Introduction to the ExtremeXOS User Guide
- Conventions
- Related Publications
- Providing Feedback to Us
- Getting Help
Getting Started
- Product Overview
- Software Required
- Simple Switch Configuration with Chalet
- Switch Configuration Using VLAN ID (VID)
- Zero Touch Provisioning (Auto Configuration)
  - Auto-provisioning Process
  - Auto-provisioning Configuration
- Cloning Switches
  - Using Clone.py
  - Cloning within a Stack
  - Cloning Standalone to Standalone
  - Cloning from Standalone to a Stack
  - Copying One Switch's Configuration to Another Switch Using USB Zero Touch Provisioning (ZTP)
- Logging in to the Switch
- Understanding the Command Syntax
  - Using the CLI
  - Syntax Helper
    - CLI File Name Completion
  - Object Names
    - Reserved Keywords
  - Abbreviated Syntax
  - Command Shortcuts
  - Command Aliases
  - Symbols
- Port Numbering
  - Stand-alone Switch Numerical Ranges
  - SummitStack Numerical Ranges
- Line-Editing Keys
- Viewing Command History (Journal)
- Common Commands
- Using Safe Defaults Mode
- Configuring Management Access
  - Account Access Levels
  - Configure Banners
  - Startup Screen and Prompt Text
  - Default Accounts
  - Creating Management Accounts
  - Authenticating Management Sessions through the Local Database
  - Failsafe Accounts
  - Accessing the Switch using Failsafe Account
- Managing Passwords
  - Applying a Password to the Default Account
  - Applying Security to Passwords
    - Hash Algorithm for Account Passwords
    - Removal of Cleartext Passwords
  - Timed Lockout
  - Displaying Passwords
- Accessing an Active Node in a SummitStack
- Domain Name Service Client Services
- Checking Basic Connectivity
  - Ping
  - Traceroute
- Displaying Switch Information
- Filtering the Output of Show Commands
Managing the Switch
- ExtremeXOS Switch Management Overview
- Understanding the ExtremeXOS Shell
- Using the Console Interface
- Using the 10/100 or 10/100/1000 Ethernet Management Port
- Using Extreme Management Center or Ridgeline to Manage the Network
- Authenticating Users
- Using Telnet
- Using Secure Shell 2
  - Access Profile Logging for SSH2
- Using the Trivial File Transfer Protocol
  - TFTP Block-size Configuration
  - Connecting to Another Host Using TFTP
- Understanding System Redundancy
- Understanding Hitless Failover Support
  - Protocol Support for Hitless Failover
  - Hitless Failover Caveats
    - Caveats for a SummitStack
- Understanding Power Supply Management
- Using the Network Time Protocol
- Using the Simple Network Management Protocol
- Using the Simple Network Time Protocol
  - Configuring and Using SNTP
    - GMT Offsets
  - SNTP Example
- Access Profile Logging for HTTP/HTTPS
Managing the ExtremeXOS Software
- Using the ExtremeXOS File System
- Managing the Configuration File
- Managing ExtremeXOS Processes
- Understanding Memory Protection
Configuring Stacked Switches
- Introduction to Stacking
- Preparing to Configure a Stack
- Configuring a Stack
  - Manually Configuring a Stack
  - Verifying the Configuration
- Managing an Operational Stack
- Changing the Stack Configuration
- Troubleshooting a Stack
Configuring Slots and Ports on a Switch
- Configuring Ports on a Switch
- Using the Precision Time Protocol
- DWDM Optics Support
- Jumbo Frames
- Link Aggregation on the Switch
- MLAG
- Mirroring
- Remote Mirroring
- Extreme Discovery Protocol
- ExtremeXOS Cisco Discovery Protocol
  - EXOS CDP Support
  - EXOS CDP Protocol Operations
- Software-Controlled Redundant Port and Smart Redundancy
- Configuring Automatic Failover for Combination Ports
  - Summit Family Switches with Shared Copper/Fiber Gigabit Ports Only
- Displaying Port Information
- ExtremeXOS Port Description String
  - Configure Port decription-string
- Port Isolation
  - Configuring Port Isolation
- Energy Efficient Ethernet
  - Configuring Energy Efficient Ethernet
- Node Alias
  - Node Alias Overview
  - Configuring Node Alias
- Using Locally Administered MAC Addresses
- Enabling/Disabling the USB Port
Extended Edge Switching
- Extended Edge Switching Overview
- Supported Bridge Port Extender Models
- Supported Platforms
- Bridge Port Extender General Limitations
- ExtremeXOS Feature Compatibility with V400 Virtual Port Extenders
- Using VPEX Bridge Port Extenders
- Configuration Examples
- Upgrading the Controlling Bridge and Bridge Ports Extenders
BGP Auto-peering
- Auto-peering Introduction
- BGP Auto-peering Feature Description
- IP Multicast Forwarding (PIM-DM)
- External Router Support
- BGP Auto-peering Plug-and-Play Redundancy
  - AutoBGP LAG Active/Standby Mode
- Routing through the Underlay (VXLAN and AutoBGP Networks)
- EVPN and VRF Support
  - Asymmetric Routing
- Supported Platforms
- BGP Auto-peering Feature Limitations
- Configuring BGP Auto-peering
- BGP Auto-peering Examples
  - BGP Auto-pering Simple Leaf/Spine Example
  - BGP Auto-peering Leaf/Spine with VXLAN Example
Universal Port
- Profile Types
  - Static Profiles
  - Dynamic Profiles
- Dynamic Profile Trigger Types
- How Device-detect Profiles Work
- How User Authentication Profiles Work
- Profile Configuration Guidelines
- Collecting Information from Supplicants
- Supplicant Configuration Parameters
- Universal Port Configuration Overview
- Using Universal Port in an LDAP or Active Directory Environment
- Configuring Universal Port Profiles and Triggers
- Managing Profiles and Triggers
- Sample Universal Port Configurations
Using CLI Scripting
- Setting Up Scripts
- Displaying CLI Scripting Information
- CLI Scripting Examples
LLDP Overview
- Supported Advertisements (TLVs)
- LLDP Packets
- Transmitting LLDP Messages
- Receiving LLDP Messages
- LLDP Management
- Configuring and Managing LLDP
- Displaying LLDP Information
  - Displaying LLDP Port Configuration Information and Statistics
  - Display LLDP Information Collected from Neighbors
OAM
- CFM
- Y.1731—Compliant Performance Monitoring
- Y.1731 MIB Support
- EFM OAM—Unidirectional Link Fault Management
  - Unidirectional Link Fault Management
  - Configuring Unidirectional Link Fault Management
- Two-Way Active Measurement Protocol
  - TWAMP-Test Protocol
- Bidirectional Forwarding Detection (BFD)
PoE
- Extreme Networks PoE Devices
- Summary of PoE Features
- Power Delivery
- Configuring PoE
- Displaying PoE Settings and Statistics
Status Monitoring and Statistics
- Viewing Port Statistics
- Viewing Port Errors
- Port Link-Flap Detection
- Using the Port Monitoring Display Keys
- Viewing VLAN Statistics
  - Configuring VLAN Statistics
  - Guidelines and Limitations
- Performing Switch Diagnostics
- Using the System Health Checker
- Using ELSM
- Viewing Fan Information
- Viewing the System Temperature
  - System Temperature Output
    - SummitStack
    - Summit Family Switches Only
- Using the Event Management System/Logging
- Using the XML Notification Client
- Using sFlow
- Using RMON
- Monitoring CPU Utilization
VLANs
- VLANs Overview
- Configuring VLANs on the Switch
- Displaying VLAN Information
- Private VLANs
- VLAN Translation
- Port-Specific VLAN Tag
  - Port-Specific Tags in L2VPN
  - Configuring Port-Specific VLAN Tags
VMAN (PBN)
- VMAN Overview
- VMAN Configuration Options and Features
- Configuration
  - Configuring VMANs (PBNs)
    - Guidelines for Configuring VMANs
    - Procedure for Configuring VMANs
  - Configuring VMAN Options
    - Configuring the Ethertype for VMAN Ports
    - Selecting the Tag used for Egress Queue Selection
- Displaying VMAN Information
- Configuration Examples
  - VMAN CEP Example
  - Multiple VMAN Ethertype Example
FDB
- FDB Contents
- How FDB Entries Get Added
- How FDB Entries Age Out
- FDB Entry Types
- Managing the FDB
- Displaying FDB Entries and Statistics
  - Display FDB Entries
  - Display FDB Statistics
- MAC-Based Security
- Managing MAC Address Tracking
Data Center Solutions
- Data Center Overview
- Managing the DCBX Feature
- Managing the XNV Feature, VM Tracking
- Managing Direct Attach to Support VEPA
AVB
- Overview
- AVB Feature Pack License
- Configuring and Managing AVB
  - MRP/MSRP/MVRP LAG Support
  - gPTP LAG Support
- Displaying AVB Information
Layer 2 Tunneling and Filtering
- Layer 2 Protocol Tunneling
- Protocol Tunneling
  - Implementing L2PT in ExtremeXOS
- Protocol Filtering
  - Implementing Protocol Filtering in ExtremeXOS
  - Protocol Filters
- L2PT Limitations
Virtual Routers
- Overview of Virtual Routers
  - Types of Virtual Routers
  - VR Configuration Context
- Managing Virtual Routers
- Virtual Router Configuration Example
Fabric Attach
- Fabric Attach Overview
  - Fabric Attach Server Versus Proxy Mode
    - Fabric Attach Proxy Mode
    - Fabric Attach Server Mode
  - Network Service Identifier Mappings
    - LLDP
    - RADIUS/Policy/NetLogin
      - Defining VLAN/NSI Mappings with RADIUS Standards Attributes or VSAs
- Configuring Fabric Attach
Policy Manager
- Policy Manager and Policies Overview
- Creating and Editing Policies
- Applying Policies
  - Applying ACL Policies
  - Applying Routing Policies
ACLs
- ACLs Overview
- Two-Stage ACL
  - Feature Description
  - Two-Stage Policy Example
- ACL Rule Syntax
- Layer-2 Protocol Tunneling ACLs
- ACL Byte Counters
- Dynamic ACLs
- CVID ACL Match Criteria
- CCOS ACL Match Criteria
- ACL Evaluation Precedence
  - Precedence
- Applying ACL Policy Files
  - Displaying and Clearing ACL Counters
  - Example ACL Rule Entries
- ACL Mechanisms
  - ACL Slices and Rules
  - ACL Counters-Shared and Dedicated
- Policy-Based Routing
- ACL Troubleshooting
Routing Policies
- Routing Policies Overview
- Routing Policy File Syntax
- Applying Routing Policies
- Policy Examples
  - Translating an Access Profile to a Policy
  - Translating a Route Map to a Policy
Quality of Service
- Applications and Types of QoS
- Traffic Groups
- Introduction to Rate Limiting, Rate Shaping, and Scheduling
- Introduction to WRED
  - Explicit Congestion Notification (ECN)
- Meters
- QoS Profiles
- Class of Service (CoS)
- Configuring QoS
- Displaying QoS Configuration and Performance
  - Displaying Traffic Group Configuration Data
  - Displaying Performance Statistics
    - Displaying QoS Profile Traffic Statistics
    - Displaying Congestion Statistics
Network Login
- Network Login Overview
- Configuring Network Login
- Authenticating Users
- Local Database Authentication
- 802.1X Authentication
- Web-Based Authentication
- MAC-Based Authentication
- Additional Network Login Configuration Details
ONEPolicy
- ONEPolicy Overview
- Policy Roles
- Classification Rules
- Authentication and ONEPolicy
- Configuring Policy
- ONEPolicy Configuration Examples
  - Policy Configuration Example
  - Captive Portal Redirection Example
VXLAN
- VXLAN Overview
- Overlay Routing
- Unicast and Multicast VXLAN
- Virtual Network Flood Modes
  - Flood Mode Standard
  - Flood Mode Explicit
- OSPFv2 VXLAN Extensions
- Multiprotocol Border Gateway Protocol (MBGP) Support for VXLAN
- Address Resolution Protocol (ARP) Learning over Tunnels
- Address Resolution Protocol (ARP) Suppression
- Dynamic Virtual Networks
- VXLAN Learning
  - Dynamic Learning
- Load Balancing
- Quality of Service
- Redundant Access
  - Multi-switch Link Aggregation (MLAG)
- Statistics
- Adding and Deleting Tunnel Terminating Ports
- Configuring Local Endpoints
- Enabling and Disabling Remote Endpoints
- Open vSwitch Database Management Protocol (OVSDB) Overview
- Configuration Samples
Identity Management
- Identity Management Overview
- Identity Management Feature Limitations
- Configuring Identity Management
- Managing the Identity Management Feature
- Displaying Identity Management Information
Security
- Security Features Overview
- Security Mode Overview
  - Secure Mode
  - Federal Information Processing Standards (FIPS) Mode
  - Ciphers and Message Authentication Codes (MACs) Supported by Security Modes
  - Priority with Multiple Security Modes
- Using Safe Defaults Mode
- MAC Security
  - MAC Locking
  - Limiting Dynamic MAC Addresses
  - MAC Address Lockdown
  - MAC Address Lockdown with Timeout
- DHCP Server
  - Enabling and Disabling DHCP
  - Configuring the DHCP Server
  - Displaying DHCP Information
- IP Security
  - DHCP Snooping and Trusted DHCP Server
  - Source IP Lockdown
  - ARP Learning
  - Gratuitous ARP Protection
    - Configuring Gratuitous ARP
    - Displaying Gratuitous ARP Information
  - ARP Validation
    - Configuring ARP Validation
    - Displaying ARP Validation Information
- Denial of Service Protection
  - Configuring Simulated Denial of Service Protection
  - Configuring Denial of Service Protection
    - Configuring Trusted Ports
    - Displaying DoS Protection Settings
  - Protocol Anomaly Protection
  - Flood Rate Limitation
- Authenticating Management Sessions Through a TACACS+ Server
  - Configuring the TACACS+ Client for Authentication and Authorization
  - Configuring the TACACS+ Client for Accounting
- Authenticating Management Sessions Through a RADIUS Server
  - How Extreme Switches Work with RADIUS Servers
  - Configuration Overview for Authenticating Management Sessions
- Authenticating Network Login Users Through a RADIUS Server
  - Differences Between Network Login Authentication and Management Session Authentication
  - Configuration Overview for Authenticating Network Login Users
- Authentication
  - Authentication Retransmission Algorithm
- Accounting
  - Accounting Retransmission Algorithm
- Authentication NMS Realm
- Per Realm Authentication Enable/Disable
- Supported RADIUS Attributes
- Configuring the RADIUS Client
  - Configuring the RADIUS Client for Authentication and Authorization
  - Configuring the RADIUS Client for Accounting
- RADIUS Server Configuration Guidelines
  - Configuring User Authentication (Users File)
  - Configuring the Dictionary File
  - Change-of-Authorization (Dynamic Authorization) Overview
  - Additional RADIUS Configuration Examples
  - Implementation Notes for Specific RADIUS Servers
  - Setting Up Open LDAP
- Configuring a Windows 7/Windows 8 Supplicant for 802.1X Authentication
- Hypertext Transfer Protocol
- Secure Shell 2
  - SSH Server Overview
    - Understanding SSH Server
    - SSH Default Enabled Parameters During Installation
  - Enabling SSH2 for Inbound Switch Access
  - Viewing SSH2 Information
  - Using ACLs to Control SSH2 Access
    - Sample SSH2 Policies
    - Configuring SSH2 to Use ACL Policies
  - Using SCP2 from an External SSH2 Client
  - Understanding the SSH2 Client Functions on the Switch
    - SSH/SCP Client Upgrade Limitations
  - Using SFTP from an External SSH2 Client
  - Disabling Unapproved Crypto Algorithms
    - Disabling Unapproved Crypto Algorithms
    - Configuring Unapproved Crypto Algorithms
    - Enabling/Disabling Ciphers and MACs Configuration Examples
    - Key Exchange Algorithms—Diffie-Hellman
      - Diffie-Hellman Overview
      - Configuring the Diffie-Hellman Minimal Supported Group
      - Diffie-Hellman Minimal Supported Group Configuration Examples
- Secure Socket Layer
  - Enabling and Disabling SSL
  - Creating Self-Signed Certificates and Private Keys
  - Creating Certificate Signing Requests and Private Keys
  - Displaying SSL Information
- Using Public-Key Infrastructure (PKI) in Your Network
  - Setting Up PKI
  - PKI Limitations
CLEAR-Flow
- CLEAR-Flow Overview
- Configuring CLEAR-Flow
- Displaying CLEAR-Flow Configuration and Activity
- Adding CLEAR-Flow Rules to ACLs
- CLEAR-Flow Rule Examples
EAPS
- EAPS Protocol Overview
- Configuring EAPS
- Displaying EAPS Information
- Configuration Examples
ERPS
- ERPS Overview
- Supported ERPS Features
- G.8032 Version 2
- Configuring ERPS
  - ERPS Version 1 Commands
  - ERPS Version 2 Commands
- Sample Configuration
- Debugging ERPS
- ERPS Feature Limitations
STP
- Spanning Tree Protocol Overview
- Span Tree Domains
- STP Configurations
- Per VLAN Spanning Tree
  - STPD VLAN Mapping
  - Native VLAN
- Rapid Spanning Tree Protocol
  - RSTP Concepts
  - RSTP Operation
- Multiple Spanning Tree Protocol
  - MSTP Concepts
  - MSTP Operation
- STP and Network Login
- STP and MLAG
- STP Rules and Restrictions
- Configuring STP on the Switch
  - STP FDB Flush Criteria
- Displaying STP Settings
- STP Configuration Examples
ESRP
- ESRP Overview
- Configuring ESRP
- Operation with Other ExtremeXOS Features
- Advanced ESRP Features
- Display ESRP Information
- ESRP Configuration Examples
VRRP
- VRRP Overview
- Configuring VRRP
- Managing VRRP
  - Enabling and Disabling VRRP and VRRP Router Instances
  - Clearing VRRP Counters
- Displaying VRRP Information
- VRRP Configuration Examples
MPLS
- MPLS Overview
- Configuring MPLS
- Displaying MPLS Configuration Information
- MPLS Configuration Example
- Configuring MPLS Layer-2 VPNs (VPLS and VPWS)
- VPLS VPN Configuration Examples
- Configuring H-VPLS
- Configuring Protected VPLS
- Configuring RSVP-TE
- RSVP-TE Configuration Example
- Troubleshooting MPLS
IPv4 Unicast Routing
- IPv4 Unicast Overview
- Configuring Unicast Routing
- Displaying the Routing Configuration and Statistics
- Routing Configuration Example
- Duplicate Address Detection
- Proxy ARP
- IPv4 Multinetting
- DHCP/BOOTP Relay
- DHCP Smart Relay
- Broadcast UDP Packet Forwarding
  - Configuring UDP Forwarding
  - Configuring UDP Echo Server Support
- IP Broadcast Handling
  - IP Broadcast Handling Overview
- VLAN Aggregation
IPv6 Unicast Routing
- IPv6 Unicast Overview
- Neighbor Discovery Protocol
- Managing Duplicate Address Detection
- Managing IPv6 Unicast Routing
- IPv6 ECMP and 32-Way ECMP
- DHCPv6 Relay Remote-ID Option
- DHCPv6 Relay Agent Prefix Delegation
  - Relay Agent Behavior in Prefix Delegation
- DHCPv6 Client
- Configuring DHCPv6 BOOTP Relay
- Configure Route Compression
- Hardware Forwarding Behavior
  - Hardware Forwarding Limitations
  - Hardware Tunnel Support
- Routing Configuration Example
- Tunnel Configuration Examples
RIP
- IGPs Overview
  - RIP Versus OSPF and IS-IS
  - Advantages of RIP, OSPF, and IS-IS
- Overview of RIP
- Route Redistribution
  - Configuring Route Redistribution
    - Redistribute Routes into RIP
- RIP Configuration Example
RIPng
- RIPng Overview
  - RIPng versus OSPFv3 and IS-IS
  - Advantages of RIPng, OSPFv3, and IS-IS
- RIPng Routing
- Route Redistribution
  - Configuring Route Redistribution
    - Redistributing Routes into RIPng
- RIPng Configuration Example
OSPF
- OSPF Overview
- Route Redistribution
- Configuring OSPF
  - Configuring OSPF Wait Interval
  - OSPF Wait Interval Parameters
- OSPF Configuration Example
  - Configuration for ABR 1
  - Configuration for IR 1
- Displaying OSPF Settings
OSPFv3
- OSPFv3 Overview
IS-IS
- IS-IS Overview
- Route Redistribution
  - Configuring Route Redistribution
- Configuring IS-IS
- Displaying IS-IS Information
- Managing IS-IS
- Configuration Example
BGP
- BGP Overview
- Configuring BGP
- Managing BGP
- Displaying BGP Information
- Configuration Examples
Layer 3 Virtual Private Network
- Overview of Layer 3 VPN
- Overview of BGP/MPLS Network
- Overlapping Customer Address Spaces
- Multi-protocol BGP Extension
- Multiple Forwarding Tables
- Quality of Service in BGP/MPLS VPN
- Virtual Routing and Forwarding Instances
- L3VPN BOOTP Relay
- L3VPN Configuration Example
Multicast Routing and Switching
- Multicast Routing Overview
- Multicast Table Management
- PIM Overview
- IGMP Overview
- Configuring EAPS Support for Multicast Traffic
- Configuring IP Multicast Routing
- Multicast VLAN Registration
- Displaying Multicast Information
- Troubleshooting PIM
  - Multicast Trace Tool
  - Multicast Router Information Tool
IPv6 Multicast
- Multicast Listener Discovery (MLD) Overview
  - ExtremeXOS Resiliency Enhancement for IPv6 Static Routes
- Managing MLD
MSDP
- MSDP Overview
  - Supported Platforms
  - Limitations
- PIM Border Configuration
- MSDP Peers
- MSDP Mesh-Groups
- Anycast RP
- SA Cache
  - Maximum SA Cache Entry Limit
- SNMP MIBs
Software Upgrade and Boot Options
- ExtremeXOS Upgrade Process
- Installing a Modular Software Package
  - Upgrading a Modular Software Package
- Configuration Changes
- Using TFTP to Upload the Configuration
- Using TFTP to Download the Configuration
- Synchronizing Nodes
  - Automatic Synchronization of Configuration Files
- Accessing the Bootloader
- Upgrading the BootROM
- Upgrading the Firmware (ExtremeSwitching X440-G2 and X620 Series Switches Only)
- Displaying the BootROM and Firmware Versions
Troubleshooting
- Troubleshooting Checklists
  - Layer 1
  - Layer 2
  - Layer 3
- LEDs
- Using the Command Line Interface
- Using ELRP to Perform Loop Tests
- Debug Mode
- Saving Debug Information
- Evaluation Precedence for ACLs
- TOP Command
- TFTP Server Requirements
- System Odometer
  - Monitored Components
  - Recorded Statistics
- Temperature Operating Range
- Understanding the Error Reading Diagnostics Message
- Proactive Tech Support
- Service Verification Test Tool
  - Configuring the Service Verification Test Tool
Supported Standards, Protocols, and MIBs
- Extreme Networks Proprietary MIBs
- MIB Support Details

Configuring Rules or Policies for Default and User-Defined Roles

The default authenticated and unauthenticated roles contain no rules or policies. When you first create a user-define role, it also contains no rules or policies.

To add or delete a rule or policy from a role, use the following commands:

configure identity-management role role_name [add dynamic-rule rule_name { first | last | { [before | after] ref_rule_name}}]

configure identity-management role role_name add policy policy-name {first | last {[before | after] ref_policy_name}}

configure identity-management role role_name delete dynamic-rule [rule_name | all]