ExtremeXOS provides support for ExtremeCloud IQ. Currently, device discovery, basic monitoring, and visibility into homogenous stacking are supported. ExtremeXOS also has the ability to configure an optional user-defined virtual router (VR) and address of the server for ExtremeCloud IQ agent to connect to. These values are used instead of any auto-detected values.
In addition, users can configure the IQ Agent HTTP Proxy server IP and port, and define the username and password, if required.
To configure a server VR or address, use the following command:
configure iqagent server [vr [vr-name | none] | ipaddress [fqdn | ip_address| none]]
ExtremeCloud IQ supports BGP Auto-peering (see Auto-peering Introduction).
To configure the HTTP proxy, use the following command:
configure iqagent http-proxy [ipaddress [fqdn | ip_address] port port_number | user user_name password [encrypted encrypted_password | password] | none]
Important
Disabling IQ Agent prevents all access to ExtremeCloud IQ. Any current activity with ExtremeCloud IQ, including remote SSH sessions, are disconnected immediately. Re-enabling IQ Agent can only occur by using the enable command by either console or Telnet or SSH access. Disabling IQ Agent deactivates automatic DHCP access on VLAN Mgmt, which is required for Zero-Touch Provisioning (ZTP).enable iqagent
disable iqagent
To view information about IQ Agent, use the following command:
show iqagent discovery
For more information about ExtremeCloud IQ, go to https://www.extremenetworks.com/support/documentation/extremecloud-iq/.
Switch Series | Switch Models |
---|---|
ExtremeSwitching X435 |
X435-8T-4S X435-8P-4S X435-8P-2T-W X435-24T-4S X435-24P-4S |
ExtremeSwitching X440-G2 |
X440-G2-24P-10GE4 X440-G2-48P-10GE4 X440-G2-12T-10GE4 X440-G2-12P-10GE4 X440-G2-24T-10GE4 X440-G2-48T-10GE4 |
ExtremeSwitching X450-G2 |
X450-G2-24P-10GE X450-G2-48P-10GE X450-G2-24P-GE4 X450-G2-48P-GE4 |
ExtremeSwitching X460-G2 |
X460-G2-24P-10GE4 X460-G2-48P-10GE4 X460-G2-16MP-32P-10GE4 X460-G2-24P-48HP-10GE4 |
ExtremeSwitching X465 |
X465-48P X465-24MU-24W X465-24W X465-48W X465-24MU |
ExtremeSwitching 5320 |
5320-48T-8XE 5320-48P-8XE 5320-24T-8XE 5320-24P-8XE 5320-16P-4XE 5320-16P-4XE-DC |
ExtremeSwitching 5420 |
5420F-8W-16P-4XE 5420F-24P-4XE 5420F-24S-4XE 5420F-24T-4XE 5420F-16MW-32P-4XE 5420F-16W-32P-4XE 5420F-48P-4XE 5420F-48P-4XL 5420F-48T-4XE 5420M-24T-4YE 5420M-24W-4YE 5420M-16MW-32P-4YE 5420M-48T-4YE 5420M-48W-4YE |
ExtremeSwitching 5520 |
5520-24T 5520-24W 5520-48T 5520-48W 5520-12MW-36W 5520-24X 5520-48SE |
After the IQ Agent is enabled, communication forms between the IQ Agent and extremecloudiq.com by secure HTTPS communication using destination TCP port 443. Communication between the IQ Agent and ExtremeCloud IQ occurs every 30 seconds, which includes check-in to ExtremeCloud IQ for actions, and includes CPU, memory, FDB information, Syslog, and ports statistics information. Note that data plane traffic is not sent to ExtremeCloud IQ by the IQ Agent.
Note that Telnet and SSH do not permit access to ‘hivemanager‘ account, which the IQ Agent creates for its own purpose and uses it for all cloud-initiated SSH connections through local host, so logging on to this account through Telnet or SSH is not allowed.
IQ Agents use SNMPv2 (enabled only for internal requests) to monitor the status of the switch.
Distributed Denial of Service (DDoS) support for IQ Agent installs a filter on HTTPS L4 ports to set a CPU queue (QoS 5) that separates IQ Agent traffic from other IP exceptions. This new ACL redirects TCP traffic with source port 443 (default HTTPS port) to CPU queue 5. The IQ Agent system ACL is installed or uninstalled along with the L3 Unicast Miss (L3UCMiss) filter.
Automation of this feature is only supported on ExtremeSwitching X695, 5320, 5420, and 5520 series switches.
You can manually install the ACL to redirect IQ Agent traffic to CPU queue 5 on smaller switches with 8 ACL slices (for example, X440-G2, X435, X620) by running the following command:
# configure access-list iqagent.pol any iqagent.pol: entry iqagent_cpu5 { if { protocol tcp; source-port 443; } then { traffic-queue cpu_q_5; } }