Intro To VOSS & Fabric v0.2

Download as pdf or txt
Download as pdf or txt
You are on page 1of 44

Introduction to VOSS

& Fabric Connect

For VOSS & EXOS ExtremeSwitching Products

Name Version Comments


Stéphane Grosjean 0.1 Initial Release – September 2017
Stéphane Grosjean 0.2 Various CLI cleanups on VOSS with the help of Steven Emert, FA
Proxy on EXOS modified & updated – November 2017

Stéphane Grosjean
Principal SE, EMEA Southern, France

Confidential. Not For Distribution Without Permission.


[email protected]
Table of Contents

1 Disclaimer.....................................................................................4
1.1 References .................................................................................................................................... 4

2 Introduction .................................................................................5
2.1 Network Diagram .......................................................................................................................... 5
2.2 Basic Settings ................................................................................................................................ 5
2.2.1 Access to the Switch ............................................................................................................. 5
2.2.2 Setting an IP address ............................................................................................................. 6
2.2.3 Setting a Default Route ......................................................................................................... 6
2.2.4 Shut/No Shut of a Port .......................................................................................................... 7
2.2.5 Setting the SysName ............................................................................................................. 7
2.2.6 Enabling IP Management Access .......................................................................................... 7
2.2.7 Save the Config ..................................................................................................................... 9
2.2.8 Reset to Factory Default a Switch ......................................................................................... 9
2.2.9 Create a VLAN ....................................................................................................................... 9
2.2.10 Adding/Removing ports to a VLAN ..................................................................................... 10
2.2.11 Tagging Ports on VLANs ...................................................................................................... 11
2.2.12 Displaying the Configuration............................................................................................... 11
2.2.13 Time and Timezones ........................................................................................................... 11
2.2.14 Changing Password ............................................................................................................. 12
2.2.15 SNMP Configuration............................................................................................................ 12
2.2.16 Software Upgrade ............................................................................................................... 13
2.2.17 Installing a License .............................................................................................................. 15
2.2.18 Web Server.......................................................................................................................... 15
2.3 Connecting an EXOS switch to a VOSS switch............................................................................. 16

3 Fabric Connect Configuration ...................................................... 20


3.1 Creating the SPBm Fabric............................................................................................................ 20

Confidential. Not For Distribution Without Permission.


3.1.1 BEB1 Configuration: ............................................................................................................ 20
3.1.2 BCB Configuration ............................................................................................................... 21
3.1.3 BEB2 Configuration ............................................................................................................. 22
3.1.4 Verifying the SPBm Fabric ................................................................................................... 22
3.2 Creating L2VSN............................................................................................................................ 24
3.3 Creating L3VSN............................................................................................................................ 28
3.3.1 VLANs Configuration ........................................................................................................... 29
3.3.2 Fabric Connect IP Configuration ......................................................................................... 30
3.3.3 VRF Green Configuration .................................................................................................... 31
3.3.4 VRF Gold Configuration ....................................................................................................... 33
3.4 Multicast L3VSN .......................................................................................................................... 35
3.5 Fabric Attach with EXOS.............................................................................................................. 36
3.5.1 Fabric Attach Server Configuration ..................................................................................... 37
3.5.2 Fabric Attach Proxy EXOS Configuration ............................................................................. 38

Confidential. Not For Distribution Without Permission.


Intro to VOSS & Fabric

Page |4

1 Disclaimer

This document is internal only and shouldn’t be used externally by any means. This is not an
official document from Extreme Networks and cannot be used to validate any design, feature or
scalability. This is an informational document only.

1.1 References

The following documents were used extensively in the preparation of this document:

Fabric Attach Functional Specification


NN47227-505_10_02_ConfiguringIPv4Routing_VOSS
NN47227-510_07_07_ConfiguringFabricConnect_VOSS
NN48500-617_v3_4_1_Shortest_Path_Bridging_TCG

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

Page |5

2 Introduction

This document is targeted for the SE’s with no experience on VSP platforms, nor VOSS and as
such Fabric Connect. Its goal is to give a quick and easy view on how to performs basic
configurations on VSP, then setup a simple Extreme Fabric Connect network and finally have a
preview on Fabric Attach in EXOS.

2.1 Network Diagram

We are using for this document the following products: three VSP 4450, one x440-G2 and one
x460-G2. They are interconnected in a daisy-chain fashion.

For the purpose of this document, the three VSP 4450 are running VOSS 6.1.50.0, the X460-G2 is
running EXOS 22.3.1.4-patch1-4 and the X440-G2 is running EXOS 22.4.0.35, to demo the future
Fabric Attach feature.

2.2 Basic Settings

Let’s describe how to access and configure some basic parameters using VOSS CLI.

2.2.1 Access to the Switch

Default credentials are either rw/rw or rwa/rwa, depending on the privilege you need. Both
grants a read-write access, but rwa also allows for security configuration modification. There are
several other logon credentials (ro, l1, l2, l3) but with more limited privilege.

You can connect in console using a standard cable, similar to those used for EXOS products, using
the usual settings 9600 8N1.

Please note that the first time you connect to a VSP, you’ll need console access as telnet, web or
ssh are disabled by default.

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

Page |6

Virtual Services Platform 4000


VSP Operating System Software Build 6.0.1.1
General Availability Released Software, Fully supported

AVAYA COMMAND LINE INTERFACE

Login: rwa
Password: ***

If you connect in console before booting up the switch, you will see a lot of interesting hardware
information during the boot.

2.2.2 Setting an IP address

By default, every ports are part of vlan 1 (default) and are shutdown. Depending on the platform,
a dedicated management port can be available. As an example, the VSP 4450 has no dedicated
management port.

To configure an IP address, we need to enter configuration mode, in a similar way than Cisco’s
IOS.

VSP4K02_BB:1>en
VSP4K02_BB:1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
VSP4K02_BB:1(config)#

We’ll start by setting an IP address on the default VLAN, as we’ll use it for our management
access.

VSP4K02_BB:1(config)#interface vlan 1
VSP4K02_BB:1(config-if)#ip address 192.168.254.112/24
VSP4K02_BB:1(config-if)#exit

2.2.3 Setting a Default Route

Configuring a static route needs to be done in two commands: one to set the weight / preference
of the route and one to enable it.

VSP4K02_BB:1(config)#ip route 0.0.0.0 0.0.0.0 192.168.254.1 weight 1


VSP4K02_BB:1(config)#ip route 0.0.0.0 0.0.0.0 192.168.254.1 enable

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

Page |7

If the route is Up, you can see it in the routing table, otherwise you need to specifically display
the static routes configured (show ip route static).

VSP4K02_BB:1(config-if)#show ip route
=====================================================================================================
IP Route - GlobalRouter
=====================================================================================================
NH INTER
DST MASK NEXT VRF/ISID COST FACE PROT AGE TYPE PRF
-----------------------------------------------------------------------------------------------------
0.0.0.0 0.0.0.0 192.168.254.1 GlobalRouter 1 1 STAT 0 IB 5
192.168.254.0 255.255.255.0 192.168.254.112 - 1 1 LOC 0 DB 0

2 out of 2 Total Num of Route Entries, 2 Total Num of Dest Networks displayed.
--------------------------------------------------------------------------------------------------
TYPE Legend:
I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route,
U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route, S=SPBM Route
PROTOCOL Legend:
v=Inter-VRF route redistributed

2.2.4 Shut/No Shut of a Port

If you have connectivity issue, always check that your port is enabled.

VSP-4450GSX-PWR+:1(config)#interface gigabitEthernet 1/1


VSP-4450GSX-PWR+:1(config-if)#no shut

2.2.5 Setting the SysName

The prompt can be modified in several ways, either via the prompt CLI command or by
configuring the SysName.

VSP-4450GSX-PWR+:1(config)#sys name BCB


BCB:1(config)#

2.2.6 Enabling IP Management Access

By default, no IP management access is enabled. These options are in the boot flags settings.
There the admin can choose which protocol to activate.

BEB1:1(config)#boot config flags ?


block-snmp Block snmp access
debug-config Enable runtime debug of configuration file
debugmode Enable runtime debug mode
dvr-leaf-mode Enable dvr-leaf-mode
enhancedsecure-mode Enables enhancedsecure-mode flag
factorydefaults Set runtime switch configuration to factory defaults
flow-control-mode Enable flow-control-mode
ftpd Enable ftp server

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

Page |8

hsecure Enables high secure mode


ipv6-egress-filter enable ipv6 egress filter
linerate-directed-broadcast Enable 1G directed broadcast by hiding port 1/48 and
utilizing its bandwidth
logging Enable system logging
nni-mstp Allow mstp and other vlan on NNI
reboot Enable reboot on fatal error
rlogind Enable rlogin/rsh server
spanning-tree-mode To select the spanning treemode
spbm-config-mode Enable SPBM configuration mode
sshd Enable ssh daemon
telnetd Enable telnet server
tftpd Enable tftp server
trace-logging Enable system tracing
urpf-mode Enable urpf mode
verify-config Enable syntax check of configuration file
vrf-scaling Enable vrf-scaling globally.
BEB1:1(config)#

We just have to specify the daemon we want to start. Let’s enable telnetd.

BEB1:1(config)#boot config flags telnetd

Telnet access is now enabled and allowed. To check the current boot flags configuration in use,
you can use the show boot config flags CLI command. Below example is from a default
configuration with telnetd manually enabled.

BEB1:1(config)#show boot config flags


flags block-snmp false
flags debug-config false
flags debugmode false
flags dvr-leaf-mode false
flags enhancedsecure-mode false
flags factorydefaults false
flags flow-control-mode false
flags ftpd false
flags hsecure false
flags ipv6-egress-filter false
flags linerate-directed-broadcast false
flags logging true
flags nni-mstp false
flags reboot true
flags rlogind false
flags spanning-tree-mode mstp
flags spbm-config-mode true
flags sshd false
flags telnetd true
flags tftpd false
flags trace-logging false
flags urpf-mode false

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

Page |9

flags verify-config true


flags vrf-scaling false

2.2.7 Save the Config

There are two ways to save the configuration: using the write mem CLI or simply the save
config CLI command.

BEB1:1(config)#save config
CP-1: Save config to file /intflash/config.cfg successful.

BEB1:1(config)#

2.2.8 Reset to Factory Default a Switch

In the case you need to reset a switch to its factory default configuration, you need to enable a
boot config flag, then reboot the switch.

BEB2:1(config)#boot config flags factorydefaults


BEB2:1(config)#exit
BEB2:1#reset -y

The -y parameter forces the immediate reboot, without a confirmation.

2.2.9 Create a VLAN

By default, only VLAN 1 is defined on the switch. To create a new VLAN, simply use the vlan
create CLI command.

BEB1:1(config)#vlan create 42 name MyVlan type port-mstprstp 0

We can display the VLAN information to check.

BEB1:1(config)#show vlan basic

=================================================================================================
Vlan Basic
=================================================================================================
VLAN MSTP
ID NAME TYPE INST_ID PROTOCOLID SUBNETADDR SUBNETMASK VRFID
-------------------------------------------------------------------------------------------------
1 Default byPort 0 none N/A N/A 0
42 MyVlan byPort 0 none N/A N/A 0

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 10

All 2 out of 2 Total Num of Vlans displayed

BEB1:1(config)#

2.2.10 Adding/Removing ports to a VLAN

Once a VLAN has been created, you can add ports to it.

BEB1:1(config)#vlan members add 42 1/8,1/9


BEB1:1(config)#show vlan members

======================================================================================
Vlan Port
======================================================================================
VLAN PORT ACTIVE STATIC NOT_ALLOW
ID MEMBER MEMBER MEMBER MEMBER
--------------------------------------------------------------------------------------
1 1/1,1/13-1/50 1/1,1/13-1/50

42 1/8-1/9 1/8-1/9

All 2 out of 2 Total Num of Port Entries displayed

Similarly, you can remove ports from an existing VLAN.

BEB1:1(config)#vlan members remove 42 1/8


BEB1:1(config)#show vlan members

======================================================================================
Vlan Port
======================================================================================
VLAN PORT ACTIVE STATIC NOT_ALLOW
ID MEMBER MEMBER MEMBER MEMBER
--------------------------------------------------------------------------------------
1 1/1,1/13-1/50 1/1,1/13-1/50

42 1/9 1/9

All 2 out of 2 Total Num of Port Entries displayed

While the vlan members add and vlan members remove CLI commands are straightforward,
there’s another CLI command available to move port to a VLAN: vlan member <vid>
<portlist>. Depending on the platform OS (VOSS or BOSS), its behavior will differ.

On VOSS (VSP), if the port specified in the CLI command is tagged and already member of a VLAN,
that port will be added to the new VLAN and will remain on the other VLAN: this is an add
behavior. However, if the port was NOT tagged and was a member of a VLAN, that port is
removed from the previous VLAN and added to the new VLAN: this is a move behavior.

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 11

On BOSS, care must be taken as the behavior is ALWAYS a move, which could result in very
unpleasant effect when manually configuring uplinks. If you want to add a VLAN to that uplink,
using this command would remove it from all the existing VLANs configured…

2.2.11 Tagging Ports on VLANs

The following CLI command to tag or untag a port is available on both VOSS and BOSS, but is
mainly used for BOSS:

BEB2:1(config)#vlan port 1/1 tagging ?


tagAll Enable tagging on this port
untagAll Disable tagging on this port
BEB2:1(config)#vlan port 1/1 tagging tagAll

On VOSS, you generally only use the following CLI command:

BEB1:1(config)#interface gigabitEthernet 1/1


BEB1:1(config-if)#encapsulation dot1q

2.2.12 Displaying the Configuration

As expected, the configuration is viewable with the typical show running-config CLI
command. A module parameter allows to display a specific part of the configuration.

BEB2:1(config)#show run
Preparing to Display Configuration...
#
# Sun Jul 04 02:19:26 1971 UTC
# box type : VSP-4450GSX-PWR+
# software version : 6.0.1.1
# cli mode : ACLI
#
[…]

2.2.13 Time and Timezones

You can verify and modify the time on the switch with the clock command.

BEB2:1(config)#show clock

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 12

Sun Jul 04 22:51:57 1971 UTC

BEB2:1(config)#clock set 09172017135835

Clock time has been set successfully

BEB2:1(config)#show clock

Sun Sep 17 13:58:38 2017 UTC

Timezone is configured with the clock time-zone CLI command.

BEB2:1(config)#clock time-zone CET


Timezone CET has been set successfully
BEB2:1(config)#

2.2.14 Changing Password

You can change the default password of any account (if you are connected in rwa privilege) with
the following CLI command.

BEB2:1(config)#cli password rwa ?


layer1 Change layer1 read write login/password
layer2 Change layer2 read write login/password
layer3 Change layer3 read write login/password
read-only Change read only login/password
read-write Change read write login/password
read-write-all Change read write all login/password

2.2.15 SNMP Configuration

Aside from the sys name CLI command that we already see, SNMP configuration happens with
the snmp-server CLI command. You need to have a rwa privilege to configure it.

BEB2:1(config)#snmp-server ?
Modify SNMP settings
authentication-trap Enable generation of authentication traps
community Set community table
contact Text for mib object sysContact
force-iphdr-sender Set same snmp and ip sender flag
force-trap-sender Set snmp trap sender ip
group Set snmp v3 group access table
host Specify hosts to receive SNMP notifications
location Text for mib object sysLocation

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 13

login-success-trap Enable generation of login-success traps


name Text for mib object sysName
notify-filter Create new entry for notify filter table
sender-ip Set snmp trap sender ip
user Create or modify SNMPv3 user
view Create/modify an SNMP access view
BEB2:1(config)#snmp-server

Let’s configure SNMP in a common way.

BEB2:1(config)#snmp-server user snmpuser group v3group md5 snmpauthcred des


snmpprivcred

WARNING: For best security practices avoid the use


of repeated patterns in passwords.

BEB2:1(config)#snmp-server group v3group "" auth-priv read-view root write-


view root notify-view root
BEB2:1(config)#

2.2.16 Software Upgrade

There are several ways to upgrade the software on a VSP platform. One way is to use the USB
port available on the switch.

We need to copy the files to the switch, then activate it and reboot.

BEB2:1#ls /usb

Listing Directory /usb:


drwxr-xr-x 5 0 0 4096 Jan 1 1970 ./
drwxr-xr-x 19 0 0 0 Sep 26 13:57 ../
-rwxr-xr-x 1 0 0 214809438 Sep 26 13:23 VOSS4K.6.1.50.0.tgz
BEB2:1#
BEB2:1#copy /usb/VOSS4K.6.1.50.0.tgz /intflash/VOSS4K.6.1.50.0.tgz
BEB2:1#
BEB2:1#software add VOSS4K.6.1.50.0.tgz
Extracting distribution information from /intflash/VOSS4K.6.1.50.0.tgz
Extracting software version VOSS4K.6.1.50.0.GA from /intflash/VOSS4K.6.1.50.0.tgz
Extraction of VOSS4K.6.1.50.0.GA to /intflash/release/VOSS4K.6.1.50.0.GA successful
Setting permissions on /intflash/release/VOSS4K.6.1.50.0.GA successful
BEB2:1#
BEB2:1#software activate VOSS4K.6.1.50.0.GA
Executing software activate for version VOSS4K.6.1.50.0.GA.
Validating release VOSS4K.6.1.50.0.GA
[09/26/17 14:02:31] Sending upgrade message to slots: 1. Version=VOSS4K.6.1.50.0.GA

[09/26/17 14:02:44] Slot 1 : IMAGE SYNC: Running pre-install script for image version
VOSS4K.6.1.50.0.GA
[09/26/17 14:02:44] Slot 1 : IMAGE SYNC: Kernel image is consistent

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 14

[09/26/17 14:02:44] Slot 1 : IMAGE SYNC: Root_FS image is consistent


[09/26/17 14:02:49] Slot 1 : IMAGE SYNC: APP_FS image is being updated...
[09/26/17 14:03:07] Slot 1 : IMAGE SYNC: Running post-install script for image version
VOSS4K.6.1.50.0.GA
[09/26/17 14:03:07] Slot 1 : IMAGE SYNC: Backup image successfully upgraded to
VOSS4K.6.1.50.0.GA

Primary Version: VOSS4K.6.1.50.0.GA


Backup Version: voss_6.1.50.0.GA

Changes will take effect on next reboot.


BEB2:1#reset -y

After the reboot, you can commit the upgrade if everything is working as expected.

Using security software from Mocana Corporation. Please visit


https://www.mocana.com/ for more information

Copyright(c) 2010-2017 Avaya, Inc.


All Rights Reserved.
Virtual Services Platform 4000
VSP Operating System Software Build 6.1.50.0
General Availability Released Software, Fully supported

AVAYA COMMAND LINE INTERFACE

Login: rwa
Password: ***

You are currently running a new version of code.

This release will be auto-committed in 8 minutes and 41 seconds.

Version Running: VOSS4K.6.1.50.0.GA

BEB2:1>en
BEB2:1#software commit
Executing software commit for version VOSS4K.6.1.50.0.GA.
Software commit successful

To use SCP or TFTP instead of the USB, you first need to enable the required protocol, then use
the copy command with the necessary IP address of the server.

BEB1:1#copy ?
running-config Running configuration
WORD<1-255> Source filename, a.b.c.d:<file> | x:x:x:x:x:x:x:x:<file> | /intflash/<file> |
/usb/<file>
BEB1:1#copy 192.168.254.10:VOSS4K.6.0.1.1.tgz ?
WORD<1-255> Destination filename, a.b.c.d:<file> | x:x:x:x:x:x:x:x:<file> | /intflash/<file> |
/usb/<file>
BEB1:1#copy 192.168.254.10:VOSS4K.6.0.1.1.tgz /intflash/VOSS4K.6.0.1.1.tgz

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 15

2.2.17 Installing a License

Some features may require a license to be configured. To install a license, you need to copy the
license file (xml format) to the switch, then load it.

BEB1:1(config)#copy 192.168.254.10:license_VSP_4000_6CA84974AA00.xml
/intflash/license_VSP_4000_6CA84974AA00.xml
BEB1:1(config)#load-license
BEB1:1(config)#show license

License file name : /intflash/license_VSP_4000_6CA84974.xml


License Type : PREMIER+MACSEC (includes Base features)
+PORT
MD5 of Key : 00000000 00000000 00000000 00000000
MD5 of File : 00000000 00000000 00000000 00000000
Generation Time : 2017/09/19 22:01:50
Expiration Time :
Base Mac Addr : 6c:a8:49:74:aa:00
flags : 0x00000001 SINGLE
memo :

************************************************************************
Features requiring a Premier license:
- Layer 3 VSNs
- MACsec
- Distributed Virtual Routing(DvR)
- VXLAN GATEWAY
- >24 VRFs
- CHEF

2.2.18 Web Server

Enterprise Device Manager (EDM) is the included web server in VOSS. It’s disabled by default. To enable
it, simply use the following CLI command:

BEB1:1(config)#web-server enable

You can then log in via your favorite web browser in HTTPS, using the following default credential:

Login: admin
Password: password

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 16

2.3 Connecting an EXOS switch to a VOSS switch

Here’s a quick example of the behaviors with tagged/untagged frames, when connecting an
EXOS-based switch to a VOSS-based switch.

On EXOS, you configure the 802.1Q tag on the VLAN, and you add a port either as a tagged
member or untagged member to a range of VLANs. A physical port can be tagged in many VLANs
and untagged in one VLAN at the same time (assuming the typical, and default, port-based VLAN
configuration). A tagged frame ingressing a port is discarded if that port doesn’t belong to the
corresponding VLAN as a tagged member. An untagged frame ingressing a port is discarded if
that port is not an untagged member of a VLAN.
On VOSS, you enable 802.1Q on the interface (encapsulation dot1q) and you specify if that port
is a tagged member of VLANs or not. You can also specify the default VLAN for that port, to accept
untagged frames ingressing that port on a specific VLAN. Several configuration options allow you
to control either you want, or not, to accept these frames. Below is a snippet of the settings
available for an interface.

BEB2:1(config)#interface gigabitEthernet 1/9


BEB2:1(config-if)#?
GigabitEthernet IEEE 802.3z
access-diffserv Sets the diff-srv type as "access" for a port
action Port action
auto-negotiate Enable auto-negotiate
auto-negotiation-advertisements Set auto-negotiation-advertisements
auto-recover-port Turn autorecover on/off
brouter Set the port as an IPv4 Brouter port
clear Clear command
default Set a command to its defaults
default-vlan-id Set default vlan id
duplex Set duplex
eapol Modify EAPOL protocol settings on port
enable-diffserv Used to enable the Diff-srv parameter on a port
encapsulation Set encapsulation
end Exit from global configuration mode
exit Exit from interface configuration mode
fa Configure fabric attach on port
flex-uni Set flex-uni to enable on port(s)
high-secure Set the high-secure parameter
ip Ip command group features

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 17

ipv6 Ipv6 configurations


isis create isis interface
lacp Config lacp on ports interface
lldp lldp port commands
lock Lock port
mac-security Set the unknown mac discard parameters
macsec MACsec configuration commands
name Change port name
no Negate a command or set its defaults
poe Set port configuration of Power Over Ethernet
private-vlan Set private vlan port type
qos Qos interface configurations
rate-limit Set rate limit on a port
rmon Enable rmon on this port
sflow Sflow configurations on port
shutdown Disable the interface
slpp Configure 'SLPP' parameter on a port
slpp-guard Set per-port SLPP-guard parameters
snmp Enable link trap
spanning-tree Set spanning-tree configuration
speed Set speed
spoof-detect Set spoof-detect option
subnet-vlan Enable IP subnet-based vlan classificiation
tagged-frames-discard Used to set the above parameter on the basis of
which it will accept or reject tagged frames
tx-flow-control Used to set the tx flow control
untag-port-default-vlan Untag port default vlan on this port
untagged-frames-discard Enable discard untagged frames
vlacp Configure vlacp on port
vrf Associate vrf to a port
BEB2:1(config-if)#encapsulation ?
Set encapsulation
dot1q Enable trunking on the port
BEB2:1(config-if)#encapsulation dot1q

Let’s have an example. We have a X440-G2 facing a VSP 4450. Port 9 on the X440-G2 is in VLAN
42, that can reach another switch beyond the VSP, also in that same VLAN 42. Both ends have an
IP to check connectivity.

Configuration on the X440-G2 looks like:

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 18

(Demo) X440G2-24p-10G4.6 # create vlan 42


* (Demo) X440G2-24p-10G4.7 # config vlan 42 ipaddress 10.42.0.10/24
* (Demo) X440G2-24p-10G4.8 # config vlan 42 add port 9 untag

Configuration on the VSP 4450 looks like:

BEB2:1(config)#vlan create 42 type port-mstprstp 0


BEB2:1(config)#vlan members add 42 1/9
BEB2:1(config)#interface GigabitEthernet 1/9
BEB2:1(config-if)#default-vlan-id 42
BEB2:1(config-if)#encapsulation dot1q
BEB2:1(config-if)#no shutdown
BEB2:1(config-if)#exit

We can ping the other end of the network.

* (Demo) X440G2-24p-10G4.13 # show port 9 vlan


Untagged
Port /Tagged VLAN Name(s)
-------- -------- ------------------------------------------------------------
9 Untagged VLAN_0042
Tagged VLAN_0102, VLAN_0202
* (Demo) X440G2-24p-10G4.14 #
* (Demo) X440G2-24p-10G4.14 # ping 10.42.0.15
Ping(ICMP) 10.42.0.15: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.42.0.15: icmp_seq=0 ttl=64 time=10 ms
16 bytes from 10.42.0.15: icmp_seq=1 ttl=64 time=1.072 ms
16 bytes from 10.42.0.15: icmp_seq=2 ttl=64 time=2.711 ms
16 bytes from 10.42.0.15: icmp_seq=3 ttl=64 time=2.462 ms

--- 10.42.0.15 ping statistics ---


4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 1/4/10 ms
* (Demo) X440G2-24p-10G4.15 #

Let’s now configure port 9 as a tagged member of VLAN 42 on the X440-G2, without changing
the VSP 4450 configuration.

* (Demo) X440G2-24p-10G4.15 # config vlan 42 add port 9 tag


Adding an existing untagged member port of vlan VLAN_0042 as tagged can cause STP
configuration loss.
Do you really want to add these ports? (y/N) Yes
* (Demo) X440G2-24p-10G4.16 #
* (Demo) X440G2-24p-10G4.16 # show port 9 vlan
Untagged
Port /Tagged VLAN Name(s)
-------- -------- ------------------------------------------------------------
9 Untagged None
Tagged VLAN_0042, VLAN_0102, VLAN_0202
* (Demo) X440G2-24p-10G4.17 #

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 19

* (Demo) X440G2-24p-10G4.17 # ping 10.42.0.15


Ping(ICMP) 10.42.0.15: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.42.0.15: icmp_seq=0 ttl=64 time=11 ms
16 bytes from 10.42.0.15: icmp_seq=1 ttl=64 time=2.632 ms
16 bytes from 10.42.0.15: icmp_seq=2 ttl=64 time=2.264 ms
16 bytes from 10.42.0.15: icmp_seq=3 ttl=64 time=2.692 ms

--- 10.42.0.15 ping statistics ---


4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 2/4/11 ms
* (Demo) X440G2-24p-10G4.18 #

We still can ping the other end. Let’s now enable on the VSP 4450 the untagged-frames-
discard parameter.

BEB2:1(config)#interface gigabitEthernet 1/9


BEB2:1(config-if)#untagged-frames-discard

As expected, we can still ping from the X440-G2 as port 9 is tagged.

* (Demo) X440G2-24p-10G4.1 # ping 10.42.0.15


Ping(ICMP) 10.42.0.15: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.42.0.15: icmp_seq=0 ttl=64 time=1.195 ms
16 bytes from 10.42.0.15: icmp_seq=1 ttl=64 time=2.752 ms
16 bytes from 10.42.0.15: icmp_seq=2 ttl=64 time=4.773 ms
16 bytes from 10.42.0.15: icmp_seq=3 ttl=64 time=1.786 ms

--- 10.42.0.15 ping statistics ---


4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 1/2/4 ms
* (Demo) X440G2-24p-10G4.2 #

But, if we untag port 9, ping is not working anymore.

* (Demo) X440G2-24p-10G4.2 # config vlan 42 add port 9 untag


Adding an existing tagged member port of vlan VLAN_0042 as untagged
can cause STP configuration loss.
Do you really want to add these ports? (y/N) Yes
* (Demo) X440G2-24p-10G4.3 #
* (Demo) X440G2-24p-10G4.3 # ping 10.42.0.15
Ping(ICMP) 10.42.0.15: 4 packets, 8 data bytes, interval 1 second(s).

--- 10.42.0.15 ping statistics ---


4 packets transmitted, 0 packets received, 100% loss
round-trip min/avg/max = 0/0/0 ms
* (Demo) X440G2-24p-10G4.4 #

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 20

3 Fabric Connect Configuration

We’ll setup a simple Fabric Connect network, to present how it works.

3.1 Creating the SPBm Fabric

First step is to create the Fabric itself. We need to enable SPBm and IS-IS and the two B-VIDs for
SPBm to use.

Note: SPBm standard allows for up to 16 B-VIDs. Current implementation supports for 2. These
two B-VIDs will create two ECT - two paths – for load-balancing the traffic inside the Fabric. As a
best practice, it is recommended to use B-VIDs 4051 and 4052. L2VSN will be load-balanced
between these two paths based on their I-SID value.

3.1.1 BEB1 Configuration:

BEB1:1(config)#spbm
BEB1:1(config)#router isis
BEB1:1(config-isis)#
BEB1:1(config-isis)#spbm 1
BEB1:1(config-isis)#spbm 1 b-vid 4051,4052 primary 4051
BEB1:1(config-isis)#spbm 1 nick-name f.00.10
BEB1:1(config-isis)#manual-area 30.0000
BEB1:1(config-isis)#
BEB1:1(config-isis)#exit
BEB1:1(config)#
BEB1:1(config)#interface gigabitEthernet 1/11
BEB1:1(config-if)#isis
BEB1:1(config-if)#isis spbm 1
BEB1:1(config-if)#isis enable

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 21

BEB1:1(config-if)#
BEB1:1(config-if)#exit
BEB1:1(config)#
BEB1:1(config)#vlan create 4051 type spbm-bvlan
BEB1:1(config)#vlan create 4052 type spbm-bvlan
BEB1:1(config)#router isis enable

The first command enables SPBm on the switch. Then we activate SPBm support in the ISIS
router: this is where we have to specify the SPBm instance, the B-VIDs and the area. Current
implementation supports a single SPBm instance, which should be the same throughout the
Fabric Connect network. Likewise, a single ISIS area is supported and should be the same in the
Fabric Connect network.

The second phase of the configuration is on the interface level. We need to create an ISIS circuit,
then enable the SPBm instance and the ISIS circuit on that interface.

The last phase of the configuration is to create the necessary BVLAN for SPBm and enable globally
the ISIS router.

Similar configuration is made on each node.

3.1.2 BCB Configuration

BCB:1(config)#spbm
BCB:1(config)#router isis
BCB:1(config-isis)#spbm 1
BCB:1(config-isis)#spbm 1 b-vid 4051,4052 primary 4051
BCB:1(config-isis)#spbm 1 nick-name f.00.11
BCB:1(config-isis)#manual-area 30.0000
BCB:1(config-isis)#exit
BCB:1(config)#interface gigabitEthernet 1/11
BCB:1(config-if)#isis
BCB:1(config-if)#isis spbm 1
BCB:1(config-if)#isis enable
BCB:1(config-if)#exit
BCB:1(config)#interface gigabitEthernet 1/12
BCB:1(config-if)#isis
BCB:1(config-if)#isis spbm 1
BCB:1(config-if)#isis enable
BCB:1(config-if)#exit
BCB:1(config)#vlan create 4051 type spbm-bvlan
BCB:1(config)#vlan create 4052 type spbm-bvlan
BCB:1(config)#router isis enable

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 22

3.1.3 BEB2 Configuration

BEB2:1(config)#spbm
BEB2:1(config)#router isis
BEB2:1(config-isis)#spbm 1
BEB2:1(config-isis)#spbm 1 b-vid 4051,4052 primary 4051
BEB2:1(config-isis)#spbm 1 nick-name f.00.12
BEB2:1(config-isis)#manual-area 30.0000
BEB2:1(config-isis)#exit
BEB2:1(config)#interface gigabitEthernet 1/12
BEB2:1(config-if)#isis
BEB2:1(config-if)#isis spbm 1
BEB2:1(config-if)#isis enable
BEB2:1(config-if)#exit
BEB2:1(config)#vlan create 4051 type spbm-bvlan
BEB2:1(config)#vlan create 4052 type spbm-bvlan
BEB2:1(config)#router isis enable

3.1.4 Verifying the SPBm Fabric

We can have a look at the ISIS interfaces state and ISIS adjacencies, to verify that everything
seems normal. Let’s have a look on BEB1.

BEB1:1(config)#show isis interface

=================================================================================================
ISIS Interfaces
=================================================================================================
IFIDX TYPE LEVEL OP-STATE ADM-STATE ADJ UP-ADJ SPBM-L1-METRIC
-------------------------------------------------------------------------------------------------
Port1/11 pt-pt Level 1 UP UP 1 1 10

--------------------------------------------------------------------------------
1 out of 1 Total Num of ISIS interfaces
--------------------------------------------------------------------------------

BEB1:1(config)#show isis adjacencies

=================================================================================================
ISIS Adjacencies
=================================================================================================
INTERFACE L STATE UPTIME PRI HOLDTIME SYSID HOST-NAME
-------------------------------------------------------------------------------------------------
Port1/11 1 UP 00:35:15 127 23 1461.2fed.d265 BCB

--------------------------------------------------------------------------------
1 out of 1 interfaces have formed an adjacency
--------------------------------------------------------------------------------

On BCB we have the following.

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 23

BCB:1(config)#show isis interface

=================================================================================================
ISIS Interfaces
=================================================================================================
IFIDX TYPE LEVEL OP-STATE ADM-STATE ADJ UP-ADJ SPBM-L1-METRIC
-------------------------------------------------------------------------------------------------
Port1/11 pt-pt Level 1 UP UP 1 1 10
Port1/12 pt-pt Level 1 UP UP 1 1 10

--------------------------------------------------------------------------------
2 out of 2 Total Num of ISIS interfaces
--------------------------------------------------------------------------------

BCB:1(config)#show isis adjacencies

=================================================================================================
ISIS Adjacencies
=================================================================================================
INTERFACE L STATE UPTIME PRI HOLDTIME SYSID HOST-NAME
-------------------------------------------------------------------------------------------------
Port1/11 1 UP 00:38:08 127 26 6ca8.4974.af65 BEB2
Port1/12 1 UP 00:39:07 127 21 6ca8.4974.aa65 BEB1

--------------------------------------------------------------------------------
2 out of 2 interfaces have formed an adjacency
--------------------------------------------------------------------------------

Having a look at the ISIS LSDB, we can see the two B-VIDs per node.

BCB:1(config)#show isis lsdb

==================================================================================
ISIS LSDB
==================================================================================
LSP ID LEVEL LIFETIME SEQNUM CHKSUM HOST-NAME
----------------------------------------------------------------------------------
1461.2fed.d265.00-00 1 716 0x8 0x2b08 BCB
1461.2fed.d265.00-01 1 716 0x7 0x9469 BCB
6ca8.4974.aa65.00-00 1 1193 0x14 0xd40e BEB1
6ca8.4974.aa65.00-01 1 1193 0x13 0x8b50 BEB1
6ca8.4974.af65.00-00 1 773 0x8 0xfbe4 BEB2
6ca8.4974.af65.00-01 1 773 0x7 0xc21c BEB2

----------------------------------------------------------------------------------
Level-1 : 6 out of 6 Total Num of LSP Entries
Level-2 : 0 out of 0 Total Num of LSP Entries
----------------------------------------------------------------------------------

This ISIS LSDB must be the same on every node of the Fabric.

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 24

3.2 Creating L2VSN

Now that the SPBm infrastructure has been built, we can start to provision it with services. As a
start, we’ll configure a L2VSN. This configuration happens only at the edge. In our example, that
will be on both BEB switches (BEB1 and BEB2).

We are using a C-VLAN UNI type in this example, as this is certainly the most common use-case.

We already have a VLAN created on BEB1, and we’ll associate it to an I-SID.

BEB1:1(config)#show vlan members

======================================================================================
Vlan Port
======================================================================================
VLAN PORT ACTIVE STATIC NOT_ALLOW
ID MEMBER MEMBER MEMBER MEMBER
--------------------------------------------------------------------------------------
1 1/1,1/13-1/50 1/1,1/13-1/50

42 1/9 1/9

4051 1/11 1/11

4052 1/11 1/11

All 4 out of 4 Total Num of Port Entries displayed

An I-SID is coded on 24 bits, allowing to up to roughly 16.7M unique IDs. We can pick any value
for our L2VSN.

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 25

Note: It’s not entirely true to say we can pick any I-SID value. For multicast traffic, Fabric Connect
will automatically use I-SID from the value 16,000,000 and above. We must not use that range
for our services.

We’ll use I-SID 12,000,555 for VLAN 42.

BEB1:1(config)#vlan i-sid 42 12000555


BEB1:1(config)#show vlan i-sid

=============================================================================
Vlan I-SID
=============================================================================
VLAN_ID I-SID
-----------------------------------------------------------------------------
1
42 12000555
4051
4052

4 out of 4 Total Num of Vlans displayed

We create VLAN 42 also on BEB2, then associate it to the same I-SID to create our L2VSN.

Note: The backbone port must not be part of the C-VLAN.

The configuration is as follows:

BEB2:1(config)#vlan create 42 name MyVlan type port-mstprstp 0


BEB2:1(config)#vlan members add 42 1/9 portmember
BEB2:1(config)#vlan i-sid 42 12000555
BEB2:1(config)#show vlan i-sid

=============================================================================
Vlan I-SID
=============================================================================
VLAN_ID I-SID
-----------------------------------------------------------------------------
1
42 12000555
4051
4052

4 out of 4 Total Num of Vlans displayed

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 26

Let’s now verify that the L2VSN is correctly configured and ready.

BEB2:1(config)#show isis spbm i-sid all

=============================================================================
SPBM ISID INFO
=============================================================================
ISID SOURCE NAME VLAN SYSID TYPE HOST_NAME
-----------------------------------------------------------------------------
12000555 f.00.10 4051 6ca8.4974.aa65 discover BEB1
12000555 f.00.12 4051 6ca8.4974.af65 config BEB2

-----------------------------------------------------------------------------
Total number of SPBM ISID entries configured: 1
-----------------------------------------------------------------------------
Total number of SPBM ISID entries discovered: 1
-----------------------------------------------------------------------------
Total number of SPBM ISID entries: 2
-----------------------------------------------------------------------------

BEB1:1(config)#show isis spbm i-sid all

=============================================================================
SPBM ISID INFO
=============================================================================
ISID SOURCE NAME VLAN SYSID TYPE HOST_NAME
-----------------------------------------------------------------------------
12000555 f.00.10 4051 6ca8.4974.aa65 config BEB1
12000555 f.00.12 4051 6ca8.4974.af65 discover BEB2

-----------------------------------------------------------------------------
Total number of SPBM ISID entries configured: 1
-----------------------------------------------------------------------------
Total number of SPBM ISID entries discovered: 1
-----------------------------------------------------------------------------
Total number of SPBM ISID entries: 2
-----------------------------------------------------------------------------

We connect two EXOS switches on both ends, in VLAN 42, and ping from one EXOS switch to the
other, across our Fabric Connect network to check if our L2VSN is working as expected.

Note: We are using VLAN 42 on each side, as this is more logical, but the VLAN that connects to
the service is only of local significance. We could use a different VLAN on one end, just the service
has to be common.

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 27

For reference, the configuration on the EXOS switches is as follows:

X460G2.2 # create vlan 42


* X460G2.3 # config vlan 42 ipaddress 10.42.0.15/24
* X460G2.4 # config vlan 42 add port 9

(Demo) X440G2-24p-10G4.2 # create vlan 42


* (Demo) X440G2-24p-10G4.3 # config vlan 42 ipaddress 10.42.0.10/24
* (Demo) X440G2-24p-10G4.4 # config vlan 42 add port 9

Once we make sure the ports are enabled, we can try to ping from the x460-G2 to the X440-G2.

* X460G2.8 # ping 10.42.0.10


Ping(ICMP) 10.42.0.10: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.42.0.10: icmp_seq=0 ttl=64 time=0.668 ms
16 bytes from 10.42.0.10: icmp_seq=1 ttl=64 time=0.596 ms
16 bytes from 10.42.0.10: icmp_seq=2 ttl=64 time=1.136 ms
16 bytes from 10.42.0.10: icmp_seq=3 ttl=64 time=0.994 ms

--- 10.42.0.10 ping statistics ---


4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 0/0/1 ms

Looking at BEB1, we can check the FDB table to see how it is populated.

BEB1:1(config)#show vlan mac-address-entry 42

=============================================================================
Vlan Fdb
=============================================================================
VLAN MAC SMLT
ID STATUS ADDRESS INTERFACE REMOTE TUNNEL
-----------------------------------------------------------------------------
42 learned 00:04:96:98:9c:3d Port-1/9 false -
42 learned 00:04:96:9e:68:24 Port-1/11 false BEB2
42 learned 00:e0:2b:00:00:01 Port-1/9 false -

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 28

c: customer vid u: untagged-traffic

3 out of 30 entries in all fdb(s) displayed.

=============================================================================
Vlan Fdb Extn
=============================================================================
VLAN ID AGING-TIME(Seconds)
-----------------------------------------------------------------------------
42 300

If we look at the remote mac addresses learnt, we can find BEB2 mac address as the destination.

BEB1:1(config)#show vlan remote-mac-table 42

==============================================================================================================
Vlan Remote Mac Table
==============================================================================================================
VLAN STATUS MAC-ADDRESS DEST-MAC BVLAN DEST-SYSNAME PORTS SMLTREMOTE
--------------------------------------------------------------------------------------------------------------
42 learned 00:04:96:9e:68:24 6c:a8:49:74:af:65 4051 BEB2 1/11 false

--------------------------------------------------------------------------------------------------------------
1 of 1 matching entries out of total of 1 Remote Mac entries in all fdb(s) displayed.

Note: On EXOS, the ports have been added to VLAN 42 as untagged port (default if not specified
in the command line). On the BEB switches, the configuration must be aligned to allow the
communication.

3.3 Creating L3VSN

We are enhancing the service layer of our Fabric Connect with L3 services. We will create two
VRFs on both sides of the Fabric, to interconnect different IPv4 subnets.

Note: L3VSN requires a Premier license. For this example, only the BEB switches need that license
level, not the BCB. Of course, if the BCB would become a BEB at a later time, or if some other
features requiring a license were to be configured on it, it would need that license level as well.
The current list of features requiring a Premier license is the following:
- Layer 3 VSNs
- MACsec
- Distributed Virtual Routing(DvR)
- VXLAN GATEWAY
- >24 VRFs
- CHEF

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 29

We are going to create a VRF green and a VRF gold, then redistribute direct routes into the Fabric
and enable routing for each VRF. Once again, configuration happens on the BEB switches only.

Note: This example illustrates a multi-tenant architecture with VRFs. We could also work in a
single routing table and not use any VRF, with the IP Shortcut feature.

3.3.1 VLANs Configuration

We need to create VLANs 101 & 201 between the X460-G2 and BEB1, with the correct IPv4
addressing, and VLANs 102 & 202 between the X440-G2 and BEB2. We also have to configure
some static routes on both EXOS switches to test reachability. For reference, the configuration
on EXOS side is as follows:

* X460G2.1 # create vlan 101,201


* X460G2.2 # config vlan 101,201 add port 9 tag
* X460G2.3 # config vlan 101 ipaddress 10.1.101.2/24
* X460G2.4 # config vlan 201 ipaddress 10.1.201.2/24
* X460G2.5 # config iproute add 10.1.102.0/24 10.1.101.1
* X460G2.6 # config iproute add 10.1.202.0/24 10.1.201.1

* (Demo) X440G2-24p-10G4.1 # create vlan 102,202


* (Demo) X440G2-24p-10G4.2 # config vlan 102,202 add port 9 tag
* (Demo) X440G2-24p-10G4.3 # config vlan 102 ipaddress 10.1.102.2/24
* (Demo) X440G2-24p-10G4.4 # config vlan 202 ipaddress 10.1.202.2/24
* (Demo) X440G2-24p-10G4.5 # config iproute add 10.1.101.0/24 10.1.102.1
* (Demo) X440G2-24p-10G4.6 # config iproute add 10.1.201.0/24 10.1.202.1

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 30

3.3.2 Fabric Connect IP Configuration

With L3VSN, we have to enable IP services on the BEB switches. We need to configure a loopback
interface, define it as the source address for our ISIS router and enable IP for SPBm.

Below is the configuration for BEB1:

BEB1:1(config)#interface loopback 1
BEB1:1(config-if)#ip address 172.16.0.1/32
BEB1:1(config-if)#exit
BEB1:1(config)#
BEB1:1(config)#router isis
BEB1:1(config-isis)#ip-source-address 172.16.0.1
BEB1:1(config-isis)#spbm 1 ip enable
BEB1:1(config-isis)#exit

Similarly, on BEB2:

BEB2:1(config)#interface loopback 1
BEB2:1(config-if)#ip address 1 172.16.0.2/32
BEB2:1(config-if)#exit
BEB2:1(config)#
BEB2:1(config)#router isis
BEB2:1(config-isis)#ip-source-address 172.16.0.2
BEB2:1(config-isis)#spbm 1 ip enable
BEB2:1(config-isis)#exit

We can check that IP support is now enabled for Extreme Fabric Connect.

BEB2:1(config)#show isis spbm

=================================================================================================
ISIS SPBM Info
=================================================================================================
SPBM B-VID PRIMARY NICK LSDB IP IPV6 MULTICAST SPB-PIM-GW
INSTANCE VLAN NAME TRAP
-------------------------------------------------------------------------------------------------
1 4051-4052 4051 f.00.12 disable enable disable disable disable

=================================================================================================
ISIS SPBM SMLT Info
=================================================================================================
SPBM SMLT-SPLIT-BEB SMLT-VIRTUAL-BMAC SMLT-PEER-SYSTEM-ID
INSTANCE
-------------------------------------------------------------------------------------------------
1 primary 00:00:00:00:00:00

--------------------------------------------------------------------------------
Total Num of SPBM instances: 1
--------------------------------------------------------------------------------

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 31

3.3.3 VRF Green Configuration

We have to create the VRF and associate to it the required VLAN.

BEB1:1(config)#ip vrf green vrfid 1


BEB1:1(config)#
BEB1:1(config)#vlan create 101 type port-mstprstp 0
BEB1:1(config)#vlan port 1/9 tagging tagAll
BEB1:1(config)#vlan members add 101 1/9
BEB1:1(config)#interface vlan 101
BEB1:1(config-if)#vrf green
BEB1:1(config-if)#ip address 10.1.101.1/24
BEB1:1(config-if)#exit

When configuring the VRF green, we have to configure it as a L3VSN using the ipvpn keyword,
configure a unique I-SID that must be shared between all BEB nodes having the same VRF, and
enable the L3VSN capability.

BEB1:1(config)#router vrf green


BEB1:1(router-vrf)#ipvpn
BEB1:1(router-vrf)#i-sid 101102
BEB1:1(router-vrf)#ipvpn enable
BEB1:1(router-vrf)#exit

Then we have to redistribute to ISIS the routing protocols we need. In our example, we are just
going to redistribute direct routes.

BEB1:1(config)#router vrf green


BEB1:1(router-vrf)#isis redistribute direct

WARNING: Routes will not be injected until apply command is issued after
enable command
BEB1:1(router-vrf)#isis redistribute direct metric 1
BEB1:1(router-vrf)#isis redistribute direct enable
BEB1:1(router-vrf)#exit
BEB1:1(config)#
BEB1:1(config)#isis apply redistribute direct vrf green

Nothing has to be configured on the BCB switch. We just have to configure the other BEB switch,
BEB2, in a similar way than BEB1. We have to make sure to use the same ISID for the green VRF
on that node too.

BEB2:1(config)#ip vrf green vrfid 1


BEB2:1(config)#
BEB2:1(config)#vlan create 102 type port-mstprstp 0
BEB2:1(config)#vlan members add 102 1/9
BEB2:1(config)#

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 32

BEB2:1(config)#interface vlan 102


BEB2:1(config-if)#vrf green
BEB2:1(config-if)#ip address 10.1.102.1/24
BEB2:1(config-if)#exit
BEB2:1(config)#router vrf green
BEB2:1(router-vrf)#ipvpn
BEB2:1(router-vrf)#i-sid 101102
BEB2:1(router-vrf)#ipvpn enable
BEB2:1(router-vrf)#exit
BEB2:1(config)#router vrf green
BEB2:1(router-vrf)#isis redistribute direct

WARNING: Routes will not be injected until apply command is issued after
enable command
BEB2:1(router-vrf)#isis redistribute direct metric 1
BEB2:1(router-vrf)#isis redistribute direct enable
BEB2:1(router-vrf)#exit
BEB2:1(config)#isis apply redistribute direct vrf green

We can now verify reachability by trying to ping the X460-G2 interface in that VRF green from
the X440-G2.

* (Demo) X440G2-24p-10G4.2 # ping 10.1.101.2


Ping(ICMP) 10.1.101.2: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.1.101.2: icmp_seq=0 ttl=62 time=1.943 ms
16 bytes from 10.1.101.2: icmp_seq=1 ttl=62 time=1.082 ms
16 bytes from 10.1.101.2: icmp_seq=2 ttl=62 time=2.480 ms
16 bytes from 10.1.101.2: icmp_seq=3 ttl=62 time=2.488 ms

--- 10.1.101.2 ping statistics ---


4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 1/1/2 ms

If we do a traceroute, we can see the BCB node is not known.

* (Demo) X440G2-24p-10G4.3 # traceroute 10.1.101.2


traceroute to 10.1.101.2, 30 hops max
1 10.1.102.1 2 ms 1 ms 2 ms
2 10.1.101.1 2 ms 2 ms 2 ms
3 10.1.101.2 2 ms 1 ms 2 ms

--- Packet Response/Error Flags ---


(*) No response, (!N) ICMP network unreachable, (!H) ICMP host unreachable,
(!P) ICMP protocol unreachable, (!F) ICMP fragmentation needed,
(!S) ICMP source route failed, (!u) Transmit error, network unreachable,
(!f) Transmit error, fragmentation needed, (!t) General transmit error

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 33

Below are some outputs to check the L3VSN:

BEB1:1(config)#show ip route vrf green


=====================================================================================================
IP Route - VRF green
=====================================================================================================
NH INTER
DST MASK NEXT VRF/ISID COST FACE PROT AGE TYPE PRF
-----------------------------------------------------------------------------------------------------
10.1.101.0 255.255.255.0 10.1.101.1 - 1 101 LOC 0 DB 0
10.1.102.0 255.255.255.0 BEB2 green 20 4051 ISIS 0 IBSV 7

2 out of 2 Total Num of Route Entries, 2 Total Num of Dest Networks displayed.
--------------------------------------------------------------------------------------------------
TYPE Legend:
I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route,
U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route, S=SPBM Route
PROTOCOL Legend:
v=Inter-VRF route redistributed
BEB1:1(config)#
BEB1:1(config)#show ip ipvpn vrf green

VRF Name : green


Ipvpn-state : enabled
I-sid : 101102

3.3.4 VRF Gold Configuration

Configuration of the second VRF, VRF Gold, is very similar.

BEB1:1(config)#ip vrf gold vrfid 2


BEB1:1(config)#vlan create 201 type port-mstprstp 0
BEB1:1(config)#vlan members add 201 1/9
BEB1:1(config)#interface vlan 201
BEB1:1(config-if)#
BEB1:1(config-if)#vrf gold
BEB1:1(config-if)#ip address 10.1.201.1/24
BEB1:1(config-if)#exit
BEB1:1(config)#
BEB1:1(config)#router vrf gold
BEB1:1(router-vrf)#ipvpn
BEB1:1(router-vrf)#i-sid 201202
BEB1:1(router-vrf)#ipvpn enable
BEB1:1(router-vrf)#exit
BEB1:1(config)#
BEB1:1(config)#router vrf gold
BEB1:1(router-vrf)#isis redistribute direct

WARNING: Routes will not be injected until apply command is issued after
enable command
BEB1:1(router-vrf)#isis redistribute direct metric 1
BEB1:1(router-vrf)#isis redistribute direct enable
BEB1:1(router-vrf)#
BEB1:1(router-vrf)#exit
BEB1:1(config)#
BEB1:1(config)#isis apply redistribute direct vrf gold

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 34

Likewise, on BEB2:

BEB2:1(config)#ip vrf gold vrfid 2


BEB2:1(config)#
BEB2:1(config)#vlan create 202 type port-mstprstp 0
BEB2:1(config)#vlan members add 202 1/9
BEB2:1(config)#interface vlan 202
BEB2:1(config-if)#vrf gold
BEB2:1(config-if)#ip address 10.1.202.1/24
BEB2:1(config-if)#exit
BEB2:1(config)#
BEB2:1(config)#router vrf gold
BEB2:1(router-vrf)#ipvpn
BEB2:1(router-vrf)#i-sid 201202
BEB2:1(router-vrf)#ipvpn enable
BEB2:1(router-vrf)#exit
BEB2:1(config)#
BEB2:1(config)#router vrf gold
BEB2:1(router-vrf)#isis redistribute direct

WARNING: Routes will not be injected until apply command is issued after
enable command
BEB2:1(router-vrf)#isis redistribute direct metric 1
BEB2:1(router-vrf)#isis redistribute direct enable
BEB2:1(router-vrf)#
BEB2:1(router-vrf)#exit
BEB2:1(config)#
BEB2:1(config)#isis apply redistribute direct vrf gold

Reachability is achieved as well.

* (Demo) X440G2-24p-10G4.8 # ping 10.1.201.2


Ping(ICMP) 10.1.201.2: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.1.201.2: icmp_seq=0 ttl=63 time=4.121 ms
16 bytes from 10.1.201.2: icmp_seq=1 ttl=62 time=2.511 ms
16 bytes from 10.1.201.2: icmp_seq=2 ttl=62 time=2.243 ms
16 bytes from 10.1.201.2: icmp_seq=3 ttl=62 time=2.464 ms

--- 10.1.201.2 ping statistics ---


4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 2/2/4 ms

We can see the tunnel in the VRF RIB, here on BEB2:

BEB2:1(config)#show ip route vrf gold


=====================================================================================================
IP Route - VRF gold
=====================================================================================================
NH INTER
DST MASK NEXT VRF/ISID COST FACE PROT AGE TYPE PRF
-----------------------------------------------------------------------------------------------------
10.1.201.0 255.255.255.0 BEB1 gold 20 4051 ISIS 0 IBSV 7
10.1.202.0 255.255.255.0 10.1.202.1 - 1 202 LOC 0 DB 0

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 35

2 out of 2 Total Num of Route Entries, 2 Total Num of Dest Networks displayed.
--------------------------------------------------------------------------------------------------
TYPE Legend:
I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route,
U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route, S=SPBM Route
PROTOCOL Legend:
v=Inter-VRF route redistributed

3.4 Multicast L3VSN

Configuration of the Multicast services requires to enable multicast support on SPBm, on the
required VRF and at the vlan interface level. IGMPv2 is enabled by default at the interface level.
We’ll add IP Multicast support in VRF green.

BEB1 Configuration:

BEB1:1(config)#router isis
BEB1:1(config-isis)#spbm 1 multicast enable
BEB1:1(config-isis)#exit
BEB1:1(config)#
BEB1:1(config)#router vrf green
BEB1:1(router-vrf)#mvpn enable
BEB1:1(router-vrf)#exit
BEB1:1(config)#
BEB1:1(config)#interface vlan 101
BEB1:1(config-if)#ip spb-multicast enable
BEB1:1(config-if)#exit

BEB2 Configuration:

BEB2:1(config)#router isis
BEB2:1(config-isis)#spbm 1 multicast enable
BEB2:1(config-isis)#exit
BEB2:1(config)#
BEB2:1(config)#router vrf green
BEB2:1(router-vrf)#mvpn enable
BEB2:1(router-vrf)#exit
BEB2:1(config)#
BEB2:1(config)#interface vlan 102
BEB2:1(config-if)#ip spb-multicast enable
BEB2:1(config-if)#exit

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 36

We can verify IP Multicast is now enabled on our Extreme Fabric Connect.

BEB1:1(config)#show isis spbm

=================================================================================================
ISIS SPBM Info
=================================================================================================
SPBM B-VID PRIMARY NICK LSDB IP IPV6 MULTICAST SPB-PIM-GW
INSTANCE VLAN NAME TRAP
-------------------------------------------------------------------------------------------------
1 4051-4052 4051 f.00.10 disable enable disable enable disable

=================================================================================================
ISIS SPBM SMLT Info
=================================================================================================
SPBM SMLT-SPLIT-BEB SMLT-VIRTUAL-BMAC SMLT-PEER-SYSTEM-ID
INSTANCE
-------------------------------------------------------------------------------------------------
1 primary 00:00:00:00:00:00

--------------------------------------------------------------------------------
Total Num of SPBM instances: 1
--------------------------------------------------------------------------------

3.5 Fabric Attach with EXOS

Fabric Attach is targeted, on EXOS, for release 22.4 that should be available Q4CY17. In this
document we are using a beta code of EXOS 22.4. Some outputs, CLI commands and eventually
some behaviors may change until GA.

On EXOS, Fabric Attach is available in Proxy or Client mode when working with Extreme Fabric
Connect.

Mapping of VLAN to NSI can be either static (via CLI) or dynamic (Radius, Netlogin,
UPM/Scripting). Some enhancements should be made for EXOS 22.5, such as Policy support.

Note: NSI stands for Network Service Identifier. This is a value coded on 24 bits that can represent
either an I-SID or a VNI. Only the Fabric Attach (FA) Server knows how to handle that value, not
the Client/Proxy. As such, FA Client/Proxy do not know if they are connected to Extreme Fabric
Connect or an IP “BGP” Fabric, and they don’t need to.

We are connecting our X440-G2 to BEB2 to illustrate the Fabric Attach feature.

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 37

Note: Fabric Attach uses LLDP to signal messages between Server and Proxy. This communication
is bi-directional: The Proxy transmits mapping requests to the Server, then the Server responds
with an Accept/Reject status. As a result, there may be a delay before the status changes for a
new configuration, depending on the LLDP transmit interval configured on the switches. By
default, VOSS has a 30 seconds transmit interval while EXOS uses a 120 seconds transmit interval.

3.5.1 Fabric Attach Server Configuration

We have to configure the FA Server feature on BEB2 globally and on the interface level as well.

BEB2:1(config)#fa enable
BEB2:1(config)#show fa

=============================================================================
Fabric Attach Configuration
=============================================================================
FA Service : enabled
FA Element Type : server
FA Assignment Timeout : 240
FA Discovery Timeout : 240
FA Provision Mode : spbm
BEB2:1(config)#
BEB2:1(config)#interface gigabitEthernet 1/5
BEB2:1(config-if)#fa enable
BEB2:1(config-if)#no fa message-authentication
BEB2:1(config-if)#no shut
BEB2:1(config-if)#exit
BEB2:1(config)#
BEB2:1(config)#show fa interface port 1/5

=============================================================================
Fabric Attach Interfaces
=============================================================================

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 38

INTERFACE SERVER MGMT MGMT MSG AUTH MSG AUTH


STATUS ISID CVID STATUS KEY
-----------------------------------------------------------------------------
Port1/5 enabled 0 0 disabled ****

-----------------------------------------------------------------------------
1 out of 1 Total Num of fabric attach interfaces displayed
-----------------------------------------------------------------------------

Because the FA Proxy/Client feature in EXOS 22.4 will not support TLV authentication, we must
disable that capability in the VOSS FA Server configuration, as TLV authentication is automatically
enabled on VOSS.

Note: FA Server is enabled globally by default on VOSS, but FA is not enabled on UNI ports.

3.5.2 Fabric Attach Proxy EXOS Configuration

3.5.2.1 Static Configuration

We create a new VLAN on our EXOS switch, and we assign statically that new VLAN to an NSI. We
don’t need to add port 5 (which is facing port 1/5 on BEB2 with FA Server enabled), it will be
automatically added once an NSI or ISID is configured on that VLAN.

* (Demo) X440G2-24p-10G4.1
# create vlan 1337
* (Demo) X440G2-24p-10G4.3
# config vlan 1337 add nsi 1234567
* (Demo) X440G2-24p-10G4.4
#
* (Demo) X440G2-24p-10G4.4
# show fabric attach neighbors
Mgmt Auto
System Id Port Type VLAN Tag Provision
----------------------------- ------- ---------------- ---- --- --------------
6c-a8-49-74-af-00-00-00-00-c4 5 Server (No Auth) None Mix Disabled
* (Demo) X440G2-24p-10G4.5 #
* (Demo) X440G2-24p-10G4.5 # show vlan 1337 fabric attach mappings
VLAN VLAN Name Type ISID/NSI Status
---- -------------------------------- ------- -------- --------
1337 VLAN_1337 static 1234567 Accepted
* (Demo) X440G2-24p-10G4.6 #

On the BEB side, we can see the FA signaling is working.

BEB2:1(config)#show fa assignment

======================================================================================
Fabric Attach Assignment Map
======================================================================================
Interface I-SID Vlan State Origin
--------------------------------------------------------------------------------------

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 39

1/5 1234567 1337 active proxy

--------------------------------------------------------------------------------
1 out of 1 Total Num of fabric attach assignment mappings displayed
--------------------------------------------------------------------------------

BEB2:1(config)#
BEB2:1(config)#show fa elements

======================================================================================
Fabric Attach Discovery Elements
======================================================================================
MGMT ELEM ASGN
PORT TYPE VLAN STATE SYSTEM ID AUTH AUTH
--------------------------------------------------------------------------------------
1/5 proxyNoAuth 0 T / D 00:04:96:9e:68:24:00:01:00:05 NA NA

======================================================================================
Fabric Attach Authentication Detail
======================================================================================
ELEM OPER ASGN OPER
PORT AUTH STATUS AUTH STATUS
--------------------------------------------------------------------------------------
1/5 successNoAuth successNoAuth

State Legend: (Tagging/AutoConfig)


T= Tagged, U= Untagged, D= Disabled, S= Spbm, V= Vlan, I= Invalid

Auth Legend:
AP= Authentication Pass, AF= Authentication Fail,
NA= Not Authenticated, N= None

--------------------------------------------------------------------------------
1 out of 1 Total Num of fabric attach discovery elements displayed
--------------------------------------------------------------------------------

BEB2:1(config)#
BEB2:1(config)#show fa interface

======================================================================================
Fabric Attach Interfaces
======================================================================================
INTERFACE SERVER MGMT MGMT MSG AUTH MSG AUTH
STATUS ISID CVID STATUS KEY
--------------------------------------------------------------------------------------
Port1/5 enabled 0 0 disabled ****

--------------------------------------------------------------------------------
1 out of 1 Total Num of fabric attach interfaces displayed
--------------------------------------------------------------------------------

BEB2:1(config)#
BEB2:1(config)#show i-sid elan

======================================================================================
Isid Info
======================================================================================
ISID ISID PORT MLT ORIGIN

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 40

ID TYPE VLANID INTERFACES INTERFACES


--------------------------------------------------------------------------------------
1234567 ELAN N/A c1337:1/5 - DISC_LOCAL

c: customer vid u: untagged-traffic

All 1 out of 1 Total Num of Elan i-sids displayed

3.5.2.2 Checking the connectivity

Below is the network layout, to check connectivity.

We create VLAN 1337 on the X460-G2 as well and add port 9 as a tagged member of it.

* X460G2.1 # create vlan 1337


* X460G2.2 # config vlan 1337 ipaddress 10.13.37.15/24
* X460G2.3 # config vlan 1337 add port 9 tag

On BEB1, we create that same VLAN and assign it to I-SID 1234567.

BEB1:1(config)#vlan create 1337 type port-mstprstp 0


BEB1:1(config)#vlan members add 1337 1/9 portmember
BEB1:1(config)#vlan i-sid 1337 1234567

Adding a laptop to the X440-G2 in VLAN 1337, with an IP of 10.13.37.10/24, we can check
connectivity from the X460-G2.

* X460G2.4 # ping 10.13.37.10


Ping(ICMP) 10.13.37.10: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.13.37.10: icmp_seq=0 ttl=128 time=1.248 ms
16 bytes from 10.13.37.10: icmp_seq=1 ttl=128 time=0.806 ms

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 41

16 bytes from 10.13.37.10: icmp_seq=2 ttl=128 time=0.786 ms


16 bytes from 10.13.37.10: icmp_seq=3 ttl=128 time=0.763 ms

--- 10.13.37.10 ping statistics ---


4 packets transmitted, 4 packets received, 0% loss
round-trip min/avg/max = 0/0/1 ms

3.5.2.3 Automatic Configuration

As of EXOS 22.4, Radius, Netlogin or UPM (with Python scripting for example) can be configured
to provide a mapping but that is on a per-user basis, while FA mappings are per VLAN. So care
must be taken to not create misconfiguration due to different mappings for the same VLAN.

Let’s illustrate that, using UPM with Python scripting. We can configure UPM to trigger a Python
script when a device is detected by LLDP, and trigger another script when a device is undetected.
For simplicity, we are building a simple JSON database in our script that will match the device we
are going to connect to the switch. That Python script is doing some checks, to avoid basic
misconfiguration and errors, but could be enhanced to do further checking before applying the
configuration (is the port already in some other VLANs, etc.).

We are using two python scripts:

- EzFA.py to provision a new device detected by LLDP, and recorded in our DB, able to
configure the switch entirely if the destination VLAN is not already present.

- Remove-vlan.py to clear the configuration of the port when a previously detected device
is not present anymore. That script is rather “brutal” as it will remove the port from every
VLANs it is in.

EzFA.py:

import sys
import exsh
import json

DB = [ {"mac":"00:1d:71:a9:b1:99", "vid":"1337", "nsi":"1234567", "tag":"untag"} ]

# check if the vid in argument already exists and has an NSI configured
# requires EXOS 22.4 or above
# returns 0 if the vid has no nsi configured (ie vid is not found in that list)
# otherwise returns the nsi value
def check_nsi(vid):
reply = exsh.clicmd('debug cfgmgr show next lldp.faMapping', capture=True)
reply_json = json.loads(str(reply))
data = reply_json.get('data')
if data:
for row in data:
vlan = row.get("vlanId")

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 42

if vlan == str(vid):
return row.get("nsi")
return 0

# check if the vlan (vid) is already created on the switch


# returns 0 if the vlan doesn't exist, otherwise returns 1
def find_vlan(vid):
reply = exsh.clicmd('debug cfgmgr show next vlan.vlanMap', capture=True)
reply_json = json.loads(str(reply))
data = reply_json.get('data')
if data:
for row in data:
vlan = row.get("vlanId")
if vlan == str(vid):
return 1
return 0

def main():
port = sys.argv[1]
device_mac = sys.argv[2]

for row in DB:


mac = row.get("mac")
if mac == str(device_mac):
vid = row.get("vid")
nsi = row.get("nsi")
tag = row.get("tag")

exsh.clicmd('config vlan untagged-ports auto-move on')

if find_vlan(vid):
sw_nsi = check_nsi(vid)
if sw_nsi:
if sw_nsi != nsi:
exsh.clicmd('create log message \"Error: new device on port {}. VLAN {}
already exists and is associated to a different NSI value!\"'.format(port, vid))
break
else:
exsh.clicmd('config vlan {} add port {} {}'.format(vid, port, tag))
else:
exsh.clicmd('config vlan {} add nsi {}'.format(vid, nsi))
exsh.clicmd('config vlan {} add port {} {}'.format(vid, port, tag))
else:
exsh.clicmd('create vlan {}'.format(vid))
exsh.clicmd('config vlan {} add nsi {}'.format(vid, nsi))
exsh.clicmd('config vlan {} add port {} {}'.format(vid, port, tag))

if __name__ == '__main__':
try:
main()
except SystemExit:
pass

remove-vlan.py:

import sys
import exsh
import json

def remove_vlan(port):

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 43

reply = exsh.clicmd('debug cfgmgr show next vlan.show_ports_info_detail_vlans port={port}


vlanIfInstance=None'.format(port=port), capture=True)
reply_json = json.loads(str(reply))
data = reply_json.get('data')
if data:
for row in data:
vlan = row.get("vlanId")
if vlan:
exsh.clicmd('config vlan {} del port {}'.format(vlan, port))

def main():
port = sys.argv[1]

remove_vlan(port)

if __name__ == '__main__':
try:
main()
except SystemExit:
pass

Below is the necessary UPM configuration to trigger the python scripts. We are limiting UPM on
ports 15 to 20 of the switch.

* (Demo) X440G2-24p-10G4.1 # create upm profile ezfa


Start typing the profile and end with a . as the first and the only character
on a line.
Use - edit upm profile <name> - for block mode capability
run script ezfa.py $EVENT.USER_PORT $EVENT.DEVICE_MAC
.
* (Demo) X440G2-24p-10G4.2 # create upm profile cleanport
Start typing the profile and end with a . as the first and the only character
on a line.
Use - edit upm profile <name> - for block mode capability
run script remove-vlan.py $EVENT.USER_PORT
.
* (Demo) X440G2-24p-10G4.3 # configure upm event device-detect profile ezfa
ports 15-20
* (Demo) X440G2-24p-10G4.4 # configure upm event device-undetect profile
cleanport ports 15-20

We are connecting a device (a Cisco C2960) to port 19 on the X440-G2. The X440-G2 is acting as
a FA Proxy. The Cisco switch is configured for LLDP and has an IP address of 10.13.37.20/24 in
VLAN 1337. Once connected, we can see UPM has detected it and executed our Python script.

* (Demo) X440G2-24p-10G4.1 # sh log


09/21/2017 18:08:24.32 <Noti:UPM.Msg.upmMsgExshLaunch> Launched profile ezfa for the
event device-detect
09/21/2017 18:08:24.31 <Noti:UPM.Msg.LLDPDevDetected> LLDP Device detected. Mac is
00:1D:71:A9:B1:99, IP is 0.0.0.0, on port 19, device type is 4, max power is 0
09/21/2017 18:07:52.63 <Info:vlan.msgs.portLinkStateUp> Port 19 link UP at speed 100
Mbps and full-duplex

Confidential. Not For Distribution Without Permission. September 19th 2017


Intro to VOSS & Fabric

P a g e | 44

The VLAN has been configured and the new device added to it.

* (Demo) X440G2-24p-10G4.10 # show port 5,19 vlan


Untagged
Port /Tagged VLAN Name(s)
-------- -------- ------------------------------------------------------------
5 Untagged None
Tagged VLAN_1337
19 Untagged VLAN_1337

Reachability is achieved.

* X460G2.1 # ping 10.13.37.20


Ping(ICMP) 10.13.37.20: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.13.37.20: icmp_seq=0 ttl=255 time=4.333 ms
16 bytes from 10.13.37.20: icmp_seq=1 ttl=255 time=0.743 ms
16 bytes from 10.13.37.20: icmp_seq=2 ttl=255 time=0.953 ms
16 bytes from 10.13.37.20: icmp_seq=3 ttl=255 time=0.908 ms

MAC addresses are learnt.

BEB1:1(config)#show vlan mac-address-entry 1337

======================================================================================
Vlan Fdb
======================================================================================
VLAN MAC SMLT
ID STATUS ADDRESS INTERFACE REMOTE TUNNEL
--------------------------------------------------------------------------------------
1337 learned 00:04:96:98:9c:3d Port-1/9 false -
1337 learned 00:1d:71:a9:b1:99 Port-1/11 false BEB2
1337 learned 00:1d:71:a9:b1:c2 Port-1/11 false BEB2

Confidential. Not For Distribution Without Permission. September 19th 2017

You might also like