Introduction to the ExtremeXOS User Guide
- Conventions
- Related Publications
- Providing Feedback to Us
- Getting Help
Getting Started
- Product Overview
- Software Required
- Simple Switch Configuration with Chalet
- Switch Configuration Using VLAN ID (VID)
- Zero Touch Provisioning (Auto Configuration)
  - Auto-provisioning Process
  - Auto-provisioning Configuration
- Cloning Switches
  - Using Clone.py
  - Cloning within a Stack
  - Cloning Standalone to Standalone
  - Cloning from Standalone to a Stack
  - Copying One Switch's Configuration to Another Switch Using USB Zero Touch Provisioning (ZTP)
- Logging in to the Switch
- Understanding the Command Syntax
  - Using the CLI
  - Syntax Helper
    - CLI File Name Completion
  - Object Names
    - Reserved Keywords
  - Abbreviated Syntax
  - Command Shortcuts
  - Command Aliases
  - Symbols
- Port Numbering
  - Stand-alone Switch Numerical Ranges
  - SummitStack Numerical Ranges
- Line-Editing Keys
- Viewing Command History (Journal)
- Common Commands
- Using Safe Defaults Mode
- Configuring Management Access
  - Account Access Levels
  - Configure Banners
  - Startup Screen and Prompt Text
  - Default Accounts
  - Creating Management Accounts
  - Authenticating Management Sessions through the Local Database
  - Failsafe Accounts
  - Accessing the Switch using Failsafe Account
- Managing Passwords
  - Applying a Password to the Default Account
  - Applying Security to Passwords
    - Hash Algorithm for Account Passwords
    - Removal of Cleartext Passwords
  - Timed Lockout
  - Displaying Passwords
- Accessing an Active Node in a SummitStack
- Domain Name Service Client Services
- Checking Basic Connectivity
  - Ping
  - Traceroute
- Displaying Switch Information
- Filtering the Output of Show Commands
Managing the Switch
- ExtremeXOS Switch Management Overview
- Understanding the ExtremeXOS Shell
- Using the Console Interface
- Using the 10/100 or 10/100/1000 Ethernet Management Port
- Using Extreme Management Center or Ridgeline to Manage the Network
- Authenticating Users
- Using Telnet
- Using Secure Shell 2
  - Access Profile Logging for SSH2
- Using the Trivial File Transfer Protocol
  - TFTP Block-size Configuration
  - Connecting to Another Host Using TFTP
- Understanding System Redundancy
- Understanding Hitless Failover Support
  - Protocol Support for Hitless Failover
  - Hitless Failover Caveats
    - Caveats for a SummitStack
- Understanding Power Supply Management
- Using the Network Time Protocol
- Using the Simple Network Management Protocol
- Using the Simple Network Time Protocol
  - Configuring and Using SNTP
    - GMT Offsets
  - SNTP Example
- Access Profile Logging for HTTP/HTTPS
Managing the ExtremeXOS Software
- Using the ExtremeXOS File System
- Managing the Configuration File
- Managing ExtremeXOS Processes
- Understanding Memory Protection
Configuring Stacked Switches
- Introduction to Stacking
- Preparing to Configure a Stack
- Configuring a Stack
  - Manually Configuring a Stack
  - Verifying the Configuration
- Managing an Operational Stack
- Changing the Stack Configuration
- Troubleshooting a Stack
Configuring Slots and Ports on a Switch
- Configuring Ports on a Switch
- Using the Precision Time Protocol
- DWDM Optics Support
- Jumbo Frames
- Link Aggregation on the Switch
- MLAG
- Mirroring
- Remote Mirroring
- Extreme Discovery Protocol
- ExtremeXOS Cisco Discovery Protocol
  - EXOS CDP Support
  - EXOS CDP Protocol Operations
- Software-Controlled Redundant Port and Smart Redundancy
- Configuring Automatic Failover for Combination Ports
  - Summit Family Switches with Shared Copper/Fiber Gigabit Ports Only
- Displaying Port Information
- ExtremeXOS Port Description String
  - Configure Port decription-string
- Port Isolation
  - Configuring Port Isolation
- Energy Efficient Ethernet
  - Configuring Energy Efficient Ethernet
- Node Alias
  - Node Alias Overview
  - Configuring Node Alias
- Using Locally Administered MAC Addresses
- Enabling/Disabling the USB Port
Extended Edge Switching
- Extended Edge Switching Overview
- Supported Bridge Port Extender Models
- Supported Platforms
- Bridge Port Extender General Limitations
- ExtremeXOS Feature Compatibility with V400 Virtual Port Extenders
- Using VPEX Bridge Port Extenders
- Configuration Examples
- Upgrading the Controlling Bridge and Bridge Ports Extenders
BGP Auto-peering
- Auto-peering Introduction
- BGP Auto-peering Feature Description
- IP Multicast Forwarding (PIM-DM)
- External Router Support
- BGP Auto-peering Plug-and-Play Redundancy
  - AutoBGP LAG Active/Standby Mode
- Routing through the Underlay (VXLAN and AutoBGP Networks)
- EVPN and VRF Support
  - Asymmetric Routing
- Supported Platforms
- BGP Auto-peering Feature Limitations
- Configuring BGP Auto-peering
- BGP Auto-peering Examples
  - BGP Auto-pering Simple Leaf/Spine Example
  - BGP Auto-peering Leaf/Spine with VXLAN Example
Universal Port
- Profile Types
  - Static Profiles
  - Dynamic Profiles
- Dynamic Profile Trigger Types
- How Device-detect Profiles Work
- How User Authentication Profiles Work
- Profile Configuration Guidelines
- Collecting Information from Supplicants
- Supplicant Configuration Parameters
- Universal Port Configuration Overview
- Using Universal Port in an LDAP or Active Directory Environment
- Configuring Universal Port Profiles and Triggers
- Managing Profiles and Triggers
- Sample Universal Port Configurations
Using CLI Scripting
- Setting Up Scripts
- Displaying CLI Scripting Information
- CLI Scripting Examples
LLDP Overview
- Supported Advertisements (TLVs)
- LLDP Packets
- Transmitting LLDP Messages
- Receiving LLDP Messages
- LLDP Management
- Configuring and Managing LLDP
- Displaying LLDP Information
  - Displaying LLDP Port Configuration Information and Statistics
  - Display LLDP Information Collected from Neighbors
OAM
- CFM
- Y.1731—Compliant Performance Monitoring
- Y.1731 MIB Support
- EFM OAM—Unidirectional Link Fault Management
  - Unidirectional Link Fault Management
  - Configuring Unidirectional Link Fault Management
- Two-Way Active Measurement Protocol
  - TWAMP-Test Protocol
- Bidirectional Forwarding Detection (BFD)
PoE
- Extreme Networks PoE Devices
- Summary of PoE Features
- Power Delivery
- Configuring PoE
- Displaying PoE Settings and Statistics
Status Monitoring and Statistics
- Viewing Port Statistics
- Viewing Port Errors
- Port Link-Flap Detection
- Using the Port Monitoring Display Keys
- Viewing VLAN Statistics
  - Configuring VLAN Statistics
  - Guidelines and Limitations
- Performing Switch Diagnostics
- Using the System Health Checker
- Using ELSM
- Viewing Fan Information
- Viewing the System Temperature
  - System Temperature Output
    - SummitStack
    - Summit Family Switches Only
- Using the Event Management System/Logging
- Using the XML Notification Client
- Using sFlow
- Using RMON
- Monitoring CPU Utilization
VLANs
- VLANs Overview
- Configuring VLANs on the Switch
- Displaying VLAN Information
- Private VLANs
- VLAN Translation
- Port-Specific VLAN Tag
  - Port-Specific Tags in L2VPN
  - Configuring Port-Specific VLAN Tags
VMAN (PBN)
- VMAN Overview
- VMAN Configuration Options and Features
- Configuration
  - Configuring VMANs (PBNs)
    - Guidelines for Configuring VMANs
    - Procedure for Configuring VMANs
  - Configuring VMAN Options
    - Configuring the Ethertype for VMAN Ports
    - Selecting the Tag used for Egress Queue Selection
- Displaying VMAN Information
- Configuration Examples
  - VMAN CEP Example
  - Multiple VMAN Ethertype Example
FDB
- FDB Contents
- How FDB Entries Get Added
- How FDB Entries Age Out
- FDB Entry Types
- Managing the FDB
- Displaying FDB Entries and Statistics
  - Display FDB Entries
  - Display FDB Statistics
- MAC-Based Security
- Managing MAC Address Tracking
Data Center Solutions
- Data Center Overview
- Managing the DCBX Feature
- Managing the XNV Feature, VM Tracking
- Managing Direct Attach to Support VEPA
AVB
- Overview
- AVB Feature Pack License
- Configuring and Managing AVB
  - MRP/MSRP/MVRP LAG Support
  - gPTP LAG Support
- Displaying AVB Information
Layer 2 Tunneling and Filtering
- Layer 2 Protocol Tunneling
- Protocol Tunneling
  - Implementing L2PT in ExtremeXOS
- Protocol Filtering
  - Implementing Protocol Filtering in ExtremeXOS
  - Protocol Filters
- L2PT Limitations
Virtual Routers
- Overview of Virtual Routers
  - Types of Virtual Routers
  - VR Configuration Context
- Managing Virtual Routers
- Virtual Router Configuration Example
Fabric Attach
- Fabric Attach Overview
  - Fabric Attach Server Versus Proxy Mode
    - Fabric Attach Proxy Mode
    - Fabric Attach Server Mode
  - Network Service Identifier Mappings
    - LLDP
    - RADIUS/Policy/NetLogin
      - Defining VLAN/NSI Mappings with RADIUS Standards Attributes or VSAs
- Configuring Fabric Attach
Policy Manager
- Policy Manager and Policies Overview
- Creating and Editing Policies
- Applying Policies
  - Applying ACL Policies
  - Applying Routing Policies
ACLs
- ACLs Overview
- Two-Stage ACL
  - Feature Description
  - Two-Stage Policy Example
- ACL Rule Syntax
- Layer-2 Protocol Tunneling ACLs
- ACL Byte Counters
- Dynamic ACLs
- CVID ACL Match Criteria
- CCOS ACL Match Criteria
- ACL Evaluation Precedence
  - Precedence
- Applying ACL Policy Files
  - Displaying and Clearing ACL Counters
  - Example ACL Rule Entries
- ACL Mechanisms
  - ACL Slices and Rules
  - ACL Counters-Shared and Dedicated
- Policy-Based Routing
- ACL Troubleshooting
Routing Policies
- Routing Policies Overview
- Routing Policy File Syntax
- Applying Routing Policies
- Policy Examples
  - Translating an Access Profile to a Policy
  - Translating a Route Map to a Policy
Quality of Service
- Applications and Types of QoS
- Traffic Groups
- Introduction to Rate Limiting, Rate Shaping, and Scheduling
- Introduction to WRED
  - Explicit Congestion Notification (ECN)
- Meters
- QoS Profiles
- Class of Service (CoS)
- Configuring QoS
- Displaying QoS Configuration and Performance
  - Displaying Traffic Group Configuration Data
  - Displaying Performance Statistics
    - Displaying QoS Profile Traffic Statistics
    - Displaying Congestion Statistics
Network Login
- Network Login Overview
- Configuring Network Login
- Authenticating Users
- Local Database Authentication
- 802.1X Authentication
- Web-Based Authentication
- MAC-Based Authentication
- Additional Network Login Configuration Details
ONEPolicy
- ONEPolicy Overview
- Policy Roles
- Classification Rules
- Authentication and ONEPolicy
- Configuring Policy
- ONEPolicy Configuration Examples
  - Policy Configuration Example
  - Captive Portal Redirection Example
VXLAN
- VXLAN Overview
- Overlay Routing
- Unicast and Multicast VXLAN
- Virtual Network Flood Modes
  - Flood Mode Standard
  - Flood Mode Explicit
- OSPFv2 VXLAN Extensions
- Multiprotocol Border Gateway Protocol (MBGP) Support for VXLAN
- Address Resolution Protocol (ARP) Learning over Tunnels
- Address Resolution Protocol (ARP) Suppression
- Dynamic Virtual Networks
- VXLAN Learning
  - Dynamic Learning
- Load Balancing
- Quality of Service
- Redundant Access
  - Multi-switch Link Aggregation (MLAG)
- Statistics
- Adding and Deleting Tunnel Terminating Ports
- Configuring Local Endpoints
- Enabling and Disabling Remote Endpoints
- Open vSwitch Database Management Protocol (OVSDB) Overview
- Configuration Samples
Identity Management
- Identity Management Overview
- Identity Management Feature Limitations
- Configuring Identity Management
- Managing the Identity Management Feature
- Displaying Identity Management Information
Security
- Security Features Overview
- Security Mode Overview
  - Secure Mode
  - Federal Information Processing Standards (FIPS) Mode
  - Ciphers and Message Authentication Codes (MACs) Supported by Security Modes
  - Priority with Multiple Security Modes
- Using Safe Defaults Mode
- MAC Security
  - MAC Locking
  - Limiting Dynamic MAC Addresses
  - MAC Address Lockdown
  - MAC Address Lockdown with Timeout
- DHCP Server
  - Enabling and Disabling DHCP
  - Configuring the DHCP Server
  - Displaying DHCP Information
- IP Security
  - DHCP Snooping and Trusted DHCP Server
  - Source IP Lockdown
  - ARP Learning
  - Gratuitous ARP Protection
    - Configuring Gratuitous ARP
    - Displaying Gratuitous ARP Information
  - ARP Validation
    - Configuring ARP Validation
    - Displaying ARP Validation Information
- Denial of Service Protection
  - Configuring Simulated Denial of Service Protection
  - Configuring Denial of Service Protection
    - Configuring Trusted Ports
    - Displaying DoS Protection Settings
  - Protocol Anomaly Protection
  - Flood Rate Limitation
- Authenticating Management Sessions Through a TACACS+ Server
  - Configuring the TACACS+ Client for Authentication and Authorization
  - Configuring the TACACS+ Client for Accounting
- Authenticating Management Sessions Through a RADIUS Server
  - How Extreme Switches Work with RADIUS Servers
  - Configuration Overview for Authenticating Management Sessions
- Authenticating Network Login Users Through a RADIUS Server
  - Differences Between Network Login Authentication and Management Session Authentication
  - Configuration Overview for Authenticating Network Login Users
- Authentication
  - Authentication Retransmission Algorithm
- Accounting
  - Accounting Retransmission Algorithm
- Authentication NMS Realm
- Per Realm Authentication Enable/Disable
- Supported RADIUS Attributes
- Configuring the RADIUS Client
  - Configuring the RADIUS Client for Authentication and Authorization
  - Configuring the RADIUS Client for Accounting
- RADIUS Server Configuration Guidelines
  - Configuring User Authentication (Users File)
  - Configuring the Dictionary File
  - Change-of-Authorization (Dynamic Authorization) Overview
  - Additional RADIUS Configuration Examples
  - Implementation Notes for Specific RADIUS Servers
  - Setting Up Open LDAP
- Configuring a Windows 7/Windows 8 Supplicant for 802.1X Authentication
- Hypertext Transfer Protocol
- Secure Shell 2
  - SSH Server Overview
    - Understanding SSH Server
    - SSH Default Enabled Parameters During Installation
  - Enabling SSH2 for Inbound Switch Access
  - Viewing SSH2 Information
  - Using ACLs to Control SSH2 Access
    - Sample SSH2 Policies
    - Configuring SSH2 to Use ACL Policies
  - Using SCP2 from an External SSH2 Client
  - Understanding the SSH2 Client Functions on the Switch
    - SSH/SCP Client Upgrade Limitations
  - Using SFTP from an External SSH2 Client
  - Disabling Unapproved Crypto Algorithms
    - Disabling Unapproved Crypto Algorithms
    - Configuring Unapproved Crypto Algorithms
    - Enabling/Disabling Ciphers and MACs Configuration Examples
    - Key Exchange Algorithms—Diffie-Hellman
      - Diffie-Hellman Overview
      - Configuring the Diffie-Hellman Minimal Supported Group
      - Diffie-Hellman Minimal Supported Group Configuration Examples
- Secure Socket Layer
  - Enabling and Disabling SSL
  - Creating Self-Signed Certificates and Private Keys
  - Creating Certificate Signing Requests and Private Keys
  - Displaying SSL Information
- Using Public-Key Infrastructure (PKI) in Your Network
  - Setting Up PKI
  - PKI Limitations
CLEAR-Flow
- CLEAR-Flow Overview
- Configuring CLEAR-Flow
- Displaying CLEAR-Flow Configuration and Activity
- Adding CLEAR-Flow Rules to ACLs
- CLEAR-Flow Rule Examples
EAPS
- EAPS Protocol Overview
- Configuring EAPS
- Displaying EAPS Information
- Configuration Examples
ERPS
- ERPS Overview
- Supported ERPS Features
- G.8032 Version 2
- Configuring ERPS
  - ERPS Version 1 Commands
  - ERPS Version 2 Commands
- Sample Configuration
- Debugging ERPS
- ERPS Feature Limitations
STP
- Spanning Tree Protocol Overview
- Span Tree Domains
- STP Configurations
- Per VLAN Spanning Tree
  - STPD VLAN Mapping
  - Native VLAN
- Rapid Spanning Tree Protocol
  - RSTP Concepts
  - RSTP Operation
- Multiple Spanning Tree Protocol
  - MSTP Concepts
  - MSTP Operation
- STP and Network Login
- STP and MLAG
- STP Rules and Restrictions
- Configuring STP on the Switch
  - STP FDB Flush Criteria
- Displaying STP Settings
- STP Configuration Examples
ESRP
- ESRP Overview
- Configuring ESRP
- Operation with Other ExtremeXOS Features
- Advanced ESRP Features
- Display ESRP Information
- ESRP Configuration Examples
VRRP
- VRRP Overview
- Configuring VRRP
- Managing VRRP
  - Enabling and Disabling VRRP and VRRP Router Instances
  - Clearing VRRP Counters
- Displaying VRRP Information
- VRRP Configuration Examples
MPLS
- MPLS Overview
- Configuring MPLS
- Displaying MPLS Configuration Information
- MPLS Configuration Example
- Configuring MPLS Layer-2 VPNs (VPLS and VPWS)
- VPLS VPN Configuration Examples
- Configuring H-VPLS
- Configuring Protected VPLS
- Configuring RSVP-TE
- RSVP-TE Configuration Example
- Troubleshooting MPLS
IPv4 Unicast Routing
- IPv4 Unicast Overview
- Configuring Unicast Routing
- Displaying the Routing Configuration and Statistics
- Routing Configuration Example
- Duplicate Address Detection
- Proxy ARP
- IPv4 Multinetting
- DHCP/BOOTP Relay
- DHCP Smart Relay
- Broadcast UDP Packet Forwarding
  - Configuring UDP Forwarding
  - Configuring UDP Echo Server Support
- IP Broadcast Handling
  - IP Broadcast Handling Overview
- VLAN Aggregation
IPv6 Unicast Routing
- IPv6 Unicast Overview
- Neighbor Discovery Protocol
- Managing Duplicate Address Detection
- Managing IPv6 Unicast Routing
- IPv6 ECMP and 32-Way ECMP
- DHCPv6 Relay Remote-ID Option
- DHCPv6 Relay Agent Prefix Delegation
  - Relay Agent Behavior in Prefix Delegation
- DHCPv6 Client
- Configuring DHCPv6 BOOTP Relay
- Configure Route Compression
- Hardware Forwarding Behavior
  - Hardware Forwarding Limitations
  - Hardware Tunnel Support
- Routing Configuration Example
- Tunnel Configuration Examples
RIP
- IGPs Overview
  - RIP Versus OSPF and IS-IS
  - Advantages of RIP, OSPF, and IS-IS
- Overview of RIP
- Route Redistribution
  - Configuring Route Redistribution
    - Redistribute Routes into RIP
- RIP Configuration Example
RIPng
- RIPng Overview
  - RIPng versus OSPFv3 and IS-IS
  - Advantages of RIPng, OSPFv3, and IS-IS
- RIPng Routing
- Route Redistribution
  - Configuring Route Redistribution
    - Redistributing Routes into RIPng
- RIPng Configuration Example
OSPF
- OSPF Overview
- Route Redistribution
- Configuring OSPF
  - Configuring OSPF Wait Interval
  - OSPF Wait Interval Parameters
- OSPF Configuration Example
  - Configuration for ABR 1
  - Configuration for IR 1
- Displaying OSPF Settings
OSPFv3
- OSPFv3 Overview
IS-IS
- IS-IS Overview
- Route Redistribution
  - Configuring Route Redistribution
- Configuring IS-IS
- Displaying IS-IS Information
- Managing IS-IS
- Configuration Example
BGP
- BGP Overview
- Configuring BGP
- Managing BGP
- Displaying BGP Information
- Configuration Examples
Layer 3 Virtual Private Network
- Overview of Layer 3 VPN
- Overview of BGP/MPLS Network
- Overlapping Customer Address Spaces
- Multi-protocol BGP Extension
- Multiple Forwarding Tables
- Quality of Service in BGP/MPLS VPN
- Virtual Routing and Forwarding Instances
- L3VPN BOOTP Relay
- L3VPN Configuration Example
Multicast Routing and Switching
- Multicast Routing Overview
- Multicast Table Management
- PIM Overview
- IGMP Overview
- Configuring EAPS Support for Multicast Traffic
- Configuring IP Multicast Routing
- Multicast VLAN Registration
- Displaying Multicast Information
- Troubleshooting PIM
  - Multicast Trace Tool
  - Multicast Router Information Tool
IPv6 Multicast
- Multicast Listener Discovery (MLD) Overview
  - ExtremeXOS Resiliency Enhancement for IPv6 Static Routes
- Managing MLD
MSDP
- MSDP Overview
  - Supported Platforms
  - Limitations
- PIM Border Configuration
- MSDP Peers
- MSDP Mesh-Groups
- Anycast RP
- SA Cache
  - Maximum SA Cache Entry Limit
- SNMP MIBs
Software Upgrade and Boot Options
- ExtremeXOS Upgrade Process
- Installing a Modular Software Package
  - Upgrading a Modular Software Package
- Configuration Changes
- Using TFTP to Upload the Configuration
- Using TFTP to Download the Configuration
- Synchronizing Nodes
  - Automatic Synchronization of Configuration Files
- Accessing the Bootloader
- Upgrading the BootROM
- Upgrading the Firmware (ExtremeSwitching X440-G2 and X620 Series Switches Only)
- Displaying the BootROM and Firmware Versions
Troubleshooting
- Troubleshooting Checklists
  - Layer 1
  - Layer 2
  - Layer 3
- LEDs
- Using the Command Line Interface
- Using ELRP to Perform Loop Tests
- Debug Mode
- Saving Debug Information
- Evaluation Precedence for ACLs
- TOP Command
- TFTP Server Requirements
- System Odometer
  - Monitored Components
  - Recorded Statistics
- Temperature Operating Range
- Understanding the Error Reading Diagnostics Message
- Proactive Tech Support
- Service Verification Test Tool
  - Configuring the Service Verification Test Tool
Supported Standards, Protocols, and MIBs
- Extreme Networks Proprietary MIBs
- MIB Support Details

Using ACLs to Control SSH2 Access

You can restrict SSH2 access by creating and implementing an ACL (Access Control List) policy.

You configure an ACL policy to permit or deny a specific list of IP addresses and subnet masks for the SSH2 port.

The two methods to load ACL policies to the switch are:

Use the edit policy command to launch a VI-like editor on the switch. You can create the policy directly on the switch.
Use the tftp command to transfer a policy that you created using a text editor on another system to the switch.

For more information about creating and implementing ACLs and policies, see Security and ACLs.

Published March 2020prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback