ExtremeCloud™ IQ Agent Support

Switch Engine provides support for ExtremeCloud IQ. Currently, device discovery, basic monitoring, and visibility into homogenous stacking are supported. Switch Engine also has the ability to configure an optional user-defined virtual router (VR) and address of the server for ExtremeCloud IQ agent to connect to. These values are used instead of any auto-detected values.

In addition, users can configure the IQ Agent HTTP Proxy server IP and port, and define the username and password, if required.

To configure a server VR, VLAN Management, or address, use the following command:

configure iqagent server [vr [[vr-name | none] | vr_name vlan vlan-name]] | none] | ipaddress [fqdn | ip_address| none]]

To configure the HTTP proxy, use the following command:

configure iqagent http-proxy [ipaddress [fqdn | ip_address] port port_number | user user_name password [encrypted encrypted_password | password] | none]

You can enable or disable the IQ Agent with the following commands:
Important

Important

Disabling IQ Agent prevents all access to ExtremeCloud IQ. Any current activity with ExtremeCloud IQ, including remote SSH sessions, are disconnected immediately. Re-enabling IQ Agent can only occur by using the enable command by either console or Telnet or SSH access. Disabling IQ Agent deactivates automatic DHCP access on VLAN Mgmt, which is required for Zero-Touch Provisioning (ZTP).

enable iqagent

disable iqagent

To view information about IQ Agent, use the following command:

show iqagent discovery

For more information about ExtremeCloud IQ, go to https://www.extremenetworks.com/support/documentation/extremecloud-iq/.

Table 1. Supported Platforms
Switch Series Switch Models
ExtremeSwitching 5320

5320-48T-8XE

5320-48P-8XE

5320-24T-8XE

5320-24P-8XE

5320-16P-4XE

5320-16P-4XE-DC

ExtremeSwitching 5420

5420F-8W-16P-4XE

5420F-24P-4XE

5420F-24S-4XE

5420F-24T-4XE

5420F-16MW-32P-4XE

5420F-16W-32P-4XE

5420F-48P-4XE

5420F-48P-4XL

5420F-48T-4XE

5420M-24T-4YE

5420M-24W-4YE

5420M-16MW-32P-4YE

5420M-48T-4YE

5420M-48W-4YE

ExtremeSwitching 5520

5520-24T

5520-24W

5520-48T

5520-48W

5520-12MW-36W

5520-24X

5520-48SE

ExtremeSwitching 5720

5720-24MW

5720-24MXW

5720-48MW

5720-48MXW

IQ Agent and ExtremeCloud IQ Communication

After the IQ Agent is enabled, communication forms between the IQ Agent and extremecloudiq.com by secure HTTPS communication using destination TCP port 443. Communication between the IQ Agent and ExtremeCloud IQ occurs every 30 seconds, which includes check-in to ExtremeCloud IQ for actions, and includes CPU, memory, FDB information, Syslog, and ports statistics information. Note that data plane traffic is not sent to ExtremeCloud IQ by the IQ Agent.

Note that Telnet and SSH do not permit access to ‘hivemanager‘ account, which the IQ Agent creates for its own purpose and uses it for all cloud-initiated SSH connections through local host, so logging on to this account through Telnet or SSH is not allowed.

IQ Agents use SNMPv2 (enabled only for internal requests) to monitor the status of the switch.

Distributed Denial of Service Support for IQ Agent

Distributed Denial of Service (DDoS) support for IQ Agent installs a filter on HTTPS L4 ports to set a CPU queue (QoS 5) that separates IQ Agent traffic from other IP exceptions. This new ACL redirects TCP traffic with source port 443 (default HTTPS port) to CPU queue 5. The IQ Agent system ACL is installed or uninstalled along with the L3 Unicast Miss (L3UCMiss) filter.

Automation of this feature is supported on all Universal switches.

You can also manually install the ACL to redirect IQ Agent traffic to CPU queue 5 on smaller switches with 8 ACL slices by running the following command:

# configure access-list iqagent.pol any

iqagent.pol:
entry iqagent_cpu5 {
  if {
    protocol tcp;
    source-port 443;
  } then {
    traffic-queue cpu_q_5;
  }
}