Search

Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

ExtremeCloud Quick Reference

Prerequisites

ExtremeCloud lets you configure and monitor your network easily and securely, with zero-touch provisioning.

Note

Note

If you do not plan to use ExtremeCloud, see your device's product-specific Quick Reference instead.

The following prerequisites must be met before you can register your devices:

  • Purchase and receive a supported device.
  • Locate the Welcome email with a service contract number.
    Note

    Note

    Former Azara users do not receive or require a contract number.
  • Forward the Welcome email to your network administrator.
  • Identify the location and site where the device will be deployed.
  • Meet the network requirements.
  • Meet the additional requirements stated in the ExtremeCloud Release Notes.
    Note

    Note

    If your existing network is also using Extreme Networks wireless controllers, you must configure the controllers to accept only the manually approved access points (APs). This action prevents the cloud-enabled APs from connecting to the controller. Note that the AP connection is not predicted in the case of both an on-premise controller and the cloud server accepting an AP.

Network Requirements

You must meet the following network requirements:
  • Your company has configured one or more DHCP servers that can issue IP addresses and a DNS server address to ExtremeCloud-managed APs, switches, and both wired and wireless users.
  • HTTPS traffic must be allowed through your firewall on port 443 towards devices.extremenetworks.com for ExtremeCloud-managed APs and switches to connect to ExtremeCloud and receive their configuration, software updates and send analytics.
  • Make sure your content filter is allowing access to Amazon Web Services (AWS).
  • Verify that Network Time Protocol (NTP) is allowed out through your firewall on port 123 so that the APs can submit NTP queries to pool.ntp.org to set their clocks.
  • Each site must have L2 connectivity. The APs within a site operate within a single RF domain and therefore must have L2 connectivity to function properly.
  • The best practice is to use a single VLAN for all the APs in a site instead of distributing the site's APs over multiple VLANs. If you decide to distribute a site's APs over multiple VLANs, then you must allow either routing or forwarding of SIAPP multicast between those VLANS.

ExtremeCloud-enabled devices need to be able to access several different application servers in order to provide their full functionality. Verify that your firewall is allowing ExtremeCloud-enabled devices behind it to access to the following domains and ports:

Click to expand in new window

Firewall Requirements and Port List

Component Ports for AP/Cloud Communication
Source Destination / Domain Name Protocol Src Port Dest Port Service Remark Open Firewall
Admin Console ezcloudx.com TCP Any 443 HTTPS Access the ExtremeCloud management application. Required
Admin Console / API integrated systems api.ezcloudx.com TCP Any 443 HTTPS Application access to the backend services managing ExtremeCloud-enabled devices. Required
Access Point & Switches devices.extremenetworks.com TCP Any 443 HTTPS Management Tunnel between AP and ExtremeCloud (configuration, image, statistics, upgrade, traces). Required
Access Points & Switches NTP Server UDP Any 123 NTP Clock synchronization. Required
Access Points radius.ezcloudx.com UDP Any 1812, 1813 RADIUS The integrated captive portal solution requires a cloud RADIUS lookup for each wireless client authentication using the captive portal. Required if using the built-in captive portal
Access Points cp.ezcloudx.com TCP Any 443, 80 HTTP, HTTPS Used by the integrated captive portal solution hosted at cp.ezcloudx.com. Access to the portal is required to ensure wireless clients can authenticate using the captive portal. Required if using the built-in captive portal
Access Points & Switches http://aptransient-eu-central-1.s3.eu-central-1.amazonaws.com/ TCP Any 443 HTTPS Used by ExtremeCloud-enabled devices that, on command, may upload tech support files to storage managed by this application. Required
Access Points & Switches http://extremeimages.s3.amazonaws.com/ TCP Any 443 HTTPS Required to successfully upgrade ExtremeCloud managed devices. The IP range for the S3 bucket is: { "ip_prefix": "52.219.72.0/22", "region": "eu-central-1", "service": "S3" }, { "ip_prefix": "52.219.44.0/22", "region": "eu-central-1", "service": "S3" } { "ip_prefix": "52.92.68.0/22", "region": "eu-central-1", "service": "S3" }, { "ip_prefix": "54.231.192.0/20", "region": "eu-central-1", "service": "S3" }, Required
Any Access Point TCP Any 2002, 2003 RCAPD Collect WireShark traces using AP Real Capture, if enabled. Optional
WiNG APs mgmt.devices.extremenetworks.com TCP Any 443 HTTPS

Management tunnel between WiNG AP and ExtremeCloud

 Required - Allows outbound connections from devices to ExtremeCloud over the various ports listed. This is typically not an issue as these ports are usually open already.

System Limits

The following table shows the system limits:

Click to expand in new window

System Limits for ExtremeCloud

Item Maximum Number
Accounts per customer 1
Sites per account 2,500
Access points per account 10,000
Switches per account Unlimited
Access points per site 100 ExtremeWireless / 128 ExtremeWireless WiNG
Switches per site Unlimited
User per site 2,000
Roles per access point 64
Rules per role 64
Active networks per account 8
Administrator accounts per customer 20
Rate limiters per account 16 (8 inbound and 8 outbound)
Rate limiters per site 16 (8 inbound and 8 outbound)
MAC addresses in a customer blacklist 768

Licensing Grace Period

ExtremeCloud expiring licenses are handled as follows:
  • 90-day warning in the user interface before the license expires:
    • Warnings display in the heading of the main dashboard
    • View the list of expiring entitlements under Administration > System > Expiring Entitlements
  • During the 90 days prior to license expiry, ExtremeCloud provides the device with full functionality. After the license expires, the device is not eligible for support and its configuration cannot be changed.
  • 90-day grace period to renew the license after the license expires. The devices are not configurable during the grace period.
  • After the 90-day grace period expires:
    • The device is completely ignored. It cannot be configured, and its statistics and events are discarded.
    • Depending on the device model, the device resets to factory default settings. Typically, the device continues to run on the latest image it was upgraded to before the reset.
    • All cloud-managed devices will start trying to discover an Extreme Networks cloud manager as if it never had a manager before.

Creating or Updating Your Account

Whether you are creating a new ExtremeCloud Default Administrator account or are adding a device to an existing account, follow these steps:
  1. Locate your Welcome email from Extreme Networks.
  2. Click the activation link in the Welcome email and follow the on-screen instructions.
  3. (Optional) Enable two-step account verification. For more information, see the ExtremeCloud Information Center.

Using the Deployment Prerequisite Tool

An administrator can download and run a prerequisite tool to verify that installation requirements have been met before installing cloud-managed access points and switches at a site. The tool checks requirements specific to ExtremeCloud and performs tasks such as making REST API calls to your REST servers, looking up your FQDNs in DNS, and verifying that your Amazon S3 connection is enabled.

This tool is compatible with Windows, Linux, and Mac OS X devices.

To download and use the prerequisite tool:

  1. Log on to the machine that is on the same subnet that your access points (APs) are deployed on. You will need to run the executable file on this same subnet.
  2. Download the zip file (ezcloud_prerequisite_validation_tool.zip), which contains the tool in the form of binary executable files, a Readme, and a license file. The link to download the zip file is available from the following locations:
    • On the ExtremeCloud login screen in the bottom right corner.
      Click to expand in new window
      Login Screen
      GUID-37C78D6B-F78A-4870-BEAD-82A6C75BB7E1-low.png
    • From the drop-down list located on the top right corner of the user interface, under your user name.
      Click to expand in new window
      Drop-down List
      GUID-4A1C03A7-1DEC-40B1-B27C-F7853B5329F6-low.png
  3. Run the binary executable file that is suitable for your operating system. The tool checks the local machine and a summary report is returned. All of the items on the list must pass the test in order to deploy the product. If any item fails, fix it and then repeat this procedure until everything passes. Then proceed with deployment of your devices.
    Click to expand in new window
    Prerequisite Tool Summary Report
    GUID-AAE217DF-3E6A-47F6-82DC-38D0C98B662B-low.png

Device Adoption Rules

The device adoption feature simplifies the deployment of access points (APs) and switches by automatically assigning them to a site. A set of rules determines the site assignments when devices are registered for the first time. Without adoption rules, devices must be manually assigned to sites.

To use the adoption rules feature:
  1. Create a site (Configure > Site).
  2. Configure the adoption rules for the site (Configure > Adoption).
  3. Connect the devices to ExtremeCloud.

Connecting ExtremeSwitches

Whether you are using cloud-support ExtremeXOS switches or Extended Edge Switching in your environment, the connection process is the same. Connect all of the switches before you connect the APs. ExtremeCloud-enabled switches are not required to use ExtremeCloud-enabled APs.

Zero Touch Provisioning (ZTP) is provided on all cloud-supported switches.

For Extended Edge Switching, ZTP performs the following tasks automatically:
  • Determines if the switch is capable of being a CB.
  • Detects if any BPE are attached.
  • Enables VPEX mode on the CB.
  • Assigns the next available slot number to each BPE.
  • Configures the CB ports where the BPE(s) are connected to be LAGs.
  • Upgrades the CB and VPEX, when upgrades are available.

To connect switches:

  1. If you plan to use device adoption rules, set up sites with the adoption rules before connecting the devices.
  2. Install the switch hardware and connect the power according to the product-specific Installation Guide.
  3. Connect one of the switch Ethernet payload ports to a network that provides Internet access. The switch should be connected through one of its data plane ports if possible, rather than through its management port.
    Note

    Note

    For an entitled switch to locate and connect to ExtremeCloud, only one port can be connected. After the connection is established, additional ports can be connected.
    The switch automatically connects with ExtremeCloud and downloads the firmware image over HTTPS. The switch automatically upgrades its firmware, reconnects to ExtremeCloud and receives a default configuration. All ports, except the management port, are placed on the same untagged management VLAN.
  4. Verify that the management LED indicates that the switch is powered on and has completed its start-up sequence.
    Note

    Note

    The LED should be blinking green slowly at the rate of about once per second.
  5. Log in to your ExtremeCloud administrator account at https://ezcloudx.com. On the first login, the configuration wizard opens. Use the wizard to update the network security key of the predefined wireless network.
    Note

    Note

    Alternatively, you can exit the wizard and configure your own networks. For more information, see the ExtremeCloud Information Center.
  6. From the user interface, select Monitor > Devices > Switches. The status icon changes from gray (Undiscovered) to either green, yellow, or red. As the switch cycles through upgrade and configuration, its state will change color in the user interface several times. The switch is ready to use when the status is either green (in service) or yellow (in service, trouble).
    Note

    Note

    Typically the switch takes a few minutes to connect with ExtremeCloud.
  7. Repeat these steps for all cloud-enabled switches.
    Note

    Note

    If a switch persistently fails or its status remains gray or red for more than 20 minutes, contact Support.
    Note

    Note

    10 Gbps licenses are available to enable 2 or 4 uplink ports for 10Gbps operation. This is a separately licensed feature. To assign licenses to a switch, select Administration > System > Assign Licenses. The Assign Licenses option only displays when unassigned licenses are available.

Connecting APs

If you are using ExtremeWireless WiNG AP7612, AP7632, or AP7662, make sure that your firmware is upgraded to 5.9.2.2 or higher (and 5.9.2.5 is recommended) to connect to ExtremeCloud. For instructions, see this GTAC article: https://gtacknowledge.extremenetworks.com/articles/Solution/ExtremeCloud-WiNG-Access-Points-not-connecting-to-ezcloudx-com or refer to the ExtremeWireless WiNG AP-specific user documentation.

Follow this process to connect the APs to ExtremeCloud:

  1. If you plan to use device adoption rules, set up sites with the adoption rules before connecting the devices.
  2. Connect your AP's LAN 1 or LAN 2 to either a switch that allows the AP to connect to the Internet, or connect to an Ethernet network port with Internet connection. Apply power to the AP using either PoE from the switch or a separate external transformer. For more information, see the product-specific Installation Guide. For product documentation online, visit: https://www.extremenetworks.com/documentation/
  3. The AP discovers ExtremeCloud and gets registered automatically, typically in a few minutes. The default SSID (Staff) is broadcast when the AP connects to the service.
  4. Look at the physical AP and verify that the Radio 1 and Radio 2 LEDs are solid green, which indicates that the AP is activated in the cloud.

    The following table shows the LED patterns and the associated status for ExtremeWireless APs when they are connected to cloud management.

    Click to expand in new window

    LED Patterns for ExtremeWireless APs Connecting with ExtremeCloud

    Radio B/G LED (Left) Radio A LED (Right) Status LED AP Detailed State
    Off Off Blink green Initialization: Power-on self test (POST)
    Blink green Blink green Initialization: Random delay
    Blink red Initialization: No Ethernet
    Solid green Blink green Initialization: Vulnerable period (not supported)
    Blink red Reset to factory defaults
    Blink green Off Blink green or orange Network discovery: 802.1x authentication
    Blink red Failed 802.1x authentication
    Blink green Blink green or orange Network discovery: DHCP
    Blink red Default IP address
    Solid green Blink green or orange Network discovery: discovery/connect
    Blink red Discovery failed
    • Green - Radio On
    • Off - Radio Off
    • Green - Radio On
    • Off - Radio Off
    		 Solid green Connected

    The following table shows the LED patterns and the associated status for ExtremeWireless WiNG APs when they are connected to cloud management.

    Click to expand in new window

    LED Patterns for ExtremeWireless WiNG APs Connecting with ExtremeCloud

    Task 5 GHz Activity LED (Amber) 2.4 GHz Activity LED (Green)
    Unconfigured Radio On On
    Normal Operation
    • If this radio band is enabled: Blinks at 5-second intervals
    • If this radio band is disabled: Off
    • If there is activity on this band: Blinks at 1 time per second
    • If this radio band is enabled: Blinks at 5-second intervals
    • If this radio band is disabled: Off
    • If there is activity on this band: Blinks at 1 time per second
    Firmware Update On Off
    Locate AP Mode LEDs blink in an alternating green, red and amber pattern using an irregular blink rate. This LED state in no way resembles normal operating conditions. LEDs blink in an alternating green, red and amber pattern using an irregular blink rate. This LED state in no way resembles normal operating conditions.
  5. Log in to your administrator account at https://ezcloudx.com. On the first login, the configuration wizard opens. Use the wizard to update the network security key of the predefined wireless network. Alternatively, you can exit the wizard and configure your own networks. For more information, see "How to Set Up Your Network" in the ExtremeCloud Information Center.
  6. Select Monitor > Devices > Access Points and look for the device in your Devices list. If the AP is not listed in your account, this usually indicates there is no subscription coverage for your device. You may need to contact Sales for assistance, for all other inquires contact Support.
Note

Note

If an AP persistently fails or its status remains gray or red for more than 20 minutes, contact Support.

More Information

Published September 2019prev | next

Email this topicEmail this topic

Print this pagePrint this page