Switch Engine provides support for ExtremeCloud IQ. Currently, device discovery, basic monitoring, and visibility into homogenous stacking are supported. Switch Engine also has the ability to configure an optional user-defined virtual router (VR) and address of the server for ExtremeCloud IQ agent to connect to. These values are used instead of any auto-detected values.
In addition, users can configure the IQ Agent HTTP Proxy server IP and port, and define the username and password, if required.
To configure a server VR, VLAN Management, or address, use the following command:
configure iqagent server [vr [[vr-name | none] | vr_name vlan vlan-name]] | none] | ipaddress [fqdn | ip_address| none]]
To configure the HTTP proxy, use the following command:
configure iqagent http-proxy [ipaddress [fqdn | ip_address] port port_number | user user_name password [encrypted encrypted_password | password] | none]
Important
Disabling IQ Agent prevents all access to ExtremeCloud IQ. Any current activity with ExtremeCloud IQ, including remote SSH sessions, are disconnected immediately. Re-enabling IQ Agent can only occur by using the enable command by either console or Telnet or SSH access. Disabling IQ Agent deactivates automatic DHCP access on VLAN Mgmt, which is required for Zero-Touch Provisioning (ZTP).enable iqagent
disable iqagent
To view information about IQ Agent, use the following command:
show iqagent discovery
For more information about ExtremeCloud IQ, go to https://www.extremenetworks.com/support/documentation/extremecloud-iq/.
| Switch Series | Switch Models |
|---|---|
| ExtremeSwitching 5320 |
5320-48T-8XE 5320-48P-8XE 5320-24T-8XE 5320-24P-8XE 5320-16P-4XE 5320-16P-4XE-DC |
| ExtremeSwitching 5420 |
5420F-8W-16P-4XE 5420F-24P-4XE 5420F-24S-4XE 5420F-24T-4XE 5420F-16MW-32P-4XE 5420F-16W-32P-4XE 5420F-48P-4XE 5420F-48P-4XL 5420F-48T-4XE 5420M-24T-4YE 5420M-24W-4YE 5420M-16MW-32P-4YE 5420M-48T-4YE 5420M-48W-4YE |
| ExtremeSwitching 5520 |
5520-24T 5520-24W 5520-48T 5520-48W 5520-12MW-36W 5520-24X 5520-48SE 5520-24T-ACDC-BASE 5520-48T-ACDC-BASE 5520-24X-ACDC-BASE 5520-48SE-ACDC-BASE |
| ExtremeSwitching 5720 |
5720-24MW 5720-24MXW 5720-48MW 5720-48MXW |
| Extreme 7520 | 7520-48Y-8C 7520-48XT-6C 7520-48YE-8CE |
| Extreme 7720 | 7720-32C |
After the IQ Agent is enabled, communication forms between the IQ Agent and extremecloudiq.com by secure HTTPS communication using destination TCP port 443. Communication between the IQ Agent and ExtremeCloud IQ occurs every 30 seconds, which includes check-in to ExtremeCloud IQ for actions, and includes CPU, memory, FDB information, Syslog, and ports statistics information. Note that data plane traffic is not sent to ExtremeCloud IQ by the IQ Agent.
Note that Telnet and SSH do not permit access to ‘hivemanager‘ account, which the IQ Agent creates for its own purpose and uses it for all cloud-initiated SSH connections through local host, so logging on to this account through Telnet or SSH is not allowed.
IQ Agents use SNMPv2 (enabled only for internal requests) to monitor the status of the switch.
Distributed Denial of Service (DDoS) support for IQ Agent installs a filter on HTTPS L4 ports to set a CPU queue (QoS 5) that separates IQ Agent traffic from other IP exceptions. This new ACL redirects TCP traffic with source port 443 (default HTTPS port) to CPU queue 5. The IQ Agent system ACL is installed or uninstalled along with the L3 Unicast Miss (L3UCMiss) filter.
Automation of this feature is supported on all Universal switches.
You can also manually install the ACL to redirect IQ Agent traffic to CPU queue 5 on smaller switches with 8 ACL slices by running the following command:
# configure access-list iqagent.pol any
iqagent.pol:
entry iqagent_cpu5 {
if {
protocol tcp;
source-port 443;
} then {
traffic-queue cpu_q_5;
}
}