32
bytes=32
bytes=32

time=2ms
time<1ms
time<1ms
time<1ms

TTL=255
TTL=255
TTL=255
TTL=255

4 To create a port share group with only port 13 as a member, enter the following command:
enable sharing 13 grouping 13 algorithm address-based L3_L4 lacp
The options after the algorithm parameter above specify that the link aggregation control protocol is
used to manage the port group.
The following displays:
Warning: Any config on the master port is lost (STP, IGMP Filter, IGMP Static Group,
MAC-Security, etc. etc.)

5 Configure the LACP priority by entering the following command:


configure sharing 13 lacp system-priority X
Where X is your lab group number found in Table 1.
6 Enable port 15 by entering the following command:
enable ports 15
7 Add port 15 to the link aggregation group by entering the following command:
configure sharing 13 add ports 15

ExtremeXOS Operation and Configuration, Rev. 12.1

37

Layer 1 Configuration Lab


8 Verify that the load share group is up and enabled by entering the following command:
show lacp
The following displays, notice that LACP is Up and Enabled (MAC addresses will vary):
LACP Up
LACP Enabled
System MAC
LACP PDUs dropped on non-LACP ports

:
:
:
:

Yes
Yes
00:04:96:27:b6:49
1145

Lag

Actor
Actor
Partner
Partner Partner Agg
Sys-Pri Key
MAC
Sys-Pri Key
Count
-------------------------------------------------------------------------------13
X 0x03f5 00:04:96:27:bc:ce
X 0x03e9
2
================================================================================

9 Verify the dynamic link aggregation configuration by entering the following command:
show lacp lag 13
The following displays:
Lag

Actor
Actor
Partner
Partner Partner Agg
Sys-Pri Key
MAC
Sys-Pri Key
Count
-------------------------------------------------------------------------------13
X 0x03f5 00:04:96:27:bc:ce
X 0x03e9
2
Port list:
Member
Port
Rx
Sel
Mux
Actor
Partner
Port
Priority State
Logic
State
Flags
Port
-------------------------------------------------------------------------------13
0
Current
Selected
Collect-Dist
A-GSCD-- 100X
15
0
Current
Selected
Collect-Dist
A-GSCD-- 101X
================================================================================
Actor Flags: A-Activity, T-Timeout, G-Aggregation, S-Synchronization
C-Collecting, D-Distributing, F-Defaulted, E-Expired

10 Verify the identity of the load sharing master port by entering the following command:
show ports configuration no-refresh

38

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 1 Configuration Lab


The following displays, notice the settings for ports 13, 15, and 24:
Port Configuration
Port
Virtual
Port Link Auto
Speed
Duplex
Flow Load
Media
router
State State Neg Cfg Actual Cfg Actual Cntrl Master Pri Red
================================================================================
1
VR-Default D
R
ON AUTO
AUTO
UTP
2
VR-Default D
R
ON AUTO
AUTO
UTP
3
VR-Default D
R
ON AUTO
AUTO
UTP
4
VR-Default D
R
ON AUTO
AUTO
UTP
5
VR-Default D
R
ON AUTO
AUTO
UTP
6
VR-Default D
R
ON AUTO
AUTO
UTP
7
VR-Default D
R
ON AUTO
AUTO
UTP
8
VR-Default D
R
ON AUTO
AUTO
UTP
9
VR-Default D
R
ON AUTO
AUTO
UTP
10
VR-Default D
R
ON AUTO
AUTO
UTP
11
VR-Default D
R
ON AUTO
AUTO
UTP
12
VR-Default D
R
ON AUTO
AUTO
UTP
13
VR-Default E
A
ON AUTO 1000 AUTO FULL
SYM
13 UTP
14
VR-Default D
R
ON AUTO
AUTO
UTP
15
VR-Default E
A
ON AUTO 1000 AUTO FULL
SYM
13 UTP
16
VR-Default D
R
ON AUTO
AUTO
UTP
17
VR-Default D
R
ON AUTO
AUTO
UTP
18
VR-Default D
R
ON AUTO
AUTO
UTP
19
VR-Default D
R
ON AUTO
AUTO
UTP
20
VR-Default D
R
ON AUTO
AUTO
UTP
21
VR-Default D
R
ON AUTO
AUTO
NONE UTP
22
VR-Default D
R
ON AUTO
AUTO
NONE UTP
23
VR-Default D
R
ON AUTO
AUTO
NONE UTP
24
VR-Default E
A
ON AUTO
100 AUTO FULL
SYM
UTP NONE
25
VR-Default D
NP
OFF 10000
FULL
NONE
26
VR-Default D
NP
OFF 10000
FULL
NONE
================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active R-Ready NP- Port not present L-Loopback
Port State: D-Disabled, E-Enabled
Media: !-Unsupported Optic Module
Media Red: * - use "show port info detail" for redundant media type

11 Verify the load sharing trunk configuration by entering the following command:
show ports sharing
The following displays:
Load Sharing Monitor
Config
Current
Agg
Ld Share
Ld Share Agg
Link
Link Up
Master
Master
Control
Algorithm
Group
Mbr
State
transitions
==============================================================================
13
13
LACP
L3_L4
13
Y
A
6
L3_L4
15
Y
A
1
==============================================================================
Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback
Load Sharing Algorithm: (L2) Layer 2 address based, (L3_L4) Layer 3 address and Layer
4 port based
Note: Layer 4 ports are not used for distribution for traffic ingressing
ports on X450-24t and X450-24x switches.
Default algorithm: L2
Number of load sharing trunks: 1

ExtremeXOS Operation and Configuration, Rev. 12.1

39

Layer 1 Configuration Lab


12 Verify the link aggregation activity by entering the following command:
show lacp counters
The following displays:
LACP
LACP
LACP
LACP
LACP

PDUs
Bulk
Bulk
PDUs
PDUs

dropped on non-LACP ports


checkpointed msgs sent
checkpointed msgs recv
checkpointed sent
checkpointed recv

:
:
:
:
:

1145
0
0
0
0

Lag
Member
Rx
Rx Drop Rx Drop Rx Drop Tx
Tx
Group
Port
Ok
PDU Err Not Up
Same MAC Sent Ok Xmit Err
-------------------------------------------------------------------------------13
13
36
0
0
0
36
0
15
33
0
0
0
34
0
================================================================================

13 From the Lab Group PC, open a command prompt window and use the following command to
generate a continuous stream of ping packets to Core Switch B:
ping t 10.0.1.2
The following displays:
Pinging 10.0.1.2 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.0.1.2:
10.0.1.2:
10.0.1.2:
10.0.1.2:

bytes=32
bytes=32
bytes=32
bytes=32

time<1ms
time<1ms
time<1ms
time<1ms

TTL=255
TTL=255
TTL=255
TTL=255

14 From the Lab Group PC, open a second command prompt window and use the following command to
generate a continuous stream of ping packets to Core Switch A:
ping t 10.0.1.1
The following displays:
Pinging 10.0.1.1 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.0.1.1:
10.0.1.1:
10.0.1.1:
10.0.1.1:

bytes=32
bytes=32
bytes=32
bytes=32

time<1ms
time<1ms
time<1ms
time<1ms

TTL=255
TTL=255
TTL=255
TTL=255

15 On the switch, display the port activity by entering the following command:
show ports stat

40

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 1 Configuration Lab


16 Press the 0 key to clear the table.
The following displays:

Port Statistics
Mon Aug 11 17:05:00 2008
Port
Link
Tx Pkt
Tx Byte
Rx Pkt
Rx Byte Rx Pkt Rx Pkt
State
Count
Count
Count
Count
Bcast Mcast
================================================================================
1
R
0
0
0
0
0
0
2
R
0
0
0
0
0
0
3
R
0
0
0
0
0
0
4
R
0
0
0
0
0
0
5
R
0
0
0
0
0
0
6
R
0
0
0
0
0
0
7
R
0
0
0
0
0
0
8
R
0
0
0
0
0
0
9
R
0
0
0
0
0
0
10
R
0
0
0
0
0
0
11
R
0
0
0
0
0
0
12
R
0
0
0
0
0
0
13
A
0
0
0
0
0
0
14
R
0
0
0
0
0
0
15
A
0
0
0
0
0
0
16
R
0
0
0
0
0
0
================================================================================
Link State: A-Active, R-Ready, NP-Port Not Present L-Loopback 0->Clear Counters
U->page up D->page down ESC->exit

17 Monitor the activity for ports 13 and 15 over a period of time to verify that the ping traffic is being
distributed across the aggregated ports. If configured correctly, the results look similar to this:
Port Statistics
Mon Aug 11 17:05:00 2008
Port
Link
Tx Pkt
Tx Byte
Rx Pkt
Rx Byte Rx Pkt Rx Pkt
State
Count
Count
Count
Count
Bcast Mcast
================================================================================
1
R
0
0
0
0
0
0
2
R
0
0
0
0
0
0
3
R
0
0
0
0
0
0
4
R
0
0
0
0
0
0
5
R
0
0
0
0
0
0
6
R
0
0
0
0
0
0
7
R
0
0
0
0
0
0
8
R
0
0
0
0
0
0
9
R
0
0
0
0
0
0
10
R
0
0
0
0
0
0
11
R
0
0
0
0
0
0
12
R
0
0
0
0
0
0
13
A
89
7340
97
8485
0
11
14
R
0
0
0
0
0
0
15
A
87
7276
92
8168
0
6
16
R
0
0
0
0
0
0
================================================================================
Link State: A-Active, R-Ready, NP-Port Not Present L-Loopback 0->Clear Counters
U->page up D->page down ESC->exit

ExtremeXOS Operation and Configuration, Rev. 12.1

41

Layer 1 Configuration Lab


18 Press the Esc key. Verify that the configured load sharing algorithm operates correctly by entering
the following command:
show ports info
The following displays, notice the settings for ports 13 and 15 below:
Port

Flags

Link
Link Num Num Num
Jumbo QOS
Load
State
ELSM UPS STP VLAN Proto Size profile Master
=================================================================================
1
Dm------e--fMB- ready
0
0
0
0
9216 none
2
Dm------e--fMB- ready
0
0
0
0
9216 none
3
Dm------e--fMB- ready
0
0
0
0
9216 none
4
Dm------e--fMB- ready
0
0
0
0
9216 none
5
Dm------e--fMB- ready
0
0
0
0
9216 none
6
Dm------e--fMB- ready
0
0
0
0
9216 none
7
Dm------e--fMB- ready
0
0
0
0
9216 none
8
Dm------e--fMB- ready
0
0
0
0
9216 none
9
Dm------e--fMB- ready
0
0
0
0
9216 none
10
Dm------e--fMB- ready
0
0
0
0
9216 none
11
Dm------e--fMB- ready
0
0
0
0
9216 none
12
Dm------e--fMB- ready
0
0
0
0
9216 none
13
Em-la---e--fMB- active
0
1
1
1
9216 none
13 a
14
Dm------e--fMB- ready
0
0
0
0
9216 none
15
Em-la---e--fMB- active
0
1
1
1
9216 none
13 a
16
Dm------e--fMB- ready
0
0
0
0
9216 none
17
Dm------e--fMB- ready
0
0
0
0
9216 none
18
Dm------e--fMB- ready
0
0
0
0
9216 none
19
Dm------e--fMB- ready
0
0
0
0
9216 none
20
Dm------e--fMB- ready
0
0
0
0
9216 none
21
Dm------e--fMB- ready
0
0
0
0
9216 none
22
Dm------e--fMB- ready
0
0
0
0
9216 none
23
Dm------e--fMB- ready
0
0
0
0
9216 none
24
Em------e--fMB- active
0
1
1
1
9216 none
25
Dm------e--fMB- NotPresent 0
0
0
0
9216 none
26
Dm------e--fMB- NotPresent 0
0
0
0
9216 none
===================================================================================
Flags : a - Load Sharing Algorithm address-based, D - Port Disabled,
e - Extreme Discovery Protocol Enabled, E - Port Enabled,
l - Load Sharing Enabled, m - MACLearning Enabled, f - Unicast Flooding
Enabled,M - Multicast Flooding Enabled, B - Broadcast Flooding Enabled

19 Notice that the ports in the load share group are flagged to use address-based load sharing.
20 Verify all lacp-related configuration parameters by displaying the section of the configuration file
related to lacp by entering the following command:
show configuration lacp
The following displays:
#
# Module lacp configuration.
#
configure sharing 13 lacp system-priority X

42

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 1 Configuration Lab

Part 5: Enabling the Link-Layer Discovery Protocol


In this exercise you will enable ports to receive Link-Layer Discovery Protocol (LLDP) information,
advertise their own system information, and verify that each is configured correctly.
1 Enable LLDP on port 13 by entering the following command:
enable lldp ports 13
2 Verify the LLDP configuration by entering the following command:
show lldp port 13 detailed
The following displays:
LLDP transmit interval
LLDP transmit hold multiplier
LLDP transmit delay
LLDP SNMP notification interval
LLDP reinitialize delay
LLDP-MED fast start repeat count

:
:
:
:
:
:

30 seconds
4 (used TTL = 120 seconds)
2 seconds
5 seconds
2 seconds
3

LLDP Port Configuration:


Port

Rx
Tx
SNMP
Optional enabled transmit TLVs
Mode
Mode
Notification LLDP
802.1 802.3 MED
AvEx
============================================================================
13
Enabled
Enabled
---D-- --------- ---VLAN: Default
----- --------- ---============================================================================
Notification: (L) lldpRemTablesChange, (M) lldpXMedTopologyChangeDetected
LLDP Flags : (P) Port Description, (N) System Name, (D) System Description
(C) System Capabilities, (M) Mgmt Address
802.1 Flags : (P) Port VLAN ID, (p) Port & Protocol VLAN ID, (N) VLAN Name
802.3 Flags : (M) MAC/PHY Configuration/Status, (P) Power via MDI
(L) Link Aggregation, (F) Frame Size
MED Flags
: (C) MED Capabilities, (P) Network Policy,
(L) Location Identification, (p) Extended Power-via-MDI
AvEx Flags : (P) PoE Conservation Request, (C) Call Server, (F) File Server
(Q) 802.1Q Framing

3 Enable the advertisement of the system name by entering the following command:
configure lldp ports 13 advertise system-name
4 Verify the LLDP advertisement of the system name, by entering the following command:
show lldp port 13 detailed

ExtremeXOS Operation and Configuration, Rev. 12.1

43

Layer 1 Configuration Lab


The following displays:
LLDP transmit interval
LLDP transmit hold multiplier
LLDP transmit delay
LLDP SNMP notification interval
LLDP reinitialize delay
LLDP-MED fast start repeat count

:
:
:
:
:
:

30 seconds
4 (used TTL = 120 seconds)
2 seconds
5 seconds
2 seconds
3

LLDP Port Configuration:


Port

Rx
Tx
SNMP
Optional enabled transmit TLVs
Mode
Mode
Notification LLDP
802.1 802.3 MED
AvEx
============================================================================
13
Enabled
Enabled
--ND-- --------- ---VLAN: Default
----- --------- ---============================================================================
Notification: (L) lldpRemTablesChange, (M) lldpXMedTopologyChangeDetected
LLDP Flags : (P) Port Description, (N) System Name, (D) System Description
(C) System Capabilities, (M) Mgmt Address
802.1 Flags : (P) Port VLAN ID, (p) Port & Protocol VLAN ID, (N) VLAN Name
802.3 Flags : (M) MAC/PHY Configuration/Status, (P) Power via MDI
(L) Link Aggregation, (F) Frame Size
MED Flags
: (C) MED Capabilities, (P) Network Policy,
(L) Location Identification, (p) Extended Power-via-MDI
AvEx Flags : (P) PoE Conservation Request, (C) Call Server, (F) File Server
(Q) 802.1Q Framing

5 Verify the LLDP neighbor information, by entering the following command:


show lldp neighbor detailed
The following displays:

----------------------------------------------------------------------------LLDP Port 13 detected 1 neighbor


Neighbor: 00:04:96:27:BC:CE/1, age 11 seconds
- Chassis ID type: MAC address (4)
Chassis ID
: 00:04:96:27:BC:CE
- Port ID type: ifName (5)
Port ID
: "1"
- Time To Live: 120 seconds
- System Name: "CS-A"
- System Description: "ExtremeXOS version 12.1.1.4 v1211b4 by release-ma\
nager on Tue Apr 29 17:46:58 PDT 2008"

44

ExtremeXOS Operation and Configuration, Rev. 12.1

Configuring a Stacked Switch Demonstration

Overview
You will watch a short presentation on how to set up and configure a stacked switch using
SummitStack.
Your instructor will add information and answer questions throughout the presentation.

ExtremeXOS Operation and Configuration, Rev. 12.1

45

Configuring a Stacked Switch Demonstration

46

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 2 Forwarding Lab

Student Objectives
This lab provides you with hands-on experience to create FDB entries, enable and verify the locklearning feature, and enable and verify the limit-learning feature.
At the end of this lab, you will be able to:

Populate, display, and interpret the FDB table.

Enable the lock-learning feature.

Test the operation of the lock-learning feature.

Enable the limit-learning feature.

Test the operation of the limit-learning feature.

Figure 1: Layer 2 Forwarding Lab

ExtremeXOS Operation and Configuration, Rev. 12.1

47

Layer 2 Forwarding Lab


Refer to the values list in Table 1to configure switch parameters for this lab.

Table 1: Lab Groups and VLAN IP Addresses


Lab Group Number

Switch Name

VLAN Name

VLAN IP Address

Functional Name
Sales Management

SAM_1

Default

10.0.1.11/24

Executive Staff

EXC_2

Default

10.0.1.12/24

Accounting

ACT_3

Default

10.0.1.13/24

Manufacturing Floor

MFG_4

Default

10.0.1.14/24

Engineering

ENG_5

Default

10.0.1.15/24

Human Resources

HUR_6

Default

10.0.1.16/24

Part 1: Setting Up for Populating the Forwarding


Database
1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF04-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

48

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 2 Forwarding Lab


6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

Part 2: Populating the Forwarding Database


In this exercise you will populate the forwarding database and verify that it is correctly configured.
1 On the switch, use the PING command to verify that the switch can communicate with Core Switch
A by entering the following:
ping 10.0.1.1
2 Use the PING command to verify that the switch can communicate with each of the configured
neighbor lab groups switches by entering the following:
ping <neighbor VLAN IP address>
Example:
ping 10.0.1.1X
Where X is each neighbor lab group number in Table 1.
The following is the ping reply for the neighbor with the vlan ip address 10.0.1.12:
Ping(ICMP) 10.0.1.12: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.0.1.12: icmp_seq=0 ttl=255 time=2.940 ms
16 bytes from 10.0.1.12: icmp_seq=1 ttl=255 time=6.312 ms
16 bytes from 10.0.1.12: icmp_seq=2 ttl=255 time=7.023 ms
16 bytes from 10.0.1.12: icmp_seq=3 ttl=255 time=2.003 ms
--- 10.0.1.12 ping statistics --4 packets transmitted, 4 received, 0% loss
round-trip min/avg/max = 2/4/7 ms

3 Display the layer 2 forwarding database by entering the following command:


show fdb
The following display is an example from Lab Group 1s switch:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
Default(0001) 0024 d m
13
00:04:96:27:b7:57
Default(0001) 0009 d m
13
00:04:96:27:bc:ce
Default(0001) 0001 d m
13
00:04:96:27:bd:0b
Default(0001) 0032 d m
13
00:04:96:34:cb:5c
Default(0001) 0007 d m
13
00:04:96:34:cb:64
Default(0001) 0004 d m
13
Flags : d
x
b
D

Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,


IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
drop packet.

Total: 6 Static: 0 Perm: 0


FDB Aging time: 300

Dyn: 6

Dropped: 0

ExtremeXOS Operation and Configuration, Rev. 12.1

Locked: 0

Locked with Timeout: 0

49

Layer 2 Forwarding Lab


4 Notice that all entries appear in the VLAN Default and are flagged as dynamically-learned MAC
addresses.
5 Display the switchs IP ARP table by entering the following command:
show iparp
The following display is an example from Lab Group 1s switch:
VR
VR-Default
VR-Default
VR-Default
VR-Default
VR-Default
VR-Default

Destination
10.0.1.1
10.0.1.12
10.0.1.13
10.0.1.14
10.0.1.15
10.0.1.16

Dynamic Entries
Pending Entries
In Request
Out Request
Failed Requests
Proxy Answered
Rx Error
Rejected Count
Rejected Port

:
:
:
:
:
:
:
:
:

Max ARP entries :


ARP address check:
Timeout
:

Mac
00:04:96:27:bc:ce
00:04:96:27:bd:0b
00:04:96:27:b7:57
00:04:96:27:b6:61
00:04:96:34:cb:64
00:04:96:34:cb:5c
6
0
26
25
2
0
0

4096
Enabled
20 minutes

Age
1
1
1
1
1
1

Static
NO
NO
NO
NO
NO
NO

VLAN
Default
Default
Default
Default
Default
Default

VID
1
1
1
1
1
1

Port
13
13
13
13
13
13

Static Entries

In Response
Out Response

:
:

13
5

Dup IP Addr
Rejected IP
Rejected I/F

:
:
:

0.0.0.0

Max ARP pending entries


ARP refresh

:
:

256
Enabled

6 Use the IP/MAC address pairs in the IP ARP table to determine which MAC address belongs to
which lab group.

50

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 2 Forwarding Lab

Part 3: Locking Learning


In this exercise you will clear the forwarding database (FDB) of all entries, repopulate the FDB, lock the
addresses that have been learned, and verify that this each command has been executed correctly.
1 Clear the forwarding database of all dynamic entries by entering the following command:
clear fdb
2 Verify that the FDB is clear by entering the following:
show fdb
The following displays:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------Flags : d
x
b
D

Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,


IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
drop packet.

Total: 0 Static: 0 Perm: 0


FDB Aging time: 300

Dyn: 0

Dropped: 0

Locked: 0

Locked with Timeout: 0

NOTE
Depending upon network activity, the fbd table may contain entries even though you issued the clear fdb command.
This is due to the fact that some devices on the network transmitted packets between the time you cleared the fdb
and subsequently displayed it.

3 Use the PING command to re-populate the FDB with the MAC address of Core Switch A:
ping 10.0.1.1

NOTE
Your switch may have already repopulated the fbd due to other students or network activities.

The following displays:


Ping(ICMP) 10.0.1.1: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.0.1.1: icmp_seq=0 ttl=255 time=9.190 ms
16 bytes from 10.0.1.1: icmp_seq=1 ttl=255 time=7.129 ms
16 bytes from 10.0.1.1: icmp_seq=2 ttl=255 time=7.359 ms
16 bytes from 10.0.1.1: icmp_seq=3 ttl=255 time=1.996 ms
--- 10.0.1.1 ping statistics --4 packets transmitted, 4 received, 0% loss
round-trip min/avg/max = 1/6/9 ms

4 Verify that only the Core Switch A MAC address is in the FDB by entering the following:
show fdb

ExtremeXOS Operation and Configuration, Rev. 12.1

51

Layer 2 Forwarding Lab


The following display is an example from Lab Group 1s switch:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:bc:ce
Default(0001) 0003 d m
13
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,
x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
D - drop packet.
Total: 1 Static: 0 Perm: 0 Dyn: 1 Dropped: 0 Locked: 0 Locked with Timeout: 0
FDB Aging time: 300

5 Clear the fdb again and the lock the MAC address learned on port 13 by entering the following:
clear fdb
ping 10.0.1.1
configure ports 13 vlan default lock-learning

NOTE
In order to minimize the number of entries that find their way into the fdb, we recommend that you cut and paste
the three commands above into the cli interface on the switch. However, even if you take this precaution, you may
find that the locking feature captures more then just the MAC address of Core Switch A.

6 Verify the configuration by entering the following command:


show vlan default security
The following displays for port 13 and port 24:

Port
13
24

Limit
State
Unlimited Locked
Unlimited Unlocked

Learned
0
0

Blackholed
5
0

Locked
1
0

NOTE
In the example above, notice that 5 MAC addresses are designated as Blackhole entries. Any MAC addresses seen
after the lock is activated will be blackholed.

7 Verify that the permanent entry and lock learning flags are set for port 13 by entering the following
command:
show fdb

52

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 2 Forwarding Lab


The following is an example display from Lab Group 1s switch:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b7:57
Default(0001) 0021 d m Bb
13
00:04:96:27:bc:ce
Default(0001) 0000 spm
l
13
00:04:96:34:cb:5c
Default(0001) 0021 d m Bb
13
Flags : d
x
b
D

Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,


IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
drop packet.

Total: 3 Static: 1 Perm: 1


FDB Aging time: 300
FDB VPLS Aging time: 300

Dyn: 2

Dropped: 0

Locked: 1

Locked with Timeout: 0

8 Use the PING command to try to communicate with each of the configured neighbor lab groups
switches by entering the following:
ping <neighbor VLAN IP address>
Example:
ping 10.0.1.1X
Where X is each neighbor lab group number in Table 1.
The following displays the ping reply, Destination Host Unreachable, when Lab Group 1 pings the
neighbor with the VLAN IP address 10.0.1.12:

Ping(ICMP) 10.0.1.12: 4 packets, 8 data bytes, interval 1 second(s).


44 bytes from 10.0.1.11: icmp_seq=3 Destination Host Unreachable
--- 10.0.1.12 ping statistics --4 packets transmitted, 0 received, 100% loss
round-trip min/avg/max = 0/0/0 ms

NOTE
All ping attempts to neighboring switches should fail. However, this is dependent upon the entries in the fdb table.

9 Display the forwarding database by entering the following command:


show fdb

ExtremeXOS Operation and Configuration, Rev. 12.1

53

Layer 2 Forwarding Lab


The following display is an example from Lab Group 1s switch:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
Default(0001) 0274 d m Bb
13
00:04:96:27:b7:57
Default(0001) 0018 d m Bb
13
00:04:96:27:bc:ce
Default(0001) 0000 spm
l
13
00:04:96:27:bd:0b
Default(0001) 0298 d m Bb
13
00:04:96:34:cb:5c
Default(0001) 0043 d m Bb
13
00:04:96:34:cb:64
Default(0001) 0297 d m Bb
13
Flags : d
x
b
D

Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,


IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
drop packet.

Total: 6 Static: 1 Perm: 1


FDB Aging time: 300
FDB VPLS Aging time: 300

Dyn: 5

Dropped: 0

Locked: 1

Locked with Timeout: 0

10 Notice in the example above, that the MAC addresses for all 5 neighbor switches have been flagged
as Blackhole for both ingress and egress. Your fdb table may vary slightly from this example.
11 Remove MAC address lock down by entering the following command:
configure ports 13 vlan default unlock-learning
12 Show the forwarding database and verify that the lockdown has been removed by entering the
following command:
show fdb
The following displays:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------Flags : d
x
b
D

Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,


IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
drop packet.

Total: 0 Static: 0 Perm: 0


FDB Aging time: 300
FDB VPLS Aging time: 300

Dyn: 0

Dropped: 0

Locked: 0

Locked with Timeout: 0

13 Notice that unlocking learning will clear the FDB of all entries.

54

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 2 Forwarding Lab

Part 4: Limiting Learning


In this exercise you will clear the forwarding data base entries and configure selected ports to limit
learning. You will confirm that limit learning is operating correctly and then remove the limits you
previously set.
1 Clear the forwarding database of all dynamic entries by entering the following command:
clear fdb
2 Confirm that the FDB is clear by entering the following:
show fdb
The following is an example of a typical display:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------Flags : d
x
b
D

Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,


IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
drop packet.

Total: 0 Static: 0 Perm: 0


FDB Aging time: 300
FDB VPLS Aging time: 300

Dyn: 0

Dropped: 0

Locked: 0

Locked with Timeout: 0

NOTE
Depending upon network activity you may have entries quickly repopulate even after you clear the fdb.

3 Limit the MAC address learning on port 13 to three entries by entering the following commands:
clear fdb
configure ports 13 vlan default limit-learning 3
4 Verify the configuration by entering the following command:
show vlan default security
The following displays:
Port
13
24

Limit
State
3
Unlocked
Unlimited Unlocked

Learned
0
0

Blackholed
0
0

Locked
0
0

5 Display the MAC security information for the specified port by entering the following command:
show ports 13 information detail

ExtremeXOS Operation and Configuration, Rev. 12.1

55

Layer 2 Forwarding Lab


The following displays:
Port:

13
Virtual-router: VR-Default
Type:
UTP
Random Early drop:
Unsupported
Admin state:
Enabled with auto-speed sensing
ELSM Link State:
Up
Link State:
Active, 1Gbps, full-duplex
Link Counter: Up
2 time(s)
VLAN cfg:

auto-duplex

Name: Default, Internal Tag = 1, MAC-limit = 3,Action = blackhole,Virtual router: VR-Default

6 Use the PING command to try to communicate with each of the configured neighbor lab groups
switches and Core Switch A. Because the neighbor lab groups may be performing this same step
simultaneously or even before you, three or fewer PINGs may actually work. Enter the following:
ping <neighbor VLAN IP address>
Example:
ping 10.0.1.1X
Where X is each neighbor lab group number in Table 1.
7 Confirm which MAC addresses were permitted and which were blocked by displaying the
forwarding database with the following command:
show fdb
The following is an example display from Lab Group 1s switch:

Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
Default(0001) 0020 d m
13
00:04:96:27:b7:57
Default(0001) 0061 d m Bb
13
00:04:96:27:bc:ce
Default(0001) 0076 d m Bb
13
00:04:96:27:bd:0b
Default(0001) 0020 d m
13
00:04:96:34:cb:5c
Default(0001) 0020 d m
13
00:04:96:34:cb:64
Default(0001) 0079 d m Bb
13
Flags : d
x
b
D

Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,


IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
drop packet.

Total: 6 Static: 0 Perm: 0


FDB Aging time: 300
FDB VPLS Aging time: 300

Dyn: 6

Dropped: 0

Locked: 0

Locked with Timeout: 0

8 Notice that the MAC addresses for 2 neighbor switches and Core Switch A have been flagged as
Blackhole for both ingress and egress in the example above.
9 Remove the limit learning on the port by entering the following command:
configure ports 13 vlan default unlimited-learning

56

ExtremeXOS Operation and Configuration, Rev. 12.1

Layer 2 Forwarding Lab

Part 5: Enabling Extreme Link Status Monitoring


In this exercise you will enable Extreme Link Status Monitoring (ELSM) on selected ports, verify that it
is operating correctly. You will observe link state changes during a core switch reboot.
1 Enable Extreme Link Status Monitoring (ELSM) on the port connecting to the other switches by
entering the following command:
enable elsm ports 13
2 Verify the status of the port with ELSM enabled by entering the following command:
show elsm ports 13
The following displays:
ELSM Info Port 13
Link State
ELSM Link State
ELSM State
Hello Transmit State
Hello Time
Hold Threshold
UpTimer Threshold
Auto Restart
Down Timeout
Up Timeout
Rx Hello+
Rx HelloTx Hello+
Tx HelloELSM Up/Down Count

:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

Active
Up
Up
HelloRx(+)
1 sec
2
6
Enabled
4.0 sec
6.0 sec
19496
1
19497
0
UP: 0
DOWN: 0

3 Notice both the Link State and the ELSM Link State for this port.

NOTE
Wait here while Core Switch A is rebooted to simulate link state change.

4 Wait until the instructor gives the class direction to move forward.
5 While Core Switch A is rebooting, re-verify the status of the port by entering the following
command:
show elsm ports 13

ExtremeXOS Operation and Configuration, Rev. 12.1

57

Layer 2 Forwarding Lab


While the switch is rebooting the system will eventually display the following:
ELSM Info Port 13
Link State
ELSM Link State
ELSM State
Hello Transmit State
Hello Time
Hold Threshold
UpTimer Threshold
Auto Restart
Down Timeout
Up Timeout
Rx Hello+
Rx HelloTx Hello+
Tx HelloELSM Up/Down Count

:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

Ready
Down
Down
HelloRx(-)
1 sec
2
6
Enabled
4.0 sec
6.0 sec
19588
1
19589
0
UP: 0
DOWN: 1

6 Notice the changes to the port Link State, ELSM Link State, ELSM State, Hello Transmit State, and
ELSM Up/Down Count.
7 After the switch has fully re-booted, verify the status of the port by entering the following command
again:
show elsm ports 13
When the link stabilizes, the following displays:

ELSM Info Port 13


Link State
ELSM Link State
ELSM State
Hello Transmit State
Hello Time
Hold Threshold
UpTimer Threshold
Auto Restart
Down Timeout
Up Timeout
Rx Hello+
Rx HelloTx Hello+
Tx HelloELSM Up/Down Count

:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

Active
Up
Up
HelloRx(+)
1 sec
2
6
Enabled
4.0 sec
6.0 sec
19593
1
19593
1
UP: 1
DOWN: 1

8 Notice again, the changes to the port Link State, ELSM Link State, ELSM State, Hello Transmit
State, and ELSM Up/Down Count.

58

ExtremeXOS Operation and Configuration, Rev. 12.1

Port-based VLAN Configuration Lab

Student Objectives
A common approach to deploying Voice-Over-IP on a converged network is to configure a single,
layer 2 broadcast domain (VLAN) dedicated to the voice-enabled devices (phones, call managers, call
gateways, etc.).
This lab provides you with hands-on experience to create port-based VLANs, add ports to the VLANs,
and extend the VLANs across multiple switches.
At the end of this lab, you will be able to:

Create one port-based VLAN

Add ports to the VLAN

Interconnect the VLAN across multiple switches

Figure 1: Port-based VLAN Configuration Lab

ExtremeXOS Operation and Configuration, Rev. 12.1

59

Port-based VLAN Configuration Lab


Refer to the values listed in Table 1 to configure switch parameters for this lab.

Table 1: Group, Switch, VLAN Names and IP addresses


Switch Name

VLAN Name

VLAN IP Address

Lab Group PC
IP Address

SAM_1

Voice

10.0.2.11/24

10.0.2.101/24

EXC_2

Voice

10.0.2.12/24

10.0.2.102/24

ACT_3

Voice

10.0.2.13/24

10.0.2.103/24

MFG_4

Voice

10.0.2.14/24

10.0.2.104/24

ENG_5

Voice

10.0.2.15/24

10.0.2.105/24

HUR_6

Voice

10.0.2.16/24

10.0.2.106/24

Lab Group Number

Part 1: Setting Up for Creating a Port-Based VLAN


1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF05-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

60

ExtremeXOS Operation and Configuration, Rev. 12.1

Port-based VLAN Configuration Lab


5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

Part 2: Creating a Port-Based VLAN


In this exercise you will create a VLAN, assign it an IP address, and verify that it is recognized by your
switch.
1 Create a VLAN named voice by entering the following command:
create vlan voice
2 Verify that the VLAN voice has been created by entering the following command:
show vlan voice
The following displays:

VLAN Interface with name voice created by user


Admin State:
Enabled
Tagging:Untagged (Internal tag 4094)
Virtual router: VR-Default
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
0.
(Number of active ports=0)

3 Notice that a newly-created VLAN has no ports assigned.


4 Assign an IP address and subnet mask to the voice VLAN, by entering the following command:
configure vlan voice ipaddress <VLAN IP Address> {<netmask>}
Example:
configure vlan voice ipaddress 10.0.2.1X/24
Use the address and subnet mask as listed in Table 1 for your lab group.
5 Verify the IP address and subnet mask of the voice VLAN, by entering the following command:
show vlan voice

ExtremeXOS Operation and Configuration, Rev. 12.1

61

Port-based VLAN Configuration Lab


The voice VLAN configuration displays:
VLAN Interface with name voice created by user
Admin State:
Enabled
Tagging:Untagged (Internal tag 4094)
Virtual router: VR-Default
Primary IP
: 10.0.2.1X/24
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
0.
(Number of active ports=0)

Part 3: Adding Ports to a VLAN


In this exercise you will delete ports from the VLAN default and add ports to your VLAN.
1 Delete port 13 and 24 from the VLAN default by entering the following command:
configure vlan default delete ports 13,24
2 Add port 13 and 24 to the VLAN voice by entering the following command:
configure vlan voice add ports 13,24
3 Verify the port assignments for VLAN voice by entering the following command:
show vlan voice
The system displays the voice VLAN configuration:
VLAN Interface with name voice created by user
Admin State:
Enabled
Tagging:Untagged (Internal tag 4094)
Virtual router: VR-Default
Primary IP
: 10.0.2.1X/24
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
2.
(Number of active ports=0)
Untag:
!13,
!24
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin

4 Notice that the assigned ports are not active, they are disabled(!) and untagged.

62

ExtremeXOS Operation and Configuration, Rev. 12.1

Port-based VLAN Configuration Lab

Part 4: Configuring the Client Workstation


The following instructions will guide you in setting up the client workstation. If your RD-X connection
to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility:

2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

ExtremeXOS Operation and Configuration, Rev. 12.1

63

Port-based VLAN Configuration Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

64

ExtremeXOS Operation and Configuration, Rev. 12.1

Port-based VLAN Configuration Lab


7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF05-X batch file, where X is your lab group number assigned in Table 1:

This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:

8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

ExtremeXOS Operation and Configuration, Rev. 12.1

65

Port-based VLAN Configuration Lab


9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:

Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC. Minimize this window now and return to the switch.

Part 5: Extending the VLAN Across Multiple Switches


In this exercise you will enable ports to extend your VLAN across multiple switches and verify that
your switch can communicate with each of the other neighbor switches.
1 On your switch, enable port 13 to permit forwarding by entering the following command:
Enable ports 13
NOTE
Stop and wait here until all students in the class reach this point!

66

ExtremeXOS Operation and Configuration, Rev. 12.1

Port-based VLAN Configuration Lab


2 Upon the instructors direction, turn to your switch and use the PING command to verify that the
switch can communicate with each of the configured neighbor lab groups switches by entering the
following:
ping <neighbor VLAN IP address>
Example:
ping 10.0.2.1X
Where X is each neighbor lab group number in Table 1.
The following is an example reply from Lab Group 1s switch while pinging Lab Groups 2 switch:

* SAM_1.26 # ping 10.0.2.12


Ping(ICMP) 10.0.2.12: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.0.2.12: icmp_seq=0 ttl=255 time=9.773 ms
16 bytes from 10.0.2.12: icmp_seq=1 ttl=255 time=2.004 ms
16 bytes from 10.0.2.12: icmp_seq=2 ttl=255 time=7.072 ms
16 bytes from 10.0.2.12: icmp_seq=3 ttl=255 time=7.054 ms

3 On your switch, enable port 24 by entering the following command:


enable ports 24
This is the port connected to the Lab Group PC.
NOTE
Stop and wait here until all students in the class reach this point!

4 Upon the instructors direction, return to your Lab Group PCs desktop and open a DOS window.
Use the PING command to verify that the PC can communicate with the other configured neighbor
Lab Group PCs by entering the following:
ping <neighbor PC IP address>
Example:
ping 10.0.2.10X
Where X is each neighbor lab group number in Table 1.
The following is an example reply from Lab Group 1s PC while pinging Lab Groups 2 PC:
C:\Documents and Settings\student>ping 10.0.2.102
Pinging 10.0.2.102 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.0.2.102:
10.0.2.102:
10.0.2.102:
10.0.2.102:

bytes=32
bytes=32
bytes=32
bytes=32

time<1ms
time<1ms
time<1ms
time<1ms

TTL=128
TTL=128
TTL=128
TTL=128

Ping statistics for 10.0.2.102:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

ExtremeXOS Operation and Configuration, Rev. 12.1

67

Port-based VLAN Configuration Lab


5 On the switch, examine how VLAN information is displayed in the forwarding database by entering
the following command on your switch:
show fdb
The system displays the following:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
voice(4094) 0020 d m
13
00:04:96:27:b7:57
voice(4094) 0017 d m
13
00:04:96:27:bd:0b
voice(4094) 0078 d m
13
00:04:96:34:cb:5c
voice(4094) 0005 d m
13
00:04:96:34:cb:64
voice(4094) 0006 d m
13
00:0c:29:0e:4a:80
voice(4094) 0208 d m
13
00:0c:29:1b:33:21
voice(4094) 0076 d m
13
00:0c:29:60:ef:ba
voice(4094) 0092 d m
13
00:0c:29:7d:7c:a3
voice(4094) 0129 d m
13
00:0c:29:aa:d6:8c
voice(4094) 0088 d m
24
00:0c:29:fa:60:9c
voice(4094) 0108 d m
13
Flags : d
x
b
D

Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,


IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
drop packet.

Total: 11 Static: 0 Perm: 0


FDB Aging time: 300
FDB VPLS Aging time: 300

Dyn: 11

Dropped: 0

Locked: 0

Locked with Timeout: 0

6 Notice that all learned MAC addresses in the example above are from the VLAN voice.

68

ExtremeXOS Operation and Configuration, Rev. 12.1

Tagged VLAN Configuration Lab

Student Objectives
Frequently, todays voice-over-IP desk sets incorporate a second Ethernet port that provides
connectivity for a PC through the same switch port as the phone. However you often see the traffic for
both devices separated into VLANs, or distinct collision domains.
This lab provides you with hands-on experience to create tagged VLANs for each traffic type, add ports
to the VLANs, and extend the VLANs across multiple switches using a single physical link.
At the end of this lab, you will be able to:

Convert a untagged voice VLAN to a tagged VLAN.

Verify the operation of the tagged VLAN.

Integrate a data VLAN into the network and verify the operation of the entire network.

Figure 1: Tagged VLAN Configuration Lab

ExtremeXOS Operation and Configuration, Rev. 12.1

69

Tagged VLAN Configuration Lab


Refer to the values listed in Table 1 to configure switch parameters for this lab.

Table 1: Group, Switch, VLAN Names and IP Addresses


Lab Group Number
1

Switch Name

VLAN Name

VLAN IP Address

Lab Group PC IP Address

SAM_1

Voice

10.0.2.11/24

10.0.2.101/24

Data

10.0.3.11/24

10.0.3.101/24

Voice

10.0.2.12/24

10.0.2.102/24

Data

10.0.3.12/24

10.0.3.102/24

Voice

10.0.2.13/24

10.0.2.103/24

Data

10.0.3.13/24

10.0.3.103/24

Voice

10.0.2.14/24

10.0.2.104/24

Data

10.0.3.14/24

10.0.3.104/24

Voice

10.0.2.15/24

10.0.2.105/24

Data

10.0.3.15/24

10.0.3.105/24

Voice

10.0.2.16/24

10.0.2.106/24

Data

10.0.3.16/24

10.0.3.106/24

EXC_2

ACT_3

MFG_4

ENG_5

HUR_6

Part 1: Setting Up for Configuring a Tagged VLAN and


Adding Tagged and Untagged Ports
1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF06-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.

70

ExtremeXOS Operation and Configuration, Rev. 12.1

Tagged VLAN Configuration Lab


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

Part 2: Configuring the Client Workstation


The following instructions will guide you in setting up the client workstation. If your RD-X connection
to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility:

2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

ExtremeXOS Operation and Configuration, Rev. 12.1

71

Tagged VLAN Configuration Lab


3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connect utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

72

ExtremeXOS Operation and Configuration, Rev. 12.1

Tagged VLAN Configuration Lab


6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF06a-X batch file, where X is your lab group number assigned in Table 1:

This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates

ExtremeXOS Operation and Configuration, Rev. 12.1

73

Tagged VLAN Configuration Lab


8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:

Note that the Lab Network interface has been assigned your Lab Group PC's IP address and mask
associated with the VLAN voice found in Table 1.
This completes the first setup of the Lab Group PC. Minimize this window now and return to the
switch.

74

ExtremeXOS Operation and Configuration, Rev. 12.1

Tagged VLAN Configuration Lab

Part 3: Configuring a Tagged VLAN and Adding Tagged


and Untagged Ports
In this exercise you will configure a tagged VLAN and add tagged and untagged ports to it.
1 On the switch, assign an IP address and subnet mask to the voice VLAN, by entering the following
command:
configure vlan voice ipaddress <voice vlan ipaddress> {<netmask>}
Example:
configure vlan voice ipaddress 10.0.2.1X/24
Use the address and subnet mask as listed in Table 1.
2 Configure the VLAN voice with a tag value of 10 by entering the following command:
configure vlan voice tag 10
3 Verify that the tag has been added successfully by entering the following command:
show vlan voice
The following displays:
VLAN Interface with name voice created by user
Admin State:
Enabled
Tagging:
802.1Q Tag 10
Virtual router: VR-Default
Primary IP
: 10.0.2.1X/24
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
2.
(Number of active ports=2)
Untag:
*13,
*24
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin
(t) Translate VLAN tag for Private-VLAN
(s) Private-VLAN System Port, (L) Loopback port
(e) Private-VLAN End Point Port

4 Notice that all ports are currently untagged in the VLAN.


5 Re-assign the port that interconnects the switches for VLAN voice as a tagged port by entering the
following command:
configure vlan voice add ports 13 tagged

ExtremeXOS Operation and Configuration, Rev. 12.1

75

Tagged VLAN Configuration Lab


Type yes to the warning message that appears:
Adding an existing untagged member port of vlan voice as tagged can cause
STP configuration loss.
Do you really want to add these ports? (y/N)
6 Verify that port 13 is now tagged in VLAN voice by entering the following command:
show vlan voice
The following displays:
VLAN Interface with name voice created by user
Admin State:
Enabled
Tagging:
802.1Q Tag 10
Virtual router: VR-Default
Primary IP
: 10.0.2.1X/24
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
2.
(Number of active ports=2)
Untag:
*24
Tag:
*13
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin
(t) Translate VLAN tag for Private-VLAN
(s) Private-VLAN System Port, (L) Loopback port
(e) Private-VLAN End Point Port

7 Notice that port 24 participates untagged in the VLAN.


8 Enable port 24 on the switch by entering the following command:
enable ports 24
This is the port connected to the Lab Group PC.
NOTE
Stop and wait here, do not proceed until all students have enabled port 24.

9 Upon the instructors direction, turn to the Lab Group PC and open a DOS window. Use the PING
command to verify that the PC can communicate with the other neighbor Lab Group PCs configured
in the same subnet by entering the following:
ping 10.0.2.10X
Where X is the lab group number assigned to each Lab Group in Table 1.

76

ExtremeXOS Operation and Configuration, Rev. 12.1

Tagged VLAN Configuration Lab


10 On the switch, use the PING command to verify that the switch can communicate with the interface
assigned to the voice subnet on each of the lab groups switches by entering the following:
ping 10.0.2.1X
Where X is each lab group number assigned to each Lab Group in Table 1.
11 Display the layer 2 forwarding database by entering the following command:
show fdb
The following is an example display with all 6 Lab Groups participating on the classroom network:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
voice(0010) 0060 d m
13
00:04:96:27:b7:57
voice(0010) 0020 d m
13
00:04:96:27:bd:0b
voice(0010) 0008 d m
13
00:04:96:34:cb:5c
voice(0010) 0030 d m
13
00:04:96:34:cb:64
voice(0010) 0024 d m
13
00:0c:29:0e:4a:80
voice(0010) 0262 d m
13
00:0c:29:1b:33:21
voice(0010) 0032 d m
13
00:0c:29:60:ef:ba
voice(0010) 0051 d m
13
00:0c:29:7d:7c:a3
voice(0010) 0039 d m
13
00:0c:29:aa:d6:8c
voice(0010) 0041 d m
24
00:0c:29:fa:60:9c
voice(0010) 0176 d m
13
Flags : d - Dynamic, m - MAC
Total: 11 Static: 0 Perm: 0
FDB Aging time: 300
FDB VPLS Aging time: 300

Dyn: 11

Dropped: 0

Locked: 0

Locked with Timeout: 0

12 Notice that all learned MAC addresses are from the VLAN voice.

Part 4: Adding a Second Tagged VLAN and Trunked


Ports
In this exercise you will create a second VLAN for data, add its IP address, add the correct tag and
verify that it is integrated into the network.
1 Create a second VLAN named data by entering the following command:
create vlan data
2 Assign an IP address and subnet mask to VLAN data by entering the following command:
configure vlan data ipaddress <data vlan ipaddress> {<netmask>}
Example:
configure vlan data ipaddress 10.0.3.1X/24
Use the address and subnet mask identified in Table 1 for your lab group.
3 Verify that VLAN data has been created and the IP address is assigned correctly by entering the
following command:
show vlan

ExtremeXOS Operation and Configuration, Rev. 12.1

77

Tagged VLAN Configuration Lab


The following displays:
Name

VID

Protocol Addr

Flags

Proto

Ports Vir
Active rou
/Total
-------------------------------------------------------------------------------data
4093 10.0.3.1X
/24 ----------------------- ANY
0 /0
V
Default
1
------------------------------------------- ANY
0 /0
V
Mgmt
4095 ------------------------------------------- ANY
1 /1
V
voice
10
10.0.2.1X
/24 ----------------------- ANY
2 /2
V
--------------------------------------------------------------------------------

4 Configure VLAN data with a tag value of 20 by entering the following command:
configure vlan data tag 20
5 Configure port 13 as a trunk port for both VLAN voice and VLAN data by adding it as tagged in
VLAN data with the following command:
configure vlan data add ports 13 tagged
6 Verify by entering the following command:
show vlan
The following displays:
Name

VID

Protocol Addr

Flags

Proto

Ports Vir
Active rou
/Total
-------------------------------------------------------------------------------data
20
10.0.3.1X
/24 ----------------------- ANY
0 /0
V
Default
1
------------------------------------------- ANY
0 /0
V
Mgmt
4095 ------------------------------------------- ANY
1 /1
V
voice
10
10.0.2.1X
/24 ----------------------- ANY
2 /2
V
--------------------------------------------------------------------------------

CAUTION
Be careful to add the port as tagged to the second VLAN. For example, if you try to add the port untagged
(configure vlan data add ports 13) you will see the following error display:

Error: Protocol conflict when adding untagged port 13. Either add this
port as tagged or assign another protocol to this VLAN.

78

ExtremeXOS Operation and Configuration, Rev. 12.1

Tagged VLAN Configuration Lab

Part 5: Adding Additional Tagged Ports


Voice-over-IP device interfaces are more likely to be configured for a tag than those used for laptops or
desktop PCs. The normal deployment is to assign the shared attached port as tagged in the VLAN
voice, and untagged in the VLAN data.
Port 24 is connected to the Lab Group PC. In this lab scenario, both the telephone desk set and the PC
share the port, but you separate their traffic into two VLANs. Since the port is currently only assigned
to VLAN voice, you need to add the port to VLAN data. Notice that since Port 24 already belongs
untagged to VLAN voice, it cannot be added as untagged to any other VLAN. It can only be added
with an explicit tag to a VLAN (tagged), or to a protocol-based VLAN.
1 On the switch, re-assign the device-connected port in VLAN voice as a tagged port by entering the
following command:
configure vlan voice add ports 24 tagged
Type yes to the warning message that appears:
Adding an existing untagged member port of vlan voice as tagged can cause STP
configuration loss.
Do you really want to add these ports? (y/N)

2 Assign the device-connected port to VLAN data, untagged, by entering the following command:
configure vlan data add ports 24 untagged
3 Verify the detailed configuration of VLAN data by entering the following command:
show vlan data
The following displays:
VLAN Interface with name data created by user
Admin State:
Enabled
Tagging:
802.1Q Tag 20
Virtual router: VR-Default
Primary IP
: 10.0.3.1X/24
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
1.
(Number of active ports=1)
Untag:
*24
Tag:
*13
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin
(t) Translate VLAN tag for Private-VLAN
(s) Private-VLAN System Port, (L) Loopback port
(e) Private-VLAN End Point Port

ExtremeXOS Operation and Configuration, Rev. 12.1

79

Tagged VLAN Configuration Lab


4 In the previous section, PINGs to the neighbor PCs and switches populated the FDB with entries
from VLAN voice. Clear the FDB of all dynamic entries with the following command:
clear fdb
5 On the Lab Group PC, return to the open Command Prompt window and use the PING command
to verify that the PC can still communicate with each of the configured neighbor Lab Group PCs in
the 10.0.2.0/24 network by entering the following:
ping 10.0.2.10X
Where X is each lab group number assigned in Table 1.
6 On the switch, enter the following command to view the VLAN information displayed in the
forwarding database:
show fdb
The following displays:
Mac
Vlan
Age Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
voice(0010) 0050 d m
13
00:04:96:27:bd:0b
voice(0010) 0032 d m
13
00:04:96:34:cb:64
voice(0010) 0049 d m
13
00:04:96:34:cb:64
data(0020) 0027 d m
13
00:0c:29:0e:4a:80
data(0020) 0026 d m
13
00:0c:29:1b:33:21
data(0020) 0016 d m
13
00:0c:29:60:ef:ba
data(0020) 0012 d m
13
00:0c:29:7d:7c:a3
data(0020) 0024 d m
13
00:0c:29:aa:d6:8c
data(0020) 0051 d m
24
00:0c:29:fa:60:9c
data(0020) 0044 d m
13
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,
x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,b Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,D - drop packet.
Total: 10 Static: 0 Perm: 0
FDB Aging time: 300
FDB VPLS Aging time: 300

Dyn: 10

Dropped: 0

Locked: 0

Locked with Timeout: 0

7 On the Lab Group PC, return to the open Command Prompt window and, using the PING
command, try to ping the interface assigned to the voice subnet on each of the configured lab groups
switches by entering the following:
ping 10.0.2.1X
Where X is each lab group number assigned in Table 1.
All of these pings fail.
This is because the port to which the PCs are attached, port 24, is now associated with the VLAN
data, while the switch addresses are associated with the VLAN voice. Traffic cannot cross the
boundary between two VLANs without enabling layer 3 routing.
8 Now, return to the Lab Group PC with the open DOS window and PING the interface assigned to
the data subnet on each of the configured lab groups switches by entering the following:
ping 10.0.3.1X
All of these pings fail also.
PINGing the IP address assigned to VLAN data from the Lab Group PC also fails because these two
devices are not in the same IP network even though they are in the same broadcast domain (VLAN).

80

ExtremeXOS Operation and Configuration, Rev. 12.1

Tagged VLAN Configuration Lab

Part 6: Reconfiguring the Client Workstation


To correct the above fault, re-configure the Group Lab PC production interface with the PC IP address
for VLAN data assigned in Table 1. From the Lab PC desktop, open the Lab Networking Addressing
folder. Double-click on the Config_ECF06b-X batch file, where X is your lab group number assigned in
Table 1:

This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:

1 To confirm the workstation IP address, from the Start menu, click on the Run option. Enter cmd to
open a Command window:

2 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig

ExtremeXOS Operation and Configuration, Rev. 12.1

81

Tagged VLAN Configuration Lab


The system displays the following:

Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
associated with the VLAN data found in Table 1.
This completes the reconfiguration of the Lab Group PC.
NOTE
Stop and wait here, do not proceed until all students in the class have reconfigured their Lab Group PCs.

1 Upon the Instructors direction, return to the Lab Group PC and use the PING command to verify
that the PC can communicate with all configured switch IP addresses in VLAN data:
ping 10.0.3.1X
Where X is each lab group number assigned in Table 1.
2 Finally, use the PING command to verify that the PC can communicate with each of the configured
neighbor Lab Group PCs in the 10.0.3.0/24 network by entering the following:
ping 10.0.3.10X
Where X is each lab group number assigned in Table 1.

82

ExtremeXOS Operation and Configuration, Rev. 12.1

Spanning Tree Configuration Lab

Student Objectives
One deployment strategy for edge switches in a production wiring closet is to build a dual-home,
layer 2 loop to the upstream aggregation or core switches. This uses a redundant router protocol like
VRRP to forward traffic between VLANs or out to the Internet (Figure 1). When you use Spanning Tree
Protocol to resolve the loop, the failover between the two upstream paths is faster than if you extended
the layer 3 protocol all the way down to the edge switch.

Figure 1: Spanning Tree Configuration Lab

In addition you will configure the core switches for six independent spanning tree domains. In this
configuration there are only six loops to resolve, as opposed to the much larger number of potential
loops that would need to be addressed if all of the links were managed by a single STPD (Figure 2).
This further reduces convergence time in the event of a lost link.

ExtremeXOS Operation and Configuration, Rev. 12.1

83

Spanning Tree Configuration Lab

Figure 2: Individual Loops Configuration

Focusing only on the layer-2 loop-resolution component, this lab provides with hands-on experience to
configure, enable, and verify the Spanning Tree Protocol (STP).
In this lab, you will:

Create and configure a new spanning tree domain (STPD)

Verify the STPD configurations

Verify the STPD operation

Configure the STPD bridge priority and port cost

Test the STPD failure recovery

Refer to the values listed in Table 1 to configure switch parameters for this lab.

Table 1: Group, Switch, OSPF VLAN, OSPF and RIP Edge and Interface Names

84

Lab
Group
Number

Switch
Name

SAM_1

2
3

VLAN
Tags

Group
STPD

sales

10

sam_st

10.0.1.1/24

10.0.1.2/24

10.0.1.101/24

EXC_2

executive

20

exc_st

10.0.2.1/24

10.0.2.2/24

10.0.2.101/24

ACT_3

accounting

30

act_st

10.0.3.1/24

10.0.3.2/24

10.0.3.101/24

MFG_4

manufacturing

40

mfg_st

10.0.4.1/24

10.0.4.2/24

10.0.4.101/24

ENG_5

engineering

50

eng_st

10.0.5.1/24

10.0.5.2/24

10.0.5.101/24

HUR_6

human_resources

60

hur_st

10.0.6.1/24

10.0.6.2/24

10.0.6.101/24

Group VLAN

Lab Group PC
CS-A IP Address CS-B IP Address IP Address

ExtremeXOS Operation and Configuration, Rev. 12.1

Spanning Tree Configuration Lab

Part 1: Setting Up for Spanning Tree Configuration


1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF09-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

ExtremeXOS Operation and Configuration, Rev. 12.1

85

Spanning Tree Configuration Lab

Part 2: Configuring the Client Workstation


The following instructions will guide you in setting up the client workstation. If your RD-X connection
to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility:

2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

86

ExtremeXOS Operation and Configuration, Rev. 12.1

Spanning Tree Configuration Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

ExtremeXOS Operation and Configuration, Rev. 12.1

87

Spanning Tree Configuration Lab


7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF09-X batch file, where X is your lab group number assigned in Table 1:

This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:

8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

88

ExtremeXOS Operation and Configuration, Rev. 12.1

Spanning Tree Configuration Lab

9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:

Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC.

ExtremeXOS Operation and Configuration, Rev. 12.1

89

Spanning Tree Configuration Lab

Part 3: Creating and Validating a Spanning Tree


Domain
1 Confirm the group VLAN configuration by entering the following command:
show vlan
The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
<Group VLAN>
XX -------------------------------------------- ANY
0 /3
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled,
(P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
Total number of VLAN(s) : 3

Where <Group VLAN> is the group VLAN name and XX is the VLAN tag assigned to your lab group
in Table 1.
2 Create the group-specific spanning tree domain by entering the following command:
create stpd <group STPD>
Where <group STPD> is the one assigned to your lab group in Table 1.
3 Configure the operational mode for the group STP domain to be 802.1w, by entering the following
command:
configure stpd <group STPD> mode dot1w
4 Add the group VLAN and the ports interconnecting the switches to the group spanning tree
protocol domain by entering the following command:
configure stpd <group STPD> add vlan <group VLAN> ports 13,14
Example using Lab Group Number 4:
configure stpd mfg_st add vlan manufacturing ports 13,14
5 Assign the same 802.1q tag to the spanning tree domain as is assigned to the member VLAN by
entering the following command:
configure stpd <group STPD> tag <VLAN tag>
Example using Lab Group Number 4:
configure stpd mfg_st tag 40
Where <group STPD> and <VLAN tag> are the ones assigned to your lab group in Table 1.

90

ExtremeXOS Operation and Configuration, Rev. 12.1

Spanning Tree Configuration Lab


6 Enable the spanning tree function for the group STPD by entering the following command:
enable stpd <group STPD>
7 Show the status of the ports participating in spanning tree by entering the following command:
show stpd <group STPD> ports
The following displays:
Port
13
14

Mode
State
EMISTP DISABLED
EMISTP DISABLED

Cost Flags
Priority Port ID Designated Bridge
20000 e?pp-w--- 128
800d
00:00:00:00:00:00:00:00
20000 e?pp-w--- 128
800e
00:00:00:00:00:00:00:00

Total Ports: 2
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
7:
i = edgeport inconsistency
8:
S = edgeport safe guard active
s = edgeport safe guard configured but inactive
9:
B = Boundary, I = Internal

8 Notice that both ports are currently disabled.


9 Enable ports 13, 14, and 24 by entering the following command:
enable ports 13,14,24

ExtremeXOS Operation and Configuration, Rev. 12.1

91

Spanning Tree Configuration Lab


10 Show the STPD port status again by entering the following command:
show stpd <group STPD> ports
The following displays:
Port
13
14

Mode
State
Cost Flags
Priority Port ID Designated Bridge
EMISTP FORWARDING 20000 eDpp-w--- 128
800d
80:00:00:04:96:27:b6:49
EMISTP FORWARDING 20000 eDpp-w--- 128
800e
80:00:00:04:96:27:b6:49

Total Ports: 2
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
7:
i = edgeport inconsistency
8:
S = edgeport safe guard active
s = edgeport safe guard configured but inactive
9:
B = Boundary, I = Internal

11 Notice that both ports are now in the FORWARDING state.


12 Verify the spanning tree domain configuration by entering the following command:
show stpd <group STPD>
The following is an example of the display from Lab Group 1s switch:
Stpd: sam_st
Stp: ENABLED
Rapid Root Failover: Disabled
Operational Mode: 802.1W
802.1Q Tag: 10
Ports: 13,14
Participating Vlans: sales
Auto-bind Vlans: (none)
Bridge Priority: 32768
BridgeID:
80:00:00:04:96:27:b6:49
Designated root:
80:00:00:04:96:27:b6:49
RootPathCost: 0
Root Port: ---MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
Topology Change Time: 35s
Topology Change Detected: FALSE
Number of Topology Changes: 2
Time Since Last Topology Change: 38s

Number of Ports: 2
Default Binding Mode: EMISTP

ForwardDelay: 15s
CfgBrForwardDelay: 15s
Hold time: 1s
Topology Change: FALSE

13 Notice that the BridgeID and Designated Root are the same, indicating that the switch is the root
bridge for this spanning tree domain.

92

ExtremeXOS Operation and Configuration, Rev. 12.1

Spanning Tree Configuration Lab


14 Return to the Lab Group PC with the PC IP Address assigned in Part 2. (10.0.X.101/24)
Open a Command Prompt window and use the PING command to verify that the PC can
communicate with the two core switches interfaces in the same subnet by entering the following:
ping 10.0.X.1
ping 10.0.X.2
Where X is your lab group number assigned in Table 1.
The following displays:
C:\Documents and Settings\student>ping 10.0.X.1
Pinging 10.0.X.1 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.0.X.1:
10.0.X.1:
10.0.X.1:
10.0.X.1:

bytes=32
bytes=32
bytes=32
bytes=32

time=2ms
time<1ms
time<1ms
time<1ms

TTL=255
TTL=255
TTL=255
TTL=255

Ping statistics for 10.0.X.1:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 2ms, Average = 0ms
C:\Documents and Settings\student>ping 10.0.X.2
Pinging 10.0.X.2 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.0.X.2:
10.0.X.2:
10.0.X.2:
10.0.X.2:

bytes=32
bytes=32
bytes=32
bytes=32

time=1ms
time<1ms
time<1ms
time<1ms

TTL=255
TTL=255
TTL=255
TTL=255

Ping statistics for 10.0.X.2:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

15 On the switch, use the PING command to also verify that the switch cannot communicate with any
of the interfaces assigned to each of the configured neighbor PC IP interfaces by entering the
following:
ping 10.0.X.101
Where X is each of the neighbor lab group numbers assigned in Table 1.
The following is an example display that should occur with each ping:
Ping(ICMP) 10.0.X.101:
Packet transmit error;
Packet transmit error;
Packet transmit error;
Packet transmit error;

4 packets, 8 data bytes, interval 1 second(s).


Destination unreachable
Destination unreachable
Destination unreachable
Destination unreachable

--- 10.0.X.101 ping statistics --0 packets transmitted, 0 received, 0% loss


round-trip min/avg/max = 0/0/0 ms

ExtremeXOS Operation and Configuration, Rev. 12.1

93

Spanning Tree Configuration Lab

Part 4: Changing and Validating Bridge Priority


1 Review the spanning tree domain configuration by entering the following command:
show stpd <group STPD>
The following is an example display of Lab Group 1s switch:
Stpd: sam_st
Stp: ENABLED
Rapid Root Failover: Disabled
Operational Mode: 802.1W
802.1Q Tag: 10
Ports: 13,14
Participating Vlans: sales
Auto-bind Vlans: (none)
Bridge Priority: 32768
BridgeID:
80:00:00:04:96:27:b6:49
Designated root:
80:00:00:04:96:27:b6:49
RootPathCost: 0
Root Port: ---MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
Topology Change Time: 35s
Topology Change Detected: FALSE
Number of Topology Changes: 2
Time Since Last Topology Change: 463s

Number of Ports: 2
Default Binding Mode: EMISTP

ForwardDelay: 15s
CfgBrForwardDelay: 15s
Hold time: 1s
Topology Change: FALSE

In Part 3 above, we noted that because the BridgeID and Designated Root MAC addresses were the
same, this switch is the root bridge in this spanning tree domain. One aspect of a root bridge is that
all ports will be in the FORWARDING state; any blocked ports will be resolved on the non-root
bridges.
2 Confirm that the STPD ports are in the FORWARDING state by entering the following command:
show stpd <group STPD> ports
The following displays:
Port
13
14

Mode
State
Cost Flags
Priority Port ID Designated Bridge
EMISTP FORWARDING 20000 eDpp-w--- 128
800d
80:00:00:04:96:27:b6:49
EMISTP FORWARDING 20000 eDpp-w--- 128
800e
80:00:00:04:96:27:b6:49

Total Ports: 2
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
7:
i = edgeport inconsistency
8:
S = edgeport safe guard active
s = edgeport safe guard configured but inactive
9:
B = Boundary, I = Internal

94

ExtremeXOS Operation and Configuration, Rev. 12.1

Spanning Tree Configuration Lab


3 The reason the lab switch is the root bridge is because the Bridge Priority on both CS-A and CS-B
have been set higher than the default value, 32768. Change the bridge priority of your switch so that
it is no longer the Root Bridge by entering the following command:
configure stpd <group stpd> priority 49152
NOTE
For 802.1w spanning tree domains, the bridge priority can be a value between 0 and 61440, configured in
increments of 4096.

4 Confirm that the switch is no longer the root bridge by entering the following command:
show stpd <group STPD>
The following display is an example from Lab Group 1s switch:
Stpd: sam_st
Stp: ENABLED
Rapid Root Failover: Disabled
Operational Mode: 802.1W
802.1Q Tag: 10
Ports: 13,14
Participating Vlans: sales
Auto-bind Vlans: (none)
Bridge Priority: 49152
BridgeID:
c0:00:00:04:96:27:b6:49
Designated root:
a0:00:00:04:96:27:bc:ce
RootPathCost: 20000
Root Port: 13
MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
Topology Change Time: 35s
Topology Change Detected: FALSE
Number of Topology Changes: 4
Time Since Last Topology Change: 7s

Number of Ports: 2
Default Binding Mode: EMISTP

ForwardDelay: 15s
CfgBrForwardDelay: 15s
Hold time: 1s
Topology Change: FALSE

5 Notice that the BridgeID is no longer the same as the MAC address of the Designated root and the
Bridge Priority is now 49152.
6 Confirm that the STPD ports are in the FORWARDING state by entering the following command:
show stpd <group STPD> ports
The following displays:
Port
13
14

Mode
State
Cost Flags
Priority Port ID Designated Bridge
EMISTP FORWARDING 20000 eRppaw--- 128
800d
a0:00:00:04:96:27:bc:ce
EMISTP BLOCKING
20000 eAppaw--- 128
800e
b0:00:00:04:96:27:b7:11

Total Ports: 2

7 Notice that one of the ports is now in the BLOCKING state to prevent a loop in the STP domain.
NOTE
Stop and wait here until all the students in class reach this point and the Instructor disables port 23 on CS-A.

ExtremeXOS Operation and Configuration, Rev. 12.1

95

Spanning Tree Configuration Lab


When the instructor disables port 23 on core switch CS-A, this effectively creates a fault condition in
all configured spanning tree domains in the classroom network.
8 After the instructor confirms that the port on CS-A is disabled, check the state of the local STPD
ports by entering the following command:
show stpd <group STPD> ports
The following displays:
Port
13
14

Mode
State
Cost Flags
Priority Port ID Designated Bridge
EMISTP FORWARDING 20000 eRppaw--- 128
800d
a0:00:00:04:96:27:bc:ce
EMISTP FORWARDING 20000 eDpp-w--- 128
800e
c0:00:00:04:96:27:b6:49

Total Ports: 2

9 Notice that both ports are now FORWARDING to ensure connectivity between all of the switches in
the domain (the student switch, CS-A, and CS-B).

96

ExtremeXOS Operation and Configuration, Rev. 12.1

Basic EAPS Configuration Lab

This lab tests your ability to configure two EAPS domains on top of a single ring topology.
A common strategy for edge switches in a production wiring closet is to use a Layer 2 loop resolution
protocol for local traffic in combination with a redundant router protocol like VRRP to forward traffic
between VLANs at the core or out to the Internet (Figure 1).

Student Objectives
In this lab, you will:

Create EAPS domains.

Add control VLAN and any protected VLANs to the domains.

Configure your switch to be the master node in the EAPS rings.

Configure the inter-switch ports (1,2) to be primary or secondary ports.

Enable EAPS globally.

Enable the EAPS domains.

Verify the EAPS configuration and status.

Test the ring recovery.

Figure 1: EAPS Configuration Lab

ExtremeXOS Operation and Configuration, Rev. 12.1

97

Basic EAPS Configuration Lab


By deploying the Extreme Networks Ethernet Automatic Protection Switching protocol (EAPS), a more
precise failure recovery scheme can be achieved than is even possible with spanning tree or by
extending the Layer 3 protocol all the way down to the edge switch (Figure 2).

Figure 2: EAPS Topology

Refer to the values listed in Table 1 to configure specific switch parameters throughout the course of the
lab.

Table 1: Lab Group Number, Switch Name, Protected VLAN, PV Tag, Control VLAN, CV Tag, and EAPS
Domain

98

Lab
Group
Number

Switch Name

Protected VLAN

PV Tag

Control VLAN

CV Tag

EAPS
Domain

Lab PC IP Address

SAM_1

closet_1

101

ctrl_1

111

ed_1

10.100.1.101/24

EXC_2

closet_2

201

ctrl_2

211

ed_2

10.100.2.101/24

ACT_3

closet_3

301

ctrl_3

311

ed_3

10.100.3.101/24

MFG_4

closet_4

401

ctrl_4

411

ed_4

10.100.4.101/24

ENG_5

closet_5

501

ctrl_5

511

ed_5

10.100.5.101/24

HUR_6

closet_6

601

ctrl_6

611

ed_6

10.100.6.101/24

ExtremeXOS Operation and Configuration, Rev. 12.1

Basic EAPS Configuration Lab

Part 1: Creating the EAPS Control VLAN


1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF10-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

ExtremeXOS Operation and Configuration, Rev. 12.1

99

Basic EAPS Configuration Lab


7 Confirm the Protected VLAN configurations by entering the following command:
show vlan
The system displays the following:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
closet_X
X01 ------------------------------------------- ANY
0 /2
VR-Default
ctrl_X
X11 ------------------------------------------- ANY
0 /2
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
--------------------------------------------------------------------------------------Total number of VLAN(s) : 4

8 Examine the details of the Protected and the Control VLAN by entering the following commands:
show vlan closet_X
show vlan ctrl_X
The following is an example display for VLAN closet_X:
VLAN Interface with name closet_X created by user
Admin State:
Enabled
Tagging:
802.1Q Tag X01
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
2.
(Number of active ports=0)
Tag:
!13,
!14
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port

The following is an example display for VLAN ctrl_X:


VLAN Interface with name ctrl_X created by user
Admin State:
Enabled
Tagging:
802.1Q Tag X11
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
2.
(Number of active ports=0)
Tag:
!13,
!14
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port

100

ExtremeXOS Operation and Configuration, Rev. 12.1

Basic EAPS Configuration Lab

Part 2: Creating and Configuring the EAPS Domain


1 Create an EAPS domain by entering the following commands:
create eaps ed_X
Where X is the lab group number assigned in Table 1.
2 Configure your switch as the EAPS master node by entering the following commands:
configure eaps ed_X mode master

NOTE
Both core switches CS-A and CS-B are pre-configured as transit switches for both of these EAPS domains.

3 Configure port 13 as the primary (unblocked) port to the ed_X EAPS domain:
configure eaps ed_X primary port 13
4 Configure port 14 as the secondary (blocked) port:
configure eaps ed_X secondary port 14
5 Verify the configuration for the EAPS domain by entering the following command:
show eaps ed_X
The system displays the following:
Name: ed_X
State: Idle
Running: No
Enabled: No
Mode: Master
Primary port:
13
Port status: Unknown
Tag status: Undetermined
Secondary port: 14
Port status: Unknown
Tag status: Undetermined
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Send alert
Last valid EAPS update: None till now.
EAPS Domain's Controller Vlan: Unassigned
EAPS Domain's Protected Vlan(s): Unassigned
Number of Protected Vlans: 0

6 Add the ports that will participate in the EAPS ring, tagged, to the control VLAN:
configure vlan ctrl_X add ports 13,14 tagged
The system displays the following:

7 Enter y.
8 Add the control VLAN to the EAPS domain by entering the following command:
configure eaps ed_X add control vlan ctrl_X
9 Add the protected VLAN by entering the following command:
configure eaps ed_X add protected vlan closet_X

ExtremeXOS Operation and Configuration, Rev. 12.1

101

Basic EAPS Configuration Lab


10 Enable EAPS globally by entering the following command:
enable eaps
11 Enable EAPS for the specific domain by entering the following command:
enable eaps ed_X

Part 3: Verifying the EAPS Domain Configuration and


Operation
1 Enable the ports assigned to the EAPS ring by entering the following command:
enable ports 13,14,24
2 Verify the status for the EAPS domain by entering the following command:
show eaps ed_X
The system displays the following:
Name: ed_X
State: Complete
Running: Yes
Enabled: Yes
Mode: Master
Primary port:
13
Port status: Up Tag status: Tagged
Secondary port: 14
Port status: Blocked
Tag status: Tagged
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Send alert
Last update: From Master Id 00:04:96:27:b6:49, at Thu Aug 14 18:06:03 2008
EAPS Domain has following Controller Vlan:
Vlan Name
VID
ctrl_X
X11
EAPS Domain has following Protected Vlan(s):
Vlan Name
VID
closet_X
X01
Number of Protected Vlans: 1

3 Notice that the EAPS state is Complete and the secondary port is blocked to prevent a Layer 2 loop.

102

ExtremeXOS Operation and Configuration, Rev. 12.1

Basic EAPS Configuration Lab

Part 4: Configuring the Client Workstation


The following instructions will guide you in setting up the client workstation to test the functionality of
the first EAPS domain. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to
step 6.
1 From your laptop, launch the PuTTY utility:

2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

ExtremeXOS Operation and Configuration, Rev. 12.1

103

Basic EAPS Configuration Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

104

ExtremeXOS Operation and Configuration, Rev. 12.1

Basic EAPS Configuration Lab


7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF10-X batch file, where X is your lab group number assigned in Table 1:

This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:

8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

ExtremeXOS Operation and Configuration, Rev. 12.1

105

Basic EAPS Configuration Lab


9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:

10 Notice that the Lab Network interface has been assigned your lab group's IP address and mask
associated with the first EAPS domain found in Table 1.
11 On the switch, add the switch port connected to the Lab Group PC to the protected VLAN by
entering the following command:
configure vlan closet_X add ports 24 untagged
Where X is your lab group number found in Table 1.
12 Display the port statistics for both ring ports and the client port by entering the following command:
show port 13,14,24 statistics
The following displays:
Port Statistics
Tue Aug 19 11:25:12 2008
Port
Link
Tx Pkt
Tx Byte
Rx Pkt
Rx Byte Rx Pkt Rx Pkt
State
Count
Count
Count
Count
Bcast Mcast
================================================================================
13
A
157
18656
7
1396
0
3
14
A
6
1788
157
18656
4
1
24
A
5
1056
11
2060
4
1

NOTE
Ports 13 and 14 are incrementing at the rate of 1 per second, consistent with the EAPS hello packet polling
interval.

106

ExtremeXOS Operation and Configuration, Rev. 12.1

Basic EAPS Configuration Lab

Part 5: Testing the EAPS Configuration


1 On the Lab Group PC open a Command Window. Launch a continuous PING to the Lab_Target_A
PC IP address by entering the following command:
ping -t 10.100.0.101
The system displays the following:
C:\Documents and Settings\student>ping -t 10.100.0.101
Pinging 10.100.0.101 with 32 bytes of data:
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Reply

from
from
from
from
from
from
from
from
from
from
from
from

10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:
10.100.0.101:

bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32
bytes=32

time=13ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127
time<1ms TTL=127

2 Display the port statistics for both ring ports and the client port by entering the following command:
show port 13,14,24 statistics
3 Reset the counters by pressing the 0 key. The system displays the following:
Port Statistics
Thu Aug 14 18:24:28 2008
Port
Link
Tx Pkt
Tx Byte
Rx Pkt
Rx Byte Rx Pkt Rx Pkt
State
Count
Count
Count
Count
Bcast Mcast
================================================================================
13
A
18
1764
11
1334
0
0
14
A
0
0
9
1026
0
0
24
A
9
702
9
702
0
0

4 Notice that port 13, the active port on the ring, is reporting almost twice the traffic of ports 14 and
24. This is because port 24 is only seeing PING traffic (at the rate of 1 per second) and port 14 is only
seeing EAPS hello packets (also at the rate of 1 per second), but port 13 is seeing both the PING and
EAPS hello packets.
NOTE
Wait here for the instructor to simulate a link failure between the transit switches in the core.

ExtremeXOS Operation and Configuration, Rev. 12.1

107

Basic EAPS Configuration Lab


5 Upon the instructor's direction, display the status for the EAPS domain by entering the following
command:
show eaps
The following displays:
EAPS Enabled: Yes
EAPS Fast-Convergence: Off
EAPS Display Config Warnings: On
Number of EAPS instances: 1
# EAPS domain configuration :
-------------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count
-------------------------------------------------------------------------------ed_X
Failed
M
Y
13
14
ctrl_X
(X11 ) 1
-------------------------------------------------------------------------------:

6 Display the status for the EAPS domain ed_X by entering the following command:
show eaps ed_X
The following displays:
Name: ed_X
State: Failed
Running: Yes
Enabled: Yes
Mode: Master
Primary port:
13
Port status: Up Tag status: Tagged
Secondary port: 14
Port status: Up Tag status: Tagged
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Send alert
Last update: From Master Id 00:04:96:27:b6:49, at Thu Aug 14 18:28:01 2008
EAPS Domain has following Controller Vlan:
Vlan Name
VID
ctrl_X
X11
EAPS Domain has following Protected Vlan(s):
Vlan Name
VID
closet_X
X01
Number of Protected Vlans: 1

NOTE
The ring state is now Failed and the secondary port status has been changed to Up.

7 Display the port statistics for both ring ports and the client port by entering the following command:
show port 13,14,24 statistics

108

ExtremeXOS Operation and Configuration, Rev. 12.1

Basic EAPS Configuration Lab


Reset the counters again by pressing the 0 key; the system displays the following:
Port Statistics
Tue Aug 19 11:35:55 2008
Port
Link
Tx Pkt
Tx Byte
Rx Pkt
Rx Byte Rx Pkt Rx Pkt
State
Count
Count
Count
Count
Bcast Mcast
================================================================================
13
A
40
4320
19
1558
0
0
14
A
0
0
2
596
0
0
24
A
21
1978
19
1482
0
0

8 Notice that port 13 is still incrementing at twice the rate of the client port, 24, indicating that the
primary path to the target device is unchanged. This is because the break in the ring did not occur
between the source and the target. Note also that port 14 is no longer receiving any packets, further
indication that there is a fault in the ring.

ExtremeXOS Operation and Configuration, Rev. 12.1

109

Basic EAPS Configuration Lab

110

ExtremeXOS Operation and Configuration, Rev. 12.1

10 Static Routing/IP Forwarding Configuration Lab


Layer 3 of the OSI model enables traffic from a device in one VLAN domain may cross the layer 2
boundary to communicate with devices in a different VLAN. This allows network architects to not only
manage traffic within a single enterprise network, but also to connect networks across town, across the
country, or around the world.
When designing an internet where dynamic routing is unnecessary or impractical, it is not uncommon
to connect the various networks with static routes.
This lab provides you with hands-on experience to create router interfaces, enable IP forwarding,
configure multiple static routes, and verify the routing functionality.

Student Objectives
In this lab, you will:

Assign IP addresses to existing VLANs

Enable IP forwarding

Configure static routes

Verify and test the IP forwarding operation

Figure 1: Static Routing/IP Forwarding Lab

ExtremeXOS Operation and Configuration, Rev. 12.1

111

Static Routing/IP Forwarding Configuration Lab


Refer to the values listed in Table 1 to configure switch parameters for this lab.

Table 1: Group, Switch, WAN VLAN, User VLAN Names and Interface Numbers
Lab Group
Number

Switch
Name

WAN VLAN

WAN VLAN
Interface

User VLAN

User VLAN
Interface

Lab Group
PC IP Address

NC_1

wan_1

10.0.1.2/24

data_1

10.0.101.1/24

10.0.101.11/24

OSBU_2

wan_2

10.0.2.2/24

data_2

10.0.102.1/24

10.0.102.11/24

EC_3

wan_3

10.0.3.2/24

data_3

10.0.103.1/24

10.0.103.11/24

RA_4

wan_4

10.0.4.2/24

data_4

10.0.104.1/24

10.0.104.11/24

SC_5

wan_5

10.0.5.2/24

data_5

10.0.105.1/24

10.0.105.11/24

WC_6

wan_6

10.0.6.2/24

data_6

10.0.106.1/24

10.0.106.11/24

Part 1: Setting Up for Creating Router Interfaces


1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF11-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

112

ExtremeXOS Operation and Configuration, Rev. 12.1

Static Routing/IP Forwarding Configuration Lab


6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

Part 2: Creating Router Interfaces


This exercise begins with both the WAN and User VLANs configured on each switch.
1

Confirm the VLAN configuration by entering the following summary command:


show vlan
The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
4094 ------------------------------------------- ANY
0 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 ------------------------------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled,
(P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
Total number of VLAN(s) : 4

2 Notice that both VLANs have assigned ports, but do not have tags nor IP addresses.
3 Before a VLAN can function at layer 3, you must first associate it with an IP network by assigning it
an IP address. Assign an IP address to the VLAN wan_X by entering the following command:
configure vlan <wan_X> ipaddress <WAN VLAN Interface>
Example:
configure vlan wan_X ipaddress 10.0.X.2/24
Where X is your lab group number assigned in Table 1.
4 Assign an IP address to the VLAN data_X by entering the following command:
configure vlan <data_X> ipaddress <User VLAN Interface>
Example:
configure vlan data_X ipaddress 10.0.10X.1/24
Where X is your lab group number assigned in Table 1.

ExtremeXOS Operation and Configuration, Rev. 12.1

113

Static Routing/IP Forwarding Configuration Lab


5 Confirm that the IP addresses were successfully added by entering the following summary
command:
show vlan
The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
4094 10.0.10X.1
/24 ----------------------- ANY
0 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/24 ----------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Total number of VLAN(s) : 4

6 Display the switch route table by entering the following summary command:
show iproute
The following displays:
Ori
d
d

Destination
10.0.X.0/24
10.0.10X.0/24

Gateway
10.0.X.2
10.0.10X.1

Mtr
1
1

Flags
VLAN
-------um--- wan_X
-------um--- data_X

Duration
0d:0h:2m:14s
0d:0h:1m:29s

Origin(Ori): (d) Direct


Flags: (m) Multicast,(u) Unicast
Mask distribution:
2 routes at length 24
Route Origin distribution:
2 routes from Direct
Total number of routes = 2
Total number of compressed routes = 0

7 Notice that, even without IP forwarding enabled, the route table still displays directly-connected
interfaces (in this case, the User and WAN VLANs).

114

ExtremeXOS Operation and Configuration, Rev. 12.1

Static Routing/IP Forwarding Configuration Lab

Part 3: Enabling IP Forwarding and Creating a Default


Route
1 Enable IP forwarding specifically for both the User and WAN VLANs by entering the following
commands:
enable ipforwarding wan_X
enable ipforwarding data_X
2 Confirm that forwarding is enabled for the VLANs named by entering the following summary
command:
show vlan
The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
4094 10.0.10X.1
/24 -f--------------------- ANY
0 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/24 -f--------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled,
(P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
Total number of VLAN(s) : 4

3 Notice that both the User and WAN VLANs have been assigned the flag f, indicating that IP
forwarding is enabled on these interfaces.
NOTE
The default route is a special type of static route. It instructs the switch to forward all traffic destined to
unknown routes (routes not present in the switch route table) to a specified IP address. In a single-connected,
star-hub network configuration like the one described in this lab, using the default route saves the administrator
from having to configure individual static routes for each of the five neighbor User VLANs. This way, each edge
switch only needs to forward non-local traffic to the Main Campus switch; forwarding between these networks will
be managed in the hub.

4 Add a default route to the IP route table by entering the following command:
configure iproute add default 10.0.X.1
Where X is your lab group number assigned in Table 1.
5 Notice that this IP address is in the same network assigned to WAN VLAN.

ExtremeXOS Operation and Configuration, Rev. 12.1

115

Static Routing/IP Forwarding Configuration Lab


6 Confirm that the default route has been added to the switch route table by entering the following
summary command:
show iproute
The following displays:
Ori
s
d
d

Destination
Default Route
10.0.X.0/24
10.0.10X.0/24

Gateway
10.0.X.1
10.0.X.2
10.0.10X.1

Mtr
1
1
1

Flags
-G---S-um---------um---------um---

VLAN
wan_X
wan_X
data_X

Duration
0d:0h:0m:17s
0d:0h:12m:30s
0d:0h:11m:46s

Origin(Ori): (d) Direct, (s) Static


Flags: (G) Gateway,(S) Static,(u) Unicast,(m) Multicast
Mask distribution:
1 default routes
Route Origin distribution:
2 routes from Direct

2 routes at length 24

1 routes from Static

Total number of routes = 3


Total number of compressed routes = 0

7 Again, notice that the Default Route is associated with the WAN VLAN. Even though the mask is
not declared when the route is configured, the IP address is assumed to be part of the same network.

116

ExtremeXOS Operation and Configuration, Rev. 12.1

Static Routing/IP Forwarding Configuration Lab

Part 4: Configuring the Client Workstation


The following instructions will guide you in setting up the client workstation. If your RD-X connection
to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility:

2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

ExtremeXOS Operation and Configuration, Rev. 12.1

117

Static Routing/IP Forwarding Configuration Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

118

ExtremeXOS Operation and Configuration, Rev. 12.1

Static Routing/IP Forwarding Configuration Lab


7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF011-X batch file, where X is your lab group number assigned in: Table 1:

This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:

8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

ExtremeXOS Operation and Configuration, Rev. 12.1

119

Static Routing/IP Forwarding Configuration Lab


9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:

Note that the Lab Network interface has been assigned your Lab Group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC.

120

ExtremeXOS Operation and Configuration, Rev. 12.1

Static Routing/IP Forwarding Configuration Lab

Part 5: Verifying and Testing IP Forwarding and the


Static Route
1 Enable the port connected to the Main Campus switch and the port connected to the Lab Group PC
by entering the following command:
Enable ports 13,24
2 On the Lab Group PC, open a Command Prompt window and use the PING command to verify that
the PC can communicate with each of the local switch interfaces (WAN and User), the default
gateway, and each of the configured neighbor lab PCs by entering the following:
ping <Wan VLAN>
Example:
ping 10.0.X.2
ping <User VLAN>
Example:
ping 10.0.10X.1
ping <Default Gateway>
Example:
ping 10.0.X.1
ping <Neighbor Lab Group PCs>
Example:
ping 10.0.10x.11
Where X is your lab group number and x is the lab group number of each neighbor lab group.

ExtremeXOS Operation and Configuration, Rev. 12.1

121

Static Routing/IP Forwarding Configuration Lab

122

ExtremeXOS Operation and Configuration, Rev. 12.1

11 Routing Information Protocol (RIP)


Configuration Lab
Student Objectives
Dynamic routing protocols are especially useful when there is more than one path available between
networks and their attached devices. Unlike static routes, a dynamic protocol can detect when a
preferred route has become sub-optimal or is no longer valid. When a change to the routing domain is
detected, the protocol re-converges on the available routes to prevent service interruption. This lab
provides you with hands-on experience to create router interfaces, enable IP forwarding, enable RIP,
and verify the routing functionality.
In this lab, you will:

Enable IP forwarding and RIP

Verify and test the IP forwarding operation

Figure 1: Routing Information Protocol Configuration Lab

Refer to the values listed in Table 1 to configure switch parameters for this lab.

Table 1: Group, Switch, VLAN, Interface Names, and VLAN and PC addresses
Lab
Group
#

Switch
Name

WAN
VLAN

WAN VLAN
Interface

WAN_BU
VLAN

WAN_BU VLAN User


Interface
VLAN

NC_1

wan_1

10.0.1.2/24

wanbu_1

10.0.11.2/24 data_1 10.0.101.1/24

10.0.101.11/24

OSBU_2

wan_2

10.0.2.2/24

wanbu_2

10.0.12.2/24 data_2 10.0.102.1/24

10.0.102.11/24

EC_3

wan_3

10.0.3.2/24

wanbu_3

10.0.13.2/24 data_3 10.0.103.1/24

10.0.103.11/24

RA_4

wan_4

10.0.4.2/24

wanbu_4

10.0.14.2/24 data_4 10.0.104.1/24

10.0.104.11/24

SC_5

wan_5

10.0.5.2/24

wanbu_5

10.0.15.2/24 data_5 10.0.105.1/24

10.0.105.11/24

WC_6

wan_6

10.0.6.2/24

wanbu_6

10.0.16.2/24 data_6 10.0.106.1/24

10.0.106.11/24

ExtremeXOS Operation and Configuration, Rev. 12.1

User VLAN
Interface

PC IP Address

123

Routing Information Protocol (RIP) Configuration Lab

Part 1: Setting Up for Verifying the Router Interfaces


1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF12-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:

login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

124

ExtremeXOS Operation and Configuration, Rev. 12.1

Routing Information Protocol (RIP) Configuration Lab

Part 2: Verifying the Router Interfaces


This exercise begins with the WAN, WAN Backup, and User VLANs configured on each switch.
1 Confirm the VLAN configuration by entering the following summary command:
show vlan
The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
4094 10.0.10X.1
/24 ----------------------- ANY
0 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/24 ----------------------- ANY
0 /1
VR-Default
wanbu_X
4092 10.0.1X.2
/24 ----------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled,
(P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
Total number of VLAN(s) : 5

2 Notice that all VLANs have pre-assigned ports and IP addresses.


3 Display the switch route table by entering the following summary command:
show iproute
The following displays:
Ori
d
d
d

Destination
10.0.X.0/24
10.0.1X.0/24
10.0.10X.0/24

Gateway
10.0.X.2
10.0.1X.2
10.0.10X.1

Mtr
1
1
1

Flags
-------um---------um---------um---

VLAN
wan_X
wanbu_X
data_X

Duration
0d:0h:9m:47s
0d:0h:9m:47s
0d:0h:9m:47s

Origin(Ori): (d) Direct,


Flags: (m) Multicast, (u) Unicast
Mask distribution:
3 routes at length 24
Route Origin distribution:
3 routes from Direct
Total number of routes = 3
Total number of compressed routes = 0

4 Notice there are three directly connected networks representing the three VLANs with assigned IP
addresses in the example above.

ExtremeXOS Operation and Configuration, Rev. 12.1

125

Routing Information Protocol (RIP) Configuration Lab

Part 3: Enabling IP Forwarding and Adding VLANs to


RIP
1 Enable IP forwarding specifically for the User(data_X), WAN(wan_X), and WAN Backup(wanbu_x)
VLANs by entering the following commands:
enable ipforwarding data_X
enable ipforwarding wan_X
enable ipforwarding wanbu_X
Where X is your lab group number in Table 1.
2 Confirm that forwarding is enabled for the VLANs named by entering the following summary
command:
show vlan
The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
4094 10.0.10X.1
/24 -f--------------------- ANY
0 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/24 -f--------------------- ANY
0 /1
VR-Default
wanbu_X
4092 10.0.1X.2
/24 -f--------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled

Total number of VLAN(s) : 5

3 Notice that the three VLANs have been assigned the flag f, indicating that IP forwarding is enabled
on these interfaces.
4 Configure RIP on each IP interface by entering the following commands:
configure rip add vlan data_X
configure rip add vlan wan_X
configure rip add vlan wanbu_X
Where X is your lab group number in Table 1.
5 Confirm that the VLANs were added to the RIP protocol by entering the following summary
command:
show vlan

126

ExtremeXOS Operation and Configuration, Rev. 12.1

Routing Information Protocol (RIP) Configuration Lab


The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
4094 10.0.10X.1
/24 -f--------r------------ ANY
0 /1
VR-Default
Default
1
------------------------------------------ ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------ ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/24 -f--------r------------ ANY
0 /1
VR-Default
wanbu_X
4092 10.0.1X.2
/24 -f--------r------------ ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (f) IP Forwarding Enabled, (r) RIP Enabled
Total number of VLAN(s) : 5

6 Notice that the three VLANs have been assigned the flag r, indicating that RIP will dynamically
learn routes on these interfaces.
7 In this scenario, the second Main Campus switch will only forward traffic when the primary path to
the first switch through port 13 fails. To ensure this performance, increase the cost associated with
the secondary path by entering the following command:
configure rip wanbu_X cost 10
Where X is your lab group number in Table 1.
8 Confirm that the cost metric is changed for this VLAN by entering the following summary
command:
show rip interface wanbu_X
The following displays:
VLAN
:
RouterRIP
:
TxMode
:
Input Policy
:
Trusted GW Policy
:
Rcved Packets
:
Rcved Bad Packets
:
Secondary Interfaces:

wanbu_X
Disabled
V2
None
None
0
0

Interface
Cost
RxMode
Output Policy
Sent Trig. Updates
Sent Packets
Rcved Bad Routes

:
:
:
:
:
:
:

10.0.1X.2/24
10
V1orV2
None
0
0
0

Rcvd
Rcvd
Rcvd
Rcvd
PeerIPAddress
Age Ver Pkts
Updts
BadPkts BadRouts
--------------------------------------------------------------------------------

ExtremeXOS Operation and Configuration, Rev. 12.1

127

Routing Information Protocol (RIP) Configuration Lab

Part 4: Enabling RIP and Verifying Protocol Operation


1 Enable the ports connected to the two Main Campus switches and the Lab Group PC by entering the
following command:
enable ports 13,14,24
2 Enable RIP, by entering the following command:
enable rip
3 Confirm that RIP is enabled by entering the following command:
show rip
The following displays:
RIP Routing
:
Split Horizon
:
Triggered Updates:
Update Interval :
Garbage Timeout :
Originate Default:
Sys Import-Policy:
Redistribute:

Enabled
Enabled
Enabled
30
120
Disabled
None

Poison Reverse
Aggregation
Route Timeout
Router Alert

:
:
:
:

Enabled
Disabled
180
Disabled

Protocol
Status
Cost Tag Policy
----------------------------------------------------------Direct
Disabled 0
0
none
Static
Disabled 0
0
none
OSPFIntra Disabled 0
0
none
OSPFInter Disabled 0
0
none
OSPFExt1
Disabled 0
0
none
OSPFExt2
Disabled 0
0
none
E-BGP
Disabled 0
0
none
I-BGP
Disabled 0
0
none
ISISL1
Disabled 0
0
none
ISISL2
Disabled 0
0
none
ISISL1Ext Disabled 0
0
none
ISISL2Ext Disabled 0
0
none

4 Confirm that learned routes are being added to the IP route table by entering the following
command:
show iproute

128

ExtremeXOS Operation and Configuration, Rev. 12.1

Routing Information Protocol (RIP) Configuration Lab


If all of the neighbor switches have been properly configured, the route table will look similar to the
following data from Lab Group 6s switch:
Ori
#r
#r
#r
#r
#r
#d
#r
#r
#r
#r
#r
#d
#r
#r
#r
#r
#r
#d

Destination
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
10.0.5.0/24
10.0.6.0/24
10.0.11.0/24
10.0.12.0/24
10.0.13.0/24
10.0.14.0/24
10.0.15.0/24
10.0.16.0/24
10.0.101.0/24
10.0.102.0/24
10.0.103.0/24
10.0.104.0/24
10.0.105.0/24
10.0.106.0/24

Gateway
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.2
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.2
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.106.1

Mtr
2
2
2
2
2
1
11
11
11
11
11
1
3
3
3
3
3
1

Flags
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f

VLAN
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wan_6
wan_6
wan_6
wan_6
wan_6
data_6

Duration
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:46m:57s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:46m:57s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:3m:25s
0d:0h:46m:58s

Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B)
(L)
(P)
(T)
(f)

BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route


Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast
LPM-routing, (R) Modified, (S) Static, (s) Static LSP
Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up
Provided to FIB (c) Compressed Route

Mask distribution:
18 routes at length 24
Route Origin distribution:
3 routes from Direct

15 routes from RIP

Total number of routes = 18


Total number of compressed routes = 0

5 Notice that, except for the directly-connected VLAN, all of the edge data network entries are learned
via the wan_X VLAN.

ExtremeXOS Operation and Configuration, Rev. 12.1

129

Routing Information Protocol (RIP) Configuration Lab


6 Simulate a fault in the network and force the edge networks to be learned via the wanbu_X VLAN
interface by increasing the cost associated with the primary path. Enter the following command:
configure rip wan_X cost 12
Where X is your lab group number in Table 1.
7 Confirm that the cost metric is changed for this VLAN by entering the following summary
command:
show rip interface wan_X
The following displays:
VLAN
:
RouterRIP
:
TxMode
:
Input Policy
:
Trusted GW Policy
:
Rcved Packets
:
Rcved Bad Packets
:
Secondary Interfaces:

wan_X
Enabled
V2
None
None
31
0

Interface
Cost
RxMode
Output Policy
Sent Trig. Updates
Sent Packets
Rcved Bad Routes

:
:
:
:
:
:
:

10.0.X.2/24
12
V1orV2
None
2
32
0

Rcvd
Rcvd
Rcvd
Rcvd
PeerIPAddress
Age Ver Pkts
Updts
BadPkts BadRouts
-------------------------------------------------------------------------------10.0.X.1
25 2
31
31
0
0

8 Confirm that edge routes are now being learned through the backup interface by entering the
following command:
show iproute

130

ExtremeXOS Operation and Configuration, Rev. 12.1

Routing Information Protocol (RIP) Configuration Lab


A route table similar to the following displays:
Ori
#r
#r
#r
#r
#r
#d
#r
#r
#r
#r
#r
#d
#r
#r
#r
#r
#r
#d

Destination
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
10.0.5.0/24
10.0.6.0/24
10.0.11.0/24
10.0.12.0/24
10.0.13.0/24
10.0.14.0/24
10.0.15.0/24
10.0.16.0/24
10.0.101.0/24
10.0.102.0/24
10.0.103.0/24
10.0.104.0/24
10.0.105.0/24
10.0.106.0/24

Gateway
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.2
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.2
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.106.1

Mtr
13
13
13
13
13
1
11
11
11
11
11
1
12
12
12
12
12
1

Flags
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f

VLAN
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
wanbu_6
data_6

Duration
0d:0h:4m:59s
0d:0h:7m:9s
0d:0h:7m:9s
0d:0h:7m:9s
0d:0h:7m:9s
0d:1h:3m:27s
0d:0h:19m:55s
0d:0h:19m:55s
0d:0h:19m:55s
0d:0h:19m:55s
0d:0h:19m:55s
0d:1h:3m:27s
0d:0h:6m:40s
0d:0h:6m:40s
0d:0h:6m:40s
0d:0h:6m:40s
0d:0h:6m:40s
0d:1h:3m:28s

Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B)
(L)
(P)
(T)
(f)

BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route


Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast
LPM-routing, (R) Modified, (S) Static, (s) Static LSP
Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up
Provided to FIB (c) Compressed Route

Mask distribution:
18 routes at length 24
Route Origin distribution:
3 routes from Direct

15 routes from RIP

Total number of routes = 18


Total number of compressed routes = 0

9 Restore the network by decreasing the cost associated with the primary path. Enter the following
command:
configure rip wan_X cost 1
Where X is your lab group number.

ExtremeXOS Operation and Configuration, Rev. 12.1

131

Routing Information Protocol (RIP) Configuration Lab

Part 5: Configuring the Client Workstation


The following instructions will guide you in setting up the client workstation. If your RD-X connection
to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility:

2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

132

ExtremeXOS Operation and Configuration, Rev. 12.1

Routing Information Protocol (RIP) Configuration Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

ExtremeXOS Operation and Configuration, Rev. 12.1

133

Routing Information Protocol (RIP) Configuration Lab


7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF12-X batch file, where X is your lab group number assigned in Table 1:

This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:

8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

134

ExtremeXOS Operation and Configuration, Rev. 12.1

Routing Information Protocol (RIP) Configuration Lab


9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:

Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC.

ExtremeXOS Operation and Configuration, Rev. 12.1

135

Routing Information Protocol (RIP) Configuration Lab

Part 6: Verifying and Testing IP Forwarding and RIP


1 Confirm the IP configuration parameters by entering the following summary command:
show ipconfig
The following displays:
Use Redirects : Disabled
IpOption LSRR : Enabled
IpOption SSRR : Enabled
IpOption RR : Enabled
IpOption TS : Enabled
IpOption RA : Enabled
Route Sharing : Disabled
Originated Packets : Don't require ipforwarding
IP Fwding into LSP : Disabled
Unicast Reverse Path : Disabled
Max Shared Gateways : Current: 4 Configured: 4
IRDP:
Advertisement Address: 255.255.255.255
Minimum Interval: 450
Lifetime: 1800
VLAN
data_X
wan_X
wanbu_X

IP Address
10.0.10X.1
10.0.X.2
10.0.1X.2

Maximum Interval: 600


Preference: 0

Flags
/24 EUf---MPuRX------/24 EUf---MPuRX------/24 EUf---MPuRX-------

nSIA
0
0
0

Flags: (A) Address Mask Reply Enabled (B) BOOTP Enabled


(b) Broadcast Forwarding Enabled, (E) Interface Enabled
(f) Forwarding Enabled (g) Ignore IP Broadcast Enabled
(h) Directed Broadcast Forwarding by Hardware Enabled
(I) IRDP Advertisement Enabled, (M) Send Parameter Problem Enabled
(m) Multicast forwarding Enabled, (n) Multinetted VLAN
(nSIA ) Number of Secondary IP Addresses
(P) Send Port Unreachables Enabled, (R) Send Redirects Enabled
(T) Time Stamp Reply Enabled, (U) Interface Up
(u) Send Unreachables Enabled, (X) Send Time Exceeded Enabled
(v) VRRP Enabled

2 Confirm which VLANs have been added to RIP and display any associated statistics by entering the
following summary command:
show rip interface

136

ExtremeXOS Operation and Configuration, Rev. 12.1

Routing Information Protocol (RIP) Configuration Lab


The following displays:
VLAN

IP Address

data_X
wan_X
wanbu_X

10.0.10X.1
10.0.X.2
10.0.1X.2

Flags
/24 rif/24 rif/24 rif-

Sent
Packets
72
69
67

Rcvd
Packets
0
64
77

Triggered
Updates
9
6
4

Cost
1
1
10

Flags: (f) Interface Forwarding Enabled, (i) Interface RIP Enabled


(n) Multinetted VLAN, (r) Router RIP Enabled

3 Display all routes associated with or learned via RIP by entering the following command:
show rip routes
The system displays data similar to the following example which is from Lab Group 6s switch:
Ori
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r
>r

Destination
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
10.0.4.0/24
10.0.5.0/24
10.0.6.0/24
10.0.11.0/24
10.0.12.0/24
10.0.13.0/24
10.0.14.0/24
10.0.15.0/24
10.0.16.0/24
10.0.101.0/24
10.0.102.0/24
10.0.103.0/24
10.0.104.0/24
10.0.105.0/24
10.0.106.0/24

Peer
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
0.0.0.0
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
10.0.16.1
0.0.0.0
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
10.0.6.1
0.0.0.0

Mtr State VLAN


2
wan_6
2
wan_6
2
wan_6
2
wan_6
2
wan_6
1
wan_6
11
wanbu_6
11
wanbu_6
11
wanbu_6
11
wanbu_6
11
wanbu_6
10
wanbu_6
3
wan_6
3
wan_6
3
wan_6
3
wan_6
3
wan_6
1
data_6

Age
3
3
3
3
3
0
14
14
14
14
14
0
3
3
3
3
3
0

Next-hop
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0

Origin(Ori): (be) EBGP, (bi) IBGP, (d) Direct, (o1) OSPFExt1,


(o2) OSPFExt2, (oe) OSPFAsExt, (or) OSPFInter, (s) Static
(e1) ISISL1Ext, (e2) ISISL2Ext, (i1) ISISL1, (i2) ISISL2
(>) active route
(St) route state: C=Changed, D=Deleted, U=Update system import policy pending
Total number of routes matching request: 18

ExtremeXOS Operation and Configuration, Rev. 12.1

137

Routing Information Protocol (RIP) Configuration Lab


4 Open a DOS window on the group lab PC and use the PING command to verify that the PC can
communicate with the wan_X VLAN Interface, wanbu_X VLAN Interface, data_X VLAN Interface,
and PC IP address for each of the configured neighbor lab groups by entering the following for each
group:
ping <wan_X Interface>
Example:
ping 10.0.X.2
ping <wanbu_X Interface>
Example:
ping 10.0.1X.2
ping <data_X Interface>
Example:
ping 10.0.10X.1
ping <PC IP address>
Example:
ping 10.0.10X.11
Where X is the lab group number of each neighbor lab group.

138

ExtremeXOS Operation and Configuration, Rev. 12.1

12 Open Shortest Path First (OSPF) Configuration


Lab
Student Objectives
Dynamic routing protocols are especially useful when there is more than one path available between
networks and their attached devices. Unlike static routes, a dynamic protocol can detect when a
preferred route has become sub-optimal or is no longer valid. When a change to the routing domain is
detected, the protocol will re-converge on the available routes to prevent service interruption.
This lab will guide you through the process of creating router interfaces, enabling IP forwarding,
enabling OSPF, and verifying the routing functionality.
In this lab, you will:

Enable IP forwarding

Configure and enable OSPF

Verify and test the IP forwarding and OSPF functionality

Figure 1: OSPF Configuration Lab

ExtremeXOS Operation and Configuration, Rev. 12.1

139

Open Shortest Path First (OSPF) Configuration Lab


Refer to the values listed in Table 1 to configure switch parameters for this lab.

Table 1: Group, Switch, VLAN, Interface Names, and VLAN and PC addresses
Lab
Group
Switch
Number Name

WAN
VLAN

WAN VLAN
Interface

WAN_BU
VLAN

WAN_BU VLAN User


Interface
VLAN

NC_1

wan_1

10.0.1.2/30

wanbu_1

10.0.1.6/30

closet_1 10.1.1.1/24

10.1.1.11/24

OSBU_2 wan_2

10.0.2.2/30

wanbu_2

10.0.2.6/30

closet_2 10.2.1.1/24

10.2.1.11/24

EC_3

wan_3

10.0.3.2/30

wanbu_3

10.0.3.6/30

closet_3 10.3.1.1/24

10.3.1.11/24

RA_4

wan_4

10.0.4.2/30

wanbu_4

10.0.4.6/30

closet_4 10.4.1.1/24

10.4.1.11/24

SC_5

wan_5

10.0.5.2/30

wanbu_5

10.0.5.6/30

closet_5 10.5.1.1/24

10.5.1.11/24

WC_6

wan_6

10.0.6.2/30

wanbu_6

10.0.6.6/30

closet_6 10.6.1.1/24

10.6.1.11/24

User VLAN
Interface

PC IP Address

Part 1: Setting Up for Verifying the Router Interfaces


This exercise begins with the specific group VLAN pre-configured on each switch.
1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF13-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

140

ExtremeXOS Operation and Configuration, Rev. 12.1

Open Shortest Path First (OSPF) Configuration Lab


5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

Part 2: Verifying the Router Interfaces


This exercise begins with the WAN, WAN BackUp, and User VLANs configured on each switch.
1 Confirm the VLAN configuration by entering the following summary command:
show vlan
The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------closet_X
4094 10.X.1.1
/24 ----------------------- ANY
0 /0
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/30 ----------------------- ANY
0 /1
VR-Default
wanbu_X
4092 10.0.X.6
/30 ----------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled,
(P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
Total number of VLAN(s) : 5

2 Notice that all VLANs have pre-assigned ports and IP addresses.

ExtremeXOS Operation and Configuration, Rev. 12.1

141

Open Shortest Path First (OSPF) Configuration Lab


3 Display the switch route table by entering the following summary command:
show iproute
The following displays:
Ori
d
d
d

Destination
10.0.X.0/30
10.0.X.4/30
10.X.1.0/24

Gateway
10.0.X.2
10.0.X.6
10.X.1.1

Mtr
1
1
1

Flags
-------um---------um---------um---

VLAN
wan_X
wanbu_X
closet_X

Duration
0d:0h:10m:38s
0d:0h:10m:38s
0d:0h:10m:38s

Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B)
(L)
(P)
(T)
(f)

BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route


Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast
LPM-routing, (R) Modified, (S) Static, (s) Static LSP
Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up
Provided to FIB (c) Compressed Route

Mask distribution:
1 routes at length 24

2 routes at length 30

Route Origin distribution:


3 routes from Direct
Total number of routes = 3
Total number of compressed routes = 0

4 Notice there are three directly connected networks representing the three VLANs with assigned IP
addresses.

Part 3: Enabling IP Forwarding and Configuring OSPF


1 Enable IP forwarding specifically for the User, WAN, and WAN BackUp VLANs by entering the
following commands:
enable ipforwarding closet_X
enable ipforwarding wan_X
enable ipforwarding wanbu_X
Where X is your lab group number assigned in Table 1.

142

ExtremeXOS Operation and Configuration, Rev. 12.1

Open Shortest Path First (OSPF) Configuration Lab


2 Confirm that forwarding is enabled for the VLANs named by entering the following summary
command:
show vlan
The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------closet_X
4094 10.X.1.1
/24 -f-------------------- ANY
0 /0
VR-Default
Default
1
------------------------------------------ ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------ ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/30 -f-------------------- ANY
0 /1
VR-Default
wanbu_X
4092 10.0.X.6
/30 -f-------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM
(P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configur
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
Total number of VLAN(s) : 5

3 Notice that the three VLANs have been assigned the flag f, indicating that IP forwarding is enabled
on these interfaces.
4 Configure OSPF on each IP interface by entering the following commands:
configure ospf add vlan closet_X area 0.0.0.0
configure ospf add vlan wan_X area 0.0.0.0
configure ospf add vlan wanbu_X area 0.0.0.0
Where X is your lab group number assigned in Table 1.
5 Confirm that the VLANs were added to the OSPF protocol by entering the following summary
command:
show vlan

ExtremeXOS Operation and Configuration, Rev. 12.1

143

Open Shortest Path First (OSPF) Configuration Lab


The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------closet_X
4094 10.X.1.1
/24 -f------o-------------- ANY
0 /0
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/30 -f------o-------------- ANY
0 /1
VR-Default
wanbu_X
4092 10.0.X.6
/30 -f------o-------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM
(P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configur
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
Total number of VLAN(s) : 5

6 Notice that the three VLANs have been assigned the flag o, indicating that OSPF will dynamically
learn routes on these interfaces.
7 In this scenario, you want the switch to only forward traffic along the wanbu_X VLAN when the
primary path through port 13 of the wan_X VLAN fails. To ensure this performance, increase the
cost associated with the secondary path by entering the following command:
configure ospf wanbu_X cost 20
Where X is the name assigned to your lab group in Table 1.
8 Confirm that the cost metric is changed for this VLAN by entering the following summary
command:
show ospf interface
The following displays:
VLAN
closet_X
wan_X
wanbu_X
Flags : f
n
r
A

144

IP Address
10.X.1.1
10.0.X.2
10.0.X.6
-

AREA ID
/24 0.0.0.0
/30 0.0.0.0
/30 0.0.0.0

Flags
--if--if--if-

Cost
10/A
10/A
20/C

State
-------------

Neighbors
0
0
0

Interface Forwarding Enabled, i - Interface OSPF Enabled,


Multinetted VLAN, p - Passive Interface,
Router OSPF Enable,
Automatic Cost, C - Configured Cost.

ExtremeXOS Operation and Configuration, Rev. 12.1

Open Shortest Path First (OSPF) Configuration Lab

Part 4: Enabling OSPF and Verifying the Protocol


Operation
1 Add port 24 to the closet-X VLAN. Enter the following command:
configure vlan closet_X add port 24
2 Enable the ports connected to the two Main Campus switches and the Lab Group PC by entering the
following command:
enable ports 13,15,24
3 Enable OSPF by entering the following command:
enable ospf
4 Confirm that OSPF is enabled by entering the following command:
show ospf
The following displays:
OSPF
:
RouterId
:
ASBR
:
ExtLSA
:
OriginateNewLSA
:
SpfHoldTime
:
CapabilityOpaqueLSA :
10M Cost
:
1000M Cost (1G)
:
Router Alert
:
ASExternal LSALimit :
Originate Default
:
Redistribute:
Protocol
direct
static
rip
e-bgp
i-bgp
isis-level-1
isis-level-2
isis-level-1-external
isis-level-2-external

Enabled
10.X.1.1
No
0
6
3
Enabled
10
4
Disabled
Disabled
Disabled
Status
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled

MPLS LSP as Next-Hop:


RouterId Selection :
ABR
:
ExtLSAChecksum
:
ReceivedNewLSA
:
Lsa Batch Interval :
100M Cost
10000M Cost (10G)
Import Policy File
Timeout (Count)

cost
0
0
0
0
0
0
0
0
0

Type
0
0
0
0
0
0
0
0
0

Tag
0
0
0
0
0
0
0
0
0

No
Automatic
No
0x0
21
30s

: 5
: 2
:
: Disabled (0)

Policy
None
None
None
None
None
None
None
None
None

5 Notice that, in the absence of an explicitly-configured value, the protocol assigns the highest-order IP
address of all configured OSPF interfaces as the RouterID.
6 Confirm that OSPF learned routes are being added to the IP route table by entering the following
command:
show iproute

ExtremeXOS Operation and Configuration, Rev. 12.1

145

Open Shortest Path First (OSPF) Configuration Lab


If all of the neighbor switches have been properly configured, the route table will look similar to the
following which shows data from Lab Group 6s switch:
* WC_6.21 # show iproute
Ori Destination
Gateway
#oa 10.0.1.0/30
10.0.6.1
#oa 10.0.1.4/30
10.0.6.1
#oa 10.0.2.0/30
10.0.6.1
#oa 10.0.2.4/30
10.0.6.1
#oa 10.0.3.0/30
10.0.6.1
#oa 10.0.3.4/30
10.0.6.1
#oa 10.0.4.0/30
10.0.6.1
#oa 10.0.4.4/30
10.0.6.1
#oa 10.0.5.0/30
10.0.6.1
#oa 10.0.5.4/30
10.0.6.1
#d
10.0.6.0/30
10.0.6.2
#d
10.0.6.4/30
10.0.6.6
oa 10.0.6.4/30
10.0.6.1
#oa 10.1.1.0/24
10.0.6.1
#oa 10.2.1.0/24
10.0.6.1
#oa 10.3.1.0/24
10.0.6.1
#oa 10.4.1.0/24
10.0.6.1
#oa 10.5.1.0/24
10.0.6.1
#d
10.6.1.0/24
10.6.1.1

Mtr
8
8
8
8
8
8
8
8
8
8
1
1
8
13
13
13
13
13
1

Flags
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f
U------um--f
UG-D---um--UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
UG-D---um--f
U------um--f

VLAN
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
wanbu_6
wan_6
wan_6
wan_6
wan_6
wan_6
wan_6
closet_6

Duration
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:1s
0d:0h:3m:2s
0d:0h:3m:2s
0d:1h:23m:32s
0d:1h:23m:32s
0d:0h:3m:2s
0d:0h:3m:2s
0d:0h:3m:2s
0d:0h:3m:2s
0d:0h:3m:2s
0d:0h:3m:2s
0d:1h:23m:32s

Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B)
(L)
(P)
(T)
(f)

BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route


Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast
LPM-routing, (R) Modified, (S) Static, (s) Static LSP
Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up
Provided to FIB (c) Compressed Route

Mask distribution:
6 routes at length 24

13 routes at length 30

Route Origin distribution:


3 routes from Direct

16 routes from OSPFIntra

Total number of routes = 19


Total number of compressed routes = 0

7 Notice that, except for the directly-connected VLAN, all of the edge data network entries are learned
via the wan_X VLAN.

146

ExtremeXOS Operation and Configuration, Rev. 12.1

Open Shortest Path First (OSPF) Configuration Lab

Part 5: Configuring the Client Workstation


The following instructions will guide you in setting up the client workstation. If your RD-X connection
to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility:

2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

ExtremeXOS Operation and Configuration, Rev. 12.1

147

Open Shortest Path First (OSPF) Configuration Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

148

ExtremeXOS Operation and Configuration, Rev. 12.1

Open Shortest Path First (OSPF) Configuration Lab


7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF13-X batch file, where X is your lab group number assigned in Table 1:

This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:

8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

ExtremeXOS Operation and Configuration, Rev. 12.1

149

Open Shortest Path First (OSPF) Configuration Lab


9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:

Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 1.
This completes the setup of the Lab Group PC.

150

ExtremeXOS Operation and Configuration, Rev. 12.1

Open Shortest Path First (OSPF) Configuration Lab

Part 6: Verifying and Testing IP Forwarding and OSPF


1 Confirm the IP configuration parameters by entering the following summary command:
show ipconfig
The following displays:
Use Redirects : Disabled
IpOption LSRR : Enabled
IpOption SSRR : Enabled
IpOption RR : Enabled
IpOption TS : Enabled
IpOption RA : Enabled
Route Sharing : Disabled
Originated Packets : Don't require ipforwarding
IP Fwding into LSP : Disabled
Unicast Reverse Path : Disabled
Max Shared Gateways : Current: 4 Configured: 4
IRDP:
Advertisement Address: 255.255.255.255
Minimum Interval: 450
Lifetime: 1800
VLAN
closet_X
wan_X
wanbu_X

IP Address
10.X.1.1
10.0.X.2
10.0.X.6

Flags
/24 EUf---MPuRX------/30 EUf---MPuRX------/30 EUf---MPuRX-------

Maximum Interval: 600


Preference: 0
nSIA
0
0
0

Flags: (E) Interface Enabled, (U)Interface Up, f) Forwarding Enabled,


(M) Send Parameter Problem Enabled, (P) Send Port Unreachables Enabled, (u) Send
Unreachables Enabled, (R) Send Redirects Enabled,(X) Send Time Exceeded Enabled

Confirm which VLANs have been added to OSPF and display any associated statistics by entering
the following summary command:
show ospf interface
The following displays:
VLAN
closet_X
wan_X
wanbu_X
Flags : f
n
r
A

IP Address
10.X.1.1
10.0.X.2
10.0.X.6
-

AREA ID
/24 0.0.0.0
/30 0.0.0.0
/30 0.0.0.0

Flags
-rif-rif-rif-

Cost
5/A
4/A
20/C

State
DR
DR
DR

Neighbors
0
1
1

Interface Forwarding Enabled, i - Interface OSPF Enabled,


Multinetted VLAN, p - Passive Interface,
Router OSPF Enable,
Automatic Cost, C - Configured Cost.

ExtremeXOS Operation and Configuration, Rev. 12.1

151

Open Shortest Path First (OSPF) Configuration Lab


3 Additional, area-specific OSPF interface information can be displayed by entering the following
summary command:
show ospf area 0.0.0.0
The following displays:
Area: 0.0.0.0 Type: Normal
Router Id: 10.X.1.1
Spf Runs: 5 Num ABR: 0 Num ASBR: 0 Num LSA: 19 LSA Chksum:0x9b8c5
Interfaces:
IP addr
Ospf State
DR IP addr
BDR IP addr
10.X.1.1
/24
E
DR
10.X.1.1
0.0.0.0
10.0.X.2
/30
E
DR
10.0.X.2
10.0.X.1
10.0.X.6
/30
E
DR
10.0.X.6
10.0.X.5
Inter-Area route Filter:
External route Filter:
Configured Address Ranges:

4 Notice that the area specified can be any area configured on the switch.

5 Open a Command Prompt window on the Lab Group PC and use the PING command to verify that
the PC can communicate with the wan_X VLAN Interface, wanbu_X VLAN Interface, closet_X
Interface, and PC IP address for each of the configured neighbor lab groups by entering the
following for each group:
ping <wan_X Interface>
Example:
ping 10.0.X.2
ping <wanbu_X Interface>
Example:
ping 10.0.X.6
ping <closet_X Interface>
Example:
ping 10.X.1.1
ping <neighbor PC IP address>
Example:
ping 10.X.1.11
Where X is the lab group number of each neighbor lab group.

152

ExtremeXOS Operation and Configuration, Rev. 12.1

Open Shortest Path First (OSPF) Configuration Lab


The following displays the output from pinging Lab Group 6:
C:\Documents and Settings\student>ping 10.0.6.2
Pinging 10.0.6.2 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.0.6.2:
10.0.6.2:
10.0.6.2:
10.0.6.2:

bytes=32
bytes=32
bytes=32
bytes=32

time=2ms
time<1ms
time<1ms
time<1ms

TTL=255
TTL=255
TTL=255
TTL=255

Ping statistics for 10.0.6.2:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 2ms, Average = 0ms
C:\Documents and Settings\student>ping 10.0.6.6
Pinging 10.0.6.6 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.0.6.6:
10.0.6.6:
10.0.6.6:
10.0.6.6:

bytes=32
bytes=32
bytes=32
bytes=32

time<1ms
time<1ms
time<1ms
time<1ms

TTL=255
TTL=255
TTL=255
TTL=255

Ping statistics for 10.0.6.6:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Documents and Settings\student>ping 10.6.1.1
Pinging 10.6.1.1 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.6.1.1:
10.6.1.1:
10.6.1.1:
10.6.1.1:

bytes=32
bytes=32
bytes=32
bytes=32

time<1ms
time<1ms
time<1ms
time<1ms

TTL=255
TTL=255
TTL=255
TTL=255

Ping statistics for 10.6.1.1:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Documents and Settings\student>ping 10.6.1.11
Pinging 10.6.1.11 with 32 bytes of data:
Reply
Reply
Reply
Reply

from
from
from
from

10.6.1.11:
10.6.1.11:
10.6.1.11:
10.6.1.11:

bytes=32
bytes=32
bytes=32
bytes=32

time<1ms
time<1ms
time<1ms
time<1ms

TTL=128
TTL=128
TTL=128
TTL=128

Ping statistics for 10.6.1.11:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

ExtremeXOS Operation and Configuration, Rev. 12.1

153

Open Shortest Path First (OSPF) Configuration Lab

154

ExtremeXOS Operation and Configuration, Rev. 12.1

13 Netlogin using Local MAC Address


Authentication Configuration Lab
Student Objectives
This lab will guide you through the process of supporting an enterprise customer who is preparing to
install IP phones in the lobby of their corporate headquarters. These phones will be in publicly
accessible locations. Corporate Security would like to protect the Ethernet port to which the phones will
connect from allowing any other devices access to the network. They have decided that using Extremes
Network Login feature with Local-MAC address security is the best way to provide this security.
In this lab, you will complete the following tasks:

Enable the Network Login Service

Configure local MAC address authentication

Verify that the configuration works

You and your team will be configuring switches to accommodate the IP phones. Since the phones are
not yet onsite, you will be testing the solutions using a PC.
Refer to the values listed in Table 1 to understand the configuration parameters for this lab.

Table 1: Lab Group, Station, Remote PC IP Address, Lab Group PC IP Address, Location, Gateway
Lab
Group
Number

Station

Remote PC
IP Address

Lab Group PC
IP Address

Location

Gateway

1a

10.209.10.11/24

192.168.1.31/24

Phone 11

192.168.1.1/24

2a

10.209.10.12/24

192.168.2.31/24

Phone 21

192.168.2.1/24

3a

10.209.10.13/24

192.168.3.31/24

Phone 31

192.168.3.1/24

4a

10.209.10.14/24

192.168.4.31/24

Phone 41

192.168.4.1/24

5a

10.209.10.15/24

192.168.5.31/24

Phone 51

192.168.5.1/24

6a

10.209.10.16/24

192.168.6.31/24

Phone 61

192.168.6.1/24

ExtremeXOS Operation and Configuration, Rev. 12.1

155

Netlogin using Local MAC Address Authentication Configuration Lab

Part 1: Setting up for Netlogin


This exercise begins with loading the specific group pre-configuration on each switch.
1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_NTLGN-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.
7 View the VLAN configuration, enter the following command:
show vlan

156

ExtremeXOS Operation and Configuration, Rev. 12.1

Netlogin using Local MAC Address Authentication Configuration Lab


The following displays:
-----------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
-----------------------------------------------------------------------------------Default
1
192.168.X.1
/24 -----------T------ ANY
1 /1
VR-Default
Mgmt
4095 -------------------------------------- ANY
1 /1
VR-Mgmt
-----------------------------------------------------------------------------------Flags : (T) Member of STP Domain
Total number of VLAN(s) : 2

Part 2: Configuring the Client Workstation


The following instructions will guide you in setting up the client workstation. If your RD-X connection
to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility.
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

ExtremeXOS Operation and Configuration, Rev. 12.1

157

Netlogin using Local MAC Address Authentication Configuration Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

158

ExtremeXOS Operation and Configuration, Rev. 12.1

Netlogin using Local MAC Address Authentication Configuration Lab


7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_NTLGN-X batch file, where X is your lab group number assigned in Table 1:

This batch file will automatically configure the PC IP address. The following screen appears while
the file executes, follow the instructions on the screen:

ExtremeXOS Operation and Configuration, Rev. 12.1

159

Netlogin using Local MAC Address Authentication Configuration Lab


Using Lab Group 1 as an example below, the system displays the following ip configuration:

8 Notice that the Lab Network interface has been assigned your Lab Group PC's IP address and mask
found in Table 1.
9 Verify the setup by pinging the default gateway from the vPC.
C:\>ping 192.168.X.1

Pinging 192.168.X.1 with 32 bytes of data:


Reply
Reply
Reply
Reply

from
from
from
from

192.168.X.1:
192.168.X.1:
192.168.X.1:
192.168.X.1:

bytes=32
bytes=32
bytes=32
bytes=32

time<1ms
time<1ms
time<1ms
time<1ms

TTL=128
TTL=128
TTL=128
TTL=128

Ping statistics for 192.168.X.1:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

This completes the setup of the Lab Group PC.

160

ExtremeXOS Operation and Configuration, Rev. 12.1

Netlogin using Local MAC Address Authentication Configuration Lab

Part 3: Displaying the Network Login Configuration


1 On the switch, verify that the MAC-based Network Login service is not configured.
show netlogin mac
The following displays:
NetLogin Auth Mode : web-based
NetLogin VLAN
:
NetLogin move-fail-action
:
NetLogin Client Aging Time
:
Dynamic VLAN Creation
:
Dynamic VLAN Uplink Ports
:

DISABLED; 802.1x DISABLED; mac-based DISABLED


<Not Configured>
Deny
5 minutes
Disabled
None

-----------------------------------------------MAC Mode Global Configuration


-----------------------------------------------Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Radius, Local-User database
------------------------------------------------

2 Verify that the local MAC database (the list of MAC addresses that is stored on the switch) is empty.
show netlogin mac-list
The following displays:
SS-0X.3 # show netlogin mac-list
SS-0X.4 #

Part 4: Configuring the Network Login VLAN


The Network Login VLAN is an internal VLAN that enables the system to access the Network Login
Service. You will not add any ports to this VLAN, however, later in this lab, you will configure ports to
use the Network Login Service.
1 Create a VLAN to support the Network Login service.
create vlan netlogin_vlan
2 Associate the VLAN to the Network Login Service.
configure netlogin vlan netlogin_vlan

Part 5: Configuring MAC Address Authentication


1 Enable MAC address authentication option of the Network Login Service.
enable netlogin mac

ExtremeXOS Operation and Configuration, Rev. 12.1

161

Netlogin using Local MAC Address Authentication Configuration Lab


2 Configure the MAC address authentication process to use the local database. The options available
are local and radius. The system will search either the local database and the RADIUS database in
the order in which the options are entered. If the local option is entered first, then the local database
will be interrogated before the RADIUS database. You may also configure the system to only search
local or RADIUS databases by only entering one of the two options.
Enter the following command:
configure netlogin mac authentication database-order local
3 On the Lab Group PC, verify that the PC can ping the gateway.
C:\>ping 192.168.X.1
4 On your switch, select the ports that will subscribe to the Network Login Service.
enable netlogin ports 24 mac
5 On the Lab Group PC, verify that the PC is now unable to ping the gateway.
C:\>ping 192.168.X.1
Pinging 192.168.X.1 with 32 bytes of data:
Request
Request
Request
Request

timed
timed
timed
timed

out.
out.
out.
out.

Ping statistics for 192.168.X.1:


Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Part 6: Managing the Authorized MAC Addresses


There are two parts to managing the authorized MAC Addresses. The first part is to create an entry in
the MAC address database. The second part is to create a corresponding entry in the user database for
the configured MAC address.
1 On the Lab Group PC, determine the MAC (physical) address of the Lab Network Ethernet Adapter
by entering the following at the Command Prompt:
ipconfig /all
The following displays:
Ethernet adapter Lab Network:
Connection-specific
Description . . . .
Physical Address. .
Dhcp Enabled. . . .
IP Address. . . . .
Subnet Mask . . . .
Default Gateway . .

DNS
. .
. .
. .
. .
. .
. .

Suffix
. . . .
. . . .
. . . .
. . . .
. . . .
. . . .

.
.
.
.
.
.
.

:
:
:
:
:
:
:

VMware Accelerated AMD PCNet Adapter


00-50-56-00-00-FB
No
192.168.X.31
255.255.255.0
192.168.X.1

In the example above, the MAC address for the Lab Network Ethernet Adapter is 00-50-56-00-00-FB.

162

ExtremeXOS Operation and Configuration, Rev. 12.1

Netlogin using Local MAC Address Authentication Configuration Lab


2 On the switch, add that MAC addresses to the local database. MAC addresses are entered using the
colon as a separator. All alphabetic characters should be entered in upper case.
configure netlogin add mac-list <lab_group_pc_mac_address>
Example:
configure netlogin add mac-list 00:50:56:00:00:FB
3 On your switch, add MAC-based users to the local database. When entering the following command,
you will substitute the user-name and password options with the MAC address of the IP phone.
When entering the MAC address, enter the MAC address used in the last step, omitting the colon (:)
character.
create netlogin local-user <user-name> <password>
All alphabetic characters should be entered in upper case. The MAC address from the example
above would be entered as 0050560000FB 0050560000FB for the <user-name> and <password> in the
command.
Example:
create netlogin local-user 0050560000FB 0050560000FB

Part 7: Testing the Configuration


1 On the Lab Group PC, verify that the system is configured correctly by pinging the default gateway.
C:\>ping 192.168.X.1
The following displays:
Pinging 192.168.X.1 with 32 bytes of data:
Request timed out.
Reply from 192.168.X.1:
Reply from 192.168.X.1:
Reply from 192.168.X.1:
Reply from 192.168.X.1:

bytes=32
bytes=32
bytes=32
bytes=32

time<1ms
time<1ms
time<1ms
time<1ms

TTL=128
TTL=128
TTL=128
TTL=128

Ping statistics for 192.168.X.1:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

NOTE
The reply may not take effect immediately, if you get request timed out - wait a minute, and then try again.

ExtremeXOS Operation and Configuration, Rev. 12.1

163

Netlogin using Local MAC Address Authentication Configuration Lab

Part 8: Just in Case....


If you should encounter problems, there are a few commands that you can execute to help you in
diagnosing the problem.
1 Display the general Network Login service configuration by using the following command:
show netlogin

164

ExtremeXOS Operation and Configuration, Rev. 12.1

Netlogin using Local MAC Address Authentication Configuration Lab


The following displays:
NetLogin Authentication Mode
NetLogin VLAN
NetLogin move-fail-action
NetLogin Client Aging Time
Dynamic VLAN Creation
Dynamic VLAN Uplink Ports

:
:
:
:
:
:

web-based DISABLED; 802.1x DISABLED; mac-based ENABLED


"netlogin_vlan"
Deny
5 minutes
Disabled
None

-----------------------------------------------Web-based Mode Global Configuration


-----------------------------------------------Base-URL
: network-access.com
Default-Redirect-Page
: ENABLED; http://www.extremenetworks.com
Logout-privilege
: YES
Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s)
Refresh failures allowed : 0
Reauthenticate on refresh: Disabled
Authentication Database : Radius, Local-User database
Proxy Ports
: 80(http),443(https)
-----------------------------------------------802.1x Mode Global Configuration
-----------------------------------------------Quiet Period
: 60
Supplicant Response Timeout
: 30
Re-authentication period
: 3600
Max Re-authentications
: 3
RADIUS server timeout
: 30
EAPOL MPDU version to transmit : v1
Authentication Database
: Radius
----------------------------------------------------------------------------------------------MAC Mode Global Configuration
-----------------------------------------------MAC Address/Mask
Password (encrypted)
-------------------- -----------------------------00:0C:29:AA:D6:8C/48 <not configured>

Port(s)
-----------------------any

Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24, Vlan: Default, State: Enabled, Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
00:0c:29:aa:d6:8c
00:e0:2b:00:00:01

IP address
192.168.1.31
0.0.0.0

ExtremeXOS Operation and Configuration, Rev. 12.1

Authenticated
Yes, Locally
No

Type
MAC
MAC

ReAuth-Timer
0
0

User
000C29AAD68C

165

Netlogin using Local MAC Address Authentication Configuration Lab


2 To focus in on just the Network Login MAC related parameters, enter the following command:
show netlogin mac
The following displays:
NetLogin Authentication Mode
NetLogin VLAN
NetLogin move-fail-action
NetLogin Client Aging Time
Dynamic VLAN Creation
Dynamic VLAN Uplink Ports

:
:
:
:
:
:

web-based DISABLED;802.1x DISABLED; mac-based ENABLED


"netlogin_vlan"
Deny
5 minutes
Disabled
None

-----------------------------------------------MAC Mode Global Configuration


-----------------------------------------------MAC Address/Mask
-------------------00:0C:29:AA:D6:8C/48

Password (encrypted)
-----------------------------<not configured>

Port(s)
-----------------------any

Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24, Vlan: Default, State: Enabled, Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
00:0c:29:aa:d6:8c
00:e0:2b:00:00:01

IP address
192.168.1.31
0.0.0.0

Authenticated
Yes, Locally
No

Type
MAC
MAC

ReAuth-Timer User
0
000C29AAD68C
0

3 To view the Network Login configuration of the port, enter the following command:
show netlogin port 24
The following displays:
Port
Port Restart
Allow Egress
Vlan
Authentication
Port State
Guest Vlan
Auth Failure Vlan
Auth Service-Unavailable Vlan
MAC
00:0c:29:aa:d6:8c
00:e0:2b:00:00:01

166

:
:
:
:
:
:
:
:
:

IP address
192.168.1.31
0.0.0.0

24
Disabled
None
Default
mac-based
Enabled
Disabled
Disabled
Disabled
Authenticated
Yes, Locally
No

Type
MAC
MAC

ReAuth-Timer User
0
000C29AAD68C
0

ExtremeXOS Operation and Configuration, Rev. 12.1

Netlogin using Local MAC Address Authentication Configuration Lab


4 To view the default VLAN, enter the following command:
show vlan default
5 Finally, you can interrogate the message log to view the activity of the Network Login service.
show log messages memory-buffer
The following displays:

08/22/2008 20:42:19.49 <Info:nl.ClientAuthenticated> Network Login MAC user


000C29AAD68C logged in MAC 00:0C:29:AA:D6:8C port 24 VLAN(s) "Default",
authentication Locally
8/22/2008 20:41:47.31 <Info:nl.init> Network Login framework has been initialized
8/22/2008 20:33:30.99 <Erro:nl.mac.MacListEmpty> Mac authentication was initiated,
but mac-list for virtual router VR-Default is empty

ExtremeXOS Operation and Configuration, Rev. 12.1

167

Netlogin using Local MAC Address Authentication Configuration Lab

168

ExtremeXOS Operation and Configuration, Rev. 12.1

14 Universal Port Configuration Lab


Universal Port is a powerful framework for event driven activation of CLI scripts or profiles. The
ExtremeXOS Universal Port framework enables the switch to take actions based on such criteria as a
detected device, a user authenticated (or unauthenticated), or a user-configured timer.
Universal Port is primarily used for simplifying edge configuration. Added security is gained by
enabling Network Login for authentication prior to granting the device or user access to the network. In
its simplest form, Universal Port provides the ability to automatically configure network interface
parametersports, IP addresses, and QoS on ExtremeXOS switches.

Student Objectives
In this lab, you will:

Verify an existing Netlogin configuration

Create a Universal Port profile

Bind the profile to a pre-defined event

Associate the profile with a specific user

Test and validate that the profile is applied when the user authenticates

Figure 1: Universal Port Configuration

ExtremeXOS Operation and Configuration, Rev. 12.1

169

Universal Port Configuration Lab


Refer to the values listed in Table 1to configure switch parameters for this lab.

Table 1: Group, Switch, VLAN Names, Tags and IP addresses


Lab
Group

Data
VLAN

Data
VLAN
Tag

Data VLAN IP
Address

Data PC IP
Address

Voice
VLAN

Voice
VLAN
Tag

Voice VLAN IP
Address

Switch
Name

Voice PC IP
Address

SAM_1 data_1 1011

10.0.11.1/24

10.0.11.101 voice_1

1012

10.0.12.1/24 10.0.12.101

EXC_2

data_2 1021

10.0.21.1/24

10.0.21.101 voice_2

1022

10.0.22.1/24 10.0.22.101

ACT_3

data_3 1031

10.0.31.1/24

10.0.31.101 voice_3

1032

10.0.32.1/24 10.0.32.101

MFG_4 data_4 1041

10.0.41.1/24

10.0.41.101 voice_4

1042

10.0.42.1/24 10.0.42.101

ENG_5 data_5 1051

10.0.51.1/24

10.0.51.101 voice_5

1052

10.0.52.1/24 10.0.52.101

HUR_6 data_6 1061

10.0.61.1/24

10.0.61.101 voice_6

1062

10.0.62.1/24 10.0.62.101

Part 1: Setting Up for Loading and Validating the


Netlogin Configuration
This exercise begins with the specific group VLAN pre-configured on each switch.
1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF19-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

170

ExtremeXOS Operation and Configuration, Rev. 12.1

Universal Port Configuration Lab


5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

Part 2: Loading and Validating the Netlogin


Configuration
1 Review the existing VLAN configuration by entering the following command:
show vlan
The system displays the following:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
10X1 ------------------------------------------- ANY
0 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
nl_vlan
4093 ----------------------LN------------------- ANY
0 /1
VR-Default
voice_X
10X2 ------------------------------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (L) Loopback Enabled,(N) Network Login VLAN
Total number of VLAN(s) : 5

2 Notice that each switch is configured with a netlogin vlan, nl_vlan, and that all VLANs are already
associated with a single port (port 24).
3 Review the existing MAC-based netlogin configuration by entering the following command:
show netlogin mac

ExtremeXOS Operation and Configuration, Rev. 12.1

171

Universal Port Configuration Lab


The system displays the following:
NetLogin Authentication Mode
NetLogin VLAN
NetLogin move-fail-action
NetLogin Client Aging Time
Dynamic VLAN Creation
Dynamic VLAN Uplink Ports

:
:
:
:
:
:

web-based DISABLED; 802.1x DISABLED; mac-based DISABLED


"nl_vlan"
Deny
5 minutes
Disabled
None

-----------------------------------------------MAC Mode Global Configuration


-----------------------------------------------MAC Address/Mask
-------------------AA:AA:AA:AA:AA:AA/48
BB:BB:BB:BB:BB:BB/48

Password (encrypted)
-----------------------------<not configured>
<not configured>

Port(s)
-----------------------24
24

Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
------------------------------------------------

4 Notice that mac-based authentication is DISABLED, but is pre-configured for two MAC addresses one for each of your two lab PC's.
Also notice that the authentication database is set for the Local-User database. Because we are not
using a RADIUS server in this exercise, this will become an important factor later in the lab.

172

ExtremeXOS Operation and Configuration, Rev. 12.1

Universal Port Configuration Lab

Part 3: Configuring the Client Workstations


The following instructions will guide you in setting up the client workstations. If your RD-X connection
to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility:

2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

ExtremeXOS Operation and Configuration, Rev. 12.1

173

Universal Port Configuration Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

174

ExtremeXOS Operation and Configuration, Rev. 12.1

Universal Port Configuration Lab


7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF19-Xa batch file, where X is your lab group number assigned in Table 1:

This batch file will automatically configure the PC IP address. The following screen appears while
the file executes, and then closes automatically when it terminates:

8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

ExtremeXOS Operation and Configuration, Rev. 12.1

175

Universal Port Configuration Lab


9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig /all
Using Lab Group 1 as an example, the system displays the following:

10 Notice that the Lab Network interface for this PC has been assigned an IP address on the network
associated with the Data PC IP Address (127.0.0.1:101X) found in Table 1 (where X is your Lab
Group number).
11 From the Data PC desktop, right-click on My Network Places and select Properties from the menu:

176

ExtremeXOS Operation and Configuration, Rev. 12.1

Universal Port Configuration Lab


12 Highlight the Lab Network icon:

13 To block the station from sending any packets prior to testing, select Disable this network device
from the Network Tasks menu:

This completes the setup of your first PC.


14 To set up the second lab PC, Enter the combined IP address and unique port number identifying the
target lab PC in the format 127.0.0.1:102X, where X is the lab group number assigned in Table 1:

This will be configured as the Voice PC and assigned the respective IP address found in Table 1 for
your lab group.

ExtremeXOS Operation and Configuration, Rev. 12.1

177

Universal Port Configuration Lab


15 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

16 From the PC desktop, open the Lab Networking Addressing folder:. Double-click on the
Config_ECF19-Xb batch file, where X is your lab group number assigned in Table 1:

This batch file will automatically configure the PC IP address. The following screen appears while
the file executes, and then close automatically when it terminates:

17 Open a Command window:

178

ExtremeXOS Operation and Configuration, Rev. 12.1

Universal Port Configuration Lab


18 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig /all
Using Lab Group 1 as an example, the system displays the following:

19 Notice that the Lab Network interface for this PC has been assigned an IP address the network
associated with the Voice PC IP Address (127.0.0.1:102X) found in Table 1 (where X is your Lab
Group number).
20 From the PC desktop, right-click on My Network Places and select Properties from the menu:

ExtremeXOS Operation and Configuration, Rev. 12.1

179

Universal Port Configuration Lab


21 Highlight the Lab Network icon:

22 To block the station from sending any packets prior to testing, select Disable this network device
from the Network Tasks menu:

180

ExtremeXOS Operation and Configuration, Rev. 12.1

Universal Port Configuration Lab

Part 4: Creating the Universal Port Profiles and Binding


to an Event
1 Profiles can be assigned to specific users. For this exercise, we will create two profiles, one for each
supplicant. On the switch, create the first profile by entering the following command:
create upm profile ecf-19-Xa
Where X is your lab group number found in Table 1.
The system displays the following:
Start typing the profile and end with a . as the first and the only character on a line.
Use - edit upm profile <name> - for block mode capability

2 Enter the following commands:


configure vlan data_X ipaddress 10.0.X1.1/24
.
Where X is your lab group number, and the ip address is the value assigned to your group for the
VLAN data_X found in Table 1. Note that the second line, ., terminates the editing function of the
create command.
3 Create the second profile by entering the following command:
create upm profile ecf-19-Xb
Where X is your lab group number found in Table 1.
The system displays the following:
Start typing the profile and end with a . as the first and the only character on a line.
Use - edit upm profile <name> - for block mode capability

4 Enter the following commands:


configure vlan voice_X ipaddress 10.0.X2.1/24
.
Where X is your lab group number, and <Voice VLAN IP Address> is the value assigned to your
group for the VLAN data_X found in Table 1. Note that the second line, ., terminates the editing
function of the create command.
5 Display summary information for the profiles by entering the following command:
show upm profile
The system displays the following:
================================================================================
UPM Profile
Events
Flags Ports
================================================================================
ecf-19-Xa
e
ecf-19-Xb
e
================================================================================
Number of UPM Profiles: 2
Number of UPM Events in Queue for execution: 0
Flags: d - disabled, e - enabled
Event name: log-message(Log filter name) - Truncated to 20 chars

ExtremeXOS Operation and Configuration, Rev. 12.1

181

Universal Port Configuration Lab


6 Bind each profile to the user-authentication event by entering the following commands:
configure upm event user-authenticate profile ecf-19-Xa ports 24
configure upm event user-authenticate profile ecf-19-Xb ports 24
Where X is your lab group number found in Table 1.
7 Confirm that the profiles were correctly bound by entering the following command:
show upm event user-authenticate
The system displays the following:
------------------------------------------------------------------UPM Profile
PortList
------------------------------------------------------------------ecf-19-Xa
24
ecf-19-Xb
24
-------------------------------------------------------------------

8 This can also be validated with the summary profile information, shown by entering the following
command:
show upm profile
The system displays the following:
================================================================================
UPM Profile
Events
Flags Ports
================================================================================
ecf-19-Xa
user-authenticated
e 24
ecf-19-Xb
user-authenticated
e 24
================================================================================
Number of UPM Profiles: 2
Number of UPM Events in Queue for execution: 0
Flags: d - disabled, e - enabled
Event name: log-message(Log filter name) - Truncated to 20 chars

182

ExtremeXOS Operation and Configuration, Rev. 12.1

Universal Port Configuration Lab

Part 5: Universal Port, Netlogin, and MAC-Based


Authentication
In order for authentication to work without an external database (like RADIUS), each user needs to be
added to Netlogin's local user database. When using MAC-based authentication, the MAC address of
the end station is used for both the user name and the password.
1 The two Lab PC's configured in Part 3 have already been added to the database. Confirm this
configuration by entering the following command:
show netlogin local-users
The system displays the following:
Netlogin Local User Name
-----------------------AAAAAAAAAAAA
BBBBBBBBBBBB

Extended-VLAN VSA
----------------------------<not configured>
<not configured>

Security Profile
---------------------<not configured>
<not configured>

2 Notice that the MAC address is entered without delimiters, and all alpha characters are capitalized.
3 An additional requirement of local authorization is to bind the Universal Port profile to the specific
Netlogin user by entering the following commands:
configure netlogin local-user <User A MAC> security-profile ecf-19-Xa
configure netlogin local-user <User B MAC> security-profile ecf-19-Xb
Example:
configure netlogin local-user 000C29AAD68C security-profile ecf-19-1a
configure netlogin local-user 000C296BAF67 security-profile ecf-19-1b
Replace <User A MAC> and <User B MAC> with their respective MAC addresses as displayed in
step 1 above, and X with your lab group number found in Table 1.
4 Confirm that the profiles were correctly associated with the user accounts by entering the following
command:
show netlogin local-users
The system displays the following:

Netlogin Local User Name


-----------------------AAAAAAAAAAAA
BBBBBBBBBBBB

Extended-VLAN VSA
----------------------------<not configured>
<not configured>

ExtremeXOS Operation and Configuration, Rev. 12.1

Security Profile
---------------------ecf-19-Xa
ecf-19-Xb

183

Universal Port Configuration Lab

Part 6: Triggering and Validating the Event Profile


1 Enable Netlogin for MAC-based authentication by entering the following command:
enable netlogin mac
2 Display the MAC-based authentication Netlogin information by entering the following command:
show netlogin mac
Notice that MAC-based Netlogin is enabled and configured for the two PC MAC addresses, but that
none have been authenticated on any of the displayed VLANs.
NetLogin Authentication Mode
NetLogin VLAN
NetLogin move-fail-action
NetLogin Client Aging Time
Dynamic VLAN Creation
Dynamic VLAN Uplink Ports

:
:
:
:
:
:

web-based DISABLED;
"nl_vlan"
Deny
5 minutes
Disabled
None

802.1x DISABLED;

mac-based ENABLED

-----------------------------------------------MAC Mode Global Configuration


-----------------------------------------------MAC Address/Mask
-------------------AA:AA:AA:AA:AA:AA/48
BB:BB:BB:BB:BB:BB/48

Password (encrypted)
-----------------------------<not configured>
<not configured>

Port(s)
-----------------------24
24

Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24, Vlan: data_X, State: Enabled, Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
IP address
Authenticated
-----------------------------------------------

Type

ReAuth-Timer

User

Port: 24, Vlan: nl_vlan, State: Enabled, Authentication: mac-based


Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
IP address
Authenticated
-----------------------------------------------

Type

ReAuth-Timer

User

Port: 24, Vlan: voice_X, State: Enabled, Authentication: mac-based


Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
IP address
Authenticated
-----------------------------------------------

Type

ReAuth-Timer

User

3 Enable the port connecting to the Lab Group PCs by entering the following command:
enable ports 24
4 Display the summary VLAN information by entering the following command:
show vlan

184

ExtremeXOS Operation and Configuration, Rev. 12.1

Universal Port Configuration Lab


The following displays:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
10X1 ------------------------------------------- ANY
1 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
nl_vlan
4093 ----------------------LN------------------- ANY
1 /1
VR-Default
voice_X
10X2 ------------------------------------------- ANY
1 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (L) Loopback Enabled,(N) Network Login VLAN

5 Notice that neither the data_X nor the voice_X VLANs have been assigned IP addresses.
6 On the Data PC desktop(127.0.0.1:101X), from Network Connections, re-enable the Lab Network
interface by selecting Enable this network device from the Network Tasks menu:

7 On the Data PC desktop(127.0.0.1:101X), open a Command Window and launch a PING to the
Data_X VLAN IP address by entering the following command:
ping 10.0.X1.1
Where X is your lab group number found in Table 1. The system displays the following:
C:\Documents and Settings\student>ping 10.0.X1.1
Reply from 10.0.X1.1: bytes=32 time=1ms TTL=255
Reply from 10.0.X1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.X1.1: bytes=32 time<1ms TTL=255
Reply from 10.0.X1.1: bytes=32 time<1ms TTL=255
Ping statistics for 10.0.X1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

8 On the switch, display the MAC-based authentication Netlogin information by entering the
following command:
show netlogin mac

ExtremeXOS Operation and Configuration, Rev. 12.1

185

Universal Port Configuration Lab


The following display is an example from Lab Group 1s switch:
NetLogin Authentication Mode
NetLogin VLAN
NetLogin move-fail-action
NetLogin Client Aging Time
Dynamic VLAN Creation
Dynamic VLAN Uplink Ports

:
:
:
:
:
:

web-based DISABLED;802.1x DISABLED; mac-based ENABLED


"nl_vlan"
Deny
5 minutes
Disabled
None

-----------------------------------------------MAC Mode Global Configuration


-----------------------------------------------MAC Address/Mask
-------------------00:0C:29:6B:AF:67/48
00:0C:29:AA:D6:8C/48

Password (encrypted)
-----------------------------<not configured>
<not configured>

Port(s)
-----------------------24
24

Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24, Vlan: data_1, State: Enabled, Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
IP address
Authenticated
00:0c:29:aa:d6:8c 10.0.11.101
Yes, Locally
-----------------------------------------------

Type
MAC

ReAuth-Timer
0

User
000C29AAD68C

Port: 24, Vlan: nl_vlan, State: Enabled, Authentication: mac-based


Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
IP address
Authenticated
00:e0:2b:00:00:01 0.0.0.0
No
-----------------------------------------------

Type
MAC

ReAuth-Timer
0

User

Port: 24, Vlan: voice_1, State: Enabled, Authentication: mac-based


Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
IP address
Authenticated
-----------------------------------------------

Type

ReAuth-Timer

User

9 Notice that the MAC address for the Data PC (127.0.0.1:101X)has been authenticated on the data_X
VLAN.
10 On the switch, display the summary VLAN information by entering the following command:
show vlan

186

ExtremeXOS Operation and Configuration, Rev. 12.1

Universal Port Configuration Lab


The system displays the following:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
10X1 10.0.X1.1
/24 ----------------------- ANY
1 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
nl_vlan
4093 ----------------------LN------------------- ANY
1 /1
VR-Default
voice_X
10X2 ------------------------------------------- ANY
1 /1
VR-Default
--------------------------------------------------------------------------------------Total number of VLAN(s) : 5

11 Notice that the data_X VLAN has been assigned the IP address sent a PING.
12 On the Voice PC desktop(127.0.0.1:102X), from Network Connections, re-enable the Lab Network
interface by selecting Enable this network device from the Network Tasks menu:

13 On the Voice PC desktop(127.0.0.1:102X), open a Command Window and launch a PING to the
voice_X VLAN IP address by entering the following command:
ping 10.0.X2.1
Where X is your lab group number found in Table 1. The system displays the following:
C:\Documents and Settings\student>ping 10.0.X2.1
Reply from 10.0.X2.1: bytes=32 time=1ms TTL=255
Reply from 10.0.X2.1: bytes=32 time<1ms TTL=255
Reply from 10.0.X2.1: bytes=32 time<1ms TTL=255
Reply from 10.0.X2.1: bytes=32 time<1ms TTL=255
Ping statistics for 10.0.X2.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

14 On the switch, display the MAC-based authentication Netlogin information by entering the
following command:
show netlogin mac

ExtremeXOS Operation and Configuration, Rev. 12.1

187

Universal Port Configuration Lab


The system displays the following example from Lab Group 1s switch for the vlan voice_X segment
of the output:
----------------------------------------------Port: 24, Vlan: voice_1, State: Enabled, Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
MAC
IP address
Authenticated
00:0c:29:6b:af:67 10.0.12.101
Yes, Locally
-----------------------------------------------

Type
MAC

ReAuth-Timer
0

User
000C296BAF67

15 Notice that the MAC address for the Voice PC(127.0.0.1:102X) has been authenticated on the voice_X
VLAN.
16 Display the summary VLAN information by entering the following command:
show vlan
The system displays the following:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------data_X
10X1 10.0.X1.1
/24 ----------------------- ANY
1 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
nl_vlan
4093 ----------------------LN------------------- ANY
1 /1
VR-Default
voice_X
10X2 10.0.X2.1
/24 ----------------------- ANY
1 /1
VR-Default
--------------------------------------------------------------------------------------Total number of VLAN(s) : 5

17 Notice that the voice_X VLAN has been assigned the IP address sent a PING.

188

ExtremeXOS Operation and Configuration, Rev. 12.1

15 Quality of Service (QoS) Configuration Lab


Student Objectives
When network traffic needs a guarantee of underlying network performance, QoS provides a solution.
QoS is a set of protocols and mechanisms that facilitate the delivery of delay and bandwidth sensitive
material across data networks. This typically relates to the amount of bandwidth required, but other
factors, such as priority, are also taken into account. QoS in the Ethernet networks is fundamentally
creating unequal access in an essentially equal access network. In this environment, an application is
assured that its requirement for bandwidth, priority, latency and delay are met.
Policy-based Quality of Service (QoS) is a feature of Extreme XOS and the Extreme Networks switch
architecture that allows you to specify different service levels for traffic traversing the switch. Policybased QoS allows you to protect bandwidth for important categories of applications or to specifically
limit the bandwidth associated with less critical traffic. Using Policy-based QoS, you can specify the
service level that a particular traffic type receives.
The main benefit of QoS is that it allows you to have control over the types of traffic that receive
enhanced service from the system. For example, if voice-over-IP (VoIP) traffic requires a reserved
amount of bandwidth to function properly. You can use policy-based QoS to reserve sufficient
bandwidth critical to this type of application. In this lab, you will implement this feature by assigning a
strict service priority by configuring two or more hardware queues to contend for transmission on the
same physical port.
In this lab, you will:

Confirm the baseline VLAN configuration

Verify the data forwarding model for unconstrained traffic flows

Configure VLAN-based QoS with strict priority queuing

Verify the QoS configuration

Test the QoS configuration

ExtremeXOS Operation and Configuration, Rev. 12.1

189

Quality of Service (QoS) Configuration Lab

Figure 1: QoS Configuration Lab

Refer to the values listed in Table 1 to configure switch parameters for this lab.

Table 1: Group, Switch, VLAN Names, CV Tags, Ports and PC, and Target VLAN Addresses
Lab Group
Number
1
2
3
4
5
6

190

VLAN

Target VLAN
IP Address on
Target Switches

192.168.1.101/24

target_1a

192.168.101.1/24

14u

101

13t, 23u

192.168.11.101/24

target_1b

192.168.111.1/24

16u

102

21

13t, 24u

192.168.2.101/24

target_2a

192.168.102.1/24

14u

201

closet_2b

22

13t, 23u

192.168.22.101/24

target_2b

192.168.122.1/24

16u

202

ACT_3 closet_3a

31

13t, 24u

192.168.3.101/24

target_3a

192.168.103.1/24

14u

301

closet_3b

32

13t, 23u

192.168.33.101/24

target_3b

192.168.133.1/24

16u

302

MFG_4 closet_4a

41

13t, 24u

192.168.4.101/24

target_4a

192.168.104.1/24

14u

401

closet_4b

42

13t, 23u

192.168.44.101/24

target_4b

192.168.144.1/24

16u

402

ENG_5 closet_5a

51

13t, 24u

192.168.5.101/24

target_5a

192.168.105.1/24

14u

501

closet_5b

52

13t, 23u

192.168.55.101/24

target_5b

192.168.155.1/24

16u

502

HUR_6 closet_6a

61

13t, 24u

192.168.6.101/24

target_6a

192.168.106.1/24

14u

601

closet_6b

62

13t, 23u

192.168.66.101/24

target_6b

192.168.166.1/24

16u

602

CV
CV
Tag Ports

Lab Group PC
IP Addresses

SAM_1 closet_1a

11

13t, 24u

closet_1b

12

EXC_2 closet_2a

Switch
Name

Closet
VLAN (CV)

Target

TV

TV
Ports Tag

ExtremeXOS Operation and Configuration, Rev. 12.1

Quality of Service (QoS) Configuration Lab

Part 1: Creating the EAPS Control VLAN


1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF17-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

4 Enter y to reboot the switch if this message appears.


When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

ExtremeXOS Operation and Configuration, Rev. 12.1

191

Quality of Service (QoS) Configuration Lab


7 Confirm the configuration of the two edge VLANs, closet_Xa and closet_Xb, and the two target
interfaces, target_Xa and target_Xb (where X is the lab group number assigned in Table 1) by
entering the following command:
show vlan
The system displays the following:
--------------------------------------------------------------------------------------Name
VID Protocol Addr
Flags
Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------closet_Xa
X1
------------------------------------------- ANY
2 /2
VR-Default
closet_Xb
X2
------------------------------------------- ANY
2 /2
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
target_Xa
X01 192.168.10X.1 /24 ----------------------- ANY
1 /1
VR-Default
target_Xb
X02 192.168.1XX.1 /24 ----------------------- ANY
1 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled,
(P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
Total number of VLAN(s) : 6

8 Notice that ports have been assigned and enabled. Also, both target VLANs are configured with IP
addresses. This will be the destination IP addresses used to test the QoS feature later in the lab.

192

ExtremeXOS Operation and Configuration, Rev. 12.1

Quality of Service (QoS) Configuration Lab

Part 2: Configuring the Client Workstations


The following instructions will guide you in setting up the first client workstation. If your RD-X
connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility:

2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

ExtremeXOS Operation and Configuration, Rev. 12.1

193

Quality of Service (QoS) Configuration Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

194

ExtremeXOS Operation and Configuration, Rev. 12.1

Quality of Service (QoS) Configuration Lab


7 From the 127.0.0.1:101X Lab Group PC desktop, open the Lab Networking Addressing folder.
Double-click on the Config_ECF17-Xa batch file, where X is your lab group number assigned in
Table 1:

This batch file will automatically configure the Lab Group PC IP address. The following screen
appears while the file executes, and then closes automatically when it terminates.

8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

ExtremeXOS Operation and Configuration, Rev. 12.1

195

Quality of Service (QoS) Configuration Lab


9 Enter the following command in the command window to display the IP interface information on
the Lab Group PC.
ipconfig
The system displays the following information.

10 Notice that the ethernet adapter Untagged has been assigned your first Lab Group PC IP Address
and mask found in Table 1.
11 For the second Lab Group PC (127.0.0.1:102X), open the Accessories folder again and re-launch the
Remote Desktop Connect utility.

196

ExtremeXOS Operation and Configuration, Rev. 12.1

Quality of Service (QoS) Configuration Lab


12 Enter the combined IP address and unique port number identifying the second target Lab Group PC
in the format 127.0.0.1:102X, where X is the lab group number assigned in Table 1.

13 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student.

14 From the 127.0.0.1:102X Lab Group PC desktop, open the Lab Networking Addressing folder.
Double click on the Config_ECF17-Xb batch file, where X is the lab group number assigned in
Table 1.

This batch file will automatically configure the Lab Group PC IP address. The following screen will
appear while the file executes, and then close automatically when it terminates:

ExtremeXOS Operation and Configuration, Rev. 12.1

197

Quality of Service (QoS) Configuration Lab


15 From the Start menu, click on the Run option to confirm the IP address and static routes. Enter cmd
to open a Command window:
16 Enter the following command in the command window to display the IP interface information on
the Lab Group PC:
ipconfig
The system displays the following information:

17 Notice that the ethernet adapter Untagged has been assigned your second Lab Group PC IP Address
and mask found in Table 1.

198

ExtremeXOS Operation and Configuration, Rev. 12.1

Quality of Service (QoS) Configuration Lab

Part 3: Best-Effort Traffic Modeling


Both Lab Group PCs have default gateways configured on the core switch CS-A, and reachable only via
the single uplink port, port 13. This means that any traffic sent to destinations across a routing
boundary in another subnet will be forwarded out the uplink port, and any traffic sent simultaneously
by both systems will contend for outbound bandwidth and priority.
1 From the first Lab Group PC desktop(127.0.0.1:101X), open the folder named iPerf for Windows and
launch the batch file Lab_ECF17-Xa where X is the lab group number assigned in Table 1.

This batch file will send a 5MB UDP stream for fifty minutes (3000 seconds) to the target address
192.168.10X.1.
2 Show the port utilization for the first Lab Group PC port (port 24) and the uplink port to CS-A (port
13) by entering the following command on your switch:
show ports 13,24 utilization
Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link
Utilization Averages screen.
The system displays the following:
Link Utilization Averages
Wed Aug 27 09:23:24 2008
Port
Link
Link
Receive
Peak Rx
Transmit
Peak Transmit
State
Speed % bandwidth
% bandwidth % bandwidth % bandwidth
================================================================================
13
A
10
0.05
0.06
40.11
42.27
24
A
100
4.01
4.21
0.01
0.01

================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
Spacebar->toggle screen U->page up D->page down ESC->exit

3 Notice that, in this example, the Receive % bandwidth for port 24 is equal to the Transmit %
bandwidth for port 13. Note also that port 13 has been configured for 10MB, so the UDP stream
from the first Lab Group PC accounts for over 40% of the ports total capacity.

ExtremeXOS Operation and Configuration, Rev. 12.1

199

Quality of Service (QoS) Configuration Lab


4 From the second Lab Group PC desktop(127.0.0.1:102X), open the folder named iPerf for Windows
and launch the batch file Lab_ECF17-Xb where X is the lab group number assigned in Table 1.

This batch file will send a 10MB UDP stream for fifty minutes (3000 seconds) to the target address
192.168.1XX.1.
5 Show the port utilization for the first Lab Group PC port (port 24), the second Lab Group PC port
(port 23), and the uplink port to CS-A (port 13) by entering the following command:
show ports 13,23,24 utilization
Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link
Utilization Averages screen.
The system displays the following:
Link Utilization Averages
Wed Aug 27 09:38:12 2008
Port
Link
Link
Receive
Peak Rx
Transmit
Peak Transmit
State
Speed % bandwidth
% bandwidth % bandwidth % bandwidth
================================================================================
13
A
10
0.11
0.11
99.04
100.00
23
A
100
6.90
6.90
0.01
0.01
24
A
100
3.60
3.86
0.01
0.01

================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
Spacebar->toggle screen U->page up D->page down ESC->exit

6 Notice that, in this example, the Receive % Bandwidth for port 23 is at the expected 10Mbyte (the
size of the UDP transmitted stream), and that the Transmit % Bandwidth for port 13 is now
hovering at 100% utilization.
7 No QoS has been configured, so the traffic streams are being forwarded by the default, best-effort
profile, QP1. Confirm that all traffic is being service by QP1 by showing the QoS monitor statistics
for the uplink port, Port 13, with the following command:
show port 13 qosmonitor

200

ExtremeXOS Operation and Configuration, Rev. 12.1

Quality of Service (QoS) Configuration Lab


The system displays the following:
Qos Monitor Req Summary
Wed Aug 27 09:43:15 2008
Port
QP1
QP2
QP3
QP4
QP5
QP6
QP7
QP8
Pkt
Pkt
Pkt
Pkt
Pkt
Pkt
Pkt
Pkt
Xmts
Xmts
Xmts
Xmts
Xmts
Xmts
Xmts
Xmts
================================================================================
13
98437
0
0
0
0
0
0
4

The actual target interfaces, 192.168.10X.1 and 192.168.1XX.1, are configured on the student switch.
The streams are forwarded to the first core switch, CS-A, where they cross the routing boundary and
pass to the second core switch, CS-B via the cross-connect with CS-A. The two streams are then sent
back via layer-2 to the student switch on two separate links, port 14 and port 16.
8 You can get a sense of how the best-effort servicing on port 14 affects the amount of traffic
forwarded from either stream by displaying the port utilization information for these two inbound
ports with the following command:
show ports 14,16 utilization
9 Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link
Utilization Averages screen.
The system displays the following:
Link Utilization Averages
Wed Aug 27 09:57:33 2008
Port
Link
Link
Receive
Peak Rx
Transmit
Peak Transmit
State
Speed % bandwidth
% bandwidth % bandwidth % bandwidth
================================================================================
14
A
10
35.81
39.55
0.05
0.06
16
A
10
67.83
69.71
0.05
0.06

10 Notice that, in this example, while the original bandwidth for the first Lab Group PC was 5MB, the
Receive % bandwidth for port 14 shows that only approximately 35%, or roughly 3.5MB, is reaching
the target. Notice also, a similar situation for the traffic sent from the second Lab Group PC is
occurring. Of the 10MB original stream, only 6.7MB arrives at the target.
This information is consistent with what you know of the size of the original streams and QoS
profile that is servicing them. The combined streams from the first and second Lab Group PC total
15MB. This means that the first Lab Group PC accounts for approximately one third of the total, and
the second Lab Group PC accounts for, approximately, the remaining two thirds. Since all of the
traffic is being forwarded by the same QoS queue, the traffic is forwarded according to the
percentage of the total, resulting in the numbers you see being received on ports 14 and 16 in the
above illustration.

ExtremeXOS Operation and Configuration, Rev. 12.1

201

Quality of Service (QoS) Configuration Lab

Part 4: Configuring Quality of Service, Assigning it to a


VLAN, and Verifying Priority Service
1 In our scenario, you want to ensure that the entire smaller stream from the first Lab Group PC
arrives at its target, and that the stream from the second Lab Group PC continues to receive besteffort delivery. The switch has two QoS profiles configured by default: QP1 for best-effort and QP8
for management traffic. Confirm this by entering the following command:
show qosprofile
The system displays the following:

QP1
QP8

Weight =
Weight =

1
1

Max Buffer Percent = 100


Max Buffer Percent = 100

2 Since the traffic from the first Lab Group PC is only a production stream and you do not want to
arbitrarily assign it to your management traffic queue. Begin by first creating the QoS profile QP2 for
the smaller stream by entering the following command:
create qosprofile qp2
3 Confirm that you successfully created the new profile by entering the following command:
show qosprofile
The system displays the following:

QP1
QP2
QP8

Weight =
Weight =
Weight =

1
1
1

Max Buffer Percent = 100


Max Buffer Percent = 100
Max Buffer Percent = 100

4 Since we want to guarantee that the traffic from the first Lab Group PC arrives at its destination,
enter the following command to implement strict priority queue scheduling:
configure qosscheduler strict-priority
5 Notice that the queues will now be serviced only in order of priority and the profile weight be
ignored.
6 Assign the newly-created profile QP2 to the VLAN servicing the smaller data stream, closet_Xa, by
entering the following command:
configure closet_Xa qosprofile qp2
Where X is your lab group number found in Table 1.
7 Confirm that the qosprofile is correctly assigned to the VLAN by entering the following command:
show vlan closet_Xa

202

ExtremeXOS Operation and Configuration, Rev. 12.1

Quality of Service (QoS) Configuration Lab


The system displays the following:
VLAN Interface with name closet_Xa created by user
Admin State:
Enabled
Tagging:
802.1Q Tag X1
Virtual router: VR-Default
IPv6:
None
STPD:
None
Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
QP2
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile:
None configured
Ports:
2.
(Number of active ports=2)
Untag:
*24
Tag:
*13
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin
(t) Translate VLAN tag for Private-VLAN
(s) Private-VLAN System Port, (L) Loopback port
(e) Private-VLAN End Point Port

8 If necessary, restart the iPerf utility to ensure that both Lab Group PCs are transmitting their
respective UDP streams. Confirm that the traffic on the uplink port, port 13, is now being serviced
by queues 1 and 2 with the following command:
show port 13 qosmonitor

NOTE
If the iPerf timer on the batch file on either PC has expired, re-launch the utility.

9 Clear the counters by pressing the 0 key.


The system displays the following:
Qos Monitor Req Summary
Wed Aug 27 13:12:13 2008
Port
QP1
QP2
QP3
QP4
QP5
QP6
QP7
QP8
Pkt
Pkt
Pkt
Pkt
Pkt
Pkt
Pkt
Pkt
Xmts
Xmts
Xmts
Xmts
Xmts
Xmts
Xmts
Xmts
================================================================================
13
629319
34123
0
0
0
0
0
32

10 While the above confirms that both QP1 and QP2 are servicing the streams equally, it is impossible
to tell anything about the actual traffic flow. We can get more insight into how the traffic is moving
through the switch by displaying the port utilization information for the four inbound ports (ports
14, 16, 23, and 24) and one outbound port (port 13) with the following command:
show ports 13,14,16,23,24 utilization

ExtremeXOS Operation and Configuration, Rev. 12.1

203

Quality of Service (QoS) Configuration Lab


11 Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link
Utilization Averages screen.
The system displays the following:
Link Utilization Averages
Wed Aug 27 13:15:54 2008
Port
Link
Link
Receive
Peak Rx
Transmit
Peak Transmit
State
Speed % bandwidth
% bandwidth % bandwidth % bandwidth
================================================================================
13
A
10
0.11
0.11
100.00
100.00
14
A
10
39.65
39.65
0.06
0.06
16
A
10
69.33
69.33
0.06
0.06
23
A
100
7.93
7.93
0.01
0.01
24
A
100
3.98
3.98
0.01
0.01

================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
Spacebar->toggle screen U->page up D->page down ESC->exit0

12 Notice that, in this example, as expected, the information for inbound ports 23 and 24, and outbound
port 13, remain unchanged.
The highlighted statistics for the inbound ports 14 and 16, however, is very different than in the
best-effort trial. In this case, port 14 and port 16 are showing roughly the same utilization
approximately 40% and approximately 60% of a 10MB port, or approximately 5MB of utilization.
This proves that all of the higher priority traffic from the smaller stream is now being forwarded out
the oversubscribed uplink port, port 13.
The remaining bandwidth (approximately 5MB) is used by the lower-priority stream from the
second Lab Group PC.

Ensure to clear the configuration on both Lab Group PCs by running the cleanup config file.
13 From the 127.0.0.1:101X Lab Group PC desktop, open the Lab Networking Addressing folder.
Double-click on the Config_cleanup_ECF17-Xa batch file, where X is your lab group number
assigned in Table 1.
14 From the 127.0.0.1:102X Lab Group PC desktop, open the Lab Networking Addressing folder.
Double click on the Config_cleanup_ECF17-Xb batch file, where X is the lab group number assigned
in Table 1.

204

ExtremeXOS Operation and Configuration, Rev. 12.1

16 Switch Diagnostics Lab


Student Objectives
This lab provides you with hands-on experience to use the Extreme Networks system diagnostic
features.
In this lab, you will:

Verify system memory and process operation.

Terminate and restart a process.

Verify that the system health check is enabled.

Display the system log.

Run normal and extended diagnostics.

Verify diagnostic results.

Figure 1: Switch Diagnostics Lab

ExtremeXOS Operation and Configuration, Rev. 12.1

205

Switch Diagnostics Lab

Part 1: Resetting the Switch to Factory Default


1 Press the Enter key until the system displays the login prompt.
2 Enter admin to login to the switch with administrator privilege.
3 The switch should not have an admin password configured. Press the Enter key.
4 The system displays the command line prompt.
5 Reset the switch to the factory default configuration by entering the following command:
unconfigure switch all
The following displays:
Restore all factory defaults and reboot? (y/N)

6 Enter y and press the Enter key.


The boot process is complete when the following displays:
Authentication Service (AAA) on the master node is now available for login.

7 Press the Enter key until the system displays the login prompt.
8 Enter admin to login to the switch with administrator privilege.
9 The switch should not have an admin password configured. Press the Enter key.
The system displays the command line prompt.
Because it has been reset to the factory default, the switch will prompt for several security settings.
First, the following displays:
Telnet is enabled by default. Telnet is unencrypted and has been the target of
security exploits in the past.
Would you like to disable Telnet? [y/N]:

10 Enter n and press the Enter key.


Then the following displays:
:

SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be


configured to eliminate this problem.
Would you like to disable SNMP? [y/N]:

11 Enter n and press the Enter key.


The following message appears:
All ports are enabled by default. In some secure applications, it maybe more
desirable for the ports to be turned off.
Would you like unconfigured ports to be turned off by default? [y/N]:

206

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Diagnostics Lab


12 Enter y and press the Enter key.
The following prompt then displays regarding the failsafe login and password:
Changing the default failsafe account username and password is highly
recommended. If you choose to do so, please remember the username and
password as this information cannot be recovered by Extreme Networks.
Would you like to change the failsafe account username and password
now? [y/N]:

13 Enter n and press the Enter key.


Finally, the following displays:
Would you like to permit failsafe account access via the management port?
[y/N]:

14 Enter n and press the Enter key.


15 Save the configuration to the default configuration location by entering the following command:
save
The following displays:
No default configuration database has been selected to boot up the system.
Save configuration will set the new configuration as the default database.
The configuration file primary.cfg already exists.
Do you want to save configuration to primary.cfg and overwrite it? (y/N)

16 Enter y and press the Enter key.


The following then displays:
Saving configuration on master ........... done!
Configuration saved to primary.cfg successfully.
The selected configuration will take effect after the next switch reboot.

ExtremeXOS Operation and Configuration, Rev. 12.1

207

Switch Diagnostics Lab

Part 2: Monitoring Processes


1 Display system processes, by entering the following command:
show process
The switch should display approximately 60 different processes. The following is an example of the
command output:
Process Name
Version Restart
State
Start Time
------------------------------------------------------------------------aaa
3.0.0.3
0
Ready
Tue Mar 11 22:33:48 2008
acl
3.0.0.2
0
Ready
Tue Mar 11 22:33:52 2008
bgp
3.0.0.2
0
Ready
Tue Mar 11 22:33:50 2008
brm
1.0.0.0
0
Ready
Tue Mar 11 22:33:56 2008
cfgmgr
3.0.0.21
0
Ready
Tue Mar 11 22:33:47 2008
cli
3.0.0.22
0
Ready
Tue Mar 11 22:33:47 2008
devmgr
3.0.0.2
0
Ready
Tue Mar 11 22:33:47 2008
.
.
.
vlan
3.1.0.2
0
Ready
Tue Mar 11 22:33:48 2008
vrrp
3.0.0.5
0
Ready
Tue Mar 11 22:33:53 2008
xmld
1.0.0.0
0
Ready
Tue Mar 11 22:33:55 2008

2 Display the memory use for the specific process CLI by entering the following command:
show memory process cli
The following displays:
System Memory Information
------------------------Total DRAM (KB): 262144
System
(KB): 17380
User
(KB): 95176
Free
(KB): 149588
Memory Utilization Statistics
----------------------------Process Name
Memory (KB)
----------------------------cli
17848

3 Display detailed information for the CLI processes by entering the following command:
show process cli detail

208

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Diagnostics Lab


The following displays:
Name
PID
Path
Type Link Date
Build By
Peer
-------------------------------------------------------------------------------cli
409
./cliMaster App Mon Feb 25 15:45:31 PST 2008 release-manager
29
Virtual Router(s):
-------------------------------------------------------------------------------Configuration:
Start Priority SchedPolicy Stack TTY CoreSize Heartbeat StartSeq
-------------------------------------------------------------------------------1
0
0
0
0
0
1
1
Memory Usage Configuration:
Memory(KB) Zones: Green Yellow Orange Red
-------------------------------------------------------------------------------0
0
0
0
0
Recovery policies
-------------------------------------------------------------------------------failover-reboot
-------------------------------------------------------------------------------Statistics:
ConnectionLost Timeout Start Restart Kill Register Signal Hello Hello Ack
-------------------------------------------------------------------------------0
0
0
0
0
1
0
0
175
Memory Zone Green
Yellow
Orange
Red
-------------------------------------------------------------------------------Green
0
0
0
0
-------------------------------------------------------------------------------Commands:
Start
Stop
Resume
Shutdown
Kill
-------------------------------------------------------------------------------0
0
0
0
0
-------------------------------------------------------------------------------Resource Usage:
UserTime SysTime PageReclaim PageFault Up Since
Up Date Up Time
-------------------------------------------------------------------------------11.94
2.25
19682
544
Tue Mar 11 22:33:47 2008 00/00/00 00:17:46
-------------------------------------------------------------------------------Thread Name
Pid
Tid
Delay Timeout Count
-------------------------------------------------------------------------------main
409
1024
6
0
--------------------------------------------------------------------------------

4 Display the heartbeat for the CLI process by entering the following command:
show heartbeat process cli
The following displays:
Process Name
Hello HelloAck
Last Heartbeat Time
---------------------------------------------------------------------cli
0
215
Tue Mar 11 22:55:32 2008

5 Display the CPU usage for all running processes by entering the following command:
top

ExtremeXOS Operation and Configuration, Rev. 12.1

209

Switch Diagnostics Lab


The following displays:
Mem: 224196K used, 20568K free, 0K shrd, 1468K buff, 127256K cached
Load average: 3.11, 3.03, 2.61
(State: S=sleeping R=running, W=waiting)
PID
632
409
621
620
622
405
480
569
481
508
510
511
512
528
530
531
544
546
547

USER
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root
root

STATUS
R
S
S
S
S
S <
S <
S <
S <
S <
S N
S <
S <
S <
S <
S <
S <
S <
S <

RSS
880
17M
17M
17M
17M
11M
11M
11M
11M
11M
11M
11M
11M
11M
11M
11M
11M
11M
11M

PPID %CPU %MEM COMMAND


631 3.0 0.3 top -d 3
1 0.0 7.2 ./cliMaster
620 0.0 7.2 ./cliMaster
409 0.0 7.2 ./cliMaster
620 0.0 7.2 ./cliMaster
1 0.0 4.7 ./hal
405 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal
480 0.0 4.7 ./hal

6 Notice that, in this example, the PID for the CLI process, 409, indicates that the process is not
currently consuming any CPU resource, but that it is using 7.2% of memory.
7 Use Ctrl-C to return to the command line.

Part 3: Terminating and Restarting Processes


1 Display a description of what a processes does, by entering the following command:
show process description
The following displays:
Process Name
Description
---------------------------------------------------------------------aaa
Authentication, Authorization, and Accounting Server
acl
Access Control List Manager
bgp
Border Gateway Protocol
.
.
.
tftpd
Tftp server
thttpd
Web Server
upm
Universal Port Manager
vlan
VLAN Manager - L2 Switching application
vrrp
Virtual Router Redundancy Protocol (RFC 3768)
xmld
XML server

2 Terminate the TFTP process by entering the following command:


terminate process tftpd graceful

Enter Yes to the tftpd config warning message that asks if you want to continue.

The following displays:


Successful graceful termination for tftpd

210

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Diagnostics Lab


3 Verify the state of the TFTP process by entering the following command:
show process tftpd
The following displays:
Process Name
Version Restart
State
Start Time
------------------------------------------------------------------------tftpd
3.0.0.2
0
Stopped
Tue Mar 11 22:33:54 2008

4 Notice that, in this example, the Restart count is set to 0 and the State is Stopped.
5 Re-start the TFTP process, by entering the following command:
start process tftpd
The following displays:
Started tftpd successfully

6 Verify the state of the TFTP process, by entering the following command:
show process tftpd
The following displays:
Process Name
Version Restart
State
Start Time
------------------------------------------------------------------------tftpd
3.0.0.2
1
Ready
Tue Mar 11 23:27:30 2008

Part 4: Running Normal Diagnostics


1 Verify that the system health check is enabled by entering the following command:
show switch
The following displays:
SysName:
SysLocation:
SysContact:
System MAC:
System Type:

X450a-24t

SysHealth check:
Recovery Mode:
System Watchdog:

Enabled (Normal)
All
Enabled

support@extremenetworks.com, +1 888 257 3000


00:04:96:27:BD:0B
X450a-24t

.
.
.

2 Display the system log by entering the following command:


show log

ExtremeXOS Operation and Configuration, Rev. 12.1

211

Switch Diagnostics Lab


The following displays:
03/11/2008
03/11/2008
03/11/2008
03/11/2008
03/11/2008
03/11/2008
03/11/2008
03/11/2008
.
.
.

23:55:15.49
23:55:13.53
23:51:33.11
23:27:30.49
23:27:30.17
23:15:53.81
23:15:53.81
23:15:35.62

<Info:AAA.authPass> : Login passed for user admin through serial


<Warn:AAA.authFail> : Login failed for user sh swi through serial
<Info:AAA.logout> : User admin logout from serial
<Info:tftpd.info> : **** tftpd started *****
<Info:EPM.Msg.proc_start> : Requested process tftpd start
<Info:EPM.Msg.proc_unknown> : Unknown Process tftpd
<Info:EPM.Msg.proc_shutdown> : Requested process tftpd shutdown
<Noti:DM.Notice> : Process tftpd Stopped

Verify that the log indicates no system errors.

4 Clear the system log by entering the following command:


clear log
5 Run the normal diagnostics by entering the following command:
run diagnostics normal
The system displays:
Running Diagnostics will disrupt network traffic.
Are you sure you want to continue? (y/N)

Enter y and press the Enter key.


6 The system reboots and begins the diagnostic process and the following displays:
SummitX Diagnostics Mode Enabled, Starting Diagnostics....
Motherboard CPLD Revision: 2
Starting operational diagnostics
DIAGNOSTIC PASS: run test i2c environment
DIAGNOSTIC PASS: run test memory nvram
DIAGNOSTIC PASS: run test memory flash compact internal scratch
DIAGNOSTIC PASS: run test memory sdram
DIAGNOSTIC PASS: run test loopback eth
DIAGNOSTIC PASS: run test register mac
DIAGNOSTIC PASS: run test memory mac
DIAGNOSTIC PASS: run test loopback pci
DIAGNOSTIC PASS: run test loopback interface lb-mac
DIAGNOSTIC PASS: run test loopback interface lb-phy copper
DIAGNOSTIC PASS: run test loopback interface lb-phy fiber
DIAGNOSTIC PASS: run test snake interface internal
Summit Diagnostics completed, rebooting system...

7 Highlight any failures and report them to the instructor.

212

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Diagnostics Lab


8 Login and display the summary results of the test by entering the following command:
show diagnostics
The following displays:
Last Test Date: Mar-12-2008
Summary: Diagnostics Pass

9 Display the system log by entering the following command:


show log
The following displays:
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008

00:35:12.26
00:13:51.48
00:13:51.32
00:13:45.96
00:13:41.56
00:13:36.73
00:13:26.66
00:13:23.61
00:13:21.68
00:13:21.08
00:13:17.58
00:13:17.58
00:13:16.52
00:13:16.50
00:13:15.47
00:13:13.33
00:13:09.96
00:13:09.95
00:13:09.41
00:13:07.71
00:05:52.91

<Info:AAA.authPass> Login passed for user admin through serial


<Info:HAL.Sys.Info> Internal power supply operational.
<Info:HAL.Card.Info> Switch is operational
<Noti:EPM.system_stable> System is stable. Change to warm reset mode
<Info:EPM.wdg_enable> Watchdog enabled
<Info:DOSProt.Init> DOS protect application started successfully
<Info:telnetd.info> **** telnetd started *****
<Info:tftpd.info> **** tftpd started *****
<Info:nl.init> Network Login framework has been initialized
<Noti:DM.Notice> Node State[3] = OPERATIONAL
<Noti:DM.Notice> Node State[2] = STANDBY
<Info:DM.Info> Node INIT DONE ....
<Noti:DM.Notice> Node State[1] = INIT
<Info:telnetd.info> telnetd listening on port 23
<Info:HAL.Sys.Info> Hal initialization done.
<Info:HAL.Sys.Info> Starting hal initialization ....
<Noti:DM.Notice> DM started
<Noti:NM.Notice> NM started
<Noti:EPM.start> EPM Started
<Noti:EPM.wd_warm_reset> Changing to watchdog warm reset mode
<Warn:EPM.reboot> Rebooting with reason User requested reboot to run diagnostics

10 Verify that the log indicates no system errors.

ExtremeXOS Operation and Configuration, Rev. 12.1

213

Switch Diagnostics Lab

Part 5: Running Extended Diagnostics


1 Run the normal diagnostics by entering the following command:
run diagnostics extended
The system displays:
Running Diagnostics will disrupt network traffic.
Are you sure you want to continue? (y/N)

Enter y and press the Enter key.


2 The system reboots and begins the diagnostic process and the following displays:
SummitX Diagnostics Mode Enabled, Starting Diagnostics....
Motherboard CPLD Revision: 2
Starting operational diagnostics
DIAGNOSTIC PASS: run test i2c environment
DIAGNOSTIC PASS: run test memory nvram
DIAGNOSTIC PASS: run test memory flash compact internal scratch
DIAGNOSTIC PASS: run test memory sdram
DIAGNOSTIC PASS: run test loopback eth iterations 50 pps-rate fast
DIAGNOSTIC PASS: run test register mac
DIAGNOSTIC PASS: run test memory mac fill-data hex byte 0x55
DIAGNOSTIC PASS: run test memory mac fill-data hex byte 0xAA
DIAGNOSTIC PASS: run test loopback pci iterations 10
DIAGNOSTIC PASS: run test loopback interface lb-mac iterations 50 pps-rate fast
DIAGNOSTIC PASS: run test loopback interface lb-phy copper iterations 50 pps-rate fast
DIAGNOSTIC PASS: run test loopback interface lb-phy fiber iterations 50 pps-rate fast
DIAGNOSTIC PASS: run test snake interface internal duration 60
Summit Diagnostics completed, rebooting system...

3 Notice that there is one more test in extended diagnostics than in normal diagnostics, and that
several tests display more detailed test information. Highlight any failures and report them to the
instructor.
4 Login and display the summary results of the test by entering the following command:
show diagnostics
The following displays:
Last Test Date: Mar-12-2008
Summary: Diagnostics Pass

5 Display the system log by entering the following command:


show log

214

ExtremeXOS Operation and Configuration, Rev. 12.1

Switch Diagnostics Lab


The following displays:
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008
03/12/2008

01:05:26.00
00:54:09.75
00:54:09.44
00:54:03.79
00:53:59.50
00:53:55.35
00:53:45.50
00:53:42.84
00:53:40.36
00:53:39.88
00:53:36.86
00:53:36.86
00:53:35.78
00:53:35.62
00:53:34.73
00:53:32.32
00:53:29.04
00:53:28.93
00:53:28.42
00:53:26.72
00:45:25.70

<Info:AAA.authPass> Login passed for user admin through serial


<Info:HAL.Sys.Info> Internal power supply operational.
<Info:HAL.Card.Info> Switch is operational
<Noti:EPM.system_stable> System is stable. Change to warm reset mode
<Info:EPM.wdg_enable> Watchdog enabled
<Info:telnetd.info> **** telnetd started *****
<Info:DOSProt.Init> DOS protect application started successfully
<Info:tftpd.info> **** tftpd started *****
<Noti:DM.Notice> Node State[3] = OPERATIONAL
<Info:nl.init> Network Login framework has been initialized
<Noti:DM.Notice> Node State[2] = STANDBY
<Info:DM.Info> Node INIT DONE ....
<Noti:DM.Notice> Node State[1] = INIT
<Info:telnetd.info> telnetd listening on port 23
<Info:HAL.Sys.Info> Hal initialization done.
<Info:HAL.Sys.Info> Starting hal initialization ....
<Noti:NM.Notice> NM started
<Noti:DM.Notice> DM started
<Noti:EPM.start> EPM Started
<Noti:EPM.wd_warm_reset> Changing to watchdog warm reset mode
<Warn:EPM.reboot> Rebooting with reason User requested reboot to run diagnostics

A total of 21 log messages were displayed.

Verify that the log indicates no system errors.

ExtremeXOS Operation and Configuration, Rev. 12.1

215

Switch Diagnostics Lab

216

ExtremeXOS Operation and Configuration, Rev. 12.1

17 Network Troubleshooting Lab


Student Objectives
This lab provides you with hands-on experience to use the systematic troubleshooting process and
verify the operation of the network at the physical, datalink, and network layers.
In this lab, you will:

Load a pre-configured configuration file with embedded configuration errors.

Use appropriate commands, learned throughout this course, to identify faults.

Resolve any errors introduced by the configuration file.

Document the commands used to restore the simple OSPF network.

Figure 1: Network Troubleshooting Lab

ExtremeXOS Operation and Configuration, Rev. 12.1

217

Network Troubleshooting Lab


Refer to the values listed in Table 1 and Table 2 to configure switch parameters for this lab.

Table 1: Lab Groups and Switch Names


Lab Group Number

Switch Name

NC_1

OSBU_2

EC_3

RA_4

SC_5

WC_6

Table 2: Valid VLAN Names, Ports, IP Addresses and OSPF Areas


VLAN Name

Ports

IP Address

OSPF Area

wan_X

13

10.0.X.2/24

0.0.0.0

wanbu_X

15

10.0.1X.2/24

0.0.0.0

data_X

24

10.0.10X.1/24

0.0.0.0

Lab Group PC
IP Address

10.0.10X.101/24

Table 2 contains the correct values required for the network you are troubleshooting. X is your lab
group number found in Table 1.
In this exercise your lab group has been assigned eight embedded configuration errors. These
represent some of the most common problems found in a production environment.
1 Use the information in the tables above and the appropriate commands to help identify these faults.
2 Record each error on the Fault Description side of the worksheet as you discover them.
3 Apply the changes and record the configuration command that you use to correct the error on the
Command side of the worksheet.

Part 1: Setting Up the Lab Switch


1 Log into the switch and load the baseline configuration for this lab by entering the following
command:
use configuration Lab_ECF14-X
Where X is your lab group number found in Table 1.
2 Reboot the switch by entering the following command:
reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the
command line label, the system will display the following:
Do you want to save configuration changes to currently selected configuration
file (XXXXXX.cfg) and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)

3 Enter n to reboot without save.


If there were no unsaved changes on the switch, the system will display the following:

Are you sure you want to reboot the switch? (y/N)

218

ExtremeXOS Operation and Configuration, Rev. 12.1

Network Troubleshooting Lab


4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.

5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password:
login: admin
password:

6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring
the switch.

Part 2: Configuring the Client Workstation


The following instructions will guide you in setting up the client workstation. If your RD-X connection
to PC 127.0.0.1:101X is still open but minimized, skip to step 6.
1 From your laptop, launch the PuTTY utility.
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.

3 The utility opens a secure session window displaying the student login ID and the public key. The
tunnel is complete when the $ prompt appears:

ExtremeXOS Operation and Configuration, Rev. 12.1

219

Network Troubleshooting Lab


4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop
Connection utility:

5 Enter the combined IP address and unique port number identifying the target lab PC in the format
127.0.0.1:101X, where X is the lab group number assigned in Table 1:

6 Enter the login and password credentials. For all lab stations, the User Name is student and the
Password is student:

220

ExtremeXOS Operation and Configuration, Rev. 12.1

Network Troubleshooting Lab


7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the
Config_ECF14-X batch file, where X is your lab group number assigned in Table 1:

This batch file will automatically configure the PC IP address. The following screen will appear
while the file executes, and then close automatically when it terminates:

8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run
dialog box enter cmd to open a Command window:

ExtremeXOS Operation and Configuration, Rev. 12.1

221

Network Troubleshooting Lab


9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:

Note that the Lab Network interface has been assigned your lab group PC's IP address and mask
found in Table 2.
This completes the setup of the Lab Group PC. Minimize this window and return to the switch now.

222

ExtremeXOS Operation and Configuration, Rev. 12.1

Network Troubleshooting Lab

Error Identification and Resolution Worksheet


Compare the values in Tables 1and 2 with the output received when using appropriate commands.
Identify the eight faults embedded in the troubleshooting configuration and restore the network.
No.

Fault Description

Command

ExtremeXOS Operation and Configuration, Rev. 12.1

223

Network Troubleshooting Lab

224

ExtremeXOS Operation and Configuration, Rev. 12.1

18 Appendix A: Lab Network Diagrams

ExtremeXOS Operation and Configuration, Rev. 12.1

225

Appendix A: Lab Network Diagrams

226

ExtremeXOS Operation and Configuration, Rev. 12.1

Appendix A: Lab Network Diagrams

ExtremeXOS Operation and Configuration, Rev. 12.1

227

Appendix A: Lab Network Diagrams

228

ExtremeXOS Operation and Configuration, Rev. 12.1

Appendix A: Lab Network Diagrams

ExtremeXOS Operation and Configuration, Rev. 12.1

229

Appendix A: Lab Network Diagrams

230

ExtremeXOS Operation and Configuration, Rev. 12.1

Appendix A: Lab Network Diagrams

ExtremeXOS Operation and Configuration, Rev. 12.1

231

Appendix A: Lab Network Diagrams

232

ExtremeXOS Operation and Configuration, Rev. 12.1

Appendix A: Lab Network Diagrams

ExtremeXOS Operation and Configuration, Rev. 12.1

233

Appendix A: Lab Network Diagrams

234

ExtremeXOS Operation and Configuration, Rev. 12.1

Appendix A: Lab Network Diagrams

ExtremeXOS Operation and Configuration, Rev. 12.1

235

Appendix A: Lab Network Diagrams

236

ExtremeXOS Operation and Configuration, Rev. 12.1

Appendix A: Lab Network Diagrams

ExtremeXOS Operation and Configuration, Rev. 12.1

237

Appendix A: Lab Network Diagrams

238

ExtremeXOS Operation and Configuration, Rev. 12.1

Appendix A: Lab Network Diagrams

ExtremeXOS Operation and Configuration, Rev. 12.1

239

Appendix A: Lab Network Diagrams

240

ExtremeXOS Operation and Configuration, Rev. 12.1

Appendix A: Lab Network Diagrams

ExtremeXOS Operation and Configuration, Rev. 12.1

241

Appendix A: Lab Network Diagrams

242

ExtremeXOS Operation and Configuration, Rev. 12.1