Introduction to the ExtremeXOS User Guide
- Conventions
- Related Publications
- Providing Feedback to Us
- Getting Help
Getting Started
- Product Overview
- Software Required
- Simple Switch Configuration with Chalet
- Switch Configuration Using VLAN ID (VID)
- Zero Touch Provisioning (Auto Configuration)
  - Auto-provisioning Process
  - Auto-provisioning Configuration
- Logging in to the Switch
- Understanding the Command Syntax
- Port Numbering
  - Stand-alone Switch Numerical Ranges
  - SummitStack Numerical Ranges
- Line-Editing Keys
- Viewing Command History
- Common Commands
- Using Safe Defaults Mode
- Configuring Management Access
- Managing Passwords
- Accessing an Active Node in a SummitStack
- Domain Name Service Client Services
- Checking Basic Connectivity
  - Ping
  - Traceroute
- Displaying Switch Information
  - Filtering the Output of Show Commands
Managing the Switch
- ExtremeXOS Switch Management Overview
- Understanding the ExtremeXOS Shell
- Using the Console Interface
- Using the 10/100 or 10/100/1000 Ethernet Management Port
- Using NetSight or Ridgeline to Manage the Network
- Authenticating Users
- Using Telnet
- Using Secure Shell 2
  - Access Profile Logging for SSH2
- Using the Trivial File Transfer Protocol
  - TFTP Block-size Configuration
  - Connecting to Another Host Using TFTP
- Understanding System Redundancy
- Understanding Hitless Failover Support
  - Protocol Support for Hitless Failover
  - Hitless Failover Caveats
    - Caveats for a SummitStack
- Understanding Power Supply Management
- Using the Network Time Protocol
- Using the Simple Network Management Protocol
- Using the Simple Network Time Protocol
  - Configuring and Using SNTP
    - GMT Offsets
  - SNTP Example
- Access Profile Logging for HTTP/HTTPS
Managing the ExtremeXOS Software
- Using the ExtremeXOS File System
- Managing the Configuration File
- Managing ExtremeXOS Processes
- Understanding Memory Protection
Configuring Stacked Switches
- Introduction to Stacking
- Preparing to Configure a Stack
- Configuring a Stack
  - Manually Configuring a Stack
  - Verifying the Configuration
- Managing an Operating Stack
- Changing the Stack Configuration
- Troubleshooting a Stack
Configuring Slots and Ports on a Switch
- Configuring Ports on a Switch
- Using the Precision Time Protocol
- DWDM Optics Support
- Jumbo Frames
- Link Aggregation on the Switch
- MLAG
- Mirroring
- Remote Mirroring
- Extreme Discovery Protocol
- EXOS Cisco Discovery Protocol
  - EXOS CDP Support
  - EXOS CDP Protocol Operations
- Software-Controlled Redundant Port and Smart Redundancy
- Configuring Automatic Failover for Combination Ports
  - Summit Family Switches with Shared Copper/Fiber Gigabit Ports Only
- Displaying Port Information
- EXOS Port Description String
  - Configure Port decription-string
- Port Isolation
  - Configuring Port Isolation
- Energy Efficient Ethernet
  - Configuring Energy Efficient Ethernet
Universal Port
- Profile Types
  - Static Profiles
  - Dynamic Profiles
- Dynamic Profile Trigger Types
- How Device-detect Profiles Work
- How User Authentication Profiles Work
- Profile Configuration Guidelines
- Collecting Information from Supplicants
- Supplicant Configuration Parameters
- Universal Port Configuration Overview
- Using Universal Port in an LDAP or Active Directory Environment
- Configuring Universal Port Profiles and Triggers
- Managing Profiles and Triggers
- Sample Universal Port Configurations
Using CLI Scripting
- Setting Up Scripts
- Displaying CLI Scripting Information
- CLI Scripting Examples
LLDP Overview
- Supported Advertisements (TLVs)
- LLDP Packets
- Transmitting LLDP Messages
- Receiving LLDP Messages
- LLDP Management
- Configuring and Managing LLDP
- Displaying LLDP Information
  - Displaying LLDP Port Configuration Information and Statistics
  - Display LLDP Information Collected from Neighbors
OAM
- CFM
- Y.1731—Compliant Performance Monitoring
- Y.1731 MIB Support
- EFM OAM—Unidirectional Link Fault Management
  - Unidirectional Link Fault Management
  - Configuring Unidirectional Link Fault Management
- Two-Way Active Measurement Protocol
  - TWAMP-Test Protocol
- Bidirectional Forwarding Detection (BFD)
PoE
- Extreme Networks PoE Devices
- Summary of PoE Features
- Power Delivery
- Configuring PoE
- Displaying PoE Settings and Statistics
Status Monitoring and Statistics
- Viewing Port Statistics
- Viewing Port Errors
- Using the Port Monitoring Display Keys
- Viewing VLAN Statistics
  - Summit Family Switches Only
    - Configuring VLAN Statistics
    - Guidelines and Limitations
- Performing Switch Diagnostics
- Using the System Health Checker
  - Understanding the System Health Checker
    - Summit Family Switches
  - Displaying the System Health Check Setting--All Platforms
- Using ELSM
- Viewing Fan Information
- Viewing the System Temperature
  - System Temperature Output
    - SummitStack
    - Summit Family Switches Only
- Using the Event Management System/Logging
- Using the XML Notification Client
- Using sFlow
- Using RMON
- Monitoring CPU Utilization
VLANs
- VLANs Overview
- Configuring VLANs on the Switch
- Displaying VLAN Information
- Private VLANs
- VLAN Translation
- Port-Specific VLAN Tag
  - Port-Specific Tags in L2VPN
  - Configuring Port-Specific VLAN Tags
VMAN (PBN)
- VMAN Overview
- VMAN Configuration Options and Features
- Configuration
  - Configuring VMANs (PBNs)
    - Guidelines for Configuring VMANs
    - Procedure for Configuring VMANs
  - Configuring VMAN Options
    - Configuring the Ethertype for VMAN Ports
    - Selecting the Tag used for Egress Queue Selection
- Displaying Information
  - Displaying VMAN Information
- Configuration Examples
  - VMAN CEP Example
  - Multiple VMAN Ethertype Example
FDB
- FDB Contents
- How FDB Entries Get Added
- How FDB Entries Age Out
- FDB Entry Types
- Managing the FDB
- Displaying FDB Entries and Statistics
  - Display FDB Entries
  - Display FDB Statistics
- MAC-Based Security
- Managing MAC Address Tracking
Data Center Solutions
- Data Center Overview
- Managing the DCBX Feature
- Managing the XNV Feature, VM Tracking
- Managing Direct Attach to Support VEPA
- Managing the FIP Snooping Feature
AVB
- Overview
- AVB Feature Pack License
- Configuring and Managing AVB
  - MRP/MSRP LAG Support
  - gPTP LAG Support
- Displaying AVB Information
Layer 2 Tunneling and Filtering
- Layer 2 Protocol Tunneling
- Protocol Tunneling
  - Implementing L2PT in EXOS
- Protocol Filtering
  - Implementing Protocol Filtering in EXOS
  - Protocol Filters
- L2PT Limitations
Virtual Routers
- Overview of Virtual Routers
  - Types of Virtual Routers
  - VR Configuration Context
- Managing Virtual Routers
- Virtual Router Configuration Example
Policy Manager
- Policy Manager and Policies Overview
- Creating and Editing Policies
- Applying Policies
  - Applying ACL Policies
  - Applying Routing Policies
ACLs
- ACLs Overview
- ACL Two-Stage Policy
  - Feature Description
  - Two-Stage Policy Example
- ACL Rule Syntax
- Layer-2 Protocol Tunneling ACLs
- ACL Byte Counters
- Dynamic ACLs
- CVID ACL Match Criteria
- CCOS ACL Match Criteria
- ACL Evaluation Precedence
  - Precedence
- Applying ACL Policy Files
  - Displaying and Clearing ACL Counters
  - Example ACL Rule Entries
- ACL Mechanisms
  - ACL Slices and Rules
  - ACL Counters-Shared and Dedicated
- Policy-Based Routing
- ACL Troubleshooting
Routing Policies
- Routing Policies Overview
- Routing Policy File Syntax
- Applying Routing Policies
- Policy Examples
  - Translating an Access Profile to a Policy
  - Translating a Route Map to a Policy
Quality of Service
- Applications and Types of QoS
- Traffic Groups
- Introduction to Rate Limiting, Rate Shaping, and Scheduling
- Introduction to WRED
- Meters
- QoS Profiles
- Class of Service (CoS)
- Configuring QoS
- Displaying QoS Configuration and Performance
  - Displaying Traffic Group Configuration Data
  - Displaying Performance Statistics
    - Displaying QoS Profile Traffic Statistics
    - Displaying Congestion Statistics
Network Login
- Network Login Overview
- Configuring Network Login
- Authenticating Users
- Local Database Authentication
- 802.1X Authentication
- Web-Based Authentication
- MAC-Based Authentication
- Additional Network Login Configuration Details
ONEPolicy
- ONEPolicy Overview
  - Policy and Lowest Common Denominator Stacking
- Implementing Policy
- NetSight Policy Manager
- Roles in a Secure Network
- The Policy Role
- Policy Roles
- VLAN to Policy Mapping
- Applying Policy Using the RADIUS Response Attributes
- Classification Rules
- Standard and Enhanced Policy Considerations
- Configuring Policy
- Policy Configuration Example
- Terms and Definitions
VXLAN
- VXLAN Overview
- Unicast and Multicast VXLAN
- Virtual Network Flood Modes
  - Flood Mode Standard
  - Flood Mode Explicit
- OSPFv2 VXLAN Extensions
- VXLAN Learning
  - Dynamic Learning
- Load Balancing
- Quality of Service
- Redundant Access
  - MLAG
- Statistics
- Configuring Local Endpoints
- Configuration Samples
Identity Management
- Identity Management Overview
- Identity Management Feature Limitations
- Configuring Identity Management
- Managing the Identity Management Feature
- Displaying Identity Management Information
Security
- Security Features Overview
- Safe Defaults Mode
- MAC Security
  - MAC Locking
  - Limiting Dynamic MAC Addresses
  - MAC Address Lockdown
  - MAC Address Lockdown with Timeout
- DHCP Server
  - Enabling and Disabling DHCP
  - Configuring the DHCP Server
  - Displaying DHCP Information
- IP Security
  - DHCP Snooping and Trusted DHCP Server
  - Source IP Lockdown
  - ARP Learning
  - Gratuitous ARP Protection
    - Configuring Gratuitous ARP
    - Displaying Gratuitous ARP Information
  - ARP Validation
    - Configuring ARP Validation
    - Displaying ARP Validation Information
- Denial of Service Protection
  - Configuring Simulated Denial of Service Protection
  - Configuring Denial of Service Protection
    - Configuring Trusted Ports
    - Displaying DoS Protection Settings
  - Protocol Anomaly Protection
  - Flood Rate Limitation
- Authenticating Management Sessions Through a TACACS+ Server
  - Configuring the TACACS+ Client for Authentication and Authorization
  - Configuring the TACACS+ Client for Accounting
- Authenticating Management Sessions Through a RADIUS Server
  - How Extreme Switches Work with RADIUS Servers
  - Configuration Overview for Authenticating Management Sessions
- Authenticating Network Login Users Through a RADIUS Server
  - Differences Between Network Login Authentication and Management Session Authentication
  - Configuration Overview for Authenticating Network Login Users
- Authentication
  - Authentication Retransmission Algorithm
- Accounting
  - Accounting Retransmission Algorithm
- Authentication NMS Realm
- Per Realm Authentication Enable/Disable
- Supported RADIUS Attributes
- Configuring the RADIUS Client
  - Configuring the RADIUS Client for Authentication and Authorization
  - Configuring the RADIUS Client for Accounting
- RADIUS Server Configuration Guidelines
  - Configuring User Authentication (Users File)
  - Configuring the Dictionary File
  - Additional RADIUS Configuration Examples
  - Implementation Notes for Specific RADIUS Servers
  - Setting Up Open LDAP
- Configuring a Windows 7/Windows 8 Supplicant for 802.1X Authentication
- Hypertext Transfer Protocol
- Secure Shell 2
  - Enabling SSH2 for Inbound Switch Access
  - Viewing SSH2 Information
  - Using ACLs to Control SSH2 Access
    - Sample SSH2 Policies
    - Configuring SSH2 to Use ACL Policies
  - Using SCP2 from an External SSH2 Client
  - Understanding the SSH2 Client Functions on the Switch
    - SSH/SCP Client Upgrade Limitations
  - Using SFTP from an External SSH2 Client
  - SSH Server Overview
    - Understanding SSH Server
- Secure Socket Layer
  - Enabling and Disabling SSL
  - Creating Certificates and Private Keys
  - Displaying SSL Information
CLEAR-Flow
- CLEAR-Flow Overview
- Configuring CLEAR-Flow
- Displaying CLEAR-Flow Configuration and Activity
- Adding CLEAR-Flow Rules to ACLs
- CLEAR-Flow Rule Examples
EAPS
- EAPS Protocol Overview
- Configuring EAPS
- Displaying EAPS Information
- Configuration Examples
ERPS
- ERPS Overview
- Supported ERPS Features
- G.8032 Version 2
- Configuring ERPS
  - ERPS Version 1 Commands
  - ERPS Version 2 Commands
- Sample Configuration
- Debugging ERPS
- ERPS Feature Limitations
STP
- Spanning Tree Protocol Overview
- Span Tree Domains
- STP Configurations
- Per VLAN Spanning Tree
  - STPD VLAN Mapping
  - Native VLAN
- Rapid Spanning Tree Protocol
  - RSTP Concepts
  - RSTP Operation
- Multiple Spanning Tree Protocol
  - MSTP Concepts
  - MSTP Operation
- STP and Network Login
- STP Rules and Restrictions
- Configure STP on the Switch
  - STP FDB Flush Criteria
- Display STP Settings
- STP Configuration Examples
ESRP
- ESRP Overview
- Configuring ESRP
- Operation with Other ExtremeXOS Features
- Advanced ESRP Features
- Display ESRP Information
- ESRP Configuration Examples
VRRP
- VRRP Overview
- Configuring VRRP
- Managing VRRP
  - Enabling and Disabling VRRP and VRRP Router Instances
  - Clearing VRRP Counters
- Displaying VRRP Information
- VRRP Configuration Examples
MPLS
- MPLS Overview
- Configuring MPLS
- Displaying MPLS Configuration Information
- MPLS Configuration Example
- Configuring MPLS Layer-2 VPNs (VPLS and VPWS)
- VPLS VPN Configuration Examples
- Configuring H-VPLS
- Configuring Protected VPLS
- Configuring RSVP-TE
- RSVP-TE Configuration Example
- Troubleshooting MPLS
IPv4 Unicast Routing
- IPv4 Unicast Overview
- Configuring Unicast Routing
- Displaying the Routing Configuration and Statistics
- Routing Configuration Example
- Duplicate Address Detection
- Proxy ARP
  - ARP-Incapable Devices
  - Proxy ARP Between Subnets
- IPv4 Multinetting
- DHCP/BOOTP Relay
- DHCP Smart Relay
- Broadcast UDP Packet Forwarding
  - Configuring UDP Forwarding
  - Configuring UDP Echo Server Support
- IP Broadcast Handling
  - IP Broadcast Handling Overview
- VLAN Aggregation
IPv6 Unicast Routing
- IPv6 Unicast Overview
- Neighbor Discovery Protocol
- Managing Duplicate Address Detection
- Managing IPv6 Unicast Routing
- IPv6 ECMP and 32-Way ECMP
- DHCPv6 Relay Remote-ID Option
- DHCPv6 Relay Agent Prefix Delegation
  - Relay Agent Behavior in Prefix Delegation
- DHCPv6 Client
- Configuring DHCPv6 BOOTP Relay
- Configure Route Compression
- Hardware Forwarding Behavior
  - Hardware Forwarding Limitations
  - Hardware Tunnel Support
- Routing Configuration Example
- Tunnel Configuration Examples
RIP
- IGPs Overview
  - RIP Versus OSPF and IS-IS
  - Advantages of RIP, OSPF, and IS-IS
- Overview of RIP
- Route Redistribution
  - Configuring Route Redistribution
    - Redistribute Routes into RIP
- RIP Configuration Example
RIPng
- RIPng Overview
  - RIPng versus OSPFv3 and IS-IS
  - Advantages of RIPng, OSPFv3, and IS-IS
- RIPng Routing
- Route Redistribution
  - Configuring Route Redistribution
    - Redistributing Routes into RIPng
- RIPng Configuration Example
OSPF
- OSPF Overview
- Route Redistribution
- Configuring OSPF
  - Configuring OSPF Wait Interval
  - OSPF Wait Interval Parameters
- OSPF Configuration Example
  - Configuration for ABR 1
  - Configuration for IR 1
- Displaying OSPF Settings
OSPFv3
- OSPFv3 Overview
IS-IS
- IS-IS Overview
- Route Redistribution
  - Configuring Route Redistribution
- Configuring IS-IS
- Displaying IS-IS Information
- Managing IS-IS
- Configuration Example
BGP
- BGP Overview
- Configuring BGP
- Managing BGP
- Displaying BGP Information
- Configuration Examples
Layer 3 Virtual Private Network
- Overview of Layer 3 VPN
- Overview of BGP/MPLS Network
- Overlapping Customer Address Spaces
- Multi-protocol BGP Extension
- Multiple Forwarding Tables
- Quality of Service in BGP/MPLS VPN
- Virtual Routing and Forwarding Instances
- L3VPN Configuration Example
Multicast Routing and Switching
- Multicast Routing Overview
- Multicast Table Management
- PIM Overview
- IGMP Overview
- Configuring EAPS Support for Multicast Traffic
- Configuring IP Multicast Routing
- Multicast VLAN Registration
- Displaying Multicast Information
- Troubleshooting PIM
  - Multicast Trace Tool
  - Multicast Router Information Tool
IPv6 Multicast
- Multicast Listener Discovery (MLD) Overview
- Managing MLD
MSDP
- MSDP Overview
  - Supported Platforms
  - Limitations
- PIM Border Configuration
- MSDP Peers
- MSDP Mesh-Groups
- Anycast RP
- SA Cache
  - Maximum SA Cache Entry Limit
- SNMP MIBs
Software Upgrade and Boot Options
- ExtremeXOS Upgrade Process
- Installing a Modular Software Package
  - Upgrading a Modular Software Package
- Configuration Changes
- Using TFTP to Upload the Configuration
- Using TFTP to Download the Configuration
- Synchronizing Nodes
  - Automatic Synchronization of Configuration Files
- Accessing the Bootloader
- Upgrading the BootROM
  - Summit Family Switches and SummitStack Only
    - Accessing the Bootstrap CLI on the Summit Family Switches
- Upgrading the Firmware (ExtremeSwitching X440-G2 and X620 Series Switches Only)
- Displaying the BootROM and Firmware Versions
Troubleshooting
- Troubleshooting Checklists
  - Layer 1
  - Layer 2
  - Layer 3
- LEDs
- Using the Command Line Interface
- Using ELRP to Perform Loop Tests
- Debug Mode
- Saving Debug Information
- Evaluation Precedence for ACLs
- TOP Command
- TFTP Server Requirements
- System Odometer
  - Monitored Components
  - Recorded Statistics
- Temperature Operating Range
- Understanding the Error Reading Diagnostics Message
- Proactive Tech Support
- Service Verification Test Tool
  - Configuring the Service Verification Test Tool
Supported Standards, Protocols, and MIBs
Extreme Networks Proprietary MIBs
- EXTREME ACL MIB
- ExtremeXOS Configuration Management Enhancements
- ENTERASYS-VLAN-AUTHORIZATION-MIB
- EXTREME-MAC-AUTH-MIB
- EXTREME-AUTOPROVISION-MIB
- EXTREME-CFM-MIB
- EXTREME-CLEARFLOW-MIB
- EXTREME-EAPS-MIB
- EXTREME-EDP-MIB
- EXTREME-ENTITY-MIB
- EXTREME-ERPS-MIB
- EXTREME-ESRP-MIB
- EXTREME-FDB-MIB
- EXTREME-MPLS-MIB
- EXTREME-MPLS-TE-MIB
- EXTREME-OSPF-MIB
- EXTREME-PoE-MIB
- EXTREME-PORT-MIB
- Pseudowire LSP Sharing MIB
- EXTREME-QOS-MIB
- EXTREME-RMON-MIB
- EXTREME-PVLAN-MIB
- EXTREME-SNMPv3-MIB
- EXTREME-STP-EXTENSIONS-MIB
- EXTREME-STPNOTIFICATIONS-MIB
- EXTREME-SYSTEM-MIB
- EXTREME-TRAP-MIB
- EXTREME-TRAPPOLL-MIB
- EXTREME-V2TRAP-MIB
- EXTREME-VLAN-MIB
- EXTREME-VM-MIB
MIB Support Details
- IEEE 802.1AB (LLDP-MIB)
- IEEE 802.1AB (LLDP-EXT-DOT1-MIB)
- IEEE 802.1AB (LLDP-EXT-DOT3-MIB)
- IEEE 802.1AG (CFM MIB)
- IEEE8021-PAE-MIB
- IEEE8021X-EXTENSIONS-MIB
- ISIS-MIB (draft-ietf-isis-wg-mib-10.txt)
- PIM-MIB (draft-ietf-pim-mib-v2-01.txt)
- SNMPv3 MIBs
- RFC 1213 (MIB-II)
- RFC 1215
- RFC 1493 (BRIDGE-MIB) and draft-ietf-bridge-rstpmib-03.txt
- RFC 4363 (Q-BRIDGE-MIB)
- RFC 1724 (RIPv2-MIB)
- RFC 1757 (RMON-MIB)
- RFC 1850 (OSPF-MIB)
- RFC 2021 (RMON2-MIB)
- RFC 2233 (IF-MIB)
- RFC 2465 (IPV6 MIB)
- RFC 2466 (IPV6 ICMP MIB)
- RFC 2613 (SMON)
- RFC 2665 (EtherLike-MIB)
- R_RFC 2668 (MAU-MIB)
- RFC 6933 (ENTITY-MIB)
- RFC 2787 (VRRP-MIB)
- RFC 3621 (PoE-MIB)
- RFC 5601 (PW-STD-MIB)
- RFC 5602 (PW-MPLS-STD-MIB)
- RFC 5603 (PW-ENET-STD-MIB)
- VPLS-MIB (draft-ietf-l2vpn-vpls-mib-02.txt)

Implementing Policy

To implement policy:

Identify the roles of users and devices in your organization that access the network.
Create a policy role for each identified user role.
Associate classification rules and administrative profiles with each policy role.
Optionally, configure a class of service and associate it directly with the policy role or through a classification rule.
Optionally, enable hybrid authentication, which allows RADIUS filter-ID and tunnel attributes to be used to dynamically assign policy roles and VLANs to authenticating users.
Optionally, set device response to invalid policy.

Published March 1, 2020prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback