ExtremeXOS Operations and Configuration Lab Guide with PuTTY, Rev.12.1
Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com Part number: DOC-01665 Rev 02
AccessAdapt, Alpine, BlackDiamond, ESRP, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, the Go Purple Extreme Solution, Sentriant, ServiceWatch, ScreenPlay, Summit, SummitStack, Unified Access Architecture, Unified Access RF Manager, UniStack, Universal Port, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive logo, the Summit logos, the Powered by ExtremeXOS logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries. Adobe, Flash, and Macromedia are registered trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. AutoCell is a trademark of AutoCell. Avaya is a trademark of Avaya, Inc. Merit is a registered trademark of Merit Network, Inc. Internet Explorer is a registered vctrademark of Microsoft Corporation. Mozilla Firefox is a registered trademark of the Mozilla Foundation. sFlow is a registered trademark of sFlow.org. Solaris and Java are trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Specifications are subject to change without notice. All other registered trademarks, trademarks, and service marks are property of their respective owners. © 2009 Extreme Networks, Inc. All Rights Reserved.
ii
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Table of Contents PuTTY Console Configuration Student Objectives .................................................................................................................... vii Part 1: Clear the Registry........................................................................................................... vii Part 2: Fill the Registry with Extreme’s Saved Sessions................................................................ viii Part 3: Run the PuTTY Executable ............................................................................................... ix Part 4: Establish Initial Connection to the Virtual PC ..................................................................... xi Part 5: Virtual PC Tips ............................................................................................................... xii
Lab 1: Initial Switch Configuration Lab Student Objectives ..................................................................................................................... 1 Part 1: Logging In, Initializing, and Configuring the Switch Name ................................................... 2 Part 2: Adding Users and Saving the Configuration........................................................................ 6 Part 3: Limiting CLI Sessions, Failed Logins, and Telnet Access ..................................................... 8
Lab 2: Switch Management Lab Student Objectives ................................................................................................................... 13 Part 1: Verifying the Switch Status and Configuration .................................................................. 14 Part 2: Configuring IP Access.................................................................................................... 15 Part 3: Backing Up Configuration Files and Downloading Images .................................................. 17 Part 4: Editing ASCII-formatted Configuration Files on a PC ......................................................... 21 Part 5: Editing ASCII-formatted Configuration Files on the Switch ................................................ 23 Part 6: Accessing the Bootstrap and BootRom Menus .................................................................. 26
Lab 3: Layer 1 Configuration Lab Student Objectives ................................................................................................................... 29 Part 1: Setting Up for Auto-Negotiation, Half-Duplex, and Full-Duplex .......................................... 30 Part 2: Auto-Negotiation, Half-Duplex, and Full-Duplex ............................................................... 31 Part 3: Configuring the Client Workstation and Testing the Default Gateway................................... 33 Part 4: Configuring Dynamic Address-based Load Sharing............................................................ 37 Part 5: Enabling the Link-Layer Discovery Protocol ...................................................................... 43
Lab 4: Configuring a Stacked Switch Demonstration........................................................................ 45
ExtremeXOS™ Operation and Configuration, Rev. 12.1
iii
Table of Contents
Lab 5: Layer 2 Forwarding Lab Student Objectives ................................................................................................................... 47 Part 1: Setting Up for Populating the Forwarding Database .......................................................... 48 Part 2: Populating the Forwarding Database................................................................................ 49 Part 3: Locking Learning............................................................................................................51 Part 4: Limiting Learning .......................................................................................................... 55 Part 5: Enabling Extreme Link Status Monitoring ........................................................................ 57
Lab 6: Port-based VLAN Configuration Lab Student Objectives ................................................................................................................... 59 Part 1: Setting Up for Creating a Port-Based VLAN...................................................................... 60 Part 2: Creating a Port-Based VLAN ........................................................................................... 61 Part 3: Adding Ports to a VLAN ................................................................................................. 62 Part 4: Configuring the Client Workstation .................................................................................. 63 Part 5: Extending the VLAN Across Multiple Switches ................................................................. 66
Lab 7: Tagged VLAN Configuration Lab Student Objectives ................................................................................................................... 69 Part 1: Setting Up for Configuring a Tagged VLAN and Adding Tagged and Untagged Ports ............. 70 Part 2: Configuring the Client Workstation .................................................................................. 71 Part 3: Configuring a Tagged VLAN and Adding Tagged and Untagged Ports ..................................75 Part 4: Adding a Second Tagged VLAN and Trunked Ports ........................................................... 77 Part 5: Adding Additional Tagged Ports ...................................................................................... 79 Part 6: Reconfiguring the Client Workstation............................................................................... 81
Lab 8: Spanning Tree Configuration Lab Student Objectives ................................................................................................................... 83 Part 1: Setting Up for Spanning Tree Configuration ..................................................................... 85 Part 2: Configuring the Client Workstation .................................................................................. 86 Part 3: Creating and Validating a Spanning Tree Domain.............................................................. 90 Part 4: Changing and Validating Bridge Priority........................................................................... 94
Lab 9: Basic EAPS Configuration Lab Student Objectives ................................................................................................................... 97 Part 1: Creating the EAPS Control VLAN..................................................................................... 99 Part 2: Creating and Configuring the EAPS Domain ................................................................... 101 Part 3: Verifying the EAPS Domain Configuration and Operation ................................................. 102 Part 4: Configuring the Client Workstation ................................................................................ 103 Part 5: Testing the EAPS Configuration .................................................................................... 107
iv
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Table of Contents
Lab 10: Static Route/IP Forwarding Configuration Lab Student Objectives .................................................................................................................111 Part 1: Setting Up for Creating Router Interfaces ...................................................................... 112 Part 2: Creating Router Interfaces.............................................................................................113 Part 3: Enabling IP Forwarding and Creating a Default Route ..................................................... 115 Part 4: Configuring the Client Workstation ................................................................................ 117 Part 5: Verifying and Testing IP Forwarding and the Static Route................................................ 121
Lab 11: Routing Information Protocol (RIP) Configuration Lab Student Objectives ................................................................................................................. 123 Part 1: Setting Up for Verifying the Router Interfaces ................................................................ 124 Part 2: Verifying the Router Interfaces...................................................................................... 125 Part 3: Enabling IP Forwarding and Adding VLANs to RIP .......................................................... 126 Part 4: Enabling RIP and Verifying Protocol Operation ............................................................... 128 Part 5: Configuring the Client Workstation ................................................................................ 132 Part 6: Verifying and Testing IP Forwarding and RIP ................................................................. 136
Lab 12: Open Shortest Path First (OSPF) Configuration Lab Student Objectives ................................................................................................................. 139 Part 1: Setting Up for Verifying the Router Interfaces ................................................................ 140 Part 2: Verifying the Router Interfaces...................................................................................... 141 Part 3: Enabling IP Forwarding and Configuring OSPF ............................................................... 142 Part 4: Enabling OSPF and Verifying the Protocol Operation ....................................................... 145 Part 5: Configuring the Client Workstation ................................................................................ 147 Part 6: Verifying and Testing IP Forwarding and OSPF ............................................................... 151
Lab 13: Netlogin Using Local MAC Address Authentication Configuration Lab Student Objectives ................................................................................................................. 155 Part 1: Setting up for Netlogin ................................................................................................ 156 Part 2: Configuring the Client Workstation ................................................................................ 157 Part 3: Displaying the Network Login Configuration ................................................................... 161 Part 4: Configuring the Network Login VLAN............................................................................. 161 Part 5: Configuring MAC Address Authentication ....................................................................... 161 Part 6: Managing the Authorized MAC Addresses ...................................................................... 162 Part 7: Testing the Configuration .............................................................................................163 Part 8: Just in Case.... ............................................................................................................164
ExtremeXOS™ Operation and Configuration, Rev. 12.1
v
Table of Contents
Lab 14: Universal Port Configuration Lab Student Objectives .................................................................................................................169 Part 1: Setting Up for Loading and Validating the Netlogin Configuration ....................................170 Part 2: Loading and Validating the Netlogin Configuration.......................................................... 171 Part 3: Configuring the Client Workstations............................................................................... 173 Part 4: Creating the Universal Port Profiles and Binding to an Event ...........................................181 Part 5: Universal Port, Netlogin, and MAC-Based Authentication ................................................ 183 Part 6: Triggering and Validating the Event Profile..................................................................... 184
Lab 15: Quality of Service (QoS) Configuration Lab Student Objectives ................................................................................................................. 189 Part 1: Creating the EAPS Control VLAN................................................................................... 191 Part 2: Configuring the Client Workstations............................................................................... 193 Part 3: Best-Effort Traffic Modeling ......................................................................................... 199 Part 4: Configuring Quality of Service, Assigning it to a VLAN, and Verifying Priority Service ......... 202
Lab 16: Switch Diagnostics Lab Student Objectives ................................................................................................................. 205 Part 1: Resetting the Switch to Factory Default ......................................................................... 206 Part 2: Monitoring Processes................................................................................................... 208 Part 3: Terminating and Restarting Processes ........................................................................... 210 Part 4: Running Normal Diagnostics ........................................................................................ 211 Part 5: Running Extended Diagnostics ..................................................................................... 214
Lab 17: Network Troubleshooting Lab Student Objectives ................................................................................................................. 217 Part 1: Setting Up the Lab Switch ...........................................................................................218 Part 2: Configuring the Client Workstation ................................................................................219 Error Identification and Resolution Worksheet ...........................................................................223
Appendix A: Lab Network Diagrams .............................................................................................. 225
vi
ExtremeXOS™ Operation and Configuration, Rev. 12.1
PuTTY Console Configuration PuTTY, developed by Simon Tatham, is a client program for the SSH, Telnet, and Rlogin network protocols that are used to run a remote session on a computer, over a network. PuTTY implements the client end of that session: that is, the end at which the session is displayed, rather than the end at which it runs. We are using SSH and host keys for maximum security. Saved sessions, which contain a full set of configuration options host in name to switches and virtualplus PCsaused the and labs.protocol, have been preconfigured to provide quick access Follow the instructions below to configure PuTTY, which enables access to the lab switches and virtual PCs.
Student Objectives In this lab, you will: ●
Clear the Simon Tatham directory from the registry (do this only if it already exists on your PC).
●
Fill the registry with Extreme’s saved sessions by opening PuTTY_master.reg.
●
Run the PuTTY executable.
●
Load preconfigured PuTTY profile settings and select the proper key.
●
Establish an initial connection to your switch and virtual PC.
Part 1: Clear the Registry 1 The instructor provides the two required PuTTY files via jump drive. Move those files directly onto your desktop. They are extreme_puttyA.reg (or extreme_puttyB.reg) and putty.exe. 2 The instructor provides the remote authentication password and assigns student numbers SS_1 through SS_6. Remote authentication password for this class is: _______________________. You are assigned SS - _____. 3 From the Start Menu, choose Run... In the run window type regedit and click OK.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
vii
PuTTY Console Configuration
4 To clear any previous version of Saved Sessions/Keys from the registry. When the Registry Editor window opens look for Simon Tatham in the registry. Navigate to: My Computer > HKEY_CURRENT_USER > Software > Simon Tatham 5 To clear any previous version of Saved Sessions/Keys from the registry - look for Simon Tatham in the registry. If you do not have an entry for Simon Tatham in your registry proceed to step 7. 6 Highlight Simon Tatham; right-click and select Delete.
Part 2: Fill the Registry with Extreme’s Saved Sessions 7 Double-click on the extreme-puttyA.reg (or extreme-puttyB.reg) file on your desktop.
viii
ExtremeXOS™ Operation and Configuration, Rev. 12.1
PuTTY Console Configuration
8 When you see this message click Yes.
9 When you see this message click OK.
Part 3: Run the PuTTY Executable 10 Double-click on the Putty.exe application on your desktop. Notice that there are many preconfigured Saved Sessions as shown below:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
ix
PuTTY Console Configuration
11 Using the number assigned to you by the instructor, SS-1 through SS-6, double-click on SS- {your number} in the Saved Sessions window. 12 When you see the PuTTY Security Alert window open- click Yes.
13 When the switch console window opens, enter [the remote authentication password obtained from your instructor] then press Enter twice. 14 To log on to the switch, enter the following:
Login: admin password: no password -- press Enter again, this brings up SS-X ( Student Switch-1 shown).
x
ExtremeXOS™ Operation and Configuration, Rev. 12.1
PuTTY Console Configuration
Part 4: Establish Initial Connection to the Virtual PC The RD-X Saved Session allows you to tunnel through and connect to your Virtual PCs. 15 Double-click on Putty.exe then double-click on RD-X in Saved Sessions.
Enter [the remote authentication password obtained from your instructor ] then press Enter twice.. When the $ appears the Remote Desktop Connection Tunnel is open. Leave this window open.
16 Go to your Start Menu > Programs > Accessories > Remote Desktop Connection . 17 In the Computer: window enter: 127.0.0.1:101X, where X is the number assigned by your instructor (1-6), and select Connect. This example shows Student One's Virtual PC.
18 When Log On to Windows prompt appears, type User Name: student and Password: student
ExtremeXOS™ Operation and Configuration, Rev. 12.1
xi
PuTTY Console Configuration
Once connected, you can control your Virtual PC as long as the RD-X tunnel remains open. This completes the initial connection to your switch and a Virtual PC. You will use this pre-configured connection throughout the course. Proceed with the lab when directed by your instructor.
Part 5: Virtual PC Tips Closing the virtual machine connection: ●
If you choose to close the remote desktop connection to 127.0.0.101 X, the best practice is to logoff the virtual PC using Start Menu > Logoff.
Rebooting the virtual machine(ALT-CTRL-END): ●
xii
If for some reason the virtual machine needs to be rebooted, hold down on the ALT-CTRL-END keys and then select the Shutdown tab and choose restart.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
1
Initial Switch Configuration Lab
Student Objectives This lab provides you with hands-on experience using the Command Line Interface (CLI) to configure secure user accounts. At the end of this lab, you will be able to: ● Login to the switch ●
Assign a name to the switch
●
Create a new user account
●
Save changes to the active switch configuration
●
Change, test, verify, and reset user access settings
●
Change and verify SNMP access privileges
●
Change and verify Telnet settings
Figure 1: Initial Switch Configuration Lab
Refer to the values in Table 1 to configure switch parameters for this lab.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
1
Initial Switch Configuration Lab
Table 1: Lab Groups and Switch Names La b G r o up N u m b e r 1 2 3 4 5 6
Fu n c t io n a l N a m e
Sales Management Executive Staff
S w it c h N a m e
SAM_1 EXC_2
Accounting
ACT_3
Manufacturing Floor Engineering
MFG_4 ENG_5
Human Resources
HUR_6
Part 1: Logging In, Initializing, and Configuring the Switch Name In this exercise you will enter configuration parameters for your switch. 1 Maximize the switch console window or launch your switch’s saved session profile and login with the credentials admin and no password, press the Enter key.
2 At the command prompt enter: unconfigure switch all
3 Enter
2
y
when asked this question:
Restore all factory defaults and reboot? (y/N)
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Initial Switch Configuration Lab
4 A switch that is in the process of booting, displays the following: Loading EXOS Image ...| Running Image ... Starting ExtremeXOS 12.1.0b61 Copyright (C) 1996-2008 Extreme Networks. All rights reserved. Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,954,436; 6,977,891; 6,980,550; 6,981,174; 7,003,705; 7,017,082; 7,046,665; 7,126,923; 7,142,509; 7,149,217; 7,152,124; 7,154,861; 7,245,619; 7,245,629; 7,269,135. (pending-AAA) login:
The (pending-AAA) login: prompt is a restricted login made available while the switch is still in the process of loading remaining software components. Logging in at this point will not provide access to switch management and configuration, and attempting to use standard login accounts will result in failure. Wait until you see the following prompt before proceeding: Authentication Serv ice (AAA) on the maste r node is now availa ble for login.
5 Press the 6 Enter
Enter key
until the system displays the login prompt .
admin.
The password prompt displays. 7 The switch will not have an admin password configured. Press the
Enter key.
The following displays: This switch currently has all management methods enabled for security reasons. Please answer these questions about the security settings you would like to use. Telnet is enabled by default. Telnet is unencrypted and has been the trget of security exploits in the past. Would you like to disab le Telnet? [y/N]
8 Enter
n
and press the
Enter
key.
The following displays: SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be configured to eliminate this problem. Would you like to disable SNMP? [y/N]:
9 Enter
y
and press the
Enter
key.
10 The following displays: All ports are enabled by d efault. In some secure ap plications, it maybe more desirable for the port s to be turned off. Would you like unconfigured ports to be turned off b y default? [y/N]:
11 Enter
y
and press the
Enter
key.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
3
Initial Switch Configuration Lab
12 When asked to change the default failsafe account username and password, enter no and press the Enter key. 13 When asked if you would like to permit failsafe account access via the management port enter no.
A message outlining actions that would increase the security of your network follows, then the command line prompt appears again. 14 Display the default switch management configuration, by entering the following command: show management
The following displays: CLI idle timeout
: Enabled (20 minutes)
CLI max number of login attempts : 3 CLI max number of sessions : 8 CLI paging : Enabled (this session only) CLI space-completion : Disabled (this session only) CLI configuration logging : Disabled CLI scripting : Disabled (this session only) CLI scripting error mode : Ignore-Error (this session only) CLI persistent mode : Persistent (this session only) Telnet access : Enabled (tcp port 23 vr all) : Access Profile : not set SSH access : Disabled (Key invalid, tcp port 22 vr all) : Access Profile : not set Total Read Only Communities : 1 Total Read Write Communities : 1 RMON : Disabled SNMP access : Disabled : Access Profile Name : not set SNMP Traps : Enabled SNMP v1/v2c TrapReceivers : None SNMP stats: 0 SNMP traps:
InPkts 0 Gets Sent
0 0
OutPkts
0
Errors 0
GetNexts 0 Sets AuthTraps Enabled
AuthErrors
0
15 Configure the SNMP system name of the switch, by entering the following command: configure snmp sysname
Where
name>
is the switch name identified for your lab group in Table 1.
16 The command line prompt with the new system name displays. * X450a-24t.2 # configure snmp sysname * .3 #
17 Verify that all the data ports are disabled, by entering the following command: show ports configuration
4
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Initial Switch Configuration Lab
The system displays the configurable physical attributes for each port on the switch as shown below: Port Configuration Monitor Wed Feb 20 20:43:20 2008 Port Virtual Port Link Auto Speed Duplex Flow Load Media router State State Neg Cfg Actual Cfg Actual Cntrl Master Pri Red =============================================================================== 1 VR-Default D R ON AUTO AUTO UTP 2 VR-Default D R ON AUTO AUTO UTP 3 VR-Default D R ON AUTO AUTO UTP 4 VR-Default D R ON AUTO AUTO UTP 5 VR-Default D R ON AUTO AUTO UTP 6 VR-Default D R ON AUTO AUTO UTP 7 VR-Default D R ON AUTO AUTO UTP 8 VR-Default D R ON AUTO AUTO UTP 9 VR-Default D R ON AUTO AUTO UTP 10 VR-Default D R ON AUTO AUTO UTP 11 VR-Default D R ON AUTO AUTO UTP 12 VR-Default D R ON AUTO AUTO UTP 13 VR-Default D R ON AUTO AUTO UTP 14 VR-Default D R ON AUTO AUTO UTP 15 VR-Default D R ON AUTO AUTO UTP 16 VR-Default D R ON AUTO AUTO UTP =============================================================================== Link Status : A-Active, R-Ready, NP-Port Not Present, L-Loopback Port State: D-Disabled, E-Enabled, Media: !-Unsupported Optic Module 0->Clear Counters U->page up D->page down ESC->exit
18 Press the Esc key. Display the login session, by entering the following command: show session
The switch reports all active sessions, including the user name, they type of access, and the level of authorization as shown below: CLI # Login Time User Type Auth Auth Location ================================================================================ *1 Wed Feb 20 20:36:31 2008 admin console local dis serial
19 Enable SNMP access to the switch, by entering the following command: enable snmp access
20 Display the switch management configuration, by entering the following command: show management
ExtremeXOS™ Operation and Configuration, Rev. 12.1
5
Initial Switch Configuration Lab
The following displays: CLI idle timeout : Enabled (20 minutes) CLI max number of login attempts : 3 CLI max number of sessions : 8 CLI paging : Enabled (this session only) CLI space-completion : Disabled (this session only) CLI configuration logging : Disabled CLI scripting : Disabled (this session only) CLI scripting error mode : Ignore-Error (this session only) CLI persistent mode : Persistent (this session only) Telnet access : Enabled (tcp port 23 vr all) : Access Profile : not set SSH access : Disabled (Key invalid, tcp port 22 vr all) : Access Profile : not set Total Read Only Communities : 1 Total Read Write Communities RMON SNMP access SNMP Traps SNMP v1/v2c TrapReceivers SNMP stats: SNMP traps:
InPkts 0 Gets 0 Sent 0
1 : :Disabled : Enabled : Access Profile Name : not set : Enabled : None OutPkts 0 Errors 0 GetNexts 0 Sets 0 AuthTraps Enabled
AuthErrors 0
21 Notice the new configuration setting for SNMP access, it is now enabled.
Part 2: Adding Users and Saving the Configuration In this exercise you will create additional users and save your configuration as the primary. 1 Create a new administrator level user account, by entering the following command: create account admin ADMIN_X
Where X is your lab group number assigned in Table 1. The system displays the following prompt: Password:
2 Leave the password blank by pressing the
Enter key
again.
The following prompt displays: Reenter Password:
3 Press the
Enter key
again.
4 Verify the new user account information by entering the following command: show accounts
6
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Initial Switch Configuration Lab
The user account information displays: User Name
Access LoginOK
Failed
-------------------------------admin
R/W
user
RO
ADMIN_X
R/W
------ ------1 0
------
0 0
0
0
5 Save the configuration to nonvolatile storage, by entering the following command: save primary
6 The following displays: No default configuration database has been selected to boot up the system. Save configuration will set the new configuration as the default database. The configuration file primary.cfg already exists. Do you want to save configuration to primary.cfg and overwrite it? (y/n)
7 Enter y.
The following displays: Saving configuration ........ done! Configuration saved to primary.cfg successfully.
8 Log out of the switch, by entering the following command: logout
The login prompt displays. 9 Login as the new user, ADMIN_X, created in Part 2, Step 1 above.
Remember that both login names and passwords are case-sensitive. 10 Display the login session, by entering the following command: show session
The following displays: CLI #
Login Time
User
Type
Auth
Auth Location
================================================================================ *2
Mon Aug 25 10:26:47 2008 ADMIN_X
ExtremeXOS™ Operation and Configuration, Rev. 12.1
console local
dis
serial
7
Initial Switch Configuration Lab
Part 3: Limiting CLI Sessions, Failed Logins, and Telnet Access In this exercise you will set controls for login sessions. This includes setting the maximum number of CLI sessions per user, the number of times a user can log in incorrectly, and Telnet access parameters. 1 Display the switch management configuration, by entering the following command: show management CLI idle timeout : Enabled (20 minutes) CLI max number of login attempts : 3 CLI paging max number of sessions CLI CLI space-completion CLI configuration logging CLI scripting CLI scripting error mode CLI persistent mode Telnet access
8 : :Enabled (this session only) : Disabled (this session only) : Disabled : Disabled (this session only) : Ignore-Error (this session only) : Persistent (this session only) : Enabled (tcp port 23 vr all) : Access Profile : not set : Disabled (Key invalid, tcp port 22 vr all) : Access Profile : not set : 1 : 1 : Disabled : Enabled : Access Profile Name : not set : Enabled : None
SSH access Total Read Only Communities Total Read Write Communities RMON SNMP access SNMP Traps SNMP v1/v2c TrapReceivers SNMP stats: SNMP traps:
InPkts 0 Gets 0 Sent 0
OutPkts 0 Errors 0 GetNexts 0 Sets 0 AuthTraps Enabled
2
Notice the configuration settings for sessions , and Telnet acces s.
AuthErrors 0
CLI max number of login attempts CLI max number of ,
3 Limit the number of CLI sessions to 2, by entering the following command: configure cli max-sessions 2
4 Limit the number of login attempts to two, by entering the following command: configure cli max-failed-logins 2
5 Limit Telnet connections to the virtual router VR-MGMT, by entering the following command: configure telnet vr vr-mgmt
6 Enable the lockout on login failure feature, by entering the following command: configure account ADMIN_X password-policy lockout-on-login-failures on
Where
8
ADMIN_X is
the name of the account created in Part 2, Step 1.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Initial Switch Configuration Lab
7 Display the switch management configuration, by entering the following command: show management CLI idle timeout : Enabled (20 minutes) CLI max number of login attempts : 2 CLI max number of sessions : 2 CLI paging : Enabled (this session only) CLI space-completion : Disabled (this session only) CLI configuration logging : Disabled CLI scripting : Disabled (this session only) CLI scripting error mode : Ignore-Error (this session only) CLI persistent mode : Persistent (this session only) Telnet access : Enabled (tcp port 23 vr VR-Mgmt) : Access Profile : not set SSH access : Disabled (Key invalid, tcp port 22 vr all) : Access Profile : not set Total Read Only Communities : 1 Total Read Write Communities : 1 RMON : Disabled SNMP access : Enabled : Access Profile Name : not set SNMP Traps : Enabled SNMP v1/v2c TrapReceivers : None SNMP stats: SNMP traps:
InPkts 0 Gets 0 Sent 0
OutPkts 0 Errors 0 GetNexts 0 Sets 0 AuthTraps Enabled
AuthErrors 0
8 Notice the configuration changes between this display and the previous for CLI max number of login attempts, CLI max number of sessions, and Telnet access. 9 Save the configuration to nonvolatile storage, by entering the following command: save primary
The following displays: The configuration file primary.cfg already exists. Do you want to save configuration to primary.cfg and overwrite it? (y/n)
10 Enter y.
The following displays: Saving configuration ........ done! Configuration saved to primary.cfg successfully.
11 Log out of the switch, by entering the following command: logout
The system displays the login prompt. 12 Attempt to log in as the new user created in Part 2, Step 1 above, but use an invalid password (the current password is null).
Remember that both login names and passwords are case-sensitive. 13 Repeat the login attempt with an invalid password.
After the second failed login attempt, the following message displays: Login incorrect Maximum number of login attempts reached! Account locked out! Please contact the administrator to remove the lock.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
9
Initial Switch Configuration Lab
14 Log back in using the srcinal admin credentials:
user name: admin password: 15 Display the user account information for the switch by entering the following command: show accounts
The system displays the user account information as shown below: User Name
Access LoginOK
-------------------------------admin
R/W
user
RO
ADMIN_X*
2
------
0
0
R/W
Failed
------ ------0 1
2
(*) - Account locked
16 Clear the lock on the flagged account by entering the following command: clear account ADMIN_X lockout
17 Restore the number of CLI sessions to 8, by entering the following command: configure cli max-sessions 8
18 Restore Telnet connections to the all virtual routers, by entering the following command: configure telnet vr all
19 Display the switch management configuration, by entering the following command: show management
The following displays: CLI idle timeout : Enabled (20 minutes) CLI max number of login attempts : 2 CLI paging max number of sessions CLI CLI space-completion CLI configuration logging CLI scripting CLI scripting error mode CLI persistent mode Telnet access SSH access Total Read Only Communities Total Read Write Communities RMON SNMP access SNMP Traps SNMP v1/v2c TrapReceivers SNMP stats: SNMP traps:
InPkts 0 Gets 0 Sent 0
8 :: Enabled (this session only) : Disabled (this session only) : Disabled : Disabled (this session only) : Ignore-Error (this session only) : Persistent (this session only) : Enabled (tcp port 23 vr all) : Access Profile : not set : Disabled (Key invalid, tcp port 22 vr all) : Access Profile : not set : 1 : 1 : Disabled : Enabled : Access Profile Name : not set : Enabled : None OutPkts 0 Errors 0 GetNexts 0 Sets 0 AuthTraps Enabled
AuthErrors 0
20 Notice the entries for CLI max number of sessions and Telnet access. 21 Save the configuration to nonvolatile storage, by entering the following command: save primary
10
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Initial Switch Configuration Lab
The following displays:
No default configuration database has been selected to boot up the system. Save configuration will set the new configuration as the default database. The configuration file primary.cfg already exists. Do you want to save configuration to primary.cfg and overwrite it? (y/N)
22 Enter y.
The following displays: Saving configuration ........ done! Configuration saved to primary.cfg successfully.
23 Log out of the switch, by entering the following command: logout
ExtremeXOS™ Operation and Configuration, Rev. 12.1
11
Initial Switch Configuration Lab
12
ExtremeXOS™ Operation and Configuration, Rev. 12.1
2
Switch Management Lab
Student Objectives This lab provides you with a hands-on experience configuring the switch for basic IP management and to transfer configuration files. At the end of this lab, you will be able to: ● Identify ExtremeXOS software, switch boot images, and configuration files. ●
Save the switch configuration.
●
Assign an IP address to a VLAN.
●
Backup the switch configuration.
●
Upload the current configuration as a command script.
●
Edit and load command scripts.
●
Download a software image.
Figure 1: Switch Management Lab
ExtremeXOS™ Operation and Configuration, Rev. 12.1
13
Switch Management Lab
Refer to the values in Table 1 to configure switch parameters for this lab.
Table 1: Lab Groups an d VLAN IP Ad dresses La b G r o u p
Fu n c t i o n a l N a m e
S w it c h N a m e
VLA N N a m e
V LA N I P A d d r ess
1
SalesManagement
SAM_1
Mgmt
192.168.0.11/24
2
ExecutiveStaff
EXC_2
Mgmt
192.168.0.12/24
3
Accounting
4
ManufacturingFloor
5
Engineering
6
HumanResources
ACT_3 MFG_4 ENG_5 HUR_6
Mgmt Mgmt Mgmt Mgmt
192.168.0.13/24 192.168.0.14/24 192.168.0.15/24 192.168.0.16/24
Part 1: Verifying the Switch Status and Configuration 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF02-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
14
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Management Lab
7 Display the switch status by entering the
following
command:
show switch
The following is a generic example of the system display: SysName: SysLocation: SysContact: System MAC:
SysHealth check: Recovery Mode: System Watchdog:
Enabled (Normal) All Enabled
Current Time: Timezone: Boot Time: Boot Count: Next Reboot:
Wed Feb 20 00:37:24 2008 [Auto DST Disabled] GMT Offset: 0 minutes, name is UTC. Fri Feb 15 00:00:00 2008 1 None scheduled
Current State: Image Selected: Image Booted: Primary ver: Secondary ver:
OPERATIONAL primary primary 12.1.0.0 12.1.0.0
Config Selected: Config Booted:
primary.cfg Factory Default
primary.cfg
support@extremenet works.com, +1 888 257 3000 NN:NN:NN:NN:NN:NN
Created by Extreme XOS version 12.1.0. 0 99316 bytes saved on Tue Feb 19 16:34:27 2008
8 For your switch, notice the entries for the following parameters: system name, MAC address, system boot time, software image selected, software image booted, switch configuration selected, switch configuration booted, and the date the primary configuration was last saved .
Part 2: Configuring IP Access This exercise shows you how to assign an IP address to the management VLAN and save the configuration. 1 Display the status of the dedicated management VLAN by entering the following command: show vlan mgmt
ExtremeXOS™ Operation and Configuration, Rev. 12.1
15
Switch Management Lab
The following displays: VLAN Interface with name Mgmt created by user Admin State:
Enabled
Tagging:
802.1Q Tag 4095
Virtual router: VR-Mgmt IPv6:
None
STPD:
None Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Flood Rate Limit QosProfile: Ports:
1.
None configured
(Number of active ports=1)
Untag: Mgmt-port on Mgmt is down
2 Assign an IP address to VLAN Mgmt by entering the following command: configure vlan mgmt ipaddress 192.168.0.1X/24
Where X is the value assigned to each lab group in Table 1. Correctly configuring the interface results in the following message being displayed: IP interface for VLAN Mgmt has been created.
3 Verify the IP address and mask of VLAN Mgmt by entering the following command: show vlan mgmt
Now the default VLAN configuration displays with the Primary IP address and mask: VLAN Interface with name Mgmt created by user Admin State:
Enabled
Tagging:
802.1Q Tag 4095
Virtual router: VR-Mgmt Primary IP IPv6:
: 192.168.0.1X/24
None
STPD:
None Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Flood Rate Limit QosProfile: Ports:
1.
None configured
(Number of active ports=1)
Untag: Mgmt-port on Mgmt is active
4 Use PING to test for IP connectivity between the lab switch and the TFTP server. At the command prompt, enter the following: ping vr vr-mgmt 192.168.0.101
5 Notice that, because the mgmt VLAN is not a member of the default virtual router, the virtual router vr-mgmt must be specified in the command. 6 Display the history of commands for the current session by entering the following command: history
The command history displays. 7 Use the command recall function by pressing the up arrow key to display the show switch command again and press the Enter key. The switch management configuration displays.
16
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Management Lab
8 Save the base lab configuration to nonvolatile storage, by entering the following command: save configuration switch_X
Where X is your lab group number found in Table 1. If the system informs you that this config already exists and asks if you wish to save it - enter yes.
The configuration file switch_X.cfg already exists. Do you want to save configuration to switch_X.cfg and overwrite it? (y/N) Yes Saving configuration on master ......... done! Configuration saved to switch_X.cfg successfully.
9 Enter
n
at the following prompt because we do not want to make this the default configuration:
The current selected default configuration database to boot up the system (Lab_ECF02-X.cfg) is different than the one just saved (switch_X.cfg). Do you want to make switch_4.cfg the default database? (y/N) No
The following displays: Default configuration database selection cancelled.
Part 3: Backing Up Configuration Files and Downloading Images In this exercise you will use the copy command to back up files and download configuration files from a TFTP server. 1 Copy the primary configuration file used in the Initial Switch Configuration Lab by entering the following command: cp primary.cfg switch_X.cfg
Where X is the value assigned to your group in Table 1. 2 Enter
y
at the following prompt:
Copy config primary.cfg to config switch_X.cfg on switch? (y/N) Yes
3 Verify the file has been created by entering the following command: ls
ExtremeXOS™ Operation and Configuration, Rev. 12.1
17
Switch Management Lab
The following is a sample file list display: -rw-rw-rw-
1 root
0
136986 Jun 13 08:09 Lab_IGP06-4.cfg
-rw-rw-rw-
1 root
0
117497 Aug 20 09:26 Lab_NTLGN-4.cfg
-rw-r--r--
1 root
0
-rw-r--r--
1 root
0
-rw-rw-rw-
1 root
0
-rw-r--r--
1 root
0
67 Jul 11 02:44 pim-crp.pol
-rw-rw-rw-
1 root
0
114231 Aug 25 09:58 primary.cfg
-rw-rw-rw-
1 root
0
114231 Aug 28 11:12 switch_X.cfg
1400 Jul 28 14:20 MFG_4a.xsf 2341 Jul 28 14:22 MFG_4b.xsf 114209 Aug
8 08:37 TFTPMAN-4.cfg
4 Rename the test file, by entering the following command: mv switch_X.cfg newname.cfg
5 Enter y at the following prompt: Rename config switch_X.cfg to config newname.cfg on switch? (y/N) Yes
6 Verify the file has been created by entering the following command: ls
The list of files displays: -rw-rw-rw-
1 root
0
136986 Jun 13 08:09 Lab_IGP06-4.cfg
-rw-rw-rw-
1 root
0
117497 Aug 20 09:26 Lab_NTLGN-4.cfg
-rw-r--r--
1 root
0
-rw-r--r--
1 root
0
-rw-rw-rw-
1 root
0
114209 Aug
-rw-rw-rw-
1 root
0
114231 Aug 28 11:12 newname.cfg
-rw-r--r--
1 root
0
67 Jul 11 02:44 pim-crp.pol
-rw-rw-rw-
1 root
0
114231 Aug 25 09:58 primary.cfg
1400 Jul 28 14:20 MFG_4a.xsf 2341 Jul 28 14:22 MFG_4b.xsf 8 08:37 TFTPMAN-4.cfg
7 Remove the file by entering the following command: rm newname.cfg
Enter
y
at the following prompt:
Remove newname.cfg from switch? (y/n)
8 Verify the file has been removed, by entering the following command: ls
The list of files displays:
18
-rw-rw-rw-
1 root
0
136986 Jun 13 08:09 Lab_IGP06-4.cfg
-rw-rw-rw-
1 root
0
117497 Aug 20 09:26 Lab_NTLGN-4.cfg
-rw-r--r--
1 root
0
-rw-r--r--
1 root
0
-rw-rw-rw-rw-r--r--
1 root 1 root
0 0
114209 Aug 8 08:37 TFTPMAN-4.cfg 67 Jul 11 02:44 pim-crp.pol
-rw-rw-rw-
1 root
0
114231 Aug 25 09:58 primary.cfg
1400 Jul 28 14:20 MFG_4a.xsf 2341 Jul 28 14:22 MFG_4b.xsf
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Management Lab
9 Backup the current configuration to a TFTP server by entering the following command: tftp 192.168.0.101 -v vr-mgmt -p -l primary.cfg -r upload_X.cfg
The file transfer progress displays: Uploading upload_X.cfg to 192.168.0.101 ......done!
NOTE Wait here until the instructor verifies that the configuration file has been successfully copied to the TFTP upload directory.
10 Upon the instructor’s direction, download the first image file by entering the following command: download image 192.168.0.101 summitX450-11.6.4.11.xos vr vr-mgmt secondary
Enter
n
at the following prompt:
Do you want to install image after downloading? (y - yes, n - no, - cancel)
The following displays: Downloading to Switch.....................................................
11 Verify that the secondary software image version is on the switch by entering the following command: show switch
12 Install the downloaded image to the secondary image location by entering the following command: install image summitX450-11.6.4.11.xos secondary
The following displays: Installing to Switch............................................................... ................................................................................... ...................................................................................
13 Verify the secondary software image version on the switch by entering the following command: show switch
ExtremeXOS™ Operation and Configuration, Rev. 12.1
19
Switch Management Lab
The following displays: SysName:
SAM_1
SysLocation: SysContact:
[email protected], +1 888 257 3000
System MAC:
00:04:96:27:B7:57
System Type:
X450a-24t
SysHealth check:
Enabled (Normal)
Recovery Mode:
All
System Watchdog:
Enabled
Current Time:
Thu Aug 28 14:44:04 2008
Timezone:
[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Boot Time:
Thu Aug 28 09:04:44 2008
Boot Count:
233
Next Reboot:
None scheduled
System UpTime:
5 hours 39 minutes 20 seconds
Current State:
OPERATIONAL
Image Selected:
secondary
Image Booted:
primary
Primary ver:
12.1.1.4
Secondary ver:
11.6.4.11
14 Restore the current image by entering the following command to download the second image file: download image 192.168.0.101 summitX-12.1.1.4.xos vr vr-mgmt secondary
Enter
n
at the following prompt:
Do you want to install image after downloading? (y - yes, n - no, - cancel)
The following displays: Downloading to Switch...............................................
15 Verify that the secondary software image version is on the switch by entering the following command: show switch
16 Install the downloaded image to the secondary image location by entering the following command: install image summitX-12.1.1.4.xos secondary
The following displays: Installing to Switch............................................................... ................................................................................... ...................................................................................
17 Verify the secondary software image version on the switch by entering the following command: show switch
20
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Management Lab
The following displays: SysName:
SAM_1
SysLocation: SysContact:
[email protected], +1 888 257 3000
System MAC:
00:04:96:27:B7:57
System Type:
X450a-24t
SysHealth check:
Enabled (Normal)
Recovery Mode:
All
System Watchdog:
Enabled
Current Time:
Thu Aug 28 14:44:04 2008
Timezone:
[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Boot Time:
Thu Aug 28 09:04:44 2008
Boot Count:
233
Next Reboot:
None scheduled
System UpTime:
5 hours 39 minutes 20 seconds
Current State:
OPERATIONAL
Image Selected:
secondary
Image Booted:
primary
Primary ver:
12.1.1.4
Secondary ver:
12.1.1.4
Part 4: Editing ASCII-formatted Configuration Files on a PC In this exercise you will learn how to edit your configuration files and change your system contact information. 1 Upload the current configuration in ASCII format to a TFTP server on your network by entering the following command: upload configuration 192.168.0.101 DL-switch_X.xsf vr vr-mgmt
Where X is the value assigned to your group in Table 1. The following displays: Uploading DL-switch_X.xsf to 192.168.0.101 ... done!
NOTE The instructor will demonstrate how to use a text editor to edit the configuration and change the system contact (SysContact) information in an uploaded file.
2 Download a pre-modified configuration file by entering the following command: tftp get 192.168.0.101 vr vr-mgmt ECF02_test_download.xsf ECF02.xsf
ExtremeXOS™ Operation and Configuration, Rev. 12.1
21
Switch Management Lab
The following displays:
Downloading ECF02.xsf to switch... done!
3 Show the list of files on the switch and verify that ECF02.xsf is there: ls
4 Verify the current system contact by entering the following command: show switch
The following display is an example from Lab Group 1’s switch: SysName:
SAM_1
SysLocation: SysContact:
[email protected], +1 888 257 3000
System MAC:
00:04:96:27:B7:57
System Type:
X450a-24t
SysHealth check:
Enabled (Normal)
Recovery Mode:
All
System Watchdog:
Enabled
Current Time:
Thu Aug 28 14:44:04 2008
Timezone:
[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Boot Time:
Thu Aug 28 09:04:44 2008
Boot Count:
233
Next Reboot:
None scheduled
System UpTime:
5 hours 39 minutes 20 seconds
Current State:
OPERATIONAL
Image Selected: Image Booted:
primary primary
Primary ver:
12.1.1.4
5 Load the ASCII-formatted configuration file on the switch, by entering the following command which is case-sensitive: load script ECF02.xsf
Commands in the script display. Ignore any error messages. 6 Verify the new system contact by entering the following command: show switch
22
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Management Lab
The following display is an example from Lab Group 1’s switch: SysName:
SAM_1
SysLocation: SysContact:
Extreme Networks tames chaos at the edge!
System MAC:
00:04:96:27:B6:61
System Type:
X450a-24t
SysHealth check:
Enabled (Normal)
Recovery Mode:
All
System Watchdog:
Enabled
Current Time:
Thu Aug 28 14:21:31 2008
Timezone:
[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Boot Time:
Thu Aug 28 09:04:28 2008
Boot Count:
547
Next Reboot:
None scheduled
System UpTime:
5 hours 17 minutes 3 seconds
Current State:
OPERATIONAL
Image Selected:
primary
Image Booted:
primary
7 Delete the script file by entering the following command: rm ECF02.xsf
Enter y at the following prompt: Remove ECF02.xsf from switch? (y/N)
Part 5: Editing ASCII-formatted Configuration Files on the Switch 1 Create a new command script by entering the following command: edit script newscript.xsf
2 This will launch the on-switch vi editor. Type i to begin inserting text. Immediately after, enter the following and use quotes around the functional name: configure snmp syslocation “”
Where is one of the six found posted at the beginning of this lab in Table 1 (“Sales Management”, “Executive Staff”, “Manufacturing Floor”, “Accounting”, “Engineering”, “Human Resources”). Press the Esc key to enter vi command mode; then exit and save the file by entering the vi command :wq 3 Display all the files on the switch to verify the new file was created by entering the following command: ls
ExtremeXOS™ Operation and Configuration, Rev. 12.1
23
Switch Management Lab
The following displays:
-rw-r--r--
1 root
0
-rw-r--r--
1 root
0
47 Aug 28 14:18 newscript.xsf 67 Jul 11 02:44 pim-crp.pol
-rw-rw-rw-
1 root
0
114231 Aug 25 09:58 primary.cfg
4 Verify the current system location by entering the following command: show switch
The following display is an example from Lab Group 1’s switch: SysName:
SAM_1
SysLocation: SysContact:
Extreme Networks tames chaos at the edge!
System MAC:
00:04:96:27:B6:61
System Type:
X450a-24t
SysHealth check:
Enabled (Normal)
Recovery Mode:
All
System Watchdog:
Enabled
Current Time:
Thu Aug 28 14:21:31 2008
Timezone:
[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Boot Time:
Thu Aug 28 09:04:28 2008
Boot Count:
547
Next Reboot:
None scheduled
System UpTime:
5 hours 17 minutes 3 seconds
Current State:
OPERATIONAL
Image Selected:
primary
Image Booted:
primary
5 Load the newscript.xsf script by entering the following command: load script newscript.xsf
6 Verify the new system location by entering the following command: show switch
24
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Management Lab
The following display is an example from Lab Group 1’s switch: SysName:
SAM_1
SysLocation:
Sales Management
SysContact:
Extreme Networks tames chaos at the edge!
System MAC:
00:04:96:27:B6:61
System Type:
X450a-24t
SysHealth check:
Enabled (Normal)
Recovery Mode:
All
System Watchdog:
Enabled
Current Time:
Thu Aug 28 14:27:28 2008
Timezone:
[Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Boot Time:
Thu Aug 28 09:04:28 2008
Boot Count:
547
Next Reboot:
None scheduled
System UpTime:
5 hours 23 minutes
Current State:
OPERATIONAL
Image Selected:
primary
Image Booted:
primary
Primary ver:
12.1.1.4
7 Delete the script file by entering the following command: rm newscript.xsf
Enter
y
at the following prompt:
Remove newscript.xsf from switch? (y/N)
8 Save the configuration to nonvolatile memory by entering the following command: save primary
Enter
y
at the following prompt:
Do you want to save configuration to primary.cfg and overwrite it? (y/N) Yes Saving configuration on master ....... done! Configuration saved to primary.cfg successfully.
Enter
y
at the following prompt:
The current selected default configuration database to boot up the system (Lab_ECF02-X.cfg) is different than the one just saved (primary.cfg). Do you want to make primary.cfg the default database? (y/N) Yes The selected configuration will take effect after the next switch reboot.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
25
Switch Management Lab
Part 6: Accessing the Bootstrap and BootRom Menus In this exercise you will reboot the switch and access the bootstrap and bootrom menus to load an alternate image. 1 Reboot the switch by entering the following command: reboot
2 Enter
y
at the following prompt:
Are you sure you want to reboot the switch? (y/n)
The following displays: Sending SIGTERM to all processes. Sending SIGKILL to all processes. Please stand by while rebooting the system.
3 While the switch is rebooting, hold down the SPACE key. The switch resets and displays the following bootstrap prompt: BootStrap>
4 Enter h to display the help menu: boot enable h help ? loader reboot rz
boot a loader enable features on-line help on-line help on-line help Sets which BootLoader BootStrap will boot Reboot system (hard reset) zmodem download
5 Boot the switch by entering the following command: boot
The following displays:
Starting Default Bootloader ...
6 While the switch is rebooting, hold down the SPACE key. The switch resets and displays the following bootRom prompt: BootRom>
26
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Management Lab
7 Enter h to display the help menu: boot loader reboot rz show config enable h help ? hi dir cd pwd ping configip showip download
boot an image Sets which BootLoader BootStrap will boot Reboot system (hard reset) zmodem download display information select configuration enable features on-line help on-line help on-line help display command history list contents of CF directory change working CF directory print working CF directory ping remote host configure the bootloader ip address show the configuration of the bootloader ip address download an image
8 Boot the switch by entering the following command: boot
The switch completes a normal boot cycle.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
27
Switch Management Lab
28
ExtremeXOS™ Operation and Configuration, Rev. 12.1
3
Layer 1 Configuration Lab
Student Objectives This lab provides you with hands-on experience to configure physical port parameters, create a dynamic Link Aggregation group that uses the address-based aggregation algorithm, and enable LLDP. At the end of this lab, you will be able to: ● Configure and test auto-negotiation and port duplexing ●
Create a dynamic Link Aggregation group that uses the address-based algorithm
●
Verify the Link Aggregation operation
●
Enable LLDP
●
Verify LLDP operation
Figure 1: Layer 1 Configuration Lab
ExtremeXOS™ Operation and Configuration, Rev. 12.1
29
Layer 1 Configuration Lab
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Lab Groups an d VLAN IP Ad dresses La b G r o u p
S w it c h N a m e
1
SAM_1
V LAN Na m e Default
10.0.1.11/24
V L A N I P A d d r e ss
L a b G r o u p P C I P A d d r es s 10.0.1.21/24
2
EXC_2
Default
10.0.1.12/24
10.0.1.22/24
3
ACT_3
Default
10.0.1.13/24
10.0.1.23/24
4
MFG_4
Default
10.0.1.14/24
10.0.1.24/24
5
ENG_5
Default
10.0.1.15/24
10.0.1.25/24
6
HUR_6
Default
10.0.1.16/24
10.0.1.26/24
Part 1: Setting Up for Auto-Negotiation, Half-Duplex, and Full-Duplex 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF03-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
30
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 1 Configuration Lab
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
Part 2: Auto-Negotiation, Half-Duplex, and Full-Duplex 1 Assign your IP address to the Default VLAN by entering the following command: configure vlan default ipaddress 10.0.1.1X/24
Where X is the address and subnet mask assigned to VLAN Default for your lab group as shown in Table 1. 2 Enable port 13 by entering the following command: enable ports 13
3 Use the PING command to verify that the switch can communicate with Core Switch A by entering the following: ping 10.0.1.1
The following displays: Ping(ICMP) 10.0.1.1: 4 packets, 8 data bytes, interval 1 second(s). 16 bytes from 10.0.1.1: icmp_seq=0 ttl=255 time=10 ms 16 bytes from 10.0.1.1: icmp_seq=1 ttl=255 time=7.051 ms 16 bytes from 10.0.1.1: icmp_seq=2 ttl=255 time=1.933 ms 16 bytes from 10.0.1.1: icmp_seq=3 ttl=255 time=2.007 ms
4 Turn off auto negotiation, set the speed to 10 Mbps, and set the duplex to half by entering the following command: configure port 13 auto off speed 10 duplex half
5 Use the PING command again to test if the switch can still communicate with the upstream switch: ping 10.0.1.1
The following displays: Ping(ICMP) 10.0.1.1: 4 packets, 8 data bytes, interval 1 second(s). 44 bytes from 10.0.1.11: icmp_seq=3 Destination Host Unreachable --- 10.0.1.1 ping statistics --4 packets transmitted, 0 received, 100% loss round-trip min/avg/max = 0/0/0 ms
6 Turn auto negotiation back on, by entering the following command: configure port 13 auto on
ExtremeXOS™ Operation and Configuration, Rev. 12.1
31
Layer 1 Configuration Lab
7 Use the PING command again to see if connectivity to Core Switch A has been restored: ping 10.0.1.1
The following displays: Ping(ICMP) 10.0.1.1: 4 packets, 8 data bytes, interval 1 second(s). 16 bytes from 10.0.1.1: icmp_seq=0 ttl=255 time=7.494 ms 16 bytes from 10.0.1.1: icmp_seq=1 ttl=255 time=1.811 ms 16 bytes from 10.0.1.1: icmp_seq=2 ttl=255 time=6.866 ms 16 bytes from 10.0.1.1: icmp_seq=3 ttl=255 time=6.970 ms --- 10.0.1.1 ping statistics --4 packets transmitted, 4 received, 0% loss round-trip min/avg/max = 1/5/7 ms
32
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 1 Configuration Lab
Part 3: Configuring the Client Workstation and Testing the Default Gateway The following instructions will guide you in setting up the client workstation. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility:
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
33
Layer 1 Configuration Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
34
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 1 Configuration Lab
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF03-X batch file, where X is your lab group number assigned in Table 1
This batch file will automatically configure the PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
35
Layer 1 Configuration Lab
9 In the command window, display the IP interface information on the PC by entering the following command: ipconfig
The system displays the following:
Notice that the Lab Network interface has been assigned your lab group PC's IP address and mask found in Table 1. This completes the setup of the Lab Group PC.
36
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 1 Configuration Lab
Part 4: Configuring Dynamic Address-based Load Sharing In this exercise you will create a dynamic link aggregation group and verify that dynamic load sharing is configured and operating correctly. 1 Wait until the instructor has loaded the config file for this part of the lab before proceeding. 2 On instructor’s direction enable switch port 24, the port connected to the lab PC, by entering the following command: enable ports 24
3 Open a DOS window on the Lab Group PC and use the PING command to verify that the PC can communicate with the lab switch by entering the following: ping 10.0.1.1X
Where X is your lab group number found in Table 1. The following displays: Pinging 10.0.1.1X with 32 bytes of data: Reply from 10.0.1.1X: bytes=32 time=2ms TTL=255 Reply from 10.0.1.1X: bytes=32 time<1ms TTL=255 Reply from 10.0.1.1X: bytes=32 time<1ms TTL=255 Reply from 10.0.1.1X: bytes=32 time<1ms TTL=255
4 To create a port share group with only port 13 as a member, enter the following command: enable sharing 13 grouping 13 algorithm address-based L3_L4 lacp
The options after the algorithm parameter above specify that the link aggregation control protocol is used to manage the port group. The following displays: Warning: Any config on the master port is lost (STP, IGMP Filter, IGMP Static Group, MAC-Security, etc. etc.)
5 Configure the LACP priority by entering the following command: configure sharing 13 lacp system-priority X
Where X is your lab group number found in Table 1. 6 Enable port 15 by entering the following command: enable ports 15
7 Add port 15 to the link aggregation group by entering the following command: configure sharing 13 add ports 15
ExtremeXOS™ Operation and Configuration, Rev. 12.1
37
Layer 1 Configuration Lab
8 Verify that the load share group is up and enabled by entering the following command: show lacp
The following displays, notice that LACP is Up and Enabled (MAC addresses will vary): LACP Up
: Yes
LACP Enabled
: Yes
System MAC
: 00:04:96:27:b6:49
LACP PDUs dropped on non-LACP ports : 1145 Lag
Actor Sys-Pri
Actor
Key
Partner
MAC
Partner Sys-Pri
Partner
Key
Agg
Count
-------------------------------------------------------------------------------13
X 0x03f5
00:04:96:27:bc:ce
X 0x03e9
2
================================================================================
9 Verify the dynamic link aggregation configuration by entering the following command: show lacp lag 13
The following displays: Lag
Actor Sys-Pri
Key
Actor
Partner
MAC
Partner Sys-Pri
Partner
Key
Agg
Count
-------------------------------------------------------------------------------13
X 0x03f5
00:04:96:27:bc:ce
X 0x03e9
2
Port list: Member
Port
Rx
Sel
Mux
Actor
Partner
Port
Priority
State
Logic
State
Flags
Port
-------------------------------------------------------------------------------13
0
Current
Selected
Collect-Dist
A-GSCD--
100X
15
0
Current
Selected
Collect-Dist
A-GSCD--
101X
================================================================================ Actor Flags: A-Activity, T-Timeout, G-Aggregation, S-Synchronization C-Collecting, D-Distributing, F-Defaulted, E-Expired
10 Verify the identity of the load sharing master port by entering the following command: show ports configuration no-refresh
38
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 1 Configuration Lab
The following displays, notice the settings for ports 13, 15, and 24: Port Configuration Port
Virtual router
Port
Link
Auto
State State Neg
Speed
Duplex
Flow
Load
Media
Cfg Actual Cfg Actual Cntrl Master Pri Red
================================================================================ 1
VR-Default
D
R
ON
AUTO
AUTO
UTP
2
VR-Default
D
R
ON
AUTO
AUTO
UTP
3
VR-Default
D
R
ON
AUTO
AUTO
UTP
4
VR-Default
D
R
ON
AUTO
AUTO
UTP
5
VR-Default
D
R
ON
AUTO
AUTO
UTP
6
VR-Default
D
R
ON
AUTO
AUTO
UTP
7
VR-Default
D
R
ON
AUTO
AUTO
UTP
8 9
VR-Default VR-Default
D D
R R
ON ON
AUTO AUTO
AUTO AUTO
UTP UTP
10
VR-Default
D
R
ON
AUTO
AUTO
UTP
11
VR-Default
D
R
ON
AUTO
AUTO
UTP
12
VR-Default
D
R
ON
AUTO
AUTO
13
VR-Default
E
A
ON
AUTO
1000 AUTO FULL
14
VR-Default
D
R
ON
AUTO
AUTO
15
VR-Default
E
A
ON
AUTO
1000 AUTO FULL
16
VR-Default
D
R
ON
AUTO
AUTO
UTP
17
VR-Default
D
R
ON
AUTO
AUTO
UTP
18
VR-Default
D
R
ON
AUTO
AUTO
UTP
19
VR-Default
D
R
ON
AUTO
AUTO
UTP
20
VR-Default
D
R
ON
AUTO
AUTO
UTP
21
VR-Default
D
R
ON
AUTO
AUTO
NONE UTP
22
VR-Default
D
R
ON
AUTO
AUTO
NONE UTP
23
VR-Default
D
R
ON
AUTO
AUTO
24
VR-Default
E
A
ON
AUTO
25
VR-Default
D
NP
OFF 10000
FULL
NONE
26
VR-Default
D
NP
OFF 10000
FULL
NONE
UTP SYM
13 UTP
SYM
13 UTP
UTP
NONE UTP
100 AUTO FULL
SYM
UTP
NONE
================================================================================ > indicates Port Display Name truncated past 8 characters Link State: A-Active R-Ready NP- Port not present L-Loopback Port State: D-Disabled, E-Enabled Media: !-Unsupported Optic Module Media Red: * - use "show port info detail" for redundant media type
11 Verify the load sharing trunk configuration by entering the following command: show ports sharing
The following displays: Load Sharing Monitor Config
Current
Agg
Ld Share
Ld Share
Agg
Link
Link Up
Master
Master
Control
Algorithm
Group
Mbr
State
transitions
============================================================================== 13
13
LACP L3_L4
L3_L4
13 15
Y Y
A
A
6 1
============================================================================== Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback Load Sharing Algorithm: (L2) Layer 2 address based, (L3_L4) Layer 3 address and Layer 4 port based Note: Layer 4 ports are not used for distribution for traffic ingressing ports on X450-24t and X450-24x switches. Default algorithm: L2
Number of load sharing trunks: 1
ExtremeXOS™ Operation and Configuration, Rev. 12.1
39
Layer 1 Configuration Lab
12 Verify the link aggregation activity by entering the following command: show lacp counters
The following displays: LACP PDUs dropped on non-LACP ports : 1145 LACP Bulk checkpointed msgs sent
: 0
LACP Bulk checkpointed msgs recv
: 0
LACP PDUs checkpointed sent
: 0
LACP PDUs checkpointed recv
: 0
Lag
Member
Rx
Rx Drop
Rx Drop
Rx Drop
Group
Port
Ok
PDU Err
Not Up
Same MAC Sent Ok
Tx
Tx Xmit Err
-------------------------------------------------------------------------------13 13 36 0 0 0 36 0 15
33
0
0
0
34
0
================================================================================
13 From the Lab Group PC, open a command prompt window and use the following command to generate a continuous stream of ping packets to Core Switch B: ping –t 10.0.1.2
The following displays: Pinging 10.0.1.2 with 32 bytes of data: Reply from 10.0.1.2: bytes=32 time<1ms TTL=255 Reply from 10.0.1.2: bytes=32 time<1ms TTL=255 Reply from 10.0.1.2: bytes=32 time<1ms TTL=255 Reply from 10.0.1.2: bytes=32 time<1ms TTL=255
14 From the Lab Group PC, open a second command prompt window and use the following command to generate a continuous stream of ping packets to Core Switch A: ping –t 10.0.1.1
The following displays: Pinging 10.0.1.1 with 32 bytes of data: Reply from 10.0.1.1: bytes=32 time<1ms TTL=255 Reply from 10.0.1.1: bytes=32 time<1ms TTL=255 Reply from 10.0.1.1: bytes=32 time<1ms TTL=255 Reply from 10.0.1.1: bytes=32 time<1ms TTL=255
15 On the switch, display the port activity by entering the following command: show ports stat
40
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 1 Configuration Lab
16 Press the 0 key to clear the table.
The following displays: Port Statistics Port
Link State
Mon Aug 11 17:05:00 2008 Tx Pkt
Count
Tx Byte Count
Rx Pkt Count
Rx Byte Rx Pkt Rx Pkt Count
Bcast
Mcast
================================================================================ 1
R
0
0
0
0
0
0
2
R
0
0
0
0
0
0
3
R
0
0
0
0
0
0
4
R
0
0
0
0
0
0
5
R
0
0
0
0
0
0
6
R
0
0
0
0
0
0
7
R
0
0
0
0
0
0
8
R
0
0
0
0
0
0
9
R
0
0
0
0
0
0
10
R
0
0
0
0
0
0
11
R
0
0
0
0
0
0
12
R
0
0
0
0
0
0
13
A
0
0
0
0
0
0
14
R
0
0
0
0
0
0
15
A
0
0
0
0
0
0
16
R
0
0
0
0
0
0
================================================================================ Link State: A-Active, R-Ready, NP-Port Not Present L-Loopback 0->Clear Counters U->page up
D->page down ESC->exit
17 Monitor the activity for ports 13 and 15 over a period of time to verify that the ping traffic is being distributed across the aggregated ports. If configured correctly, the results look similar to this: Port Statistics Port
Link State
Mon Aug 11 17:05:00 2008 Tx Pkt
Count
Tx Byte Count
Rx Pkt Count
Rx Byte Rx Pkt Rx Pkt Count
Bcast
Mcast
================================================================================ 1
R
0
0
0
0
0
0
2
R
0
0
0
0
0
0
3
R
0
0
0
0
0
0
4
R
0
0
0
0
0
0
5
R
0
0
0
0
0
0
6
R
0
0
0
0
0
0
7
R
0
0
0
0
0
0
8
R
0
0
0
0
0
0
9
R
0
0
0
0
0
0
10
R
0
0
0
0
0
0
11
R
0
0
0
0
0
0
12
R
0
0
0
0
0
0
13
A
89
7340
97
0
11
14
R
0
0
0
0
0
15
A
87
7276
92
0
6
8485 0 8168
16 R 0 0 0 0 0 0 ================================================================================ Link State: A-Active, R-Ready, NP-Port Not Present L-Loopback 0->Clear Counters U->page up
D->page down ESC->exit
ExtremeXOS™ Operation and Configuration, Rev. 12.1
41
Layer 1 Configuration Lab
18 Press the Esc key. Verify that the configured load sharing algorithm operates correctly by entering the following command: show ports info
The following displays, notice the settings for ports 13 and 15 below: Port
Flags
Link State
Link Num Num ELSM UPS
Num
Jumbo QOS
STP VLAN Proto Size
Load
profile Master
================================================================================= 1
Dm------e--fMB- ready
-
0
0
0
0
9216
none
2
Dm------e--fMB- ready
-
0
0
0
0
9216
none
3
Dm------e--fMB- ready
-
0
0
0
0
9216
none
4 5
Dm------e--fMB- ready Dm------e--fMB- ready
-
0 0
0 0
0 0
0 0
9216 9216
none none
6
Dm------e--fMB- ready
-
0
0
0
0
9216
none
7
Dm------e--fMB- ready
-
0
0
0
0
9216
none
8
Dm------e--fMB- ready
-
0
0
0
0
9216
none
9
Dm------e--fMB- ready
-
0
0
0
0
9216
none
10
Dm------e--fMB- ready
-
0
0
0
0
9216
none
11
Dm------e--fMB- ready
-
0
0
0
0
9216
none
12
Dm------e--fMB- ready
-
0
0
0
0
9216
none
13
Em-la---e--fMB- active
-
0
1
1
1
9216
none
14
Dm------e--fMB- ready
-
0
0
0
0
9216
none
15
Em-la---e--fMB- active
-
0
1
1
1
9216
none
16
Dm------e--fMB- ready
-
0
0
0
0
9216
none
17
Dm------e--fMB- ready
-
0
0
0
0
9216
none
18
Dm------e--fMB- ready
-
0
0
0
0
9216
none
19
Dm------e--fMB- ready
-
0
0
0
0
9216
none
20
Dm------e--fMB- ready
-
0
0
0
0
9216
none
21
Dm------e--fMB- ready
-
0
0
0
0
9216
none
22
Dm------e--fMB- ready
-
0
0
0
0
9216
none
23
Dm------e--fMB- ready
-
0
0
0
0
9216
none
24
Em------e--fMB- active
-
0
1
1
1
9216
none
25
Dm------e--fMB- NotPresent -
0
0
0
0
9216
none
26
Dm------e--fMB- NotPresent -
0
0
0
0
9216
none
13 a 13 a
=================================================================================== Flags : a - Load Sharing Algorithm address-based, D - Port Disabled, e - Extreme Discovery Protocol Enabled, E - Port Enabled, l - Load Sharing Enabled, m - MACLearning Enabled, f - Unicast Flooding Enabled,M - Multicast Flooding Enabled, B - Broadcast Flooding Enabled
19 Notice that the ports in the load share group are flagged to use address-based load sharing. 20 Verify all lacp-related configuration parameters by displaying the section of the configuration file related to lacp by entering the following command: show configuration lacp
The following displays: # # Module lacp configuration. # configure sharing 13 lacp system-priority X
42
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 1 Configuration Lab
Part 5: Enabling the Link-Layer Discovery Protocol In this exercise you will enable ports to receive Link-Layer Discovery Protocol (LLDP) information, advertise their own system information, and verify that each is configured correctly. 1 Enable LLDP on port 13 by entering the following command: enable lldp ports 13
2 Verify the LLDP configuration by entering the following command: show lldp port 13 detailed
The following displays: LLDP transmit interval
: 30 seconds
LLDP transmit hold multiplier LLDP transmit delay
: 4
(used TTL = 120 seconds)
: 2 seconds
LLDP SNMP notification interval LLDP reinitialize delay
: 5 seconds : 2 seconds
LLDP-MED fast start repeat count : 3
LLDP Port Configuration: Port
Rx Mode
Tx Mode
SNMP
Optional enabled transmit TLVs
Notification
LLDP
802.1
802.3
MED
AvEx
============================================================================ 13
Enabled
Enabled
--
VLAN: Default
--D------
---
---
----
----
----
----
----
----
============================================================================ Notification: (L) lldpRemTablesChange, (M) lldpXMedTopologyChangeDetected LLDP Flags
: (P) Port Description, (N) System Name, (D) System Description
(C) System Capabilities, (M) Mgmt Address 802.1 Flags : (P) Port VLAN ID, (p) Port & Protocol VLAN ID, (N) VLAN Name 802.3 Flags : (M) MAC/PHY Configuration/Status, (P) Power via MDI (L) Link Aggregation, (F) Frame Size MED Flags
: (C) MED Capabilities, (P) Network Policy, (L) Location Identification, (p) Extended Power-via-MDI
AvEx Flags
: (P) PoE Conservation Request, (C) Call Server, (F) File Server
(Q) 802.1Q Framing
3 Enable the advertisement of the system name by entering the following command: configure lldp ports 13 advertise system-name
4 Verify the LLDP advertisement of the system name, by entering the following command: show lldp port 13 detailed
ExtremeXOS™ Operation and Configuration, Rev. 12.1
43
Layer 1 Configuration Lab
The following displays: LLDP transmit interval
: 30 seconds
LLDP transmit hold multiplier LLDP transmit delay
: 4
(used TTL = 120 seconds)
: 2 seconds
LLDP SNMP notification interval LLDP reinitialize delay
: 5 seconds : 2 seconds
LLDP-MED fast start repeat count : 3
LLDP Port Configuration: Port
Rx
Tx
Mode
Mode
SNMP
Optional enabled transmit TLVs
Notification
LLDP
802.1
802.3
MED
AvEx
============================================================================ 13
Enabled
Enabled
--
VLAN: Default
-ND------
---
---
----
----
----
----
----
----
============================================================================ Notification: (L) lldpRemTablesChange, (M) lldpXMedTopologyChangeDetected LLDP Flags
: (P) Port Description, (N) System Name, (D) System Description (C) System Capabilities, (M) Mgmt Address
802.1 Flags : (P) Port VLAN ID, (p) Port & Protocol VLAN ID, (N) VLAN Name 802.3 Flags : (M) MAC/PHY Configuration/Status, (P) Power via MDI (L) Link Aggregation, (F) Frame Size MED Flags
: (C) MED Capabilities, (P) Network Policy, (L) Location Identification, (p) Extended Power-via-MDI
AvEx Flags
: (P) PoE Conservation Request, (C) Call Server, (F) File Server
(Q) 802.1Q Framing
5 Verify the LLDP neighbor information, by entering the following command: show lldp neighbor detailed
The following displays:
----------------------------------------------------------------------------LLDP Port 13 detected 1 neighbor Neighbor: 00:04:96:27:BC:CE/1, age 11 seconds - Chassis ID type: MAC address (4) Chassis ID
: 00:04:96:27:BC:CE
- Port ID type: ifName (5) Port ID
: "1"
- Time To Live: 120 seconds - System Name: "CS-A" - System Description: "ExtremeXOS version 12.1.1.4 v1211b4 by release-ma\ nager on Tue Apr 29 17:46:58 PDT 2008"
44
ExtremeXOS™ Operation and Configuration, Rev. 12.1
4
Configuring a Stacked Switch Demonstration
Overview You will watch a short presentation on how to set up and configure a stacked switch using SummitStack™. Your instructor will add information and answer questions throughout the presentation.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
45
Configuring a Stacked Switch Demonstration
46
ExtremeXOS™ Operation and Configuration, Rev. 12.1
5
Layer 2 Forwarding Lab
Student Objectives This lab provides you with hands-on experience to create FDB entries, enable and verify the locklearning feature, and enable and verify the limit-learning feature. At the end of this lab, you will be able to: ● Populate, display, and interpret the FDB table. ●
Enable the lock-learning feature.
●
Test the operation of the lock-learning feature.
●
Enable the limit-learning feature.
●
Test the operation of the limit-learning feature.
Figure 1: Layer 2 Forwarding Lab
ExtremeXOS™ Operation and Configuration, Rev. 12.1
47
Layer 2 Forwarding Lab
Refer to the values list in Table 1to configure switch parameters for this lab.
Table 1: Lab Groups an d VLAN IP Ad dresses La b G r o u p N u m b er
Func tio nal Name
Switc h N ame
1
SalesManagement
SAM_1
Default
VLAN N ame
10.0.1.11/24
2
ExecutiveStaff
EXC_2
Default
10.0.1.12/24
3
Accounting
4
ManufacturingFloor
5
Engineering
6
HumanResources
ACT_3
Default
MFG_4
Default
ENG_5
Default
HUR_6
Default
V LA N I P A d d r ess
10.0.1.13/24 10.0.1.14/24 10.0.1.15/24 10.0.1.16/24
Part 1: Setting Up for Populating the Forwarding Database 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF04-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch
will then display the following prompt for the password: login: admin password:
48
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 2 Forwarding Lab
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
Part 2: Populating the Forwarding Database In this exercise you will populate the forwarding database and verify that it is correctly configured. 1 On the switch, use the PING command to verify that the switch can communicate with Core Switch A by entering the following: ping 10.0.1.1
2 Use the PING command to verify that the switch can communicate with each of the configured neighbor lab groups switches by entering the following: ping
Example: ping 10.0.1.1X
Where X is each neighbor lab group number in Table 1. The following is the ping reply for the neighbor with the vlan ip address 10.0.1.12: Ping(ICMP) 10.0.1.12: 4 packets, 8 data bytes, interval 1 second(s). 16 bytes from 10.0.1.12: icmp_seq=0 ttl=255 time=2.940 ms 16 bytes from 10.0.1.12: icmp_seq=1 ttl=255 time=6.312 ms 16 bytes from 10.0.1.12: icmp_seq=2 ttl=255 time=7.023 ms 16 bytes from 10.0.1.12: icmp_seq=3 ttl=255 time=2.003 ms --- 10.0.1.12 ping statistics --4 packets transmitted, 4 received, 0% loss round-trip min/avg/max = 2/4/7 ms
3 Display the layer 2 forwarding database by entering the following command: show fdb
The following display is an example from Lab Group 1’s switch: Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
Default(0001) 0024 d m
00:04:96:27:b7:57
Default(0001) 0009 d m
13 13
00:04:96:27:bc:ce
Default(0001) 0001 d m
13
00:04:96:27:bd:0b
Default(0001) 0032 d m
13
00:04:96:34:cb:5c
Default(0001) 0007 d m
13
00:04:96:34:cb:64
Default(0001) 0004 d m
13
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation, D - drop packet. Total: 6 Static: 0
Perm: 0
Dyn: 6
Dropped: 0
Locked: 0
Locked with Timeout: 0
FDB Aging time: 300
ExtremeXOS™ Operation and Configuration, Rev. 12.1
49
Layer 2 Forwarding Lab
4 Notice that all entries appear in the VLAN Default and are flagged as dynamically-learned MAC addresses. 5 Display the switch’s IP ARP table by entering the following command: show iparp
The following display is an example from Lab Group 1’s switch: VR
Destination
Mac
Age
Static
VLAN
VID
Port
VR-Default
10.0.1.1
00:04:96:27:bc:ce
1
NO
Default
1
13
VR-Default
10.0.1.12
00:04:96:27:bd:0b
1
NO
Default
1
13
VR-Default
10.0.1.13
00:04:96:27:b7:57
1
NO
Default
1
VR-Default
10.0.1.14
00:04:96:27:b6:61
1
NO
Default
1
13
VR-Default
10.0.1.15
00:04:96:34:cb:64
1
NO
Default
1
13
VR-Default
10.0.1.16
00:04:96:34:cb:5c
1
NO
Default
1
Dynamic Entries
:
6
Static Entries
:
13
13 0
Pending Entries
:
0
In Request
:
26
In Response
:
13
Out Request
:
25
Out Response
:
5
Failed Requests
:
2
Proxy Answered
:
0
Rx Error
:
0
Rejected Count
:
Rejected Port
:
Max ARP entries
:
ARP address check: Timeout
:
4096 Enabled
Dup IP Addr
:
Rejected IP
:
Rejected I/F
:
Max ARP pending entries ARP refresh
0.0.0.0
: :
256 Enabled
20 minutes
6 Use the IP/MAC address pairs in the IP ARP table to determine which MAC address belongs to which lab group.
50
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 2 Forwarding Lab
Part 3: Locking Learning In this exercise you will clear the forwarding database (FDB) of all entries, repopulate the FDB, lock the addresses that have been learned, and verify that this each command has been executed correctly. 1 Clear the forwarding database of all dynamic entries by entering the following command: clear fdb
2 Verify that the FDB is clear by entering the following: show fdb
The following displays: Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation, D - drop packet. Total: 0 Static: 0
Perm: 0
Dyn: 0
Dropped: 0
Locked: 0
Locked with Timeout: 0
FDB Aging time: 300
NOTE Depending upon network activity, the fbd table may contain entries even though you issued the clear fdb command. This is due to the fact that some devices on the network transmitted packets between the time you cleared the fdb and subsequently displayed it.
3 Use the PING command to re-populate the FDB with the MAC address of Core Switch A: ping 10.0.1.1
NOTE Your switch may have already repopulated the fbd due to other students or network activities.
The following displays: Ping(ICMP) 10.0.1.1: 4 packets, 8 data bytes, interval 1 second(s). 16 bytes from 10.0.1.1: icmp_seq=0 ttl=255 time=9.190 ms 16 bytes from 10.0.1.1: icmp_seq=1 ttl=255 time=7.129 ms 16 bytes from 10.0.1.1: icmp_seq=2 ttl=255 time=7.359 ms 16 bytes from 10.0.1.1: icmp_seq=3 ttl=255 time=1.996 ms --- 10.0.1.1 ping statistics --4 packets transmitted, 4 received, 0% loss round-trip min/avg/max = 1/6/9 ms
4 Verify that only the Core Switch A MAC address is in the FDB by entering the following: show fdb
ExtremeXOS™ Operation and Configuration, Rev. 12.1
51
Layer 2 Forwarding Lab
The following display is an example from Lab Group 1’s switch: Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:bc:ce
Default(0001) 0003 d m
13
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation, D - drop packet. Total: 1 Static: 0
Perm: 0
Dyn: 1
Dropped: 0
Locked: 0
Locked with Timeout: 0
FDB Aging time: 300
5 Clear the fdb again and the lock the MAC address learned on port 13 by entering the following: clear fdb ping 10.0.1.1 configure ports 13 vlan default lock-learning
NOTE In order to minimize the number of entries that find their way into the fdb, we recommend that you cut and paste the three commands above into the cli interface on the switch. However, even if you take this precaution, you may find that the locking feature captures more then just the MAC address of Core Switch A.
6 Verify the configuration by entering the following command: show vlan default security
The following displays for port 13 and port 24:
Port
Limit
13 24
Unlimited Locked Unlimited Unlocked
State
Learned
Blackholed
0 0
5 0
Locked 1 0
NOTE In the example above, notice that 5 MAC addresses are designated as Blackhole entries. Any MAC addresses seen after the lock is activated will be blackholed.
7 Verify that the permanent entry and lock learning flags are set for port 13 by entering the following command: show fdb
52
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 2 Forwarding Lab
The following is an example display from Lab Group 1’s switch: Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b7:57
Default(0001) 0021 d m
00:04:96:27:bc:ce
Default(0001) 0000 spm
00:04:96:34:cb:5c
Default(0001) 0021 d m
Bb
13 l
Bb
13 13
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation, D - drop packet.
Total: 3 Static: 1 Perm: 1 FDB Aging time: 300
Dyn: 2
Dropped: 0
Locked: 1
Locked with Timeout: 0
FDB VPLS Aging time: 300
8 Use the PING command to try to communicate with each of the configured neighbor lab groups switches by entering the following: ping
Example: ping 10.0.1.1X
Where X is each neighbor lab group number in Table 1. The following displays the ping reply, Destination Host Unreachable, when Lab Group 1 pings the neighbor with the VLAN IP address 10.0.1.12: Ping(ICMP) 10.0.1.12: 4 packets, 8 data bytes, interval 1 second(s). 44 bytes from 10.0.1.11: icmp_seq=3 Destination Host Unreachable --- 10.0.1.12 ping statistics --4 packets transmitted, 0 received, 100% loss round-trip min/avg/max = 0/0/0 ms
NOTE All ping attempts to neighboring switches should fail. However, this is dependent upon the entries in the fdb table.
9 Display the forwarding database by entering the following command: show fdb
ExtremeXOS™ Operation and Configuration, Rev. 12.1
53
Layer 2 Forwarding Lab
The following display is an example from Lab Group 1’s switch: Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
Default(0001) 0274 d m
Bb
00:04:96:27:b7:57
Default(0001) 0018 d m
Bb
13
00:04:96:27:bc:ce
Default(0001) 0000 spm
00:04:96:27:bd:0b
Default(0001) 0298 d m
Bb
00:04:96:34:cb:5c
Default(0001) 0043 d m
Bb
13
00:04:96:34:cb:64
Default(0001) 0297 d m
Bb
13
13 l
13 13
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation, D - drop packet.
Total: 6 Static: 1
Perm: 1
Dyn: 5
Dropped: 0
Locked: 1
Locked with Timeout: 0
FDB Aging time: 300 FDB VPLS Aging time: 300
10 Notice in the example above, that the MAC addresses for all 5 neighbor switches have been flagged as Blackhole for both ingress and egress. Your fdb table may vary slightly from this example. 11 Remove MAC address lock down by entering the following command: configure ports 13 vlan default unlock-learning
12 Show the forwarding database and verify that the lockdown has been removed by entering the following command: show fdb
The following displays: Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation, D - drop packet.
Total: 0 Static: 0
Perm: 0
Dyn: 0
Dropped: 0
Locked: 0
Locked with Timeout: 0
FDB Aging time: 300 FDB VPLS Aging time: 300
13 Notice that unlocking learning will clear the FDB of all entries.
54
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 2 Forwarding Lab
Part 4: Limiting Learning In this exercise you will clear the forwarding data base entries and configure selected ports to limit learning. You will confirm that limit learning is operating correctly and then remove the limits you previously set. 1 Clear the forwarding database of all dynamic entries by entering the following command: clear fdb
2 Confirm that the FDB is clear by entering the following: show fdb
The following is an example of a typical display: Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation, D - drop packet.
Total: 0 Static: 0
Perm: 0
Dyn: 0
Dropped: 0
Locked: 0
Locked with Timeout: 0
FDB Aging time: 300 FDB VPLS Aging time: 300
NOTE Depending upon network activity you may have entries quickly repopulate even after you clear the fdb.
3 Limit the MAC address learning on port 13 to three entries by entering the following commands: clear fdb configure ports 13 vlan default limit-learning 3
4 Verify the configuration by entering the following command: show vlan default security
The following displays: Port
Limit
State
Learned
13
3
Unlocked
0
24
Unlimited Unlocked
0
Blackholed 0 0
Locked 0 0
5 Display the MAC security information for the specified port by entering the following command: show ports 13 information detail
ExtremeXOS™ Operation and Configuration, Rev. 12.1
55
Layer 2 Forwarding Lab
The following displays: Port:
13
Virtual-router: VR-Default Type:
UTP Random Early drop: Admin state:
Unsupported
Enabled with
ELSM Link State:
auto-speed sensing
auto-duplex
Up
Link State:
Active, 1Gbps, full-duplex
Link Counter: Up
2 time(s)
VLAN cfg: Name: Default, Internal Tag = 1, MAC-limit = 3,Action = blackhole,Virtual router: VR-Default
6 Use the PING command to try to communicate with each of the configured neighbor lab groups switches and Core Switch A. Because the neighbor lab groups may be performing this same step simultaneously or even before you, three or fewer PINGs may actually work. Enter the following: ping
Example: ping 10.0.1.1X
Where X is each neighbor lab group number in Table 1. 7 Confirm which MAC addresses were permitted and which were blocked by displaying the forwarding database with the following command: show fdb
The following is an example display from Lab Group 1’s switch:
Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
Default(0001) 0020 d m
00:04:96:27:b7:57
Default(0001) 0061 d m
Bb
00:04:96:27:bc:ce
Default(0001) 0076 d m
Bb
00:04:96:27:bd:0b
Default(0001) 0020 d m
00:04:96:34:cb:5c
Default(0001) 0020 d m
00:04:96:34:cb:64
Default(0001) 0079 d m
13 13 13 13 13 Bb
13
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation, D - drop packet.
Total: 6 Static: 0
Perm: 0
Dyn: 6
Dropped: 0
Locked: 0
Locked with Timeout: 0
FDB Aging time: 300 FDB VPLS Aging time: 300
8 Notice that the MAC addresses for 2 neighbor switches and Core Switch A have been flagged as Blackhole for both ingress and egress in the example above. 9 Remove the limit learning on the port by entering the following command: configure ports 13 vlan default unlimited-learning
56
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Layer 2 Forwarding Lab
Part 5: Enabling Extreme Link Status Monitoring In this exercise you will enable Extreme Link Status Monitoring (ELSM) on selected ports, verify that it is operating correctly. You will observe link state changes during a core switch reboot. 1 Enable Extreme Link Status Monitoring (ELSM) on the port connecting to the other switches by entering the following command: enable elsm ports 13
2 Verify the status of the port with ELSM enabled by entering the following command: show elsm ports 13
The following displays: ELSM Info Port 13 Link State ELSM Link State ELSM State
: Active : Up : Up
Hello Transmit State
: HelloRx(+)
Hello Time
: 1 sec
Hold Threshold
: 2
UpTimer Threshold Auto Restart Down Timeout Up Timeout
: 6 : Enabled : 4.0 sec : 6.0 sec
Hello+ Rx
: 19496
HelloRx
: 1
Hello+ Tx
: 19497
HelloTx
: 0
ELSM Up/Down Count
: UP: 0
DOWN: 0
3 Notice both the Link State and the ELSM Link State for this port.
NOTE Wait here while Core Switch A is rebooted to simulate link state change.
4 Wait until the instructor gives the class direction to move forward. 5 While Core Switch A is rebooting, re-verify the status of the port by entering the following command: show elsm ports 13
ExtremeXOS™ Operation and Configuration, Rev. 12.1
57
Layer 2 Forwarding Lab
While the switch is rebooting the system will eventually display the following: ELSM Info Port 13 Link State ELSM Link State ELSM State
: Ready : Down : Down
Hello Transmit State
: HelloRx(-)
Hello Time
: 1 sec
Hold Threshold
: 2
UpTimer Threshold Auto Restart Down Timeout Up Timeout
: 6 : Enabled : 4.0 sec : 6.0 sec
Hello+ Rx
: 19588
HelloRx
: 1
Hello+ Tx
: 19589
HelloTx
: 0
ELSM Up/Down Count
: UP: 0
DOWN: 1
6 Notice the changes to the port Link State, ELSM Link State, ELSM State, Hello Transmit State, and ELSM Up/Down Count. 7 After the switch has fully re-booted, verify the status of the port by entering the following command again: show elsm ports 13
When the link stabilizes, the following displays: ELSM Info Port 13 Link State ELSM Link State ELSM State Hello Transmit State
: Active : Up : Up : HelloRx(+)
Hello Time
: 1 sec
Hold Threshold
: 2
UpTimer Threshold Auto Restart Down Timeout Up Timeout
: 6 : Enabled : 4.0 sec : 6.0 sec
Hello+ Rx
: 19593
HelloRx
: 1
Hello+ Tx
: 19593
HelloTx
: 1
ELSM Up/Down Count
: UP: 1
DOWN: 1
8 Notice again, the changes to the port Link State, ELSM Link State, ELSM State, Hello Transmit State, and ELSM Up/Down Count.
58
ExtremeXOS™ Operation and Configuration, Rev. 12.1
6
Port-based VLAN Configuration Lab
Student Objectives A common approach to deploying Voice-Over-IP on a converged network is to configure a single, layer 2 broadcast domain (VLAN) dedicated to the voice-enabled devices (phones, call managers, call gateways, etc.). This lab provides you with hands-on experience to create port-based VLANs, add ports to the VLANs, and extend the VLANs across multiple switches. At the end of this lab, you will be able to: ●
Create one port-based VLAN
●
Add ports to the VLAN
●
Interconnect the VLAN across multiple switches
Figure 1: Port-based VLAN Con figuration Lab
ExtremeXOS™ Operation and Configuration, Rev. 12.1
59
Port-based VLAN Configuration Lab
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Group, Switch, VLAN Names and IP addresses La b G r o u p N u m b er
S w it c h N a m e
V LA N N a m e
V L AN I P A d d r es s
Lab Group PC IP Address
1
SAM_1
Voice
10.0.2.11/24
10.0.2.101/24
2
EXC_2
Voice
10.0.2.12/24
10.0.2.102/24
3
ACT_3
Voice
10.0.2.13/24
10.0.2.103/24
4
MFG_4
Voice
10.0.2.14/24
10.0.2.104/24
5
ENG_5
Voice
10.0.2.15/24
10.0.2.105/24
6
HUR_6
Voice
10.0.2.16/24
10.0.2.106/24
Part 1: Setting Up for Creating a Port-Based VLAN 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF05-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
60
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Port-based VLAN Configuration Lab
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
Part 2: Creating a Port-Based VLAN In this exercise you will create a VLAN, assign it an IP address, and verify that it is recognized by your switch. 1 Create a VLAN named voice by entering the following command: create vlan voice
2 Verify that the VLAN voice has been created by entering the following command: show vlan voice
The following displays: VLAN Interface with name voice created by user Admin State:
Enabled
Tagging:Untagged (Internal tag 4094)
Virtual router: VR-Default IPv6:
None
STPD:
None Protocol:
Match all unfiltered protocols
Loopback: NetLogin:
Disabled Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: Ports:
0.
None configured
(Number of active ports=0)
3 Notice that a newly-created VLAN has no ports assigned. 4 Assign an IP address and subnet mask to the voice VLAN, by entering the following command: configure vlan voice ipaddress {}
Example: configure vlan voice ipaddress 10.0.2.1X/24
Use the address and subnet mask as listed in Table 1 for your lab group. 5 Verify the IP address and subnet mask of the voice VLAN, by entering the following command: show vlan voice
ExtremeXOS™ Operation and Configuration, Rev. 12.1
61
Port-based VLAN Configuration Lab
The voice VLAN configuration displays: VLAN Interface with name voice created by user Admin State:
Enabled
Tagging:Untagged (Internal tag 4094)
Virtual router: VR-Default Primary IP IPv6:
: 10.0.2.1X/24
None
STPD:
None Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: None configured Ports:
0.
(Number of active ports=0)
Part 3: Adding Ports to a VLAN In this exercise you will delete ports from the VLAN default and add ports to your VLAN. 1 Delete port 13 and 24 from the VLAN default by entering the following command: configure vlan default delete ports 13,24
2 Add port 13 and 24 to the VLAN voice by entering the following command: configure vlan voice add ports 13,24
3 Verify the port assignments for VLAN voice by entering the following command: show vlan voice
The system displays the voice VLAN configuration: VLAN Interface with name voice created by user Admin State:
Enabled
Tagging:Untagged (Internal tag 4094)
Virtual router: VR-Default Primary IP IPv6:
: 10.0.2.1X/24
None
STPD:
None Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: Ports: Untag: Flags:
2.
None configured
(Number of active ports=0) !13,
!24
(*) Active, (!) Disabled, (g) Load Sharing port (b) Port blocked on the vlan, (m) Mac-Based port (a) Egress traffic allowed for NetLogin (u) Egress traffic unallowed for NetLogin
4 Notice that the assigned ports are not active, they are disabled(!) and untagged.
62
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Port-based VLAN Configuration Lab
Part 4: Configuring the Client Workstation The following instructions will guide you in setting up the client workstation. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility:
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
63
Port-based VLAN Configuration Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
64
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Port-based VLAN Configuration Lab
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF05-X batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
65
Port-based VLAN Configuration Lab
9 In the command window, display the IP interface information on the PC by entering the following command: ipconfig
The system displays the following:
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask found in Table 1. This completes the setup of the Lab Group PC. Minimize this window now and return to the switch.
Part 5: Extending the VLAN Across Multiple Switches In this exercise you will enable ports to extend your VLAN across multiple switches and verify that your switch can communicate with each of the other neighbor switches. 1 On your switch, enable port 13 to permit forwarding by entering the following command: Enable ports 13
NOTE Stop and wait here until all students in the class reach this point!
66
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Port-based VLAN Configuration Lab
2 Upon the instructor’s direction, turn to your switch and use the PING command to verify that the switch can communicate with each of the configured neighbor lab groups switches by entering the following: ping
Example: ping 10.0.2.1X
Where X is each neighbor lab group number in Table 1. The following is an example reply from Lab Group 1’s switch while pinging Lab Group’s 2 switch:
* SAM_1.26 # ping 10.0.2.12 Ping(ICMP) 10.0.2.12: 4 packets, 8 data bytes, interval 1 second(s). 16 bytes from 10.0.2.12: icmp_seq=0 ttl=255 time=9.773 ms 16 bytes from 10.0.2.12: icmp_seq=1 ttl=255 time=2.004 ms 16 bytes from 10.0.2.12: icmp_seq=2 ttl=255 time=7.072 ms 16 bytes from 10.0.2.12: icmp_seq=3 ttl=255 time=7.054 ms
3 On your switch, enable port 24 by entering the following command: enable ports 24
This is the port connected to the Lab Group PC. NOTE Stop and wait here until all students in the class reach this point!
4 Upon the instructor’s direction, return to your Lab Group PC’s desktop and open a DOS window. Use the PING command to verify that the PC can communicate with the other configured neighbor Lab Group PCs by entering the following: ping
Example: ping 10.0.2.10X
Where X is each neighbor lab group number in Table 1. The following is an example reply from Lab Group 1’s PC while pinging Lab Group’s 2 PC: C:\Documents and Settings\student>ping 10.0.2.102 Pinging 10.0.2.102 with 32 bytes of data: Reply from 10.0.2.102: bytes=32 time<1ms TTL=128 Reply from 10.0.2.102: bytes=32 time<1ms TTL=128 Reply from 10.0.2.102: bytes=32 time<1ms TTL=128 Reply from 10.0.2.102: bytes=32 time<1ms TTL=128 Ping statistics for 10.0.2.102: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
ExtremeXOS™ Operation and Configuration, Rev. 12.1
67
Port-based VLAN Configuration Lab
5 On the switch, examine how VLAN information is displayed in the forwarding database by entering the following command on your switch: show fdb
The system displays the following: Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
voice(4094) 0020 d m
13
00:04:96:27:b7:57
voice(4094) 0017 d m
13
00:04:96:27:bd:0b
voice(4094) 0078 d m
13
00:04:96:34:cb:5c
voice(4094) 0005 d m
13
00:04:96:34:cb:64
voice(4094) 0006 d m
13
00:0c:29:0e:4a:80 00:0c:29:1b:33:21
voice(4094) 0208 d m voice(4094) 0076 d m
13 13
00:0c:29:60:ef:ba
voice(4094) 0092 d m
13
00:0c:29:7d:7c:a3
voice(4094) 0129 d m
13
00:0c:29:aa:d6:8c
voice(4094) 0088 d m
24
00:0c:29:fa:60:9c
voice(4094) 0108 d m
13
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation, D - drop packet.
Total: 11 Static: 0
Perm: 0
Dyn: 11
Dropped: 0
Locked: 0
Locked with Timeout: 0
FDB Aging time: 300 FDB VPLS Aging time: 300
6 Notice that all learned MAC addresses in the example above are from the VLAN voice.
68
ExtremeXOS™ Operation and Configuration, Rev. 12.1
7
Tagged VLAN Configuration Lab
Student Objectives Frequently, today’s voice-over-IP desk sets incorporate a second Ethernet port that provides connectivity for a PC through the same switch port as the phone. However you often see the traffic for both devices separated into VLANs, or distinct collision domains. This lab provides you with hands-on experience to create tagged VLANs for each traffic type, add ports to the VLANs, and extend the VLANs across multiple switches using a single physical link. At the end of this lab, you will be able to: ●
Convert a untagged voice VLAN to a tagged VLAN.
●
Verify the operation of the tagged VLAN.
●
Integrate a data VLAN into the network and verify the operation of the entire network.
Figure 1: Tagged VLA N Conf iguration La b
ExtremeXOS™ Operation and Configuration, Rev. 12.1
69
Tagged VLAN Configuration Lab
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Group, Switch, VLAN Names and IP Addresses La b G r o u p N u m b er
Switc h N ame
V LAN Na m e
V LA N I P A d d r ess
La b G r o u p P C I P A d d r es s
1
SAM_1
Voice
10.0.2.11/24
10.0.2.101/24
Data
10.0.3.11/24
10.0.3.101/24
2
EXC_2
Voice
10.0.2.12/24
10.0.2.102/24
Data
10.0.3.12/24
10.0.3.102/24
Voice
10.0.2.13/24
10.0.2.103/24
Data
10.0.3.13/24
10.0.3.103/24
Voice
10.0.2.14/24
10.0.2.104/24
Data
10.0.3.14/24
10.0.3.104/24
Voice
10.0.2.15/24
10.0.2.105/24
Data
10.0.3.15/24
10.0.3.105/24
Voice
10.0.2.16/24
10.0.2.106/24
Data
10.0.3.16/24
10.0.3.106/24
3
4
5
6
ACT_3
MFG_4
ENG_5
HUR_6
Part 1: Setting Up for Configuring a Tagged VLAN and Adding Tagged and Untagged Ports 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF06-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
70
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Tagged VLAN Configuration Lab
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
Part 2: Configuring the Client Workstation The following instructions will guide you in setting up the client workstation. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility:
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
71
Tagged VLAN Configuration Lab
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connect utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
72
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Tagged VLAN Configuration Lab
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF06a-X batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates
ExtremeXOS™ Operation and Configuration, Rev. 12.1
73
Tagged VLAN Configuration Lab
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
9 In the command window, display the IP interface information on the PC by entering the following
command:
ipconfig
The system displays the following:
Note that the Lab interface hasinbeen assigned your Lab Group PC's IP address and mask associated with theNetwork VLAN voice found Table 1. This completes the first setup of the Lab Group PC. Minimize this window now and return to the switch.
74
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Tagged VLAN Configuration Lab
Part 3: Configuring a Tagged VLAN and Adding Tagged and Untagged Ports In this exercise you will configure a tagged VLAN and add tagged and untagged ports to it. 1 On the switch, assign an IP address and subnet mask to the voice VLAN, by entering the following command: configure vlan voice ipaddress {}
Example: configure vlan voice ipaddress 10.0.2.1X/24
Use the address and subnet mask as listed in Table 1. 2 Configure the VLAN voice with a tag value of 10 by entering the following command: configure vlan voice tag 10
3 Verify that the tag has been added successfully by entering the following command: show vlan voice
The following displays: VLAN Interface with name voice created by user Admin State:
Enabled
Tagging:
802.1Q Tag 10
Virtual router: VR-Default Primary IP IPv6:
: 10.0.2.1X/24
None
STPD:
None Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: Ports: Untag: Flags:
2.
None configured
(Number of active ports=2)
*13,
*24
(*) Active, (!) Disabled, (g) Load Sharing port (b) Port blocked on the vlan, (m) Mac-Based port (a) Egress traffic allowed for NetLogin (u) Egress traffic unallowed for NetLogin (t) Translate VLAN tag for Private-VLAN (s) Private-VLAN System Port, (L) Loopback port (e) Private-VLAN End Point Port
4 Notice that all ports are currently untagged in the VLAN. 5 Re-assign the port that interconnects the switches for VLAN voice as a tagged port by entering the following command: configure vlan voice add ports 13 tagged
ExtremeXOS™ Operation and Configuration, Rev. 12.1
75
Tagged VLAN Configuration Lab
Type yes to the warning message that appears: Adding an existing untagged member port of vlan voice as tagged can cause STP configuration loss. Do you really want to add these ports? (y/N)
6 Verify that port 13 is now tagged in VLAN voice by entering the following command: show vlan voice
The following displays: VLAN Interface with name voice created by user Admin State:
Enabled
Tagging:
802.1Q Tag 10
Virtual router: VR-Default Primary IP IPv6:
: 10.0.2.1X/24
None
STPD:
None Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: Ports: Untag: Tag: Flags:
2.
None configured
(Number of active ports=2)
*24 *13 (*) Active, (!) Disabled, (g) Load Sharing port (b) Port blocked on the vlan, (m) Mac-Based port (a) Egress traffic allowed for NetLogin (u) Egress traffic unallowed for NetLogin (t) Translate VLAN tag for Private-VLAN (s) Private-VLAN System Port, (L) Loopback port (e) Private-VLAN End Point Port
7 Notice that port 24 participates untagged in the VLAN. 8 Enable port 24 on the switch by entering the following command: enable ports 24
This is the port connected to the Lab Group PC. NOTE Stop and wait here, do not proceed until all students have enabled port 24.
9 Upon the instructor’s direction, turn to the Lab Group PC and open a DOS window. Use the PING command to verify that the PC can communicate with the other neighbor Lab Group PCs configured in the same subnet by entering the following: ping 10.0.2.10X
Where X is the lab group number assigned to each Lab Group in Table 1.
76
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Tagged VLAN Configuration Lab
10 On the switch, use the PING command to verify that the switch can communicate with the interface assigned to the voice subnet on each of the lab groups switches by entering the following: ping 10.0.2.1X
Where X is each lab group number assigned to each Lab Group in Table 1. 11 Display the layer 2 forwarding database by entering the following command: show fdb
The following is an example display with all 6 Lab Groups participating on the classroom network: Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
voice(0010) 0060 d m
13
00:04:96:27:b7:57
voice(0010) 0020 d m
13
00:04:96:27:bd:0b
voice(0010) 0008 d m
13
00:04:96:34:cb:5c
voice(0010) 0030 d m
13
00:04:96:34:cb:64
voice(0010) 0024 d m
13
00:0c:29:0e:4a:80
voice(0010) 0262 d m
13
00:0c:29:1b:33:21
voice(0010) 0032 d m
13
00:0c:29:60:ef:ba
voice(0010) 0051 d m
13
00:0c:29:7d:7c:a3
voice(0010) 0039 d m
13
00:0c:29:aa:d6:8c
voice(0010) 0041 d m
24
00:0c:29:fa:60:9c
voice(0010) 0176 d m
13
Flags : d - Dynamic, m - MAC Total: 11 Static: 0
Perm: 0
Dyn: 11
Dropped: 0
Locked: 0
Locked with Timeout: 0
FDB Aging time: 300 FDB VPLS Aging time: 300
12 Notice that all learned MAC addresses are from the VLAN voice.
Part 4: Adding a Second Tagged VLAN and Trunked Ports In this exercise you will create a second VLAN for data, add its IP address, add the correct tag and verify that it is integrated into the network. 1 Create a second VLAN named data by entering the following command: create vlan data
2 Assign an IP address and subnet mask to VLAN data by entering the following command: configure vlan data ipaddress {}
Example: configure vlan data ipaddress 10.0.3.1X/24
Use the address and subnet mask identified in Table 1 for your lab group. 3 Verify that VLAN data has been created and the IP address is assigned correctly by entering the following command: show vlan
ExtremeXOS™ Operation and Configuration, Rev. 12.1
77
Tagged VLAN Configuration Lab
The following displays: Name
VID
Protocol Addr
Flags
Proto
Ports
Vir
Active rou /Total -------------------------------------------------------------------------------data
4093 10.0.3.1X
Default
1
------------------------------------------- ANY
0 /0
Mgmt
4095 ------------------------------------------- ANY
1 /1
voice
10
10.0.2.1X
/24
/24
----------------------- ANY
0 /0
----------------------- ANY
2 /2
V V V V
--------------------------------------------------------------------------------
4 Configure VLAN data with a tag value of 20 by entering the following command: configure vlan data tag 20
5 Configure port 13 as a trunk port for both VLAN voice and VLAN data by adding it as tagged in VLAN data with the following command: configure vlan data add ports 13 tagged
6 Verify by entering the following command: show vlan
The following displays: Name
VID
Protocol Addr
Flags
Proto
Ports
Vir
Active rou /Total -------------------------------------------------------------------------------data
20
10.0.3.1X
Default
1
------------------------------------------- ANY
/24
----------------------- ANY
0 /0 0 /0
V V
Mgmt
4095 ------------------------------------------- ANY
1 /1
V
voice 10 10.0.2.1X /24 ----------------------- ANY 2 /2 V --------------------------------------------------------------------------------
CAUTION Be careful to add the port as tagged to the second VLAN. For example, if you try to add the port untagged (configure vlan data add ports 13 ) you will see the following error display:
Error: Protocol conflict when adding untagged port 13. Either add this port as tagged or assign another protocol to this VLAN.
78
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Tagged VLAN Configuration Lab
Part 5: Adding Additional Tagged Ports Voice-over-IP device interfaces are more likely to be configured for a tag than those used for laptops or desktop PCs. The normal deployment is to assign the shared attached port as tagged in the VLAN voice, and untagged in the VLAN data. Port 24 is connected to the Lab Group PC. In this lab scenario, both the telephone desk set and the PC share the port, but you separate their traffic into two VLANs. Since the port is currently only assigned to VLAN voice, you need to add the port to VLAN data. Notice that since Port 24 already belongs untagged to VLAN voice, it cannot be added as untagged to any other VLAN. It can only be added with an explicit tag to a VLAN (tagged), or to a protocol-based VLAN. 1 On the switch, re-assign the device-connected port in VLAN voice as a tagged port by entering the following command: configure vlan voice add ports 24 tagged
Type yes to the warning message that appears: Adding an existing untagged member port of vlan voice as tagged can cause STP configuration loss. Do you really want to add these ports? (y/N)
2 Assign the device-connected port to VLAN data, untagged, by entering the following command: configure vlan data add ports 24 untagged
3 Verify the detailed configuration of VLAN data by entering the following command: show vlan data
The following displays: VLAN Interface with name data created by user Admin State: Enabled Tagging:
802.1Q Tag 20
Virtual router: VR-Default Primary IP IPv6:
: 10.0.3.1X/24
None
STPD:
None Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: Ports:
1.
Untag:
None configured
(Number of active ports=1)
*24 Tag:
Flags:
*13 (*) Active, (!) Disabled, (g) Load Sharing port (b) Port blocked on the vlan, (m) Mac-Based port (a) Egress traffic allowed for NetLogin (u) Egress traffic unallowed for NetLogin (t) Translate VLAN tag for Private-VLAN (s) Private-VLAN System Port, (L) Loopback port
(e) Private-VLAN End Point Port
ExtremeXOS™ Operation and Configuration, Rev. 12.1
79
Tagged VLAN Configuration Lab
4 In the previous section, PINGs to the neighbor PCs and switches populated the FDB with entries from VLAN voice. Clear the FDB of all dynamic entries with the following command: clear fdb
5 On the Lab Group PC, return to the open Command Prompt window and use the PING command to verify that the PC can still communicate with each of the configured neighbor Lab Group PCs in the 10.0.2.0/24 network by entering the following: ping 10.0.2.10X
Where X is each lab group number assigned in Table 1. 6 On the switch, enter the following command to view the VLAN information displayed in the forwarding database: show fdb
The following displays: Mac
Vlan
Age
Flags
Port / Virtual Port List
----------------------------------------------------------------------------00:04:96:27:b6:61
voice(0010) 0050 d m
13
00:04:96:27:bd:0b
voice(0010) 0032 d m
13
00:04:96:34:cb:64
voice(0010) 0049 d m
13
00:04:96:34:cb:64
data(0020) 0027 d m
13
00:0c:29:0e:4a:80
data(0020) 0026 d m
13
00:0c:29:1b:33:21
data(0020) 0016 d m
13
00:0c:29:60:ef:ba
data(0020) 0012 d m
13
00:0c:29:7d:7c:a3
data(0020) 0024 d m
13
00:0c:29:aa:d6:8c
data(0020) 0051 d m
24
00:0c:29:fa:60:9c
data(0020) 0044 d m
13
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,b Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,D - drop packet. Total: 10 Static: 0
Perm: 0
Dyn: 10
Dropped: 0
Locked: 0
Locked with Timeout: 0
FDB Aging time: 300 FDB VPLS Aging time: 300
7 On the Lab Group PC, return to the open Command Prompt window and, using the PING command, try to ping the interface assigned to the voice subnet on each of the configured lab groups switches by entering the following: ping 10.0.2.1X
Where X is each lab group number assigned in Table 1. All of these pings fail. This is because the port to which the PCs are attached, port 24, is now associated with the VLAN data, while the switch addresses are associated with the VLAN voice. Traffic cannot cross the boundary between two VLANs without enabling layer 3 routing. 8 Now, return to the Lab Group PC with the open DOS window and PING the interface assigned to the data subnet on each of the configured lab groups switches by entering the following: ping 10.0.3.1X
All of these pings fail also. PINGing the IP address assigned to VLAN data from the Lab Group PC also fails because these two devices are not in the same IP network even though they are in the same broadcast domain (VLAN).
80
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Tagged VLAN Configuration Lab
Part 6: Reconfiguring the Client Workstation To correct the above fault, re-configure the Group Lab PC production interface with the PC IP address for VLAN data assigned in Table 1. From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF06b-X batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates:
1 To confirm the workstation IP address, from the Start menu, click on the Run option. Enter cmd to open a Command window:
2 In the command window, display the IP interface information on the PC by entering the following command: ipconfig
ExtremeXOS™ Operation and Configuration, Rev. 12.1
81
Tagged VLAN Configuration Lab
The system displays the following:
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask associated with the VLAN data found in Table 1. This completes the reconfiguration of the Lab Group PC. NOTE Stop and wait here, do not proceed until all students in the class have reconfigured their Lab Group PCs.
1 Upon the Instructor’s direction, return to the Lab Group PC and use the PING command to verify that the PC can communicate with all configured switch IP addresses in VLAN data: ping 10.0.3.1X
Where X is each lab group number assigned in Table 1. 2 Finally, use the PING command to verify that the PC can communicate with each of the configured neighbor Lab Group PCs in the 10.0.3.0/24 network by entering the following: ping 10.0.3.10X
Where X is each lab group number assigned in Table 1.
82
ExtremeXOS™ Operation and Configuration, Rev. 12.1
8
Spanning Tree Configuration Lab
Student Objectives One deployment strategy for edge switches in a production wiring closet is to build a dual-home, layer 2 loop to the upstream aggregation or core switches. This uses a redundant router protocol like VRRP to forward traffic between VLANs or out to the Internet ( Figure 1). When you use Spanning Tree Protocol resolve the the down failover two upstream paths is faster than if you extended the layer to 3 protocol all loop, the way to between the edge the switch.
Figure 1: Spanning Tree Configuration Lab
In addition you will configure the core switches for six independent spanning tree domains. In this configuration there are only six loops to resolve, as opposed to the much larger number of potential loops that would need to be addressed if all of the links were managed by a single STPD (Figure 2). This further reduces convergence time in the event of a lost link.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
83
Spanning Tree Configuration Lab
Figure 2: Individual Loops Conf iguration
Focusing only on the layer-2 loop-resolution component, this lab provides with hands-on experience to configure, enable, and verify the Spanning Tree Protocol (STP). In this lab, you will: ●
Create and configure a new spanning tree domain (STPD)
●
Verify the STPD configurations
●
Verify the STPD operation
●
Configure the STPD bridge priority and port cost
●
Test the STPD failure recovery
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Group, Switch, OSPF VLA N, OSPF an d RIP Edge a nd Interface Names
84
Lab Group Number
Switch Name
1
SAM_1
2
EXC_2
3
VLAN Tags
Group STPD
sales
10
sam_st
10.0.1.1/24
10.0.1.2/24
10.0.1.101/24
executive
20
exc_st
10.0.2.1/24
10.0.2.2/24
10.0.2.101/24
ACT_3
accounting
30
act_st
10.0.3.1/24
10.0.3.2/24
10.0.3.101/24
4
MFG_4
manufacturing
40
mfg_st
10.0.4.1/24
10.0.4.2/24
10.0.4.101/24
5
ENG_5
engineering
50
eng_st
10.0.5.1/24
10.0.5.2/24
10.0.5.101/24
6
HUR_6
human_resources
60
hur_st
10.0.6.1/24
10.0.6.2/24
10.0.6.101/24
G ro u p V LA N
CS - A I P A d d r e s s
Lab Group PC C S - B I P A d d r e s sIP Address
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Spanning Tree Configuration Lab
Part 1: Setting Up for Spanning Tree Configuration 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF09-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
85
Spanning Tree Configuration Lab
Part 2: Configuring the Client Workstation The following instructions will guide you in setting up the client workstation. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility:
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
86
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Spanning Tree Configuration Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
87
Spanning Tree Configuration Lab
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF09-X batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
88
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Spanning Tree Configuration Lab
9 In the command window, display the IP interface information on the PC by entering the following command: ipconfig
The system displays the following:
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask found in Table 1. This completes the setup of the Lab Group PC.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
89
Spanning Tree Configuration Lab
Part 3: Creating and Validating a Spanning Tree Domain 1 Confirm the group VLAN configuration by entering the following command: show vlan
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------Default
1
Mgmt
------------------------------------------- ANY
4095 ------------------------------------------- ANY
XX
-------------------------------------------- ANY
0 /0 1 /1 0 /3
VR-Default VR-Mgmt VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled, (F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled, (l) MPLS Enabled, (m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured, (s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN, (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled Total number of VLAN(s) : 3
Where
VLAN>is
the group VLAN name and XX is the VLAN tag assigned to your lab group
2 Create the group-specific spanning tree domain by entering the following command: create stpd
Where
STPD>is
the one assigned to your lab group in Table 1.
3 Configure the operational mode for the group STP domain to be 802.1w, by entering the following command: configure stpd mode dot1w
4 Add the group VLAN and the ports interconnecting the switches to the group spanning tree protocol domain by entering the following command: configure stpd add vlan ports 13,14
Example using Lab Group Number 4: configure stpd mfg_st add vlan manufacturing ports 13,14
5 Assign the same 802.1q tag to the spanning tree domain as is assigned to the member VLAN by entering the following command: configure stpd tag
Example using Lab Group Number 4: configure stpd mfg_st tag 40
Where
90
STPD>and are
the ones assigned to your lab group in Table 1.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Spanning Tree Configuration Lab
6 Enable the spanning tree function for the group STPD by entering the following command: enable stpd
7 Show the status of the ports participating in spanning tree by entering the following command: show stpd ports
The following displays: Port
Mode
13
EMISTP DISABLED
State
Cost
20000 e?pp-w--- 128
Flags
Priority Port ID Designated Bridge 800d
00:00:00:00:00:00:00:00
14
EMISTP DISABLED
20000 e?pp-w--- 128
800e
00:00:00:00:00:00:00:00
Total Ports: 2 ------------------------- Flags: 1:
----------------------------
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type)
b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp 7: 8:
i = edgeport inconsistency S = edgeport safe guard active s = edgeport safe guard configured but inactive
9:
B = Boundary, I = Internal
8 Notice that both ports are currently disabled. 9 Enable ports 13, 14, and 24 by entering the following command: enable ports 13,14,24
ExtremeXOS™ Operation and Configuration, Rev. 12.1
91
Spanning Tree Configuration Lab
10 Show the STPD port status again by entering the following command: show stpd ports
The following displays: Port
Mode
13
EMISTP FORWARDING 20000 eDpp-w--- 128
State
Cost
Flags
Priority Port ID Designated Bridge 800d
80:00:00:04:96:27:b6:49
14
EMISTP FORWARDING 20000 eDpp-w--- 128
800e
80:00:00:04:96:27:b6:49
Total Ports: 2 ------------------------- Flags: 1:
----------------------------
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type)
b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp 7:
i = edgeport inconsistency
8:
S = edgeport safe guard active s = edgeport safe guard configured but inactive
9:
B = Boundary, I = Internal
11 Notice that both ports are now in the FORWARDING state. 12 Verify the spanning tree domain configuration by entering the following command: show stpd
The following is an example of the display from Lab Group 1’s switch: Stpd: sam_st
Stp: ENABLED
Number of Ports: 2
Rapid Root Failover: Disabled Operational Mode: 802.1W
Default Binding Mode: EMISTP
802.1Q Tag: 10 Ports: 13,14 Participating Vlans: sales Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID:
80:00:00:04:96:27:b6:49
Designated root:
80:00:00:04:96:27:b6:49
RootPathCost: 0
Root Port: ----
MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
Topology Change Time: 35s Topology Change Detected: FALSE
ForwardDelay: 15s CfgBrForwardDelay: 15s Hold time: 1s Topology Change: FALSE
Number of Topology Changes: 2 Time Since Last Topology Change: 38s
13 Notice that the BridgeID and Designated Root are the same, indicating that the switch is the root bridge for this spanning tree domain.
92
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Spanning Tree Configuration Lab
14 Return to the Lab Group PC with the PC IP Address assigned in Part 2. (10.0.X.101/24)
Open a Command Prompt window and use the PING command to verify that the PC can communicate with the two core switches interfaces in the same subnet by entering the following: ping 10.0.X.1 ping 10.0.X.2
Where X is your lab group number assigned in Table 1. The following displays: C:\Documents and Settings\student>ping 10.0.X.1 Pinging 10.0.X.1 with 32 bytes of data: Reply from 10.0.X.1: bytes=32 time=2ms TTL=255 Reply from 10.0.X.1: bytes=32 time<1ms TTL=255 Reply from 10.0.X.1: bytes=32 time<1ms TTL=255 Reply from 10.0.X.1: bytes=32 time<1ms TTL=255 Ping statistics for 10.0.X.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 2ms, Average = 0ms C:\Documents and Settings\student>ping 10.0.X.2 Pinging 10.0.X.2 with 32 bytes of data: Reply from 10.0.X.2: bytes=32 time=1ms TTL=255 Reply from 10.0.X.2: bytes=32 time<1ms TTL=255 Reply from 10.0.X.2: bytes=32 time<1ms TTL=255 Reply from 10.0.X.2: bytes=32 time<1ms TTL=255 Ping statistics for 10.0.X.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
15 On the switch, use the PING command to also verify that the switch cannot communicate with any of the interfaces assigned to each of the configured neighbor PC IP interfaces by entering the following: ping 10.0.X.101
Where X is each of the neighbor lab group numbers assigned in Table 1. The following is an example display that should occur with each ping: Ping(ICMP) 10.0.X.101: 4 packets, 8 data bytes, interval 1 second(s). Packet transmit error; Destination unreachable Packet transmit error; Destination unreachable Packet transmit error; Destination unreachable Packet transmit error; Destination unreachable --- 10.0.X.101 ping statistics --0 packets transmitted, 0 received, 0% loss round-trip min/avg/max = 0/0/0 ms
ExtremeXOS™ Operation and Configuration, Rev. 12.1
93
Spanning Tree Configuration Lab
Part 4: Changing and Validating Bridge Priority 1 Review the spanning tree domain configuration by entering the following command: show stpd
The following is an example display of Lab Group 1’s switch: Stpd: sam_st
Stp: ENABLED
Number of Ports: 2
Rapid Root Failover: Disabled Operational Mode: 802.1W
Default Binding Mode: EMISTP
802.1Q Tag: 10 Ports: 13,14 Participating Vlans: sales Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID:
80:00:00:04:96:27:b6:49
Designated root:
80:00:00:04:96:27:b6:49
RootPathCost: 0
Root Port: ----
MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
ForwardDelay: 15s
Topology Change Time: 35s
CfgBrForwardDelay: 15s Hold time: 1s
Topology Change Detected: FALSE
Topology Change: FALSE
Number of Topology Changes: 2 Time Since Last Topology Change: 463s
In Part 3 above, we noted that because the BridgeID and Designated Root MAC addresses were the same, this switch is the root bridge in this spanning tree domain. One aspect of a root bridge is that all ports will be in the FORWARDING state; any blocked ports will be resolved on the non-root bridges. 2 Confirm that the STPD ports are in the FORWARDING state by entering the following command: show stpd ports
The following displays: Port
Mode
13
EMISTP FORWARDING 20000 eDpp-w--- 128
State
Cost
Flags
Priority Port ID Designated Bridge 800d
80:00:00:04:96:27:b6:49
14
EMISTP FORWARDING 20000 eDpp-w--- 128
800e
80:00:00:04:96:27:b6:49
Total Ports: 2 ------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type)
b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp 7: 8:
i = edgeport inconsistency S = edgeport safe guard active s = edgeport safe guard configured but inactive
9:
94
B = Boundary, I = Internal
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Spanning Tree Configuration Lab
3 The reason the lab switch is the root bridge is because the Bridge Priority on both CS-A and CS-B have been set higher than the default value, 32768. Change the bridge priority of your switch so that it is no longer the Root Bridge by entering the following command: configure stpd priority 49152
NOTE For 802.1w spanning tree domains, the bridge priority can be a value between 0 and 61440, configured in increments of 4096.
4 Confirm that the switch is no longer the root bridge by entering the following command: show stpd
The following display is an example from Lab Group 1’s switch: Stpd: sam_st
Stp: ENABLED
Number of Ports: 2
Rapid Root Failover: Disabled Operational Mode: 802.1W
Default Binding Mode: EMISTP
802.1Q Tag: 10 Ports: 13,14 Participating Vlans: sales Auto-bind Vlans: (none) Bridge Priority: 49152 BridgeID:
c0:00:00:04:96:27:b6:49
Designated root:
a0:00:00:04:96:27:bc:ce
RootPathCost: 20000
Root Port: 13
MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
ForwardDelay: 15s
Topology Change Time: 35s
CfgBrForwardDelay: 15s Hold time: 1s
Topology Change Detected: FALSE
Topology Change: FALSE
Number of Topology Changes: 4 Time Since Last Topology Change: 7s
5 Notice that the BridgeID is no longer the same as the MAC address of the Designated root and the Bridge Priority is now 49152. 6 Confirm that the STPD ports are in the FORWARDING state by entering the following command: show stpd ports
The following displays: Port
Mode
13
EMISTP FORWARDING 20000 eRppaw--- 128
State
Cost
Flags
Priority Port ID Designated Bridge 800d
a0:00:00:04:96:27:bc:ce
14
EMISTP BLOCKING
800e
b0:00:00:04:96:27:b7:11
20000 eAppaw--- 128
Total Ports: 2
7 Notice that one of the ports is now in the BLOCKING state to prevent a loop in the STP domain.
NOTE Stop and wait here until all the students in class reach this point and the Instructor disables port 23 on CS-A.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
95
Spanning Tree Configuration Lab
When the instructor disables port 23 on core switch CS-A, this effectively creates a fault condition in all configured spanning tree domains in the classroom network. 8 After the instructor confirms that the port on CS-A is disabled, check the state of the local STPD ports by entering the following command: show stpd ports
The following displays: Port
Mode
13
EMISTP FORWARDING 20000 eRppaw--- 128
State
Cost
Flags
Priority Port ID Designated Bridge 800d
a0:00:00:04:96:27:bc:ce
14
EMISTP FORWARDING 20000 eDpp-w--- 128
800e
c0:00:00:04:96:27:b6:49
Total Ports: 2
9 Notice that both ports are now FORWARDING to ensure connectivity between all of the switches in the domain (the student switch, CS-A, and CS-B).
96
ExtremeXOS™ Operation and Configuration, Rev. 12.1
9
Basic EAPS Configuration Lab
This lab tests your ability to configure two EAPS domains on top of a single ring topology. A common strategy for edge switches in a production wiring closet is to use a Layer 2 loop resolution protocol for local traffic in combination with a redundant router protocol like VRRP to forward traffic between VLANs at the core or out to the Internet (Figure 1).
Student Objectives In this lab, you will: ●
Create EAPS domains.
●
Add control VLAN and any protected VLANs to the domains.
●
Configure your switch to be the master node in the EAPS rings.
●
Configure the inter-switch ports (1,2) to be primary or secondary ports.
●
Enable EAPS globally.
●
Enable the EAPS domains.
●
Verify the EAPS configuration and status.
●
Test the ring recovery.
Figure 1: EAPS Configuration Lab
ExtremeXOS™ Operation and Configuration, Rev. 12.1
97
Basic EAPS Configuration Lab
By deploying the Extreme Networks Ethernet Automatic Protection Switching protocol (EAPS), a more precise failure recovery scheme can be achieved than is even possible with spanning tree or by extending the Layer 3 protocol all the way down to the edge switch (Figure 2).
Figure 2: EAPS Topology
Refer to the values listed in Table 1 to configure specific switch parameters throughout the course of the lab.
Table 1: Lab Group Number, Switch Name, Protected VLAN, PV Tag, Control VLAN, CV Tag, and EAPS Domain
98
Lab Group N u m b er
Switc h N ame
1
SAM_1
closet_1
101
ctrl_1
111
ed_1
10.100.1.101/24
2
EXC_2
closet_2
201
ctrl_2
211
ed_2
10.100.2.101/24
3
ACT_3
closet_3
301
ctrl_3
311
ed_3
10.100.3.101/24
4
MFG_4
closet_4
401
ctrl_4
411
ed_4
10.100.4.101/24
5
ENG_5
closet_5
501
ctrl_5
511
ed_5
10.100.5.101/24
6
HUR_6
closet_6
601
ctrl_6
611
ed_6
10.100.6.101/24
Pr o t ec t e d VL A N
PV Tag
C o n t r o l V LA N
EAPS CV T a g D om a in
La b P C I P A d d res s
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Basic EAPS Configuration Lab
Part 1: Creating the EAPS Control VLAN 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF10-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
99
Basic EAPS Configuration Lab
7 Confirm the Protected VLAN configurations by entering the following command: show vlan
The system displays the following: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total closet_X
X01
ctrl_X
X11
------------------------------------------- ANY
0 /2
VR-Default
Default
1
------------------------------------------- ANY
------------------------------------------- ANY
0 /0
0 /2
VR-Default
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
--------------------------------------------------------------------------------------Total number of VLAN(s) : 4
8 Examine the details of the Protected and the Control VLAN by entering the following commands: show vlan closet_X show vlan ctrl_X
The following is an example display for VLAN closet_X: VLAN Interface with name closet_X created by user Admin State:
Enabled
Protocol:
Tagging:
802.1Q Tag X01
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: Ports: Tag:
2. !13,
Flags:
None configured
(Number of active ports=0) !14
(*) Active, (!) Disabled, (g) Load Sharing port
The following is an example display for VLAN ctrl_X: VLAN Interface with name ctrl_X created by user Admin State:
Enabled
Protocol:
Tagging:
802.1Q Tag X11
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
None configured
Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: Ports: Tag: Flags:
100
2.
None configured
(Number of active ports=0)
!13,
!14
(*) Active, (!) Disabled, (g) Load Sharing port
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Basic EAPS Configuration Lab
Part 2: Creating and Configuring the EAPS Domain 1 Create an EAPS domain by entering the following commands: create eaps ed_X
Where X is the lab group number assigned in Table 1. 2 Configure your switch as the EAPS master node by entering the following commands: configure eaps ed_X mode master
NOTE Both core switches CS-A and CS-B are pre-configured as transit switches for both of these EAPS domains.
3 Configure port 13 as the primary (unblocked) port to the ed_X EAPS domain: configure eaps ed_X primary port 13
4 Configure port 14 as the secondary (blocked) port: configure eaps ed_X secondary port 14
5 Verify the configuration for the EAPS domain by entering the following command: show eaps ed_X
The system displays the following: Name: ed_X State: Idle Enabled: No Primary port:
Running: No Mode: Master 13
Secondary port: 14 Hello timer interval: 1
sec
Fail timer interval:
sec
3
Port status: Unknown
Tag status: Undetermined
Port status: Unknown
Tag status: Undetermined
0
millisec
Fail Timer expiry action: Send alert Last valid EAPS update: None till now. EAPS Domain's Controller Vlan: Unassigned EAPS Domain's Protected Vlan(s): Unassigned Number of Protected Vlans: 0
6 Add the ports that will participate in the EAPS ring, tagged, to the control VLAN: configure vlan ctrl_X add ports 13,14 tagged
The system displays the following:
7 Enter y. 8 Add the control VLAN to the EAPS domain by entering the following command: configure eaps ed_X add control vlan ctrl_X
9 Add the protected VLAN by entering the following command: configure eaps ed_X add protected vlan closet_X
ExtremeXOS™ Operation and Configuration, Rev. 12.1
101
Basic EAPS Configuration Lab
10 Enable EAPS globally by entering the following command: enable eaps
11 Enable EAPS for the specific domain by entering the following command: enable eaps ed_X
Part 3: Verifying the EAPS Domain Configuration and Operation 1 Enable the ports assigned to the EAPS ring by entering the following command: enable ports 13,14,24
2 Verify the status for the EAPS domain by entering the following command: show eaps ed_X
The system displays the following: Name: ed_X State: Complete Enabled: Yes Primary port:
Running: Yes Mode: Master 13
Port status: Up Tag status: Tagged
Secondary port: 14
Port status: Blocked
Hello timer interval: 1
sec
Fail timer interval:
sec
3
0
Tag status: Tagged
millisec
Fail Timer expiry action: Send alert Last update: From Master Id 00:04:96:27:b6:49, at Thu Aug 14 18:06:03 2008 EAPS Domain has following Controller Vlan: Vlan Name ctrl_X
VID X11
EAPS Domain has following Protected Vlan(s): Vlan Name closet_X
VID X01
Number of Protected Vlans: 1
3 Notice that the EAPS state is Complete and the secondary port is blocked to prevent a Layer 2 loop.
102
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Basic EAPS Configuration Lab
Part 4: Configuring the Client Workstation The following instructions will guide you in setting up the client workstation to test the functionality of the first EAPS domain. If your RD-X connection to PC 127.0.0.1:101 X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility:
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
103
Basic EAPS Configuration Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
104
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Basic EAPS Configuration Lab
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF10-X batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
105
Basic EAPS Configuration Lab
9 In the command window, display the IP interface information on the PC by entering the following command: ipconfig
The system displays the following:
10 Notice that the Lab Network interface has been assigned your lab group's IP address and mask associated with the first EAPS domain found in Table 1. 11 On the switch, add the switch port connected to the Lab Group PC to the protected VLAN by entering the following command: configure vlan closet_X add ports 24 untagged
Where X is your lab group number found in Table 1. 12 Display the port statistics for both ring ports and the client port by entering the following command: show port 13,14,24 statistics
The following displays: Port Statistics Port
Link State
Tue Aug 19 11:25:12 2008 Tx Pkt
Count
Tx Byte Count
Rx Pkt Count
Rx Byte Rx Pkt Rx Pkt Count
Bcast
Mcast
================================================================================ 13
A
157
18656
7
1396
0
14
A
6
1788
157
18656
4
3 1
24
A
5
1056
11
2060
4
1
NOTE Ports 13 and 14 are incrementing at the rate of 1 per second, consistent with the EAPS hello packet polling interval.
106
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Basic EAPS Configuration Lab
Part 5: Testing the EAPS Configuration 1 On the Lab Group PC open a Command Window. Launch a continuous PING to the Lab_Target_A PC IP address by entering the following command: ping -t 10.100.0.101
The system displays the following: C:\Documents and Settings\student>ping -t 10.100.0.101 Pinging 10.100.0.101 with 32 bytes of data: Reply from 10.100.0.101: bytes=32 time=13ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127 Reply from 10.100.0.101: bytes=32 time<1ms TTL=127
2 Display the port statistics for both ring ports and the client port by entering the following command: show port 13,14,24 statistics
3 Reset the counters by pressing the 0 key. The system displays the following: Port Statistics Port Link State
Tx Pkt
Count
Tx Byte Count
Rx Pkt Count
Thu Aug 14 18:24:28 2008 Rx Byte Rx Pkt Rx Pkt Count
Bcast
Mcast
================================================================================ 13
A
18
1764
11
1334
0
0
14
A
0
0
9
1026
0
0
24
A
9
702
9
702
0
0
4 Notice that port 13, the active port on the ring, is reporting almost twice the traffic of ports 14 and 24. This is because port 24 is only seeing PING traffic (at the rate of 1 per second) and port 14 is only seeing EAPS hello packets (also at the rate of 1 per second), but port 13 is seeing both the PING and EAPS hello packets. NOTE Wait here for the instructor to simulate a link failure between the transit switches in the core.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
107
Basic EAPS Configuration Lab
5 Upon the instructor's direction, display the status for the EAPS domain by entering the following command: show eaps
The following displays: EAPS Enabled: Yes EAPS Fast-Convergence: Off EAPS Display Config Warnings: On Number of EAPS instances: 1 # EAPS domain configuration : -------------------------------------------------------------------------------Domain
State
Mo
En
Pri
Sec
Control-Vlan VID
Count
-------------------------------------------------------------------------------ed_X
Failed
M
Y
13
14
ctrl_X
(X11 ) 1
-------------------------------------------------------------------------------:
6 Display the status for the EAPS domain ed_X by entering the following command: show eaps ed_X
The following displays: Name: ed_X State: Failed Enabled: Yes Primary port:
Running: Yes Mode: Master 13
Port status: Up Tag status: Tagged
Secondary port: 14
Port status: Up Tag status: Tagged
Hello timer interval: 1
sec
Fail timer interval:
sec
3
0
millisec
Fail Timer expiry action: Send alert Last update: From Master Id 00:04:96:27:b6:49, at Thu Aug 14 18:28:01 2008 EAPS Domain has following Controller Vlan: Vlan Name VID ctrl_X
X11 EAPS Domain has following Protected Vlan(s):
Vlan Name closet_X
VID X01
Number of Protected Vlans: 1
NOTE The ring state is now Failed and the secondary port status has been changed to Up.
7 Display the port statistics for both ring ports and the client port by entering the following command: show port 13,14,24 statistics
108
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Basic EAPS Configuration Lab
Reset the counters again by pressing the 0 key; the system displays the following: Port Statistics Port
Link State
Tue Aug 19 11:35:55 2008 Tx Pkt
Count
Tx Byte Count
Rx Pkt Count
Rx Byte Rx Pkt Rx Pkt Count
Bcast
Mcast
================================================================================ 13
A
40
4320
19
1558
0
0
14
A
0
0
2
596
0
0
24
A
21
1978
19
1482
0
0
8 Notice that port 13 is still incrementing at twice the rate of the client port, 24, indicating that the primary path to the target device is unchanged. This is because the break in the ring did not occur between the source and the target. Note also that port 14 is no longer receiving any packets, further indication that there is a fault in the ring.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
109
Basic EAPS Configuration Lab
110
ExtremeXOS™ Operation and Configuration, Rev. 12.1
10 Static Routing/IP Forwarding Configuration Lab Layer 3 of the OSI model enables traffic from a device in one VLAN domain may cross the layer 2 boundary to communicate with devices in a different VLAN. This allows network architects to not only manage traffic within a single enterprise network, but also to connect networks across town, across the country, or around the world. When designing an internet where dynamic routing is unnecessary or impractical, it is not uncommon to connect the various networks with static routes. This lab provides you with hands-on experience to create router interfaces, enable IP forwarding, configure multiple static routes, and verify the routing functionality.
Student Objectives In this lab, you will: ●
Assign IP addresses to existing VLANs
●
Enable IP forwarding
●
Configure static routes
●
Verify and test the IP forwarding operation
Figure 1: Static Ro uting/IP Forw arding La b
ExtremeXOS™ Operation and Configuration, Rev. 12.1
111
Static Routing/IP Forwarding Configuration Lab
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Group, Switch, WAN VLAN, User VLAN Names and Interface Numbers Lab Group Number
Switch Name
1
NC_1
wan_1
10.0.1.2/24
data_1
10.0.101.1/24
10.0.101.11/24
2
OSBU_2
wan_2
10.0.2.2/24
data_2
10.0.102.1/24
10.0.102.11/24
3
EC_3
wan_3
10.0.3.2/24
data_3
10.0.103.1/24
10.0.103.11/24
4
RA_4
wan_4
10.0.4.2/24
data_4
10.0.104.1/24
10.0.104.11/24
5
SC_5
wan_5
10.0.5.2/24
data_5
10.0.105.1/24
10.0.105.11/24
6
WC_6
wan_6
10.0.6.2/24
data_6
10.0.106.1/24
10.0.106.11/24
W A N V LA N
WAN VLAN I n t er f a c e
U ser V LA N
User VLAN Interface
Lab Group PC IP Address
Part 1: Setting Up for Creating Router Interfaces 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF11-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
112
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Static Routing/IP Forwarding Configuration Lab
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
Part 2: Creating Router Interfaces This exercise begins with both the WAN and User VLANs configured on each switch. 1
Confirm the VLAN configuration by entering the following summary command: show vlan
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------data_X
4094 ------------------------------------------- ANY
0 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 ------------------------------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled, (F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled, (l) MPLS Enabled, (m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured, (s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN, (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled Total number of VLAN(s) : 4
2 Notice that both VLANs have assigned ports, but do not have tags nor IP addresses. 3 Before a VLAN can function at layer 3, you must first associate it with an IP network by assigning it an IP address. Assign an IP address to the VLAN wan_X by entering the following command: configure vlan ipaddress
Example: configure vlan wan_X ipaddress 10.0.X.2/24
Where X is your lab group number assigned in Table 1. 4 Assign an IP address to the VLAN data_X by entering the following command: configure vlan ipaddress
Example: configure vlan data_X ipaddress 10.0.10X.1/24
Where X is your lab group number assigned in Table 1.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
113
Static Routing/IP Forwarding Configuration Lab
5 Confirm that the IP addresses were successfully added by entering the following summary command: show vlan
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------data_X
4094 10.0.10X.1
----------------------- ANY
0 /1
Default Mgmt
1 ------------------------------------------- ANY 4095 ------------------------------------------- ANY
/24
0 /0 1 /1
wan_X
4093 10.0.X.2
/24
----------------------- ANY
0 /1
VR-Default VR-Default VR-Mgmt VR-Default
--------------------------------------------------------------------------------------Total number of VLAN(s) : 4
6 Display the switch route table by entering the following summary command: show iproute
The following displays: Ori d d
Destination
10.0.X.0/24 10.0.10X.0/24
Gateway 10.0.X.2 10.0.10X.1
Mtr 1 1
Flags
VLAN
-------um--- wan_X -------um--- data_X
Duration 0d:0h:2m:14s 0d:0h:1m:29s
Origin(Ori): (d) Direct
Flags: (m) Multicast,(u) Unicast Mask distribution: 2 routes at length 24 Route Origin distribution: 2 routes from Direct Total number of routes = 2 Total number of compressed routes = 0
7 Notice that, even without IP forwarding enabled, the route table still displays directly-connected interfaces (in this case, the User and WAN VLANs).
114
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Static Routing/IP Forwarding Configuration Lab
Part 3: Enabling IP Forwarding and Creating a Default Route 1 Enable IP forwarding specifically for both the User and WAN VLANs by entering the following commands: enable ipforwarding wan_X enable ipforwarding data_X
2 Confirm that forwarding is enabled for the VLANs named by entering the following summary command: show vlan
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------data_X
4094 10.0.10X.1
/24
-f--------------------- ANY
0 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/24
-f--------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled, (F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled, (l) MPLS Enabled, (m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured, (s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN, (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled Total number of VLAN(s) : 4
3 Notice that both the User and WAN VLANs have been assigned the flag f, indicating that IP forwarding is enabled on these interfaces. NOTE The default route is a special type of static route. It instructs the switch to forward all traffic destined to unknown routes (routes not present in the switch route table) to a specified IP address. In a single-connected, star-hub network configuration like the one described in this lab, using the default route saves the administrator from having to configure individual static routes for each of the five neighbor User VLANs. This way, each edge switch only needs to forward non-local traffic to the Main Campus switch; forwarding between these networks will be managed in the hub.
4 Add a default route to the IP route table by entering the following command: configure iproute add default 10.0.X.1
Where X is your lab group number assigned in Table 1. 5 Notice that this IP address is in the same network assigned to WAN VLAN.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
115
Static Routing/IP Forwarding Configuration Lab
6 Confirm that the default route has been added to the switch route table by entering the following summary command: show iproute
The following displays: Ori s d
Destination
Default Route 10.0.X.0/24
d
10.0.10X.0/24
Gateway
Mtr
10.0.X.1
1
10.0.X.2
1
10.0.10X.1
Flags
VLAN
-G---S-um--- wan_X -------um--- wan_X
1
-------um--- data_X
Duration 0d:0h:0m:17s 0d:0h:12m:30s 0d:0h:11m:46s
Origin(Ori): (d) Direct, (s) Static Flags: (G) Gateway,(S) Static,(u) Unicast,(m) Multicast Mask distribution: 1 default routes
2 routes at length 24
Route Origin distribution: 2 routes from Direct
1 routes from Static
Total number of routes = 3 Total number of compressed routes = 0
7 Again, notice that the Default Route is associated with the WAN VLAN. Even though the mask is not declared when the route is configured, the IP address is assumed to be part of the same network.
116
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Static Routing/IP Forwarding Configuration Lab
Part 4: Configuring the Client Workstation The following instructions will guide you in setting up the client workstation. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility:
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
117
Static Routing/IP Forwarding Configuration Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
118
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Static Routing/IP Forwarding Configuration Lab
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF011-X batch file, where X is your lab group number assigned in: Table 1:
This batch file will automatically configure the PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
119
Static Routing/IP Forwarding Configuration Lab
9 In the command window, display the IP interface information on the PC by entering the following command: ipconfig
The system displays the following:
Note that the Lab Network interface has been assigned your Lab Group PC's IP address and mask found in Table 1. This completes the setup of the Lab Group PC.
120
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Static Routing/IP Forwarding Configuration Lab
Part 5: Verifying and Testing IP Forwarding and the Static Route 1 Enable the port connected to the Main Campus switch and the port connected to the Lab Group PC by entering the following command: Enable ports 13,24
2 On the Lab Group PC, open a Command Prompt window and use the PING command to verify that the PC can communicate with each of the local switch interfaces (WAN and User), the default gateway, and each of the configured neighbor lab PC’s by entering the following: ping
Example: ping 10.0.X.2 ping
Example: ping 10.0.10X.1 ping
Example: ping 10.0.X.1 ping
Example: ping 10.0.10x.11
Where X is your lab group number and x is the lab group number of each neighbor lab group.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
121
Static Routing/IP Forwarding Configuration Lab
122
ExtremeXOS™ Operation and Configuration, Rev. 12.1
11 Routing Information Protocol (RIP) Configuration Lab Student Objectives Dynamic routing protocols are especially useful when there is more than one path available between networks and their attached devices. Unlike static routes, a dynamic protocol can detect when a preferred route has become sub-optimal or is no longer valid. When a change to the routing domain is detected, the protocol re-converges on the routes to prevent service interruption.enable This lab provides you with hands-on experience to available create router interfaces, enable IP forwarding, RIP, and verify the routing functionality. In this lab, you will: ●
Enable IP forwarding and RIP
●
Verify and test the IP forwarding operation
Figure 1: Routing Information Protocol Configuration Lab
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Group, Switch, VLAN, Interface Names, and VLAN and PC addre sses Lab Group #
Switch Name
WAN VLAN
WAN VLAN Interface
WAN_BU VLAN
WAN_BU VLAN User Interface VLAN
User VLAN Interface
1
NC_1
wan_1
10.0.1.2/24
wanbu_1
10.0.11.2/24 data_1
10.0.101.1/24
10.0.101.11/24
2
OSBU_2
wan_2
10.0.2.2/24
wanbu_2
10.0.12.2/24 data_2
10.0.102.1/24
10.0.102.11/24
3 4
EC_3 RA_4
wan_3 wan_4
10.0.3.2/24 10.0.4.2/24
wanbu_3 wanbu_4
10.0.13.2/24 data_3 10.0.14.2/24 data_4
10.0.103.1/24 10.0.104.1/24
10.0.103.11/24 10.0.104.11/24
5
SC_5
wan_5
10.0.5.2/24
wanbu_5
10.0.15.2/24 data_5
10.0.105.1/24
10.0.105.11/24
6
WC_6
wan_6
10.0.6.2/24
wanbu_6
10.0.16.2/24 data_6
10.0.106.1/24
10.0.106.11/24
ExtremeXOS™ Operation and Configuration, Rev. 12.1
PC IP Address
123
Routing Information Protocol (RIP) Configuration Lab
Part 1: Setting Up for Verifying the Router Interfaces 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF12-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password:
login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
124
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Routing Information Protocol (RIP) Configuration Lab
Part 2: Verifying the Router Interfaces This exercise begins with the WAN, WAN Backup, and User VLANs configured on each switch. 1 Confirm the VLAN configuration by entering the following summary command: show vlan
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------data_X
4094 10.0.10X.1
----------------------- ANY
0 /1
Default
1
------------------------------------------- ANY
/24
0 /0
VR-Default VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/24
----------------------- ANY
0 /1
VR-Default
wanbu_X
4092 10.0.1X.2
/24
----------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled, (F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled, (l) MPLS Enabled, (m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured, (s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN, (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled Total number of VLAN(s) : 5
2 Notice that all VLANs have pre-assigned ports and IP addresses. 3 Display the switch route table by entering the following summary command: show iproute
The following displays: Ori d
Destination
10.0.X.0/24
Gateway 10.0.X.2
Mtr 1
Flags
VLAN
-------um--- wan_X
Duration 0d:0h:9m:47s
d
10.0.1X.0/24
10.0.1X.2
1
-------um--- wanbu_X
0d:0h:9m:47s
d
10.0.10X.0/24
10.0.10X.1
1
-------um--- data_X
0d:0h:9m:47s
Origin(Ori): (d) Direct, Flags: (m) Multicast, (u) Unicast Mask distribution: 3 routes at length 24 Route Origin distribution: 3 routes from Direct
Total number of routes = 3 Total number of compressed routes = 0
4 Notice there are three directly connected networks representing the three VLANs with assigned IP addresses in the example above.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
125
Routing Information Protocol (RIP) Configuration Lab
Part 3: Enabling IP Forwarding and Adding VLANs to RIP 1 Enable IP forwarding specifically for the User(data_X), WAN(wan_X), and WAN Backup(wanbu_x) VLANs by entering the following commands: enable ipforwarding data_X enable ipforwarding wan_X enable ipforwarding wanbu_X
Where X is your lab group number in Table 1. 2 Confirm that forwarding is enabled for the VLANs named by entering the following summary command: show vlan
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------data_X
4094 10.0.10X.1
Default
1
/24
-f--------------------- ANY
0 /1
------------------------------------------- ANY
0 /0
VR-Default VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/24
-f--------------------- ANY
0 /1
VR-Default
wanbu_X
4092 10.0.1X.2
/24
-f--------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled
Total number of VLAN(s) : 5
3 Notice that the three VLANs have been assigned the flag f , indicating that IP forwarding is enabled on these interfaces. 4 Configure RIP on each IP interface by entering the following commands: configure rip add vlan data_X configure rip add vlan wan_X configure rip add vlan wanbu_X
Where X is your lab group number in Table 1. 5 Confirm that the VLANs were added to the RIP protocol by entering the following summary command: show vlan
126
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Routing Information Protocol (RIP) Configuration Lab
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------data_X
4094 10.0.10X.1
Default
1
/24 -f--------r------------ ANY
0 /1
------------------------------------------ ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------ ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/24 -f--------r------------ ANY
0 /1
VR-Default
wanbu_X
4092 10.0.1X.2
/24 -f--------r------------ ANY
0 /1
VR-Default
VR-Default
--------------------------------------------------------------------------------------Flags : (f) IP Forwarding Enabled, (r) RIP Enabled Total number of VLAN(s) : 5
6 Notice that the three VLANs have been assigned the flag r, indicating that RIP will dynamically learn routes on these interfaces. 7 In this scenario, the second Main Campus switch will only forward traffic when the primary path to the first switch through port 13 fails. To ensure this performance, increase the cost associated with the secondary path by entering the following command: configure rip wanbu_X cost 10
Where X is your lab group number in Table 1. 8 Confirm that the cost metric is changed for this VLAN by entering the following summary command: show rip interface wanbu_X
The following displays: VLAN
: wanbu_X
Interface
: 10.0.1X.2/24
RouterRIP
: Disabled
Cost
: 10
TxMode
: V2
Input Policy
: None
Output Policy
Trusted GW Policy
: None
Sent Trig. Updates
Rcved Packets
: 0
Sent Packets
: 0
Rcved Bad Packets
: 0
Rcved Bad Routes
: 0
RxMode
: V1orV2 : None : 0
Secondary Interfaces: Rcvd PeerIPAddress
Age Ver
Rcvd Pkts
Rcvd Updts
Rcvd BadPkts
BadRouts
--------------------------------------------------------------------------------
ExtremeXOS™ Operation and Configuration, Rev. 12.1
127
Routing Information Protocol (RIP) Configuration Lab
Part 4: Enabling RIP and Verifying Protocol Operation 1 Enable the ports connected to the two Main Campus switches and the Lab Group PC by entering the following command: enable ports 13,14,24
2 Enable RIP, by entering the following command: enable rip
3 Confirm that RIP is enabled by entering the following command: show rip
The following displays: RIP Routing
: Enabled
Split Horizon
: Enabled
Poison Reverse
: Enabled
Triggered Updates: Enabled
Aggregation
: Disabled
Update Interval
: 30
Route Timeout
: 180
Garbage Timeout
: 120
Router Alert
: Disabled
Originate Default: Disabled Sys Import-Policy: None Redistribute: Protocol
Status
Cost Tag Policy
----------------------------------------------------------Direct
Disabled
0
0
none
Static
Disabled
0
0
none
OSPFIntra
Disabled
0
0
OSPFInter
Disabled
0
0
none
OSPFExt1
Disabled
0
0
none
OSPFExt2
Disabled
0
0
none
none
E-BGP I-BGP
Disabled Disabled
0 0
0 0
none none
ISISL1
Disabled
0
0
none
ISISL2
Disabled
0
0
none
ISISL1Ext
Disabled
0
0
none
ISISL2Ext
Disabled
0
0
none
4 Confirm that learned routes are being added to the IP route table by entering the following command: show iproute
128
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Routing Information Protocol (RIP) Configuration Lab
If all of the neighbor switches have been properly configured, the route table will look similar to the following data from Lab Group 6’s switch: Ori
Destination
Gateway
Mtr
Flags
#r
10.0.1.0/24
10.0.6.1
2
UG-D---um--f wan_6
VLAN
Duration 0d:0h:3m:25s
#r
10.0.2.0/24
10.0.6.1
2
UG-D---um--f wan_6
0d:0h:3m:25s
#r
10.0.3.0/24
10.0.6.1
2
UG-D---um--f wan_6
0d:0h:3m:25s
#r
10.0.4.0/24
10.0.6.1
2
UG-D---um--f wan_6
0d:0h:3m:25s
#r
10.0.5.0/24
10.0.6.1
2
UG-D---um--f wan_6
0d:0h:3m:25s
#d
10.0.6.0/24
10.0.6.2
1
U------um--f wan_6
0d:0h:46m:57s
#r
10.0.11.0/24
10.0.16.1
11
UG-D---um--f wanbu_6
0d:0h:3m:25s
#r
10.0.12.0/24
10.0.16.1
11
UG-D---um--f wanbu_6
0d:0h:3m:25s
#r
10.0.13.0/24
10.0.16.1
11
UG-D---um--f wanbu_6
0d:0h:3m:25s
#r
10.0.14.0/24
10.0.16.1
11
UG-D---um--f wanbu_6
0d:0h:3m:25s
#r
10.0.15.0/24
10.0.16.1
11
UG-D---um--f wanbu_6
0d:0h:3m:25s
#d
10.0.16.0/24
10.0.16.2
1
U------um--f wanbu_6
0d:0h:46m:57s
#r
10.0.101.0/24
10.0.6.1
3
UG-D---um--f wan_6
0d:0h:3m:25s
#r
10.0.102.0/24
10.0.6.1
3
UG-D---um--f wan_6
0d:0h:3m:25s
#r
10.0.103.0/24
10.0.6.1
3
UG-D---um--f wan_6
0d:0h:3m:25s
#r
10.0.104.0/24
10.0.6.1
3
UG-D---um--f wan_6
0d:0h:3m:25s
#r
10.0.105.0/24
10.0.6.1
3
UG-D---um--f wan_6
0d:0h:3m:25s
#d
10.0.106.0/24
10.0.106.1
1
U------um--f data_6
0d:0h:46m:58s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP (ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext (e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2 (is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp (mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2 (oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM (r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown (*) Preferred unicast route (@) Preferred multicast route (#) Preferred unicast and multicast route Flags: (B) BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route (L) Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast (P) LPM-routing, (R) Modified, (S) Static, (s) Static LSP (T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up (f) Provided to FIB (c) Compressed Route Mask distribution: 18 routes at length 24 Route Origin distribution: 3 routes from Direct
15 routes from RIP
Total number of routes = 18 Total number of compressed routes = 0
5 Notice that, except for the directly-connected VLAN, all of the edge data network entries are learned
via the wan_X VLAN.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
129
Routing Information Protocol (RIP) Configuration Lab
6 Simulate a fault in the network and force the edge networks to be learned via the wanbu_X VLAN interface by increasing the cost associated with the primary path. Enter the following command: configure rip wan_X cost 12
Where X is your lab group number in Table 1. 7 Confirm that the cost metric is changed for this VLAN by entering the following summary command: show rip interface wan_X
The following displays: VLAN RouterRIP
: wan_X : Enabled
Interface Cost
: 10.0.X.2/24 : 12
TxMode
: V2
RxMode
: V1orV2
Input Policy
: None
Output Policy
Trusted GW Policy
: None
Sent Trig. Updates
Rcved Packets
: 31
Sent Packets
: 32
Rcved Bad Packets
: 0
Rcved Bad Routes
: 0
: None : 2
Secondary Interfaces: Rcvd PeerIPAddress
Rcvd
Age Ver
Pkts
Rcvd Updts
Rcvd BadPkts
BadRouts
-------------------------------------------------------------------------------10.0.X.1
25
2
31
31
0
0
8 Confirm that edge routes are now being learned through the backup interface by entering the following command: show iproute
130
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Routing Information Protocol (RIP) Configuration Lab
A route table similar to the following displays: Ori
Destination
Gateway
Mtr
Flags
#r
10.0.1.0/24
10.0.6.1
13
UG-D---um--f wan_6
VLAN
Duration 0d:0h:4m:59s
#r
10.0.2.0/24
10.0.6.1
13
UG-D---um--f wan_6
0d:0h:7m:9s
#r
10.0.3.0/24
10.0.6.1
13
UG-D---um--f wan_6
0d:0h:7m:9s
#r
10.0.4.0/24
10.0.6.1
13
UG-D---um--f wan_6
0d:0h:7m:9s
#r
10.0.5.0/24
10.0.6.1
13
UG-D---um--f wan_6
0d:0h:7m:9s
#d
10.0.6.0/24
10.0.6.2
1
U------um--f wan_6
0d:1h:3m:27s
#r
10.0.11.0/24
10.0.16.1
11
UG-D---um--f wanbu_6
0d:0h:19m:55s
#r
10.0.12.0/24
10.0.16.1
11
UG-D---um--f wanbu_6
0d:0h:19m:55s
#r
10.0.13.0/24
10.0.16.1
11
UG-D---um--f wanbu_6
0d:0h:19m:55s
#r #r
10.0.14.0/24 10.0.15.0/24
10.0.16.1 10.0.16.1
11 11
UG-D---um--f wanbu_6 UG-D---um--f wanbu_6
0d:0h:19m:55s 0d:0h:19m:55s
#d
10.0.16.0/24
10.0.16.2
1
U------um--f wanbu_6
0d:1h:3m:27s
#r
10.0.101.0/24
10.0.16.1
12
UG-D---um--f wanbu_6
0d:0h:6m:40s
#r
10.0.102.0/24
10.0.16.1
12
UG-D---um--f wanbu_6
0d:0h:6m:40s
#r
10.0.103.0/24
10.0.16.1
12
UG-D---um--f wanbu_6
0d:0h:6m:40s
#r
10.0.104.0/24
10.0.16.1
12
UG-D---um--f wanbu_6
0d:0h:6m:40s
#r
10.0.105.0/24
10.0.16.1
12
UG-D---um--f wanbu_6
0d:0h:6m:40s
#d
10.0.106.0/24
10.0.106.1
1
U------um--f data_6
0d:1h:3m:28s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP (ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext (e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2 (is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp (mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2 (oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM (r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown (*) Preferred unicast route (@) Preferred multicast route (#) Preferred unicast and multicast route Flags: (B) BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route (L) Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast (P) LPM-routing, (R) Modified, (S) Static, (s) Static LSP (T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up (f) Provided to FIB (c) Compressed Route Mask distribution: 18 routes at length 24 Route Origin distribution: 3 routes from Direct
15 routes from RIP
Total number of routes = 18 Total number of compressed routes = 0
9 Restore the network by decreasing the cost associated with the primary path. Enter the following command: configure rip wan_X cost 1
Where X is your lab group number.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
131
Routing Information Protocol (RIP) Configuration Lab
Part 5: Configuring the Client Workstation The following instructions will guide you in setting up the client workstation. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility:
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
132
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Routing Information Protocol (RIP) Configuration Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
133
Routing Information Protocol (RIP) Configuration Lab
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF12-X batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
134
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Routing Information Protocol (RIP) Configuration Lab
9 In the command window, display the IP interface information on the PC by entering the following command: ipconfig
The system displays the following:
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask found in Table 1. This completes the setup of the Lab Group PC.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
135
Routing Information Protocol (RIP) Configuration Lab
Part 6: Verifying and Testing IP Forwarding and RIP 1 Confirm the IP configuration parameters by entering the following summary command: show ipconfig
The following displays: Use Redirects : Disabled IpOption LSRR : Enabled IpOption SSRR : Enabled IpOption RR : Enabled IpOption TS : Enabled IpOption RA : Enabled Route Sharing : Disabled Originated Packets : Don't require ipforwarding IP Fwding into LSP : Disabled Unicast Reverse Path : Disabled Max Shared Gateways : Current: 4
Configured: 4
IRDP: Advertisement Address: 255.255.255.255 Minimum Interval: 450
Lifetime: 1800
Maximum Interval: 600 Preference: 0
VLAN
IP Address
data_X
10.0.10X.1
/24 EUf---MPuRX-------
Flags
nSIA 0
wan_X
10.0.X.2
/24 EUf---MPuRX-------
0
wanbu_X
10.0.1X.2
/24 EUf---MPuRX-------
0
Flags: (A) Address Mask Reply Enabled (B) BOOTP Enabled (b) Broadcast Forwarding Enabled, (E) Interface Enabled (f) Forwarding Enabled (g) Ignore IP Broadcast Enabled (h) Directed Broadcast Forwarding by Hardware Enabled (I) IRDP Advertisement Enabled, (M) Send Parameter Problem Enabled (m) Multicast forwarding Enabled, (n) Multinetted VLAN (nSIA ) Number of Secondary IP Addresses (P) Send Port Unreachables Enabled, (R) Send Redirects Enabled (T) Time Stamp Reply Enabled, (U) Interface Up (u) Send Unreachables Enabled, (X) Send Time Exceeded Enabled (v) VRRP Enabled
2 Confirm which VLANs have been added to RIP and display any associated statistics by entering the following summary command: show rip interface
136
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Routing Information Protocol (RIP) Configuration Lab
The following displays: VLAN
IP Address
Flags Packets
Sent
Packets
Rcvd
Triggered Cost
Updates
data_X
10.0.10X.1
/24 rif-
72
0
9
1
wan_X
10.0.X.2
/24 rif-
69
64
6
1
wanbu_X
10.0.1X.2
/24 rif-
67
77
4
10
Flags: (f) Interface Forwarding Enabled, (i) Interface RIP Enabled (n) Multinetted VLAN, (r) Router RIP Enabled
3 Display all routes associated with or learned via RIP by entering the following command: show rip routes
The system displays data similar to the following example which is from Lab Group 6’s switch: Ori
Destination
Peer
Mtr State VLAN
Age Next-hop
>r
10.0.1.0/24
10.0.6.1
2
wan_6
3
0.0.0.0
>r
10.0.2.0/24
10.0.6.1
2
wan_6
3
0.0.0.0
>r
10.0.3.0/24
10.0.6.1
2
wan_6
3
0.0.0.0
>r
10.0.4.0/24
10.0.6.1
2
wan_6
3
0.0.0.0
>r
10.0.5.0/24
10.0.6.1
2
wan_6
3
0.0.0.0
>r
10.0.6.0/24
0.0.0.0
1
wan_6
0
0.0.0.0
>r
10.0.11.0/24
10.0.16.1
11
wanbu_6
14
0.0.0.0
>r
10.0.12.0/24
10.0.16.1
11
wanbu_6
14
0.0.0.0
>r
10.0.13.0/24
10.0.16.1
11
wanbu_6
14
0.0.0.0
>r
10.0.14.0/24
10.0.16.1
11
wanbu_6
14
0.0.0.0
>r
10.0.15.0/24
10.0.16.1
11
wanbu_6
14
0.0.0.0
>r
10.0.16.0/24
0.0.0.0
10
wanbu_6
0
0.0.0.0
>r
10.0.101.0/24
10.0.6.1
3
wan_6
3
0.0.0.0
>r
10.0.102.0/24
10.0.6.1
3
wan_6
3
0.0.0.0
>r
10.0.103.0/24
10.0.6.1
3
wan_6
3
0.0.0.0
>r
10.0.104.0/24
10.0.6.1
3
wan_6
3
0.0.0.0
>r
10.0.105.0/24
10.0.6.1
3
wan_6
3
0.0.0.0
>r
10.0.106.0/24
0.0.0.0
1
data_6
0
0.0.0.0
Origin(Ori): (be) EBGP, (bi) IBGP, (d) Direct, (o1) OSPFExt1, (o2) OSPFExt2, (oe) OSPFAsExt, (or) OSPFInter, (s) Static (e1) ISISL1Ext, (e2) ISISL2Ext, (i1) ISISL1, (i2) ISISL2 (>) active route (St) route state: C=Changed, D=Deleted, U=Update system import policy pending Total number of routes matching request: 18
ExtremeXOS™ Operation and Configuration, Rev. 12.1
137
Routing Information Protocol (RIP) Configuration Lab
4 Open a DOS window on the group lab PC and use the PING command to verify that the PC can communicate with the wan_X VLAN Interface, wanbu_X VLAN Interface, data_X VLAN Interface, and PC IP address for each of the configured neighbor lab groups by entering the following for each group: ping
Example: ping 10.0.X.2 ping
Example: ping 10.0.1X.2 ping
Example: ping 10.0.10X.1 ping
Example: ping 10.0.10X.11
Where X is the lab group number of each neighbor lab group.
138
ExtremeXOS™ Operation and Configuration, Rev. 12.1
12 Open Shortest Path First (OSPF) Configuration Lab Student Objectives Dynamic routing protocols are especially useful when there is more than one path available between networks and their attached devices. Unlike static routes, a dynamic protocol can detect when a preferred route has become sub-optimal or is no longer valid. When a change to the routing domain is detected, the protocol will re-converge on the available routes to prevent service interruption. This lab will guide you through the process of creating router interfaces, enabling IP forwarding, enabling OSPF, and verifying the routing functionality. In this lab, you will: ●
Enable IP forwarding
●
Configure and enable OSPF
●
Verify and test the IP forwarding and OSPF functionality
Figure 1: OSPF Configuration Lab
ExtremeXOS™ Operation and Configuration, Rev. 12.1
139
Open Shortest Path First (OSPF) Configuration Lab
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Group, Switch, VLAN, Interface Names, and VLAN and PC addre sses Lab Group Switch Number Name
WAN VLAN
WAN VLAN Interface
WAN_BU VLAN
WAN_BU VLAN User Interface VLAN
1
NC_1
wan_1
10.0.1.2/30
wanbu_1
10.0.1.6/30
closet_1 10.1.1.1/24
10.1.1.11/24
2
OSBU_2 wan_2
10.0.2.2/30
wanbu_2
10.0.2.6/30
closet_2 10.2.1.1/24
10.2.1.11/24
3
EC_3
wan_3
10.0.3.2/30
wanbu_3
10.0.3.6/30
closet_3 10.3.1.1/24
10.3.1.11/24
4
RA_4
wan_4
10.0.4.2/30
wanbu_4
10.0.4.6/30
closet_4 10.4.1.1/24
10.4.1.11/24
5
SC_5
wan_5
10.0.5.2/30
wanbu_5
10.0.5.6/30
closet_5 10.5.1.1/24
10.5.1.11/24
6
WC_6
wan_6
10.0.6.2/30
wanbu_6
10.0.6.6/30
closet_6 10.6.1.1/24
10.6.1.11/24
User VLAN Interface
PC IP Address
Part 1: Setting Up for Verifying the Router Interfaces This exercise begins with the specific group VLAN pre-configured on each switch. 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF13-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
140
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Open Shortest Path First (OSPF) Configuration Lab
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
Part 2: Verifying the Router Interfaces This exercise begins with the WAN, WAN BackUp, and User VLANs configured on each switch. 1 Confirm the VLAN configuration by entering the following summary command: show vlan
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------closet_X
4094 10.X.1.1
/24
----------------------- ANY
0 /0
VR-Default
Default
1
------------------------------------------- ANY
0 /0
Mgmt
4095 ------------------------------------------- ANY
1 /1
wan_X
4093 10.0.X.2
/30
----------------------- ANY
0 /1
VR-Default
VR-Default
wanbu_X
4092 10.0.X.6
/30
----------------------- ANY
0 /1
VR-Default
VR-Mgmt
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled, (F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled, (l) MPLS Enabled, (m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured, (s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN, (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled Total number of VLAN(s) : 5
2 Notice that all VLANs have pre-assigned ports and IP addresses.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
141
Open Shortest Path First (OSPF) Configuration Lab
3 Display the switch route table by entering the following summary command: show iproute
The following displays:
d d d
Ori Destination 10.0.X.0/30 10.0.X.4/30 10.X.1.0/24
Gateway 10.0.X.2 10.0.X.6 10.X.1.1
1 1 1
Mtr Flags VLAN -------um--- wan_X -------um--- wanbu_X -------um--- closet_X
Duration 0d:0h:10m:38s 0d:0h:10m:38s 0d:0h:10m:38s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP (ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext (e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2 (is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp (mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2 (oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM (r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown (*) Preferred unicast route (@) Preferred multicast route (#) Preferred unicast and multicast route Flags: (B) BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route (L) Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast (P) LPM-routing, (R) Modified, (S) Static, (s) Static LSP (T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up (f) Provided to FIB (c) Compressed Route Mask distribution: 1 routes at length 24
2 routes at length 30
Route Origin distribution: 3 routes from Direct Total number of routes = 3 Total number of compressed routes = 0
4 Notice there are three directly connected networks representing the three VLANs with assigned IP addresses.
Part 3: Enabling IP Forwarding and Configuring OSPF 1 Enable IP forwarding specifically for the User, WAN, and WAN BackUp VLANs by entering the following commands: enable ipforwarding closet_X enable ipforwarding wan_X enable ipforwarding wanbu_X
Where X is your lab group number assigned in Table 1.
142
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Open Shortest Path First (OSPF) Configuration Lab
2 Confirm that forwarding is enabled for the VLANs named by entering the following summary command: show vlan
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------closet_X
4094 10.X.1.1
/24
-f-------------------- ANY
0 /0
Default Mgmt
1 ------------------------------------------ ANY 4095 ------------------------------------------ ANY
0 /0 1 /1
VR-Default
wan_X
4093 10.0.X.2
/30
-f-------------------- ANY
0 /1
VR-Default
wanbu_X
4092 10.0.X.6
/30
-f-------------------- ANY
0 /1
VR-Default
VR-Default VR-Mgmt
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled, (F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled, (l) MPLS Enabled, (m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM (P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configur (s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN, (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled Total number of VLAN(s) : 5
3 Notice that the three VLANs have been assigned the flag f, indicating that IP forwarding is enabled on these interfaces. 4 Configure OSPF on each IP interface by entering the following commands: configure ospf add vlan closet_X area 0.0.0.0 configure ospf add vlan wan_X area 0.0.0.0 configure ospf add vlan wanbu_X area 0.0.0.0
Where X is your lab group number assigned in Table 1. 5 Confirm that the VLANs were added to the OSPF protocol by entering the following summary command: show vlan
ExtremeXOS™ Operation and Configuration, Rev. 12.1
143
Open Shortest Path First (OSPF) Configuration Lab
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------closet_X
4094 10.X.1.1
Default
1
/24
-f------o-------------- ANY
0 /0
------------------------------------------- ANY
0 /0
VR-Default VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
wan_X
4093 10.0.X.2
/30
-f------o-------------- ANY
0 /1
VR-Default
wanbu_X
4092 10.0.X.6
/30
-f------o-------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled, (F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled, (l) MPLS Enabled, (m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM (P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configur (s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN, (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled Total number of VLAN(s) : 5
6 Notice that the three VLANs have been assigned the flag o, indicating that OSPF will dynamically learn routes on these interfaces. 7 In this scenario, you want the switch to only forward traffic along the wanbu_X VLAN when the primary path through port 13 of the wan_X VLAN fails. To ensure this performance, increase the cost associated with the secondary path by entering the following command: configure ospf wanbu_X cost 20
Where X is the name assigned to your lab group in Table 1. 8 Confirm that the cost metric is changed for this VLAN by entering the following summary command: show ospf interface
The following displays: VLAN
IP Address
closet_X wan_X wanbu_X
10.X.1.1 10.0.X.2 10.0.X.6
AREA ID /24 0.0.0.0 /30 0.0.0.0 /30 0.0.0.0
Flags
Cost State
--if--if--if-
Neighbors
10/A ----10/A ----20/C -----
0 0 0
Flags : f - Interface Forwarding Enabled, i - Interface OSPF Enabled, n - Multinetted VLAN, p - Passive Interface, r - Router OSPF Enable, A - Automatic Cost, C - Configured Cost.
144
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Open Shortest Path First (OSPF) Configuration Lab
Part 4: Enabling OSPF and Verifying the Protocol Operation 1 Add port 24 to the closet-X VLAN. Enter the following command: configure vlan closet_X add port 24
2 Enable the ports connected to the two Main Campus switches and the Lab Group PC by entering the following command: enable ports 13,15,24
3 Enable OSPF by entering the following command: enable ospf
4 Confirm that OSPF is enabled by entering the following command: show ospf
The following displays: OSPF : Enabled RouterId : 10.X.1.1 ASBR : No ExtLSA : 0 OriginateNewLSA : 6 SpfHoldTime : 3 CapabilityOpaqueLSA : Enabled 10M Cost : 10 1000M Cost (1G) : 4 Router Alert : Disabled ASExternal LSALimit : Disabled Originate Default : Disabled Redistribute: Protocol direct
Status cost Disabled 0
static Disabled 0 rip Disabled 0 e-bgp Disabled 0 i-bgp Disabled 0 isis-level-1 Disabled 0 isis-level-2 Disabled 0 isis-level-1-external Disabled 0 isis-level-2-external Disabled 0
MPLS LSP as Next-Hop: No RouterId Selection : Automatic ABR : No ExtLSAChecksum : 0x0 ReceivedNewLSA : 21 Lsa Batch Interval : 30s 100M Cost : 5 10000M Cost (10G) : 2 Import Policy File : Timeout (Count) : Disabled (0)
Type Tag 0 0
Policy None
0 0 0 0 0 0 0 0
None None None None None None None None
0 0 0 0 0 0 0 0
5 Notice that, in the absence of an explicitly-configured value, the protocol assigns the highest-order IP address of all configured OSPF interfaces as the RouterID. 6 Confirm that OSPF learned routes are being added to the IP route table by entering the following command: show iproute
ExtremeXOS™ Operation and Configuration, Rev. 12.1
145
Open Shortest Path First (OSPF) Configuration Lab
If all of the neighbor switches have been properly configured, the route table will look similar to the following which shows data from Lab Group 6’s switch: * WC_6.21 # show iproute Ori #oa
Destination 10.0.1.0/30
Gateway 10.0.6.1
Mtr 8
Flags VLAN UG-D---um--f wan_6
Duration 0d:0h:3m:1s
#oa #oa #oa
10.0.1.4/30 10.0.2.0/30 10.0.2.4/30
10.0.6.1 10.0.6.1 10.0.6.1
8 8 8
UG-D---um--f wan_6 UG-D---um--f wan_6 UG-D---um--f wan_6
0d:0h:3m:1s 0d:0h:3m:1s 0d:0h:3m:1s
#oa #oa #oa #oa
10.0.3.0/30 10.0.3.4/30 10.0.4.0/30 10.0.4.4/30
10.0.6.1 10.0.6.1 10.0.6.1 10.0.6.1
8 8 8 8
UG-D---um--f UG-D---um--f UG-D---um--f UG-D---um--f
0d:0h:3m:1s 0d:0h:3m:1s 0d:0h:3m:1s 0d:0h:3m:1s
#oa 10.0.5.0/30 #oa 10.0.5.4/30 #d 10.0.6.0/30 #d 10.0.6.4/30 oa 10.0.6.4/30 #oa 10.1.1.0/24 #oa 10.2.1.0/24 #oa 10.3.1.0/24
10.0.6.1 10.0.6.1 10.0.6.2 10.0.6.6 10.0.6.1 10.0.6.1 10.0.6.1 10.0.6.1
8 8 1 1
#oa #oa #d
10.4.1.0/24 10.5.1.0/24 10.6.1.0/24
8
10.0.6.1 10.0.6.1 10.6.1.1
wan_6 wan_6 wan_6 wan_6
UG-D---um--f wan_6 0d:0h:3m:2s UG-D---um--f wan_6 0d:0h:3m:2s U------um--f wan_6 0d:1h:23m:32s U------um--f wanbu_6 0d:1h:23m:32s UG-D---um--- wan_6 0d:0h:3m:2s 13 UG-D---um--f wan_6 0d:0h:3m:2s 13 UG-D---um--f wan_6 0d:0h:3m:2s 13 UG-D---um--f wan_6 0d:0h:3m:2s
13 13 1
UG-D---um--f wan_6 UG-D---um--f wan_6 U------um--f closet_6
0d:0h:3m:2s 0d:0h:3m:2s 0d:1h:23m:32s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP (ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext (e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2 (is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp (mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2 (oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM (r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown (*) Preferred unicast route (@) Preferred multicast route (#) Preferred unicast and multicast route Flags: (B) BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route (L) (P) (T) (f)
Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast LPM-routing, (R) Modified, (S) Static, (s) Static LSP Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up Provided to FIB (c) Compressed Route
Mask distribution: 6 routes at length 24
Route Origin distribution: 3 routes from Direct
13 routes at length 30
16 routes from OSPFIntra
Total number of routes = 19 Total number of compressed routes = 0
7 Notice that, except for the directly-connected VLAN, all of the edge data network entries are learned via the wan_X VLAN.
146
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Open Shortest Path First (OSPF) Configuration Lab
Part 5: Configuring the Client Workstation The following instructions will guide you in setting up the client workstation. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility:
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
147
Open Shortest Path First (OSPF) Configuration Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
148
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Open Shortest Path First (OSPF) Configuration Lab
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF13-X batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
149
Open Shortest Path First (OSPF) Configuration Lab
9 In the command window, display the IP interface information on the PC by entering the following command: ipconfig
The system displays the following:
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask found in Table 1. This completes the setup of the Lab Group PC.
150
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Open Shortest Path First (OSPF) Configuration Lab
Part 6: Verifying and Testing IP Forwarding and OSPF 1 Confirm the IP configuration parameters by entering the following summary command: show ipconfig
The following displays: Use Redirects : Disabled IpOption LSRR : Enabled IpOption SSRR : Enabled IpOption RR : Enabled IpOption TS : Enabled IpOption RA : Enabled Route Sharing : Disabled Originated Packets IP Fwding into LSP Unicast Reverse Path Max Shared Gateways
: : : :
Don't require ipforwarding Disabled Disabled Current: 4 Configured: 4
IRDP: Advertisement Address: 255.255.255.255 Minimum Interval: 450 Lifetime: 1800
Maximum Interval: 600 Preference: 0
VLAN closet_X wan_X
IP Address 10.X.1.1 10.0.X.2
Flags /24 EUf---MPuRX------/30 EUf---MPuRX-------
nSIA 0 0
wanbu_X
10.0.X.6
/30 EUf---MPuRX-------
0
Flags: (E) Interface Enabled, (U)Interface Up, f) Forwarding Enabled, (M) Send Parameter Problem Enabled, (P) Send Port Unreachables Enabled, (u) Send Unreachables Enabled, (R) Send Redirects Enabled,(X) Send Time Exceeded Enabled
2
Confirm which VLANs have been added to OSPF and display any associated statistics by entering the following summary command: show ospf interface
The following displays: VLAN IP closet_X wan_X wanbu_X
Address 10.X.1.1 10.0.X.2 10.0.X.6
AREA ID /24 0.0.0.0 /30 0.0.0.0 /30 0.0.0.0
Flags -rif-rif-rif-
Cost State 5/A DR 4/A DR 20/C DR
Neighbors 0 1 1
Flags : f - Interface Forwarding Enabled, i - Interface OSPF Enabled, n - Multinetted VLAN, p - Passive Interface, r - Router OSPF Enable, A - Automatic Cost, C - Configured Cost.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
151
Open Shortest Path First (OSPF) Configuration Lab
3 Additional, area-specific OSPF interface information can be displayed by entering the following summary command: show ospf area 0.0.0.0
The following displays: Area: 0.0.0.0 Type: Normal Router Id: 10.X.1.1 Spf Runs: 5 Num ABR: 0 Num ASBR: 0 Num LSA: 19 LSA Chksum:0x9b8c5 Interfaces: IP addr 10.X.1.1
Ospf /24 E
State DR
DR IP addr 10.X.1.1
10.0.X.2 /30 E DR 10.0.X.6 /30 E DR Inter-Area route Filter: External route Filter: Configured Address Ranges:
BDR IP addr 0.0.0.0
10.0.X.2 10.0.X.6
10.0.X.1 10.0.X.5
4 Notice that the area specified can be any area configured on the switch.
5 Open a Command Prompt window on the Lab Group PC and use the PING command to verify that the PC can communicate with the wan_X VLAN Interface, wanbu_X VLAN Interface, closet_X Interface, and PC IP address for each of the configured neighbor lab groups by entering the following for each group: ping
Example: ping 10.0.X.2 ping
Example: ping 10.0.X.6 ping
Example: ping 10.X.1.1 ping
Example: ping 10.X.1.11
Where X is the lab group number of each neighbor lab group.
152
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Open Shortest Path First (OSPF) Configuration Lab
The following displays the output from pinging Lab Group 6: C:\Documents and Settings\student>ping 10.0.6.2 Pinging 10.0.6.2 with 32 bytes of data: Reply from 10.0.6.2: bytes=32 time=2ms TTL=255 Reply from 10.0.6.2: bytes=32 time<1ms TTL=255 Reply from 10.0.6.2: bytes=32 time<1ms TTL=255 Reply from 10.0.6.2: bytes=32 time<1ms TTL=255 Ping statistics for 10.0.6.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 2ms, Average = 0ms C:\Documents and Settings\student>ping 10.0.6.6 Pinging 10.0.6.6 with 32 bytes of data: Reply from 10.0.6.6: bytes=32 time<1ms TTL=255 Reply from 10.0.6.6: bytes=32 time<1ms TTL=255 Reply from 10.0.6.6: bytes=32 time<1ms TTL=255 Reply from 10.0.6.6: bytes=32 time<1ms TTL=255 Ping statistics for 10.0.6.6: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Documents and Settings\student>ping 10.6.1.1 Pinging 10.6.1.1 with 32 bytes of data: Reply from 10.6.1.1: bytes=32 time<1ms TTL=255 Reply from 10.6.1.1: bytes=32 time<1ms TTL=255 Reply from 10.6.1.1: bytes=32 time<1ms TTL=255 Reply from 10.6.1.1: bytes=32 time<1ms TTL=255 Ping statistics for 10.6.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Documents and Settings\student>ping 10.6.1.11 Pinging 10.6.1.11 with 32 bytes of data: Reply from 10.6.1.11: bytes=32 time<1ms TTL=128 Reply from 10.6.1.11: bytes=32 time<1ms TTL=128 Reply from 10.6.1.11: bytes=32 time<1ms TTL=128 Reply from 10.6.1.11: bytes=32 time<1ms TTL=128 Ping statistics for 10.6.1.11: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
ExtremeXOS™ Operation and Configuration, Rev. 12.1
153
Open Shortest Path First (OSPF) Configuration Lab
154
ExtremeXOS™ Operation and Configuration, Rev. 12.1
13 Netlogin using Local MAC Address Authentication Configuration Lab Student Objectives This lab will guide you through the process of supporting an enterprise customer who is preparing to install IP phones in the lobby of their corporate headquarters. These phones will be in publicly accessible locations. Corporate Security would like to protect the Ethernet port to which the phones will connect allowing devices address access tosecurity the network. havetodecided Extremes’ Networkfrom Login feature any withother Local-MAC is the They best way providethat thisusing security. In this lab, you will complete the following tasks: ●
Enable the Network Login Service
●
Configure local MAC address authentication
●
Verify that the configuration works
You and your team will be configuring switches to accommodate the IP phones. Since the phones are not yet onsite, you will be testing the solutions using a PC. Refer to the values listed in Table 1 to understand the configuration parameters for this lab.
Table 1: Lab Group, Station, Remote PC IP Address , Lab Group PC IP Addr ess, Location, Gateway Lab Group
Remote PC
Lab Group PC
N u m b er 1
S t a t io n 1a
IP Address 10.209.10.11/24
I P A d d r ess 192.168.1.31/24
Lo c at io n Phone 11
G a t ew a y 192.168.1.1/24
2
2a
10.209.10.12/24
192.168.2.31/24
Phone 21
192.168.2.1/24
3
3a
10.209.10.13/24
192.168.3.31/24
Phone 31
192.168.3.1/24
4
4a
10.209.10.14/24
192.168.4.31/24
Phone 41
192.168.4.1/24
5
5a
10.209.10.15/24
192.168.5.31/24
Phone 51
192.168.5.1/24
6
6a
10.209.10.16/24
192.168.6.31/24
Phone 61
192.168.6.1/24
ExtremeXOS™ Operation and Configuration, Rev. 12.1
155
Netlogin using Local MAC Address Authentication Configuration Lab
Part 1: Setting up for Netlogin This exercise begins with loading the specific group pre-configuration on each switch. 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_NTLGN-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch. 7 View the VLAN configuration, enter the following command: show vlan
156
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Netlogin using Local MAC Address Authentication Configuration Lab
The following displays: -----------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports Active
Virtual router
/Total -----------------------------------------------------------------------------------Default
1
Mgmt
4095 -------------------------------------- ANY
192.168.X.1
/24
-----------T------ ANY
1 /1 1 /1
VR-Default VR-Mgmt
-----------------------------------------------------------------------------------Flags : (T) Member of STP Domain Total number of VLAN(s) : 2
Part 2: Configuring the Client Workstation The following instructions will guide you in setting up the client workstation. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility. 2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
157
Netlogin using Local MAC Address Authentication Configuration Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
158
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Netlogin using Local MAC Address Authentication Configuration Lab
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_NTLGN-X batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen appears while the file executes, follow the instructions on the screen:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
159
Netlogin using Local MAC Address Authentication Configuration Lab
Using Lab Group 1 as an example below, the system displays the following ip configuration:
8 Notice that the Lab Network interface has been assigned your Lab Group PC's IP address and mask found in Table 1. 9 Verify the setup by pinging the default gateway from the vPC. C:\>ping 192.168.X.1
Pinging 192.168.X.1 with 32 bytes of data: Reply from 192.168.X.1: bytes=32 time<1ms TTL=128 Reply from 192.168.X.1: bytes=32 time<1ms TTL=128 Reply from 192.168.X.1: bytes=32 time<1ms TTL=128 Reply from 192.168.X.1: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.X.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
This completes the setup of the Lab Group PC.
160
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Netlogin using Local MAC Address Authentication Configuration Lab
Part 3: Displaying the Network Login Configuration 1 On the switch, verify that the MAC-based Network Login service is not configured. show netlogin mac
The following displays: NetLogin Auth Mode : web-based DISABLED; 802.1x DISABLED; mac-based DISABLED NetLogin VLAN NetLogin move-fail-action
: : Deny
NetLogin Client Aging Time
: 5 minutes
Dynamic VLAN Creation
: Disabled
Dynamic VLAN Uplink Ports
: None
-----------------------------------------------MAC Mode Global Configuration -----------------------------------------------Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Radius, Local-User database
------------------------------------------------
2 Verify that the local MAC database (the list of MAC addresses that is stored on the switch) is empty. show netlogin mac-list
The following displays: SS-0X.3 # show netlogin mac-list SS-0X.4 #
Part 4: Configuring the Network Login VLAN The Network Login VLAN is an internal VLAN that enables the system to access the Network Login Service. You will not add any ports to this VLAN, however, later in this lab, you will configure ports to use the Network Login Service. 1 Create a VLAN to support the Network Login service. create vlan netlogin_vlan
2 Associate the VLAN to the Network Login Service. configure netlogin vlan netlogin_vlan
Part 5: Configuring MAC Address Authentication 1 Enable MAC address authentication option of the Network Login Service. enable netlogin mac
ExtremeXOS™ Operation and Configuration, Rev. 12.1
161
Netlogin using Local MAC Address Authentication Configuration Lab
2 Configure the MAC address authentication process to use the local database. The options available are local and radius. The system will search either the local database and the RADIUS database in the order in which the options are entered. If the local option is entered first, then the local database will be interrogated before the RADIUS database. You may also configure the system to only search local or RADIUS databases by only entering one of the two options.
Enter the following command: configure netlogin mac authentication database-order local
3 On the Lab Group PC, verify that the PC can ping the gateway. C:\>ping 192.168.X.1
4 On your switch, select the ports that will subscribe to the Network Login Service. enable netlogin ports 24 mac
5 On the Lab Group PC, verify that the PC is now unable to ping the gateway. C:\>ping 192.168.X.1 Pinging 192.168.X.1 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.X.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Part 6: Managing the Authorized MAC Addresses There are two parts to managing the authorized MAC Addresses. The first part is to create an entry in the MAC address database. The second part is to create a corresponding entry in the user database for the configured MAC address. 1 On the Lab Group PC, determine the MAC (physical) address of the Lab Network Ethernet Adapter by entering the following at the Command Prompt: ipconfig /all
The following displays: Ethernet adapter Lab Network: Connection-specific DNS Suffix
. :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter Physical Address. . . . . . . . . : 00-50-56-00-00-FB Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.X.31 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.X.1
In the example above, the MAC address for the Lab Network Ethernet Adapter is 00-50-56-00-00-FB.
162
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Netlogin using Local MAC Address Authentication Configuration Lab
2 On the switch, add that MAC addresses to the local database. MAC addresses are entered using the colon as a separator. All alphabetic characters should be entered in upper case. configure netlogin add mac-list
Example: 00:50:56:00:00:FB configure netlogin add mac-list 3 On your switch, add MAC-based users to the local database. When entering the following command, you will substitute the user-name and password options with the MAC address of the IP phone. When entering the MAC address, enter the MAC address used in the last step, omitting the colon (:) character. create netlogin local-user
All alphabetic characters should be entered in upper case. The MAC address from the example above would be entered as 0050560000FB 0050560000FB for the and in the command. Example: 0050560000FB 0050560000FB create netlogin local-user
Part 7: Testing the Configuration 1 On the Lab Group PC, verify that the system is configured correctly by pinging the default gateway. C:\>ping 192.168.X.1
The following displays: Pinging 192.168.X.1 with 32 bytes of data: Request timed out. Reply from 192.168.X.1: bytes=32 time<1ms TTL=128 Reply from 192.168.X.1: bytes=32 time<1ms TTL=128 Reply from 192.168.X.1: bytes=32 time<1ms TTL=128 Reply from 192.168.X.1: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.X.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
NOTE The reply may not take effect immediately, if you get ‘request timed out’ - wait a minute, and then try again.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
163
Netlogin using Local MAC Address Authentication Configuration Lab
Part 8: Just in Case.... If you should encounter problems, there are a few commands that you can execute to help you in diagnosing the problem. 1 Display the general Network Login service configuration by using the following command: show netlogin
164
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Netlogin using Local MAC Address Authentication Configuration Lab
The following displays: NetLogin Authentication Mode : web-based DISABLED; 802.1x DISABLED; mac-based ENABLED NetLogin VLAN
: "netlogin_vlan"
NetLogin move-fail-action
: Deny
NetLogin Client Aging Time
: 5 minutes
Dynamic VLAN Creation
: Disabled
Dynamic VLAN Uplink Ports
: None
-----------------------------------------------Web-based Mode Global Configuration -----------------------------------------------Base-URL
: network-access.com
Default-Redirect-Page
: ENABLED; http://www.extremenetworks.com
Logout-privilege
: YES
Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s) Refresh failures allowed : 0 Reauthenticate on refresh: Disabled Authentication Database
: Radius, Local-User database
Proxy Ports : 80(http),443(https) -----------------------------------------------802.1x Mode Global Configuration -----------------------------------------------Quiet Period
: 60
Supplicant Response Timeout
: 30
Re-authentication period
: 3600
Max Re-authentications
: 3
RADIUS server timeout
: 30
EAPOL MPDU version to transmit
: v1
Authentication Database
: Radius
------------------------------------------------
-----------------------------------------------MAC Mode Global Configuration -----------------------------------------------MAC Address/Mask
Password (encrypted)
-------------------00:0C:29:AA:D6:8C/48
Port(s)
-----------------------------
-----------------------any
Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24,
Vlan: Default,
State: Enabled,
Authentication: mac-based
Guest Vlan : Disabled Authentication Failure Vlan : Disabled Authentication Service-Unavailable Vlan : Disabled Authenticated
Type
00:0c:29:aa:d6:8c
MAC
IP address 192.168.1.31
Yes, Locally
MAC
00:e0:2b:00:00:01
0.0.0.0
No
ExtremeXOS™ Operation and Configuration, Rev. 12.1
MAC
ReAuth-Timer 0
User 000C29AAD68C
0
165
Netlogin using Local MAC Address Authentication Configuration Lab
2 To focus in on just the Network Login MAC related parameters, enter the following command: show netlogin mac
The following displays: NetLogin Authentication Mode : web-based DISABLED;802.1x DISABLED; mac-based ENABLED NetLogin VLAN
: "netlogin_vlan"
NetLogin move-fail-action
: Deny
NetLogin Client Aging Time
: 5 minutes
Dynamic VLAN Creation
: Disabled
Dynamic VLAN Uplink Ports
: None
-----------------------------------------------MAC Mode Global Configuration -----------------------------------------------MAC Address/Mask
Password (encrypted)
--------------------
------------------------------
Port(s)
00:0C:29:AA:D6:8C/48
-----------------------any
Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24,
Vlan: Default,
State: Enabled,
Authentication: mac-based
Guest Vlan : Disabled Authentication Failure Vlan : Disabled Authentication Service-Unavailable Vlan : Disabled Type
ReAuth-Timer User
00 : 0 c : 2 9: aa: d6 : 8c
MAC
IP address 1 92 . 1 6 8 . 1. 3 1
Authenticated Y e s , L oc al l y
MA C
0
00:e0:2b:00:00:01
0.0.0.0
No
MAC
0
00 0 C 2 9A A D 6 8 C
3 To view the Network Login configuration of the port, enter the following command: show netlogin port 24
The following displays: Port
: 24
Port Restart
: Disabled
Allow Egress
: None
Vlan
: Default
Authentication
: mac-based
Port State
: Enabled
Guest Vlan
: Disabled
Auth Failure Vlan
: Disabled
Auth Service-Unavailable Vlan : Disabled MAC
166
Authenticated
Type
00:0c:29:aa:d6:8c
IP address 192.168.1.31
Yes, Locally
MAC
00:e0:2b:00:00:01
0.0.0.0
No
MAC
ReAuth-Timer User 0
000C29AAD68C
0
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Netlogin using Local MAC Address Authentication Configuration Lab
4 To view the default VLAN, enter the following command: show vlan default
5 Finally, you can interrogate the message log to view the activity of the Network Login service. show log messages memory-buffer
The following displays:
08/22/2008 20:42:19.49 Network Login MAC user 000C29AAD68C logged in MAC 00:0C:29:AA:D6:8C port 24 VLAN(s) "Default", authentication Locally 8/22/2008 20:41:47.31 Network Login framework has been initialized 8/22/2008 20:33:30.99 Mac authentication was initiated, but mac-list for virtual router VR-Default is empty
ExtremeXOS™ Operation and Configuration, Rev. 12.1
167
Netlogin using Local MAC Address Authentication Configuration Lab
168
ExtremeXOS™ Operation and Configuration, Rev. 12.1
14 Universal Port Configuration Lab Universal Port is a powerful framework for event driven activation of CLI scripts or profiles. The ExtremeXOS™ Universal Port framework enables the switch to take actions based on such criteria as a detected device, a user authenticated (or unauthenticated), or a user-configured timer. Universal Port is primarily used for simplifying edge configuration. Added security is gained by enabling Network Login for authentication prior to granting the device or user access to the network. In its simplest form, Universal Portand provides theExtremeXOS ability to automatically parameters–ports, IP addresses, QoS on switches. configure network interface
Student Objectives In this lab, you will: ●
Verify an existing Netlogin configuration
●
Create a Universal Port profile
●
Bind the profile to a pre-defined event
●
Associate the profile with a specific user
●
Test and validate that the profile is applied when the user authenticates
Figure 1: Universal Po rt Conf iguration
ExtremeXOS™ Operation and Configuration, Rev. 12.1
169
Universal Port Configuration Lab
Refer to the values listed in Table 1to configure switch parameters for this lab.
Table 1: Group, Switch, VLAN Names, Tags and IP addresses Lab Group #
Switch Data Name VLAN
Data VLAN Tag
Data VLAN IP Address
Data PC IP Address
Voice VLAN
Voice VLAN Tag
Voice VLAN IP Voice PC IP Address Address
1
SAM_1 data_1
1011
10.0.11.1/24
10.0.11.101
voice_1
1012
10.0.12.1/24
10.0.12.101
2
EXC_2
data_2
1021
10.0.21.1/24
10.0.21.101
voice_2
1022
10.0.22.1/24
10.0.22.101
3
ACT_3
data_3
1031
10.0.31.1/24
10.0.31.101
voice_3
1032
10.0.32.1/24
10.0.32.101
4
MFG_4 data_4
1041
10.0.41.1/24
10.0.41.101
voice_4
1042
10.0.42.1/24
10.0.42.101
5 6
ENG_5 data_5 HUR_6 data_6
1051 1061
10.0.51.1/24 10.0.61.1/24
10.0.51.101 voice_5 10.0.61.101 voice_6
1052 1062
10.0.52.1/24 10.0.52.101 10.0.62.1/24 10.0.62.101
Part 1: Setting Up for Loading and Validating the Netlogin Configuration This exercise begins with the specific group VLAN pre-configured on each switch. 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF19-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following:
Authentication Service (AAA) on the master node is now available for login.
170
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Universal Port Configuration Lab
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
Part 2: Loading and Validating the Netlogin Configuration 1 Review the existing VLAN configuration by entering the following command: show vlan
The system displays the following: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------data_X
10X1 ------------------------------------------- ANY
0 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
nl_vlan
4093 ----------------------LN------------------- ANY
0 /1
VR-Default
voice_X
10X2 ------------------------------------------- ANY
0 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (L) Loopback Enabled,(N) Network Login VLAN Total number of VLAN(s) : 5
2 Notice that each switch is configured with a netlogin vlan, nl_vlan, and that all VLANs are already associated with a single port (port 24). 3 Review the existing MAC-based netlogin configuration by entering the following command: show netlogin mac
ExtremeXOS™ Operation and Configuration, Rev. 12.1
171
Universal Port Configuration Lab
The system displays the following: NetLogin Authentication Mode : web-based DISABLED; 802.1x DISABLED; mac-based DISABLED NetLogin VLAN
: "nl_vlan"
NetLogin move-fail-action
: Deny
NetLogin Client Aging Time
: 5 minutes
Dynamic VLAN Creation
: Disabled
Dynamic VLAN Uplink Ports
: None
-----------------------------------------------MAC Mode Global Configuration -----------------------------------------------MAC Address/Mask
Password (encrypted)
Port(s)
--------------------
------------------------------
AA:AA:AA:AA:AA:AA/48
24
------------------------
BB:BB:BB:BB:BB:BB/48
24
Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
------------------------------------------------
4 Notice that mac-based authentication is DISABLED, but is pre-configured for two MAC addresses one for each of your two lab PC's.
Also notice that the authentication database is set for the Local-User database. Because we are not using a RADIUS server in this exercise, this will become an important factor later in the lab.
172
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Universal Port Configuration Lab
Part 3: Configuring the Client Workstations The following instructions will guide you in setting up the client workstations. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility:
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
173
Universal Port Configuration Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
174
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Universal Port Configuration Lab
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF19-Xa batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen appears while the file executes, and then closes automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
175
Universal Port Configuration Lab
9 In the command window, display the IP interface information on the PC by entering the following command: ipconfig /all
Using Lab Group 1 as an example, the system displays the following:
10 Notice that the Lab Network interface for this PC has been assigned an IP address on the network associated with the Data PC IP Address ( 127.0.0.1:101X) found in Table 1 (where X is your Lab Group number). 11 From the Data PC desktop, right-click on My Network Places and select Properties from the menu:
176
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Universal Port Configuration Lab
12 Highlight the Lab Network icon:
13 To block the station from sending any packets prior to testing, select Disable this network device from the Network Tasks menu:
This completes the setup of your first PC. 14 To set up the second lab PC, Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:10 2X, where X is the lab group number assigned in Table 1:
This will be configured as the Voice PC and assigned the respective IP address found in Table 1 for your lab group.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
177
Universal Port Configuration Lab
15 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
16 From the PC desktop, open the Lab Networking Addressing folder:. Double-click on the Config_ECF19-Xb batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen appears while the file executes, and then close automatically when it terminates:
17 Open a Command window:
178
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Universal Port Configuration Lab
18 In the command window, display the IP interface information on the PC by entering the following command: ipconfig /all
Using Lab Group 1 as an example, the system displays the following:
19 Notice that the Lab Network interface for this PC has been assigned an IP address the network
associated with the Voice PC IP Address (127.0.0.1:102X) found in Table 1 (where X is your Lab Group number). 20 From the PC desktop, right-click on My Network Places and select Properties from the menu:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
179
Universal Port Configuration Lab
21 Highlight the Lab Network icon:
22 To block the station from sending any packets prior to testing, select Disable this network device from the Network Tasks menu:
180
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Universal Port Configuration Lab
Part 4: Creating the Universal Port Profiles and Binding to an Event 1 Profiles can be assigned to specific users. For this exercise, we will create two profiles, one for each supplicant. On the switch, create the first profile by entering the following command: create upm profile ecf-19-Xa
Where X is your lab group number found in Table 1. The system displays the following: Start typing the profile and end with a . as the first and the only character on a line. Use - edit upm profile - for block mode capability
2 Enter the following commands: configure vlan data_X ipaddress 10.0.X1.1/24 .
Where X is your lab group number, and the ip address is the value assigned to your group for the VLAN data_X found in Table 1. Note that the second line, . , terminates the editing function of the create command. 3 Create the second profile by entering the following command: create upm profile ecf-19-Xb
Where X is your lab group number found in Table 1. The system displays the following: Start typing the profile and end with a . as the first and the Use - edit upm profile - for block mode capa bility
only chara cter on a li ne.
4 Enter the following commands: configure vlan voice_X ipaddress 10.0.X2.1/24 .
Where X is your lab group number, and is the value assigned to your group for the VLAN data_X found in Table 1. Note that the second line, ., terminates the editing function of the create command. 5 Display summary information for the profiles by entering the following command: show upm profile
The system displays the following: ================================================================================ UPM Profile
Events
Flags Ports
================================================================================ ecf-19-Xa
e
ecf-19-Xb
e
================================================================================ Number of UPM Profiles: 2 Number of UPM Events in Queue for execution: 0 Flags: d - disabled, e - enabled Event name: log-message(Log filter name) - Truncated to 20 chars
ExtremeXOS™ Operation and Configuration, Rev. 12.1
181
Universal Port Configuration Lab
6 Bind each profile to the user-authentication event by entering the following commands: configure upm event user-authenticate profile ecf-19-Xa ports 24 configure upm event user-authenticate profile ecf-19-Xb ports 24
Where X is your lab group number found in Table 1. 7 Confirm that the profiles were correctly bound by entering the following command: show upm event user-authenticate
The system displays the following: ------------------------------------------------------------------UPM Profile PortList ------------------------------------------------------------------ecf-19-Xa
24
ecf-19-Xb
24
-------------------------------------------------------------------
8 This can also be validated with the summary profile information, shown by entering the following command: show upm profile
The system displays the following: ================================================================================ UPM Profile
Events
Flags Ports
================================================================================ ecf-19-Xa
user-authenticated
e
24
ecf-19-Xb
user-authenticated
e
24
================================================================================ Number of UPM Profiles: 2 Number of UPM Events in Queue for execution: 0 Flags: d - disabled, e - enabled Event name: log-message(Log filter name) - Truncated to 20 chars
182
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Universal Port Configuration Lab
Part 5: Universal Port, Netlogin, and MAC-Based Authentication In order for authentication to work without an external database (like RADIUS), each user needs to be added to Netlogin's local user database. When using MAC-based authentication, the MAC address of the end station is used for both the user name and the password. 1 The two Lab PC's configured in Part 3 have already been added to the database. Confirm this configuration by entering the following command: show netlogin local-users
The system displays the following: Netlogi n Local User Name Extended-VL AN VSA Security Profile ------------------------------------------------------------------------AAAAAAA AAAAA BBBBBBB BBBBB
2 Notice that the MAC address is entered without delimiters, and all alpha characters are capitalized. 3 An additional requirement of local authorization is to bind the Universal Port profile to the specific Netlogin user by entering the following commands: configure netlogin local-user security-profile ecf-19-Xa configure netlogin local-user security-profile ecf-19-Xb
Example: configure netlogin local-user 000C29AAD68C security-profile ecf-19-1a configure netlogin local-user 000C296BAF67 security-profile ecf-19-1b
Replace and with their respective MAC addresses as displayed in step 1 above, and X with your lab group number found in Table 1. 4 Confirm that the profiles were correctly associated with the user accounts by entering the following command: show netlogin local-users
The system displays the following:
Netlogin Local User Name
Extended-VLAN VSA
------------------------
-----------------------------
Security Profile ----------------------
AAAAAAAAAAAA
ecf-19-Xa
BBBBBBBBBBBB
ecf-19-Xb
ExtremeXOS™ Operation and Configuration, Rev. 12.1
183
Universal Port Configuration Lab
Part 6: Triggering and Validating the Event Profile 1 Enable Netlogin for MAC-based authentication by entering the following command: enable netlogin mac
2 Display the MAC-based authentication Netlogin information by entering the following command: show netlogin mac
Notice that MAC-based Netlogin is enabled and configured for the two PC MAC addresses, but that none have been authenticated on any of the displayed VLANs. NetLogin Authentication Mode : web-based DISABLED; NetLogin VLAN NetLogin move-fail-action
802.1x DISABLED;
mac-based ENABLED
: "nl_vlan" : Deny
NetLogin Client Aging Time
: 5 minutes
Dynamic VLAN Creation
: Disabled
Dynamic VLAN Uplink Ports
: None
-----------------------------------------------MAC Mode Global Configuration -----------------------------------------------MAC Address/Mask
Password (encrypted)
--------------------
Port(s)
------------------------------
------------------------
AA:AA:AA:AA:AA:AA/48
24
BB:BB:BB:BB:BB:BB/48
24
Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24,
Vlan: data_X,
State: Enabled,
Authentication: mac-based
Guest Vlan : Disabled Authentication Failure Vlan : Disabled Authentication Service-Unavailable Vlan : Disabled MAC
IP address
Authenticated
Type
ReAuth-Timer
User
----------------------------------------------Port: 24,
Vlan: nl_vlan,
State: Enabled,
Authentication: mac-based
Guest Vlan : Disabled Authentication Failure Vlan : Disabled Authentication Service-Unavailable Vlan : Disabled MAC
IP address
Authenticated
Type
ReAuth-Timer
User
----------------------------------------------Port: 24,
Vlan: voice_X,
State: Enabled,
Authentication: mac-based
Guest Vlan : Disabled Authentication Failure Vlan : Disabled Authentication Service-Unavailable Vlan : Disabled MAC
IP address
Authenticated
Type
ReAuth-Timer
User
-----------------------------------------------
3 Enable the port connecting to the Lab Group PCs by entering the following command: enable ports 24
4 Display the summary VLAN information by entering the following command: show vlan
184
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Universal Port Configuration Lab
The following displays: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------data_X
10X1 ------------------------------------------- ANY
1 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
nl_vlan
4093 ----------------------LN------------------- ANY
1 /1
VR-Default
voice_X
10X2 ------------------------------------------- ANY
1 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (L) Loopback Enabled,(N) Network Login VLAN
5 Notice that neither the data_X nor the voice_X VLANs have been assigned IP addresses. 6 On the Data PC desktop(127.0.0.1:101X), from Network Connections, re-enable the Lab Network interface by selecting Enable this network device from the Network Tasks menu:
7 On the Data PC desktop(127.0.0.1:101X), open a Command Window and launch a PING to the Data_X VLAN IP address by entering the following command: ping 10.0.X1.1
Where X is your lab group number found in Table 1. The system displays the following: C:\Documents and Settings\student>ping 10.0.X1.1 Reply from 10.0.X1.1: bytes=32 time=1ms TTL=255 Reply from 10.0.X1.1: bytes=32 time<1ms TTL=255 Reply from 10.0.X1.1: bytes=32 time<1ms TTL=255 Reply from 10.0.X1.1: bytes=32 time<1ms TTL=255 Ping statistics for 10.0.X1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
8 On the switch, display the MAC-based authentication Netlogin information by entering the
following command: show netlogin mac
ExtremeXOS™ Operation and Configuration, Rev. 12.1
185
Universal Port Configuration Lab
The following display is an example from Lab Group 1’s switch: NetLogin Authentication Mode : web-based DISABLED;802.1x DISABLED; mac-based ENABLED NetLogin VLAN
: "nl_vlan"
NetLogin move-fail-action
: Deny
NetLogin Client Aging Time
: 5 minutes
Dynamic VLAN Creation
: Disabled
Dynamic VLAN Uplink Ports
: None
-----------------------------------------------MAC Mode Global Configuration -----------------------------------------------MAC Address/Mask
Password (encrypted)
-------------------00:0C:29:6B:AF:67/48
---------------------------------------------------- 24
Port(s)
00:0C:29:AA:D6:8C/48
24
Re-authentication period
: 0 (Re-authentication disabled)
Authentication Database
: Local-User database
-----------------------------------------------Port: 24,
Vlan: data_1,
State: Enabled,
Authentication: mac-based
Guest Vlan : Disabled Authentication Failure Vlan : Disabled Authentication Service-Unavailable Vlan : Disabled MAC
IP address
00:0c:29:aa:d6:8c
10.0.11.101
Authenticated
Type
Yes, Locally
MAC
ReAuth-Timer 0
User 000C29AAD68C
----------------------------------------------Port: 24,
Vlan: nl_vlan,
State: Enabled,
Authentication: mac-based
Guest Vlan : Disabled Authentication Failure Vlan : Disabled Authentication Service-Unavailable Vlan : Disabled
MAC 00:e0:2b:00:00:01
IP address 0.0.0.0
Authenticated No
Type MAC
ReAuth-Timer 0
User
----------------------------------------------Port: 24,
Vlan: voice_1,
State: Enabled,
Authentication: mac-based
Guest Vlan : Disabled Authentication Failure Vlan : Disabled Authentication Service-Unavailable Vlan : Disabled MAC
IP address
Authenticated
Type
ReAuth-Timer
User
-----------------------------------------------
9 Notice that the MAC address for the Data PC (127.0.0.1:101X)has been authenticated on the data_X VLAN. 10 On the switch, display the summary VLAN information by entering the following command: show vlan
186
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Universal Port Configuration Lab
The system displays the following: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------data_X
10X1 10.0.X1.1
/24
----------------------- ANY
1 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
nl_vlan
4093 ----------------------LN------------------- ANY
1 /1
VR-Default
voice_X
10X2 ------------------------------------------- ANY
1 /1
VR-Default
---------------------------------------------------------------------------------------
Total number of VLAN(s) : 5
11 Notice that the data_X VLAN has been assigned the IP address sent a PING. 12 On the Voice PC desktop(127.0.0.1:102X), from Network Connections, re-enable the Lab Network interface by selecting Enable this network device from the Network Tasks menu:
13 On the Voice PC desktop(127.0.0.1:102X), open a Command Window and launch a PING to the voice_X VLAN IP address by entering the following command: ping 10.0.X2.1
Where X is your lab group number found in Table 1. The system displays the following: C:\Documents and Settings\student>ping 10.0.X2.1 Reply from 10.0.X2.1: bytes=32 time=1ms TTL=255 Reply from 10.0.X2.1: bytes=32 time<1ms TTL=255 Reply from 10.0.X2.1: bytes=32 time<1ms TTL=255 Reply from 10.0.X2.1: bytes=32 time<1ms TTL=255 Ping statistics for 10.0.X2.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
14 On the switch, display the MAC-based authentication Netlogin information by entering the
following command: show netlogin mac
ExtremeXOS™ Operation and Configuration, Rev. 12.1
187
Universal Port Configuration Lab
The system displays the following example from Lab Group 1’s switch for the vlan voice_X segment of the output: ----------------------------------------------Port: 24,
Vlan: voice_1,
State: Enabled,
Authentication: mac-based
Guest Vlan : Disabled Authentication Failure Vlan : Disabled Authentication Service-Unavailable Vlan : Disabled MAC
IP address
00:0c:29:6b:af:67
10.0.12.101
Authenticated
Type
Yes, Locally
MAC
ReAuth-Timer
User
0
000C296BAF67
-----------------------------------------------
15 Notice that the MAC address for the Voice PC(127.0.0.1:102X) has been authenticated on the voice_X VLAN. 16 Display the summary VLAN information by entering the following command: show vlan
The system displays the following: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------data_X
10X1 10.0.X1.1
/24
----------------------- ANY
1 /1
VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
nl_vlan
4093 ----------------------LN------------------- ANY
1 /1
voice_X
10X2 10.0.X2.1
/24
----------------------- ANY
1 /1
VR-Default VR-Default
--------------------------------------------------------------------------------------Total number of VLAN(s) : 5
17 Notice that the voice_X VLAN has been assigned the IP address sent a PING.
188
ExtremeXOS™ Operation and Configuration, Rev. 12.1
15 Quality of Service (QoS) Configuration Lab Student Objectives When network traffic needs a guarantee of underlying network performance, QoS provides a solution. QoS is a set of protocols and mechanisms that facilitate the delivery of delay and bandwidth sensitive material across data networks. This typically relates to the amount of bandwidth required, but other factors, as priority, areanalso taken into account. QoS in the networks is creatingsuch unequal access in essentially equal access network. InEthernet this environment, anfundamentally application is assured that its requirement for bandwidth, priority, latency and delay are met. Policy-based Quality of Service (QoS) is a feature of Extreme XOS and the Extreme Networks switch architecture that allows you to specify different service levels for traffic traversing the switch. Policybased QoS allows you to protect bandwidth for important categories of applications or to specifically limit the bandwidth associated with less critical traffic. Using Policy-based QoS, you can specify the service level that a particular traffic type receives. The main benefit of QoS is that it allows you to have control over the types of traffic that receive enhanced service from the system. For example, if voice-over-IP (VoIP) traffic requires a reserved amount of bandwidth to function properly. You can use policy-based QoS to reserve sufficient bandwidth critical to this type of application. In this lab, you will implement this feature by assigning a strict service priority by configuring two or more hardware queues to contend for transmission on the same physical port. In this lab, you will: ●
Confirm the baseline VLAN configuration
●
Verify the data forwarding model for unconstrained traffic flows
●
Configure VLAN-based QoS with strict priority queuing
●
Verify the QoS configuration
●
Test the QoS configuration
ExtremeXOS™ Operation and Configuration, Rev. 12.1
189
Quality of Service (QoS) Configuration Lab
Figure 1: QoS Configuration Lab
Refer to the values listed in Table 1 to configure switch parameters for this lab.
Table 1: Group, Switch, VLAN Names, CV Tags, Ports and PC, and Target VLAN Addresses Lab Group Number 1
2
3
4
5
6
190
VLAN
Target VLAN IP Address on Target Switches
192.168.1.101/24
target_1a
192.168.101.1/24
14u
101
192.168.11.101/24
target_1b
192.168.111.1/24
16u
102
13t, 24u
192.168.2.101/24
target_2a
192.168.102.1/24
14u
201
22
13t, 23u
192.168.22.101/24
target_2b
192.168.122.1/24
16u
202
closet_3a
31
13t, 24u
192.168.3.101/24
target_3a
192.168.103.1/24
14u
301
closet_3b
32
13t, 23u
192.168.33.101/24
target_3b
192.168.133.1/24
16u
302
MFG_4 closet_4a
41
13t, 24u
192.168.4.101/24
target_4a
192.168.104.1/24
14u
401
closet_4b
42
13t, 23u
192.168.44.101/24
target_4b
192.168.144.1/24
16u
402
ENG_5 closet_5a
51
13t, 24u
192.168.5.101/24
target_5a
192.168.105.1/24
14u
501
closet_5b
52
13t, 23u
192.168.55.101/24
target_5b
192.168.155.1/24
16u
502
HUR_6 closet_6a
61
13t, 24u
192.168.6.101/24
target_6a
192.168.106.1/24
14u
601
closet_6b
62
13t, 23u
192.168.66.101/24
target_6b
192.168.166.1/24
16u
602
CV Switch Closet CV Name VLAN (CV) Tag Ports
Lab Group PC IP Addresses
SAM_1 closet_1a
11
13t, 24u
closet_1b
12
13t, 23u
closet_2a
21
closet_2b
EXC_2
ACT_3
Target
TV
TV Ports Tag
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Quality of Service (QoS) Configuration Lab
Part 1: Creating the EAPS Control VLAN 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF17-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following:
Are you sure you want to reboot the switch? (y/N)
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
191
Quality of Service (QoS) Configuration Lab
7 Confirm the configuration of the two edge VLANs, closet_Xa and closet_Xb, and the two target interfaces, target_Xa and target_Xb (where X is the lab group number assigned in Table 1) by entering the following command: show vlan
The system displays the following: --------------------------------------------------------------------------------------Name
VID
Protocol Addr
Flags
Proto
Ports
Virtual
Active router /Total --------------------------------------------------------------------------------------closet_Xa closet_Xb
X1 X2
------------------------------------------- ANY ------------------------------------------- ANY
2 /2 2 /2
VR-Default VR-Default
Default
1
------------------------------------------- ANY
0 /0
VR-Default
Mgmt
4095 ------------------------------------------- ANY
1 /1
VR-Mgmt
target_Xa
X01
192.168.10X.1
/24
----------------------- ANY
1 /1
VR-Default
target_Xb
X02
192.168.1XX.1
/24
----------------------- ANY
1 /1
VR-Default
--------------------------------------------------------------------------------------Flags : (C) EAPS Control VLAN, (d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled, (E) ESRP Enabled, (f) IP Forwarding Enabled, (F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled, (l) MPLS Enabled, (m) IPmc Forwarding Enabled, (M) Translation Member VLAN or Subscriber VLAN, (n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled, (O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN, (r) RIP Enabled, (R) Sub-VLAN IP Range Configured, (s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN, (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled Total number of VLAN(s) : 6
8 Notice that ports have been assigned and enabled. Also, both target VLANs are configured with IP addresses. This will be the destination IP addresses used to test the QoS feature later in the lab.
192
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Quality of Service (QoS) Configuration Lab
Part 2: Configuring the Client Workstations The following instructions will guide you in setting up the first client workstation. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility:
2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
193
Quality of Service (QoS) Configuration Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
194
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Quality of Service (QoS) Configuration Lab
7 From the 127.0.0.1:101X Lab Group PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF17-Xa batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the Lab Group PC IP address. The following screen appears while the file executes, and then closes automatically when it terminates.
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
195
Quality of Service (QoS) Configuration Lab
9 Enter the following command in the command window to display the IP interface information on the Lab Group PC. ipconfig
The system displays the following information.
10 Notice that the ethernet adapter Untagged has been assigned your first Lab Group PC IP Address and mask found in Table 1. 11 For the second Lab Group PC (127.0.0.1:10 2X), open the Accessories folder again and re-launch the Remote Desktop Connect utility.
196
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Quality of Service (QoS) Configuration Lab
12 Enter the combined IP address and unique port number identifying the second target Lab Group PC in the format 127.0.0.1:102X, where X is the lab group number assigned in Table 1.
13 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student.
14 From the 127.0.0.1:10 2X Lab Group PC desktop, open the Lab Networking Addressing folder. Double click on the Config_ECF17-Xb batch file, where X is the lab group number assigned in Table 1.
This batch file will automatically configure the Lab Group PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
197
Quality of Service (QoS) Configuration Lab
15 From the Start menu, click on the Run option to confirm the IP address and static routes. Enter to open a Command window:
cmd
16 Enter the following command in the command window to display the IP interface information on the Lab Group PC: ipconfig
The system displays the following information:
17 Notice that the ethernet adapter Untagged has been assigned your second Lab Group PC IP Address and mask found in Table 1.
198
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Quality of Service (QoS) Configuration Lab
Part 3: Best-Effort Traffic Modeling Both Lab Group PCs have default gateways configured on the core switch CS-A, and reachable only via the single uplink port, port 13. This means that any traffic sent to destinations across a routing boundary in another subnet will be forwarded out the uplink port, and any traffic sent simultaneously by both systems will contend for outbound bandwidth and priority. 1 From the first Lab Group PC desktop(127.0.0.1:10 1X), open the folder named iPerf for Windows and launch the batch file Lab_ECF17-Xa where X is the lab group number assigned in Table 1.
This batch file will send a 5MB UDP stream for fifty minutes (3000 seconds) to the target address 192.168.10X.1. 2 Show the port utilization for the first Lab Group PC port (port 24) and the uplink port to CS-A (port 13) by entering the following command on your switch: show ports 13,24 utilization
Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link Utilization Averages screen.
The system displays the following: Link Utilization Averages Port
Link State
Link Speed
Wed Aug 27 09:23:24 2008
Receive % bandwidth
Peak Rx % bandwidth
Transmit % bandwidth
Peak Transmit % bandwidth
================================================================================ 13
A
10
0.05
0.06
40.11
42.27
24
A
100
4.01
4.21
0.01
0.01
================================================================================ > indicates Port Display Name truncated past 8 characters Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback Spacebar->toggle screen U->page up
D->page down ESC->exit
3 Notice that, in this example, the Receive % bandwidth for port 24 is equal to the Transmit % bandwidth for port 13. Note also that port 13 has been configured for 10MB, so the UDP stream from the first Lab Group PC accounts for over 40% of the port’s total capacity.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
199
Quality of Service (QoS) Configuration Lab
4 From the second Lab Group PC desktop(127.0.0.1:10 2X), open the folder named iPerf for Windows and launch the batch file Lab_ECF17-Xb where X is the lab group number assigned in Table 1.
This batch file will send a 10MB UDP stream for fifty minutes (3000 seconds) to the target address 192.168.1XX.1. 5 Show the port utilization for the first Lab Group PC port (port 24), the second Lab Group PC port (port 23), and the uplink port to CS-A (port 13) by entering the following command: show ports 13,23,24 utilization
Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link Utilization Averages screen. The system displays the following: Link Utilization Averages Port
Link State
Link Speed
Wed Aug 27 09:38:12 2008
Receive % bandwidth
Peak Rx % bandwidth
Transmit % bandwidth
Peak Transmit % bandwidth
================================================================================ 13
A
10
0.11
0.11
99.04
100.00
23
A
100
6.90
6.90
0.01
0.01
24
A
100
3.60
3.86
0.01
0.01
================================================================================ > indicates Port Display Name truncated past 8 characters Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback Spacebar->toggle screen U->page up
D->page down ESC->exit
6 Notice that, in this example, the Receive % Bandwidth for port 23 is at the expected 10Mbyte (the size of the UDP transmitted stream), and that the Transmit % Bandwidth for port 13 is now hovering at 100% utilization. 7 No QoS has been configured, so the traffic streams are being forwarded by the default, best-effort profile, QP1. Confirm that all traffic is being service by QP1 by showing the QoS monitor statistics for the uplink port, Port 13, with the following command: show port 13 qosmonitor
200
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Quality of Service (QoS) Configuration Lab
The system displays the following: Qos Monitor Req Summary Port
QP1
Pkt
Pkt
Xmts
Wed Aug 27 09:43:15 2008
QP2
QP3 Pkt
Xmts
QP4 Pkt
Xmts
QP5 Pkt
Xmts
QP6 Pkt
Xmts
QP7 Pkt
Xmts
QP8 Pkt
Xmts
Xmts
================================================================================ 13
98437
0
0
0
0
0
0
4
The actual target interfaces, 192.168.10 X.1 and 192.168.1XX.1, are configured on the student switch. The streams are forwarded to the first core switch, CS-A, where they cross the routing boundary and pass to the second core switch, CS-B via the cross-connect with CS-A. The two streams are then sent back via layer-2 to the student switch on two separate links, port 14 and port 16. 8 You can get a sense of how the best-effort servicing on port 14 affects the amount of traffic forwarded from either stream by displaying the port utilization information for these two inbound ports with the following command: show ports 14,16 utilization
9 Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link Utilization Averages screen.
The system displays the following: Link Utilization Averages Port
Link State
Link Speed
Wed Aug 27 09:57:33 2008
Receive % bandwidth
Peak Rx % bandwidth
Transmit % bandwidth
Peak Transmit % bandwidth
================================================================================ 14
A
10
35.81
39.55
0.05
0.06
16
A
10
67.83
69.71
0.05
0.06
10 Notice that, in this example, while the srcinal bandwidth for the first Lab Group PC was 5MB, the Receive % bandwidth for port 14 shows that only approximately 35%, or roughly 3.5MB, is reaching the target. Notice also, a similar situation for the traffic sent from the second Lab Group PC is occurring. Of the 10MB srcinal stream, only 6.7MB arrives at the target.
This information is consistent with what you know of the size of the srcinal streams and QoS profile that is servicing them. The combined streams from the first and second Lab Group PC total 15MB. This means that the first Lab Group PC accounts for approximately one third of the total, and the second Lab Group PC accounts for, approximately, the remaining two thirds. Since all of the traffic is being forwarded by the same QoS queue, the traffic is forwarded according to the percentage of the total, resulting in the numbers you see being received on ports 14 and 16 in the above illustration.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
201
Quality of Service (QoS) Configuration Lab
Part 4: Configuring Quality of Service, Assigning it to a VLAN, and Verifying Priority Service 1 In our scenario, you want to ensure that the entire smaller stream from the first Lab Group PC arrives at its target, and that the stream from the second Lab Group PC continues to receive besteffort delivery. The switch has two QoS profiles configured by default: QP1 for best-effort and QP8 for management traffic. Confirm this by entering the following command: show qosprofile
The system displays the following:
QP1
Weight =
1
Max Buffer Percent = 100
QP8
Weight =
1
Max Buffer Percent = 100
2 Since the traffic from the first Lab Group PC is only a production stream and you do not want to arbitrarily assign it to your management traffic queue. Begin by first creating the QoS profile QP2 for the smaller stream by entering the following command: create qosprofile qp2
3 Confirm that you successfully created the new profile by entering the following command: show qosprofile
The system displays the following:
QP1
Weight =
1
Max Buffer Percent = 100
QP2
Weight =
1
Max Buffer Percent = 100
QP8
Weight =
1
Max Buffer Percent = 100
4 Since we want to guarantee that the traffic from the first Lab Group PC arrives at its destination, enter the following command to implement strict priority queue scheduling: configure qosscheduler strict-priority
5 Notice that the queues will now be serviced only in order of priority and the profile weight be ignored. 6 Assign the newly-created profile QP2 to the VLAN servicing the smaller data stream, closet_Xa, by entering the following command: configure closet_Xa qosprofile qp2
Where X is your lab group number found in Table 1. 7 Confirm that the qosprofile is correctly assigned to the VLAN by entering the following command: show vlan closet_Xa
202
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Quality of Service (QoS) Configuration Lab
The system displays the following: VLAN Interface with name closet_Xa created by user Admin State:
Enabled
Tagging:
802.1Q Tag X1
Virtual router: VR-Default IPv6:
None
STPD:
None Protocol:
Match all unfiltered protocols
Loopback:
Disabled
NetLogin:
Disabled
QosProfile:
QP2
Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: Ports:
2.
Untag:
None configured
(Number of active ports=2)
*24
Tag:
*13
Flags:
(*) Active, (!) Disabled, (g) Load Sharing port (b) Port blocked on the vlan, (m) Mac-Based port (a) Egress traffic allowed for NetLogin (u) Egress traffic unallowed for NetLogin (t) Translate VLAN tag for Private-VLAN (s) Private-VLAN System Port, (L) Loopback port (e) Private-VLAN End Point Port
8 If necessary, restart the iPerf utility to ensure that both Lab Group PCs are transmitting their respective UDP streams. Confirm that the traffic on the uplink port, port 13, is now being serviced by queues 1 and 2 with the following command: show port 13 qosmonitor
NOTE
If the iPerf timer on the batch file on either PC has expired, re-launch the utility.
9 Clear the counters by pressing the 0 key.
The system displays the following: Qos Monitor Req Summary Port Pkt Xmts
QP1
QP2 Pkt Xmts
Wed Aug 27 13:12:13 2008 QP3
Pkt
QP4 Pkt
Xmts
QP5 Pkt
Xmts
QP6 Pkt
Xmts
QP7 Pkt
Xmts
QP8 Pkt
Xmts
Xmts
================================================================================ 13
629319
34123
0
0
0
0
0
32
10 While the above confirms that both QP1 and QP2 are servicing the streams equally, it is impossible to tell anything about the actual traffic flow. We can get more insight into how the traffic is moving through the switch by displaying the port utilization information for the four inbound ports (ports 14, 16, 23, and 24) and one outbound port (port 13) with the following command: show ports 13,14,16,23,24 utilization
ExtremeXOS™ Operation and Configuration, Rev. 12.1
203
Quality of Service (QoS) Configuration Lab
11 Change the display by pressing the SPACE bar on your keyboard until you are viewing the Link Utilization Averages screen.
The system displays the following: Link Utilization Averages Port
Link State
Link Speed
Wed Aug 27 13:15:54 2008
Receive % bandwidth
Peak Rx % bandwidth
Transmit % bandwidth
Peak Transmit % bandwidth
================================================================================ 13
A
10
0.11
0.11
100.00
100.00
14
A
10
39.65
39.65
0.06
0.06
16
A
10
69.33
69.33
0.06
0.06
23
A
100
7.93
7.93
0.01
0.01
24
A
100
3.98
3.98
0.01
0.01
================================================================================ > indicates Port Display Name truncated past 8 characters Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback Spacebar->toggle screen U->page up
D->page down ESC->exit0
12 Notice that, in this example, as expected, the information for inbound ports 23 and 24, and outbound port 13, remain unchanged.
The highlighted statistics for the inbound ports 14 and 16, however, is very different than in the best-effort trial. In this case, port 14 and port 16 are showing roughly the same utilization approximately 40% and approximately 60% of a 10MB port, or approximately 5MB of utilization. This proves that all of the higher priority traffic from the smaller stream is now being forwarded out the oversubscribed uplink port, port 13. The remaining bandwidth (approximately 5MB) is used by the lower-priority stream from the second Lab Group PC.
Ensure to clear the configuration on both Lab Group PCs by running the cleanup config file. 13 From the 127.0.0.1:101X Lab Group PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_cleanup_ECF17-Xa batch file, where X is your lab group number assigned in Table 1. 14 From the 127.0.0.1:10 2X Lab Group PC desktop, open the Lab Networking Addressing folder. Double click on the Config_cleanup_ECF17-Xb batch file, where X is the lab group number assigned in Table 1.
204
ExtremeXOS™ Operation and Configuration, Rev. 12.1
16 Switch Diagnostics Lab Student Objectives This lab provides you with hands-on experience to use the Extreme Networks system diagnostic features. In this lab, you will: ● Verify system memory and process operation. ●
Terminate and restart a process.
●
Verify that the system health check is enabled.
●
Display the system log.
●
Run normal and extended diagnostics.
●
Verify diagnostic results.
Figure 1: Switch Diagnostics Lab
ExtremeXOS™ Operation and Configuration, Rev. 12.1
205
Switch Diagnostics Lab
Part 1: Resetting the Switch to Factory Default 1 Press the Enter key until the system displays the login prompt. 2 Enter
admin
to login to the switch with administrator privilege.
3 The switch should not have an admin password configured. Press the Enter key. 4 The system displays the command line prompt. 5 Reset the switch to the factory default configuration by entering the following command: unconfigure switch all
The following displays: Restore all factory defaults and reboot? (y/N)
6 Enter y and press the Enter key.
The boot process is complete when the following displays: Authentication Service (AAA) on the master node is now available for login.
7 Press the Enter key until the system displays the login prompt. 8 Enter
admin
to login to the switch with administrator privilege.
9 The switch should not have an admin password configured. Press the Enter key.
The system displays the command line prompt. Because it has been reset to the factory default, the switch will prompt for several security settings. First, the following displays: Telnet is enabled by default. Telnet is unencrypted and has been the target of security exploits in the past. Would you like to disable Telnet? [y/N]:
10 Enter n and press the Enter key.
Then the following displays: :
SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be configured to eliminate this problem. Would you like to disable SNMP? [y/N]:
11 Enter n and press the Enter key.
The following message appears: All ports are enabled by default. In some secure applications, it maybe more desirable for the ports to be turned off. Would you like unconfigured ports to be turned off by default? [y/N]:
206
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Diagnostics Lab
12 Enter y and press the Enter key.
The following prompt then displays regarding the failsafe login and password: Changing the default failsafe account username and password is highly recommended. If you choose to do so, please remember the username and password as this information cannot be recovered by Extreme Networks. Would you like to change the failsafe account username and password now? [y/N]:
13 Enter n and press the Enter key.
Finally, the following displays: Would you like to permit failsafe account access via the management port? [y/N]:
14 Enter n and press the Enter key. 15 Save the configuration to the default configuration location by entering the following command: save
The following displays: No default configuration database has been selected to boot up the system. Save configuration will set the new configuration as the default database. The configuration file primary.cfg already exists. Do you want to save configuration to primary.cfg and overwrite it? (y/N)
16 Enter y and press the Enter key.
The following then displays: Saving configuration on master ........... done! Configuration saved to primary.cfg successfully. The selected configuration will take effect after the next switch reboot.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
207
Switch Diagnostics Lab
Part 2: Monitoring Processes 1 Display system processes, by entering the following command: show process
The switch should display approximately 60 different processes. The following is an example of the command output: Process Name Version Restart State Start Time ------------------------------------------------------------------------aaa 3.0.0.3 0 Ready Tue Mar 11 22:33:48 2008 acl 3.0.0.2 0 Ready Tue Mar 11 22:33:52 2008 bgp 3.0.0.2 0 Ready Tue Mar 11 22:33:50 2008 brm 1.0.0.0 0 Ready Tue Mar 11 22:33:56 2008 cfgmgr 3.0.0.21 0 Ready Tue Mar 11 22:33:47 2008 cli 3.0.0.22 0 Ready Tue Mar 11 22:33:47 2008 devmgr 3.0.0.2 0 Ready Tue Mar 11 22:33:47 2008 . . . vlan 3.1.0.2 0 Ready Tue Mar 11 22:33:48 2008 vrrp 3.0.0.5 0 Ready Tue Mar 11 22:33:53 2008 xmld 1.0.0.0 0 Ready Tue Mar 11 22:33:55 2008
2 Display the memory use for the specific process CLI by entering the following command: show memory process cli
The following displays: System Memory Information ------------------------Total DRAM (KB): 262144 System (KB): 17380 User (KB): 95176 Free (KB): 149588 Memory Utilization Statistics ----------------------------Process Name Memory (KB) ----------------------------cli 17848
3 Display detailed information for the CLI processes by entering the following command: show process cli detail
208
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Diagnostics Lab
The following displays: Name PID Path Type Link Date Build By Peer -------------------------------------------------------------------------------cli 409 ./cliMaster App Mon Feb 25 15:45:31 PST 2008 release-manager 29 Virtual Router(s): -------------------------------------------------------------------------------Configuration: Start Priority SchedPolicy Stack TTY CoreSize Heartbeat StartSeq -------------------------------------------------------------------------------1 0 0 0 0 0 1 1 Memory Usage Configuration: Memory(KB) Zones: Green Yellow Orange Red -------------------------------------------------------------------------------0
0
0
0
0
Recovery policies -------------------------------------------------------------------------------failover-reboot -------------------------------------------------------------------------------Statistics: ConnectionLost Timeout Start Restart Kill Register Signal Hello Hello Ack -------------------------------------------------------------------------------0 0 0 0 0 1 0 0 175 Memory Zone Green Yellow Orange Red -------------------------------------------------------------------------------Green 0 0 0 0 -------------------------------------------------------------------------------Commands: Start Stop Resume Shutdown Kill -------------------------------------------------------------------------------0 0 0 0 0 -------------------------------------------------------------------------------Resource Usage: UserTime SysTime PageReclaim PageFault Up Since Up Date Up Time -------------------------------------------------------------------------------11.94 2.25 19682 544 Tue Mar 11 22:33:47 2008 00/00/0 0 00:17:46 -------------------------------------------------------------------------------Thread Name
Pid
Tid
Delay
Timeout Count
-------------------------------------------------------------------------------main 409 1024 6 0 --------------------------------------------------------------------------------
4 Display the heartbeat for the CLI process by entering the following command: show heartbeat process cli
The following displays: Process Name Hello HelloAck Last Heartbeat Time ---------------------------------------------------------------------cli 0 215 Tue Mar 11 22:55:32 2008
5 Display the CPU usage for all running processes by entering the following command: top
ExtremeXOS™ Operation and Configuration, Rev. 12.1
209
Switch Diagnostics Lab
The following displays: Mem: 224196K used, 20568K free, 0K shrd, 1468K buff, 127256K cached Load average: 3.11, 3.03, 2.61 (State: S=sleeping R=running, W=waiting) PID 632 409 621 620 622 405 480 569 481 508
USER root root root root root root root root root root
STATUS R S S S S S < S < S < S < S <
RSS 880 17M 17M 17M 17M 11M 11M 11M 11M 11M
510 511 512 528 530 531 544 546 547
root root root root root root root root root
S S S S S S S S S
11M 11M 11M 11M 11M 11M 11M 11M 11M
N < < < < < < < <
PPID %CPU %MEM COMMAND 631 3.0 0.3 top -d 3 1 0.0 7.2 ./cliMaster 620 0.0 7.2 ./cliMaster 409 0.0 7.2 ./cliMaster 620 0.0 7.2 ./cliMaster 1 0.0 4.7 ./hal 405 0.0 4.7 ./hal 480 0.0 4.7 ./hal 480 0.0 4.7 ./hal 480 0.0 4.7 ./hal 480 480 480 480 480 480 480 480 480
0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
4.7 4.7 4.7 4.7 4.7 4.7 4.7 4.7 4.7
./hal ./hal ./hal ./hal ./hal ./hal ./hal ./hal ./hal
6 Notice that, in this example, the PID for the CLI process, 409, indicates that the process is not currently consuming any CPU resource, but that it is using 7.2% of memory. 7 Use Ctrl-C to return to the command line.
Part 3: Terminating and Restarting Processes 1 Display a description of what a processes does, by entering the following command: show process description
The following displays: Process Name Description ---------------------------------------------------------------------aaa Authentication, Authorization, and Accounting Server acl Access Control List Manager bgp Border Gateway Protocol . . . tftpd Tftp server thttpd Web Server upm Universal Port Manager vlan VLAN Manager - L2 Switching application vrrp Virtual Router Redundancy Protocol (RFC 3768) xmld XML server
2 Terminate the TFTP process by entering the following command: terminate process tftpd graceful ■
Enter Yes to the tftpd config warning message that asks if you want to continue.
The following displays: Successful graceful termination for tftpd
210
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Diagnostics Lab
3 Verify the state of the TFTP process by entering the following command: show process tftpd
The following displays: Process Name Version Restart State Start Time ------------------------------------------------------------------------tftpd 3.0.0.2 0 Stopped Tue Mar 11 22:33:54 2008
4 Notice that, in this example, the Restart count is set to 0 and the State is Stopped. 5 Re-start the TFTP process, by entering the following command: start process tftpd
The following displays: Started tftpd successfully
6 Verify the state of the TFTP process, by entering the following command: show process tftpd
The following displays: Process Name Version Restart State Start Time ------------------------------------------------------------------------tftpd 3.0.0.2 1 Ready Tue Mar 11 23:27:30 2008
Part 4: Running Normal Diagnostics 1 Verify that the system health check is enabled by entering the following command: show switch
The following displays: SysName: SysLocation: SysContact: System MAC: System Type:
[email protected], +1 888 257 3000 00:04:96:27:BD:0B X450a-24t
X450a-24t
SysHealth check: Recovery Mode: System Watchdog:
Enabled (Normal) All Enabled
. . .
2 Display the system log by entering the following command: show log
ExtremeXOS™ Operation and Configuration, Rev. 12.1
211
Switch Diagnostics Lab
The following displays: 03/11/2008 03/11/2008 03/11/2008 03/11/2008 03/11/2008 03/11/2008 03/11/2008 03/11/2008 . . .
23:55:15.49 23:55:13.53 23:51:33.11 23:27:30.49 23:27:30.17 23:15:53.81 23:15:53.81 23:15:35.62
: Login passed for user admin through serial : Login failed for user sh swi through serial : User admin logout from serial : **** tftpd started ***** : Requested process tftpd start : Unknown Process tftpd : Requested process tftpd shutdown : Process tftpd Stopped
3 Verify that the log indicates no system errors. 4 Clear the system log by entering the following command: clear log
5 Run the normal diagnostics by entering the following command: run diagnostics normal
The system displays: Running Diagnostics will disrupt network traffic. Are you sure you want to continue? (y/N)
Enter y and press the Enter key. 6 The system reboots and begins the diagnostic process and the following displays: SummitX Diagnostics Mode Enabled, Starting Diagnostics.... Motherboard CPLD Revision: 2 Starting operational diagnostics DIAGNOSTIC PASS: run test i2c environment DIAGNOSTIC PASS: run test memory nvram DIAGNOSTIC PASS: run test memory flash compact internal scratch DIAGNOSTIC PASS: run test memory sdram DIAGNOSTIC PASS: run test loopback eth DIAGNOSTIC PASS: run test register mac DIAGNOSTIC PASS: run test memory mac DIAGNOSTIC PASS: run test loopback pci DIAGNOSTIC PASS: run test loopback interface lb-mac DIAGNOSTIC PASS: run test loopback interface lb-phy copper DIAGNOSTIC PASS: run test loopback interface lb-phy fiber DIAGNOSTIC PASS: run test snake interface internal
Summit Diagnostics completed, rebooting system...
7 Highlight any failures and report them to the instructor.
212
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Diagnostics Lab
8 Login and display the summary results of the test by entering the following command: show diagnostics
The following displays: Last Test Date: Mar-12-2008 Summary: Diagnostics Pass
9 Display the system log by entering the following command: show log
The following displays: 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008
00:35:12.26 00:13:51.48 00:13:51.32 00:13:45.96 00:13:41.56 00:13:36.73 00:13:26.66 00:13:23.61 00:13:21.68 00:13:21.08 00:13:17.58 00:13:17.58 00:13:16.52 00:13:16.50 00:13:15.47 00:13:13.33 00:13:09.96 00:13:09.95 00:13:09.41 00:13:07.71 00:05:52.91
Login passed for user admin through serial Internal power sup ply operational. Switch is operati onal System is stable. Change to warm reset mode Watchdog enabled DOS protect application started successfully **** telnetd started ***** **** tftpd started ***** Network Login framework has been initialized Node State[3] = OPERATIONAL Node State[2] = STANDBY Node INIT DONE .... Node State[1] = INIT telnetd listening on port 23 Hal initialization done. Starting hal initi alization .... DM started NM started EPM Started Changing to watchdog warm reset mode Rebooting with reason User requested reboot to run diagnostics
10 Verify that the log indicates no system errors.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
213
Switch Diagnostics Lab
Part 5: Running Extended Diagnostics 1 Run the normal diagnostics by entering the following command: run diagnostics extended
The system displays: Running Diagnostics will disrupt network traffic. Are you sure you want to continue? (y/N)
Enter y and press the Enter key. 2 The system reboots and begins the diagnostic process and the following displays: SummitX Diagnostics Mode Enabled, Starting Diagnostics.... Motherboard CPLD Revision: 2 Starting operational diagnostics DIAGNOSTIC PASS: run test i2c environment DIAGNOSTIC PASS: run test memory nvram DIAGNOSTIC PASS: run test memory flash compact internal scratch DIAGNOSTIC PASS: run test memory sdram DIAGNOSTIC PASS: run test loopback eth iterations 50 pps-rate fast DIAGNOSTIC PASS: run test register mac DIAGNOSTIC PASS: run test memory mac fill-data hex byte 0x55 DIAGNOSTIC PASS: run test memory mac fill-data hex byte 0xAA DIAGNOSTIC PASS: run test loopback pci iterations 10 DIAGNOSTIC PASS: run test loopback interface lb-mac iterations 50 pps-rate fast DIAGNOSTIC PASS: run test loopback interface lb-phy copper iterations 50 pps-rate fast DIAGNOSTIC PASS: run test loopback interface lb-phy fiber iterations 50 pps-rate fast DIAGNOSTIC PASS: run test snake interface internal duration 60
Summit Diagnostics completed, rebooting system...
3 Notice that there is one more test in extended diagnostics than in normal diagnostics, and that several tests display more detailed test information. Highlight any failures and report them to the instructor. 4 Login and display the summary results of the test by entering the following command: show diagnostics
The following displays: Last Test Date: Mar-12-2008 Summary: Diagnostics Pass
5 Display the system log by entering the following command: show log
214
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Switch Diagnostics Lab
The following displays: 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 03/12/2008 A
6
tot al
of
01:05:26.0 00:54:09.75 00:54:09.44 00:54:03.79 00:53:59.50 00:53:55.35 00:53:45.50 00:53:42.8 00:53:40.36 00:53:39.8 00:53:36.86 00:53:36.86 00:53:35.7 00:53:35.62 00:53:34.73 00:53:32.32 00:53:29.04 00:53:28.93 00:53:28.42 00:53:26.7 00:45:25.7 21
log
0 Login passed for user admin through serial Internal power supply operational. Switch is operational System is stable. Change to warm reset mode Watchdog enabled **** telnetd started ***** DOS protect application started successfully 4 **** tftpd started ***** Node State[3] = OPERATIONAL 8 Network Login framework has been initialized Node State[2] = STANDBY Node INIT DONE .... 8 Node State[1] = INIT telnetd listening on port 23 Hal initialization done. Starting hal initialization .... NM started DM started EPM Started 2 Changing to watchdog warm reset mode 0 Rebooting with reason U ser requested reboot to run
me ssag es
diagnostics
wer e d is pla yed .
Verify that the log indicates no system errors.
ExtremeXOS™ Operation and Configuration, Rev. 12.1
215
Switch Diagnostics Lab
216
ExtremeXOS™ Operation and Configuration, Rev. 12.1
17 Network Troubleshooting Lab Student Objectives This lab provides you with hands-on experience to use the systematic troubleshooting process and verify the operation of the network at the physical, datalink, and network layers. In this lab, you will: ● Load a pre-configured configuration file with embedded configuration errors. ●
Use appropriate commands, learned throughout this course, to identify faults.
●
Resolve any errors introduced by the configuration file.
●
Document the commands used to restore the simple OSPF network.
Figure 1: Network Troubleshooting Lab
ExtremeXOS™ Operation and Configuration, Rev. 12.1
217
Network Troubleshooting Lab
Refer to the values listed in Table 1 and Table 2 to configure switch parameters for this lab.
Table 1: Lab Groups and Switch Names Lab Group Number
1
2
3
4
5
6
Switch Name
NC_1
OSBU_2
EC_3
RA_4
SC_5
WC_6
Table 2: Valid VLAN Names, Ports, IP Addresses and OSPF Areas V LA NN a m e
Po rts
I PA d d r e ss
OS P FA r e a
wan_X wanbu_X
13 15
10.0.X.2/24 10.0.1X.2/24
0.0.0.0 0.0.0.0
data_X
24
10.0.10X.1/24
0.0.0.0
Lab Group PC IP Address
10.0.10X.101/24
Table 2 contains the correct values required for the network you are troubleshooting. X is your lab group number found in Table 1. In this exercise your lab group has been assigned eight embedded configuration errors. These represent some of the most common problems found in a production environment. 1 Use the information in the tables above and the appropriate commands to help identify these faults. 2 Record each error on the Fault Description side of the worksheet as you discover them. 3 Apply the changes and record the configuration command that you use to correct the error on the Command side of the worksheet.
Part 1: Setting Up the Lab Switch 1 Log into the switch and load the baseline configuration for this lab by entering the following command: use configuration Lab_ECF14-X
Where X is your lab group number found in Table 1. 2 Reboot the switch by entering the following command: reboot
If there were any unsaved changes on the switch, indicated with an asterisk (*) preceding the command line label, the system will display the following: Do you want to save configuration changes to currently selected configuration file (XXXXXX.cfg) and reboot? (y - save and reboot, n - reboot without save, - cancel command)
3 Enter n to reboot without save.
If there were no unsaved changes on the switch, the system will display the following: Are you sure you want to reboot the switch? (y/N)
218
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Network Troubleshooting Lab
4 Enter y to reboot the switch if this message appears.
When the boot process is complete, the switch displays the following: Authentication Service (AAA) on the master node is now available for login.
5 Press the Enter key to bring up the login prompt. Enter admin and press the Enter key. The switch will then display the following prompt for the password: login: admin password:
6 Press the Enter key again (by default, there is no password). You are now ready to begin configuring the switch.
Part 2: Configuring the Client Workstation The following instructions will guide you in setting up the client workstation. If your RD-X connection to PC 127.0.0.1:101X is still open but minimized, skip to step 6. 1 From your laptop, launch the PuTTY utility. 2 Launch the remote desktop tunnel by double-clicking on the RD_X saved session.
3 The utility opens a secure session window displaying the student login ID and the public key. The tunnel is complete when the $ prompt appears:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
219
Network Troubleshooting Lab
4 From your computer's Start menu, open the Accessories folder and launch the Remote Desktop Connection utility:
5 Enter the combined IP address and unique port number identifying the target lab PC in the format 127.0.0.1:101X, where X is the lab group number assigned in Table 1:
6 Enter the login and password credentials. For all lab stations, the User Name is student and the Password is student:
220
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Network Troubleshooting Lab
7 From the Lab PC desktop, open the Lab Networking Addressing folder. Double-click on the Config_ECF14-X batch file, where X is your lab group number assigned in Table 1:
This batch file will automatically configure the PC IP address. The following screen will appear while the file executes, and then close automatically when it terminates:
8 To confirm the workstation IP address, from the Start menu, click on the Run option. In the Run dialog box enter cmd to open a Command window:
ExtremeXOS™ Operation and Configuration, Rev. 12.1
221
Network Troubleshooting Lab
9 In the command window, display the IP interface information on the PC by entering the following command: ipconfig
The system displays the following:
Note that the Lab Network interface has been assigned your lab group PC's IP address and mask found in Table 2. This completes the setup of the Lab Group PC. Minimize this window and return to the switch now.
222
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Network Troubleshooting Lab
Error Identification and Resolution Worksheet Compare the values in Tables 1and 2 with the output received when using appropriate commands. Identify the eight faults embedded in the troubleshooting configuration and restore the network. No.
F a u lD t esc r ip t i o n
Co m m a n d
1
2
3
4
5
6
7
8
ExtremeXOS™ Operation and Configuration, Rev. 12.1
223
Network Troubleshooting Lab
224
ExtremeXOS™ Operation and Configuration, Rev. 12.1
18 Appendix A: Lab Network Diagrams
ExtremeXOS™ Operation and Configuration, Rev. 12.1
225
Appendix A: Lab Network Diagrams
226
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Appendix A: Lab Network Diagrams
ExtremeXOS™ Operation and Configuration, Rev. 12.1
227
Appendix A: Lab Network Diagrams
228
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Appendix A: Lab Network Diagrams
ExtremeXOS™ Operation and Configuration, Rev. 12.1
229
Appendix A: Lab Network Diagrams
230
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Appendix A: Lab Network Diagrams
ExtremeXOS™ Operation and Configuration, Rev. 12.1
231
Appendix A: Lab Network Diagrams
232
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Appendix A: Lab Network Diagrams
ExtremeXOS™ Operation and Configuration, Rev. 12.1
233
Appendix A: Lab Network Diagrams
234
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Appendix A: Lab Network Diagrams
ExtremeXOS™ Operation and Configuration, Rev. 12.1
235
Appendix A: Lab Network Diagrams
236
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Appendix A: Lab Network Diagrams
ExtremeXOS™ Operation and Configuration, Rev. 12.1
237
Appendix A: Lab Network Diagrams
238
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Appendix A: Lab Network Diagrams
ExtremeXOS™ Operation and Configuration, Rev. 12.1
239
Appendix A: Lab Network Diagrams
240
ExtremeXOS™ Operation and Configuration, Rev. 12.1
Appendix A: Lab Network Diagrams
ExtremeXOS™ Operation and Configuration, Rev. 12.1
241
Appendix A: Lab Network Diagrams
242
ExtremeXOS™ Operation and Configuration, Rev. 12.1