Add Supplemental CLI

Navigation

Navigate using the tab icons. Hover over an icon to see the name of the tab.

Configure > Network Policies > policy_name  > Additional Settings > Policy Settings > Supplemental CLI

or

Configure  > Common Objects > Basic > Supplemental CLI Objects > Add

Note

To configure Supplemental CLI, you must first enable it from Administration > VHM Management.

About Supplemental CLI

The Supplemental CLI tool can save time by allowing you to update configuration changes to a few devices or hundreds of devices simultaneously. Enter CLI commands pn an ExtremeCloud IQ UI window and then save the commands as a Supplemental CLI object to include as part of the network policy. When you perform a network policy update, the CLI commands contained in the object can be appended to the running configuration of your selected devices. ExtremeCloud IQ keeps saved common objects, including Supplemental CLI objects, for you to reuse at any time.

Note

There are two other ways to apply CLI commands to devices. You can issue CLI commands to a device using a cable connected to the Console port of the device, or you use the CLI access feature in ExtremeCloud IQ. To use this feature, select the device from the Device List (Manage > Devices) , and select Actions > Advanced > CLI Access. Issue CLI commands to connected devices using the dialog box.

Update Devices Using the Supplemental CLI Tool

You must first enable the feature to enter CLI commands on this page. You can then select, modify, or delete existing Supplemental CLI objects using the drop-down list , next to Re-use Supplemental CLI Settings. When you are finished, you can update your devices. Use the following procedure.

Enter the following information, and then select Next (or Save to upload at another time). Select devices, and select Upload. A delta configuration update is performed by default.

Dell EMC Supplemental CLI Usage

If you use the Supplemental CLI tool to upload CLI commands to Dell EMC switches, then you need to enter the CLI commands, "enable", and "config" in the beginning of a sequence of CLI commands. Here is an example:

enable

config

vlan 2-10

exit

interface vlan 2

ip address 10.2.1.1 255.255.255.0

exit

Note

Do not use Supplemental CLI to change passwords. ExtremeCloud IQ sends Supplemental CLI commands directly to the device and does not track the configuration changes. Changing a password here results in an unsuccessful configuration upload, despite apparent success (no error results). In addition, subsequent configuration uploads will be unsuccessful until the password is rolled back or is changed in the ExtremeCloud IQ GUI.To change device credentials, navigate to Manage > Devices > device_name > Device Credentials, make the change, and then select Save.To change the enable password, navigate to Manage > Devices, select the device, select Utilities > Privileged Mode, enable Password Enable, enter the password, and then select Save.

Configure Supplemental CLI in Several Locations

In addition to updating devices using Supplemental CLI in the Additional Settings section, you can add new objects, modify existing ones, or delete them in several other locations. These include Common Objects, Device Configuration, and Modify (Multiple): Device Configuration pages. Before the tool is visible in ExtremeCloud IQ, you must first enable the Supplemental CLI feature in  admin_name > Global Settings > Administration > VHM Management.

VHM Management

Supplemental CLI

Device Settings

Multiple Device Settings

Configure Supplemental CLI Details

You can manage Supplemental CLI objects in several places in ExtremeCloud IQ. At the network policy level, you can include a Supplemental CLI object in Additional settings. After you update your devices, the CLI commands contained in the Supplemental CLI object are appended to the end of the running configuration of the device.

At the device-level, you can include or exclude a Supplemental CLI object from the network policy when you perform a configuration update of your devices.

To exclude a Supplemental CLI object from a network policy, select Override Supplemental CLI in the network policy. This allows the network policy to override Supplemental CLI objects set for a device. This is the default setting.

You can also keep a Supplemental CLI object in the network policy and, at the device-level, append an additional Supplemental CLI object from a list of existing objects or create a new one. Select Keep Supplemental CLI in the network policy and append below at end. New CLI objects are appended without overriding previous objects.

These options are not available for switches.

Note

While it is possible to select "blank" in the list this has no effect. You cannot select Keep Supplemental CLI in the network policy and append below at end and select "blank" to prevent Supplemental CLI objects from being updated to the AP.

You can also enter CLI commands in Modify (Multiple): Device Configuration. Here you have the additional option of selecting [-No Change-], which keeps Supplemental CLI objects for selected multiple devices unchanged when you perform a device update.

Note

The Supplemental CLI feature only recognizes the list of CLI commands contained in the IQ Engine versions supported by ExtremeCloud IQ. Unsupported CLI commands are ignored.

Precaution and Use Cases

Extreme Networks has designed the Supplemental CLI tool for network administrators that have experience using CLI commands. If you are not completely familiar with the commands that you intend to update to devices, the best practice recommendation is that you become familiar with this tool and the appropriate CLI commands on a test network first.

Use Case: MAC Address Bypass

Perform the following tasks to configure MAC Address Bypass, also referred to as a captive web portal whitelist:

Define the MAC Address Object

Enter this command syntax to create a MAC whitelist object with a single MAC address or a range of addresses:

Enter this command to create a MAC whitelist object containing a single MAC address:

To create a single MAC whitelist object containing a range of MAC addresses, enter the following:

Note

You can configure a maximum of 128 MAC objects, with each MAC object containing up to 255 MAC address entries.

Enable MAC Address Bypass for Specific Security Objects

Enter this command to enable this feature for a specific security object:

For example, to specify an SSID, enter:

Note

If you have previously created an SSID profile in ExtremeCloud IQ, the security object, or <string> name, must be the same as the SSID name, in this case, vendor.

Pair MAC and Security Objects

Once this feature is enabled, you must pair the bypass-cwp security object to the MAC object that contains the specific MAC addresses that can bypass the captive web portal.

Enter this command to create a MAC object is:

For example:

Each security-object can have up to eight different MAC objects associated to a specific mac-white-list.

For example, to bind the vendor SSID eight MAC objects, enter the following:

You can add up to eight different MAC objects to a single mac-white-list. If you attempt to add more than eight objects, the following error message appears:

View Paired Objects

Enter this command to see all of the paired MAC objects for a specific security object:

For example, assuming the object above exists, you can enter the following to view them: