Switch Engine™ User Guide Version 32.7.1
>
Identity Management
>
Configuring Identity Management
>
Configure Default and User-Defined Roles
> Creating and Deleting User-Defined Roles
Published May 01, 2024
Search this document
Print this page
Email this page
View PDF
Previous
Next
Introduction to the Switch Engine User Guide
Conventions
Text Conventions
VLAN Option Formatting in Commands
Platform-Dependent Conventions
Terminology
Related Publications
Send Feedback
Help and Support
Getting Started
Product Overview
Software Required
ExtremeCloud™ IQ Agent Support
Changing the Network Operating System
Simple Switch Configuration with Chalet
Switch Configuration Using VLAN ID (VID)
Zero Touch Provisioning (Auto Configuration)
Cloning Switches
Using Clone.py
Cloning within a Stack
Cloning Standalone to Standalone
Cloning from Standalone to a Stack
Copying One Switch's Configuration to Another Switch Using USB Zero Touch Provisioning (ZTP)
Logging in to the Switch
Understanding the Command Syntax
Using the CLI
Syntax Helper
CLI File Name Completion
Object Names
Reserved Keywords
Abbreviated Syntax
Command Shortcuts
Command Aliases
Command Line Interface (CLI) History Expansion
CLI History Lookup
Support for Revising CLI Commands
Symbols
Port Numbering
Stand-alone Switch Numerical Ranges
SummitStack Numerical Ranges
Assigning Slot:Port Notation on Standalone Switches
Port Notation on Standalone Channelized Ports
Line-Editing Keys
Viewing Command History (Journal)
Common Commands
Using Safe Defaults Mode
Configuring Management Access
Account Access Levels
User Accounts
Administrator Accounts
Lawful Intercept Account
Configure Banners
Startup Screen and Prompt Text
Default Accounts
Creating Management Accounts
Authenticating Management Sessions through the Local Database
Failsafe Accounts
Accessing the Switch using Failsafe Account
Managing Passwords
Applying a Password to the Default Account
Applying Security to Passwords
Hash Algorithm for Account Passwords
Removal of Cleartext Passwords
Timed Lockout
Displaying Passwords
Accessing an Active Node in a SummitStack
DNS Cache Resolver and Analytics Engine Overview
Domain Name Service Client Services
Checking Basic Connectivity
Ping
Traceroute
Displaying Switch Information
Filtering the Output of Show Commands
Automate Running Show Commands
Managing the Switch
ExtremeXOS Switch Management Overview
Understanding the Operating System Shell
Using the Console Interface
Using the 10/100 or 10/100/1000 Ethernet Management Port
Managing the Switch with Bluetooth Devices
Using Extreme Management Center to Manage the Network
Authenticating Users
RADIUS Client
TACACS+
Management Accounts
Using Telnet
Starting the Telnet Client
About the Telnet Server
Connect to Another Host Using Telnet
Configuring Switch IP Parameters
Using a BOOTP or DHCP Server
Manually Configuring the IP Settings
Configuring Telnet Access to the Switch
Viewing Telnet Information
Disabling and Enabling Telnet
Disconnecting a Telnet Session
Access Profile Logging for Telnet
ACL Match Conditions and Actions
Limitations
Managing ACL Policies for Telnet
Managing ACL Rules for Telnet
Misconfiguration Error Messages
Sample ACL Policies
Using Secure Shell 2
Access Profile Logging for SSH2
ACL Match Conditions and Actions
Limitations
Managing ACL Policies for SSH2
Managing ACL Rules for SSH2
Misconfiguration Error Messages
Using the Trivial File Transfer Protocol
TFTP Block-size Configuration
Connecting to Another Host Using TFTP
Understanding System Redundancy
Node Election
Determining the Primary Node
Configuring the Node Priority on a SummitStack
Relinquishing Primary Status
Replicating Data Between Nodes
Relaying Configuration Information
Bulk Checkpointing
Dynamic Checkpointing
Viewing Checkpoint Statistics
Viewing Node Status
Node Status Collected
Understanding Hitless Failover Support
Protocol Support for Hitless Failover
Hitless Failover Caveats
Caveats for a SummitStack
Understanding Power Supply Management
Using Power Supplies
Using Power Supplies--SummitStack Only
Displaying Power Supply Information
Using the Network Time Protocol
Limitations
VR Configuration Support
Configuring the NTP Server/Client
Configuring Restrict Lists
Managing NTP Peer Support
Managing NTP Local Clock Support
Managing NTP Broadcast Server Support
Managing NTP Broadcast Client Support
Managing NTP Authentication
Showing NTP Information
NTP Configuration Example
Using the Simple Network Management Protocol
Enabling and Disabling SNMPv1/v2c and SNMPv3
Understanding Safe Defaults Mode and SNMP
Enabling and Disabling SNMP Access on Virtual Routers
Accessing Switch Agents
Return-to-Normal SNMP Notifications
Supported MIBs
Configuring SNMPv1/v2c Settings
Displaying SNMP Settings
SNMPv3
Message Processing
SNMPv3 Security
USM Timeliness Mechanisms
Configuring USM Timeliness Mechanism
Users, Groups, and Security
Managing Users
Managing Groups
Security Models and Levels
Setting SNMPv3 MIB Access Control
SNMPv3 Notification
Configuring Target Addresses
Managing Notification Tags
Configuring Notifications
Access Profile Logging for SNMP
ACL Match Conditions and Actions
Limitations
Managing ACL Policies for SNMP
Managing ACL Rules for SNMP
Misconfiguration Error Messages
Using the Simple Network Time Protocol
Configuring and Using SNTP
GMT Offsets
SNTP Example
Access Profile Logging for HTTP/HTTPS
ACL Match Conditions and Actions
Limitations
Managing ACL Rules for HTTP
Misconfiguration Error Messages
Managing the ExtremeXOS Software
Using the ExtremeXOS File System
Moving or Renaming Files on the Switch
Copying Files on the Switch
Displaying Files on the Switch
Transferring Files to and from the Switch
Deleting Files from the Switch
Managing the Configuration File
Managing ExtremeXOS Processes
Displaying Process Information
Stopping Processes
Starting Processes
Creating Processes
Understanding Process Control Groups
Understanding Memory Protection
Configuring Stacked Switches
Introduction to Stacking
Build Basic Stacks
Slot Numbers in Stacks
Primary/Backup Switch Redundancy
SummitStack Topologies
Ring Topology: Recommended for Stacking
Daisy Chain Topology: Not Recommended for Stacking
Use Ethernet Ports for Stacking (SummitStack-V Feature)
Available Stacking Methods
SummitStack Terms
Preparing to Configure a Stack
Stacking Node Roles, Redundancy, and Failover
Reboot or Failure of a Non-Master Node
Stack Configuration Parameters, Configuration Files, and Port Numbering
QoS in Stacking
QoS Profile Restrictions
QoS Scheduler Operation
Processing of Packets Received With 802.1p Priority 6
Effects on 802.1p Examination
Effects on DiffServ Examination
Effects on Port QoS and VLAN QoS
Stacking Link Overcommitment
Log Messages from Stack Nodes
Configuring a Stack
Manually Configuring a Stack
Configuring Slot Numbers
Configuring the Primary, Backup, and Standby Roles
Assigning a MAC Address to a Stack
Verifying the Configuration
Using the Mode Button to Automatically Stack
Using a USB Flash Drive to Automatically Stack
Managing an Operational Stack
Logging into a Stack
Logging in Through the Console Port
Logging in from the Management Network
Logging Into a Node From Another Node
Managing Licenses on a Stack
Viewing Switch Licenses and License Restrictions
Enabling a Switch License
Restricting a Switch License Level
Upgrading Stack Licenses
Upgrading ExtremeXOS on a Stack
Stack Rolling Software Upgrade
Performing a Rolling Upgrade
Reverting a Rolling Upgrade
Finishing a Rolling Upgrade
Upgrading the Software on all Active Nodes
Upgrading the Software on a Single Node
Upgrading the Bootrom
Configuring an Alternate IP Address and Gateway
Viewing the Alternate IP Address
show vlan mgmt Command
show ipconfig mgmt Command
Viewing Stacking Port Statistics
Configuring Master-Capability
Rebooting a Stack
Changing the Stack Configuration
Automatically Adding or Replacing Nodes in a Stack
Manually Adding Nodes to a Stack
Replacing a Node with the Same Switch Type
Replacing a Node with a Different Switch Type
Merging Two Stacks
Example: Merging Two Stacks
Removing a Node from a Stack
Dismantling a Stack
Troubleshooting a Stack
Managing a Dual Primary Situation
Eliminating a Dual Master Situation Manually
Automatic Resolution of the Dual Master Situation
Connecting to a Stack with No Primary
Rescuing a Stack that has No Primary-Capable Node
Daisy Chain
Broken Stack (Isolated Nodes)
Failed Stack
Failed Stack Node
License Mismatch
Stacking Link Failure
Understanding Stacking Traps
Configuring Slots and Ports on a Switch
Configuring Ports on a Switch
Port Numbering
Stand-alone Switch Numerical Ranges
SummitStack Numerical Ranges
Enabling and Disabling Switch Ports
Configuring Switch Port Speed and Duplex Setting
Configuring Extended Port Description
Port Groups
Partitioning High Bandwidth Ports
Flow Control
IEEE 802.3x Flow Control
IEEE 802.1Qbb Priority Flow Control
Fabric Port Configuration
Configuring Priority Flow Control
Abnormal Configuration Examples
Turning off Autonegotiation on a Gigabit Ethernet Port
Running Link Fault Signal
Turn off Autopolarity
Flow Monitor
Enabling Flow Monitor
Configuring Flow Monitor Collectors
Configuring Flow Monitor Keys
Configuring Flow Monitor Groups
Clearing Flow Monitor Counters
Displaying Flow Monitor Information
Configuring Switching Mode—Cut-through Switching
Default Switching Mode
Configuring Switching Mode
Using the Precision Time Protocol
Overview of PTP
Basic Synchronization
End-to-End Transparent Clocks Between Master And Slave
PTP Slave Clock Adjustments
PTP Slave Time Correction
Drift Adjustment
Offset Adjustment
PTP Clock Servo Algorithm
Hybrid Networks
Supported PTP Features
Limitations of PTP
Configuring and Displaying PTP Clocks and Data Sets
PTP Transparent clock
PTP Boundary/Ordinary Clocks
PTP Boundary/Ordinary Clock Ports
PTP Clock Recovery State
PTP Configuration Example
End-to-End Transparent Clock Configuration
Ordinary Clock Slave Configuration
Ordinary Clock Slave Configuration (Node-1)
Ordinary Clock Slave Configuration (Node-2)
Boundary Clock Configuration
DWDM Optics Support
Limitations
Configuring DWDM
Displaying DWDM
Configuring Digital Diagnostic Monitoring Interface (DDMI)
Jumbo Frames
Guidelines for Jumbo Frames
Enabling Jumbo Frames
Path MTU Discovery
IP Fragmentation with Jumbo Frames
Link Aggregation on the Switch
Link Aggregation Overview
Configurable Per Slot LAG Member Port Distribution
Link Aggregation and Software-Controlled Redundant Ports
Dynamic Versus Static Load Sharing
Load-Sharing Algorithms
Address-Based Load Sharing
Link Aggregation Standard and Custom Algorithms
Port-Based Load Sharing
LAG Member Port Distribution Modes
LACP
LACP Fallback
Link Aggregation Minimum Active Links
Health Check Link Aggregation
Guidelines for Load Sharing
Load Sharing Guidelines
Load Sharing Rules and Restrictions for All Switches
Configuring Switch Load Sharing
Creating and Deleting Load Sharing Groups
Adding and Deleting Ports in a Load-Sharing Group
Configuring the Load Sharing Algorithm
Configuring LACP
Configuring Health Check Link Aggregation
Modifying Configured Health Check LAG
Load-Sharing Examples
Load Sharing on a Stand-alone Switch
Cross-Module Load Sharing on SummitStack
Single-Module Load Sharing on SummitStack
LACP Example
Health Check LAG Example
MLAG
MLAG Overview
ISC Blocking Filters
Linkup Isolation
Inter-Switch Communication
PIM MLAG Support
Multiple VLAN Registration Protocol (MVRP) over Multi-switch Link Aggregation (MLAG)
Orchestration Mode for Checkpointing MLAG Port Configuration
Multi-switch Link Aggregation Group (MLAG) Port Reload Delay Timer
Support for More than One MLAG Peer
Traffic Flows
MLAG Peer Port Failure
FDB Checkpointing
Layer-2 IP Multicast
Layer 3 IP Multicast using PIM-SM
MLAG Limitations and Requirements
Configuring MLAGs
Displaying MLAG Information
Example of MLAG Configuration
MLAG-LACP
LACPDU Transmission on MLAG Ports
Scalability Impact on Load Shared Groups
Mirroring
Guidelines for Mirroring
Mirroring Rules and Restrictions
Configuring Mirroring
Verifying the Mirroring Configuration
Remote Mirroring
Configuration Details
Configuring the Source Switch
Configuring the Intermediate Switch
Configuring the Destination Switch
Remote Mirroring Guidelines
Using Remote Mirroring with Redundancy Protocols
Remote Mirroring with EAPS
Remote Mirroring With STP
Remote Mirroring Using Layer 3
Redundant Remote IP Address Mirroring
Extreme Discovery Protocol
Software-Controlled Redundant Port and Smart Redundancy
Guidelines for Software-Controlled Redundant Ports and Port Groups
Configuring Software-Controlled Redundant Ports
Verifying Software-Controlled Redundant Port Configurations
Configuring Automatic Failover for Combination Ports
ExtremeSwitching Switches with Shared Copper/Fiber Gigabit Ports Only
Displaying Port Information
Optic Port Compatibility Check
ExtremeXOS Port Description String
Configure Port decription-string
Port Isolation
Configuring Port Isolation
Energy Efficient Ethernet
Configuring Energy Efficient Ethernet
Node Alias Overview
Configuring Node Alias
Using Locally Administered MAC Addresses
Enabling/Disabling the USB Port
Extended Edge Switching
Extended Edge Switching Overview
What Is Extended Edge Switching?
Virtual Port Extenders (VPEX) Description
Bridge Port Extenders Description
Important Terminology
Chassis Analogy
The Value of Bridge Port Extenders
How Do Bridge Port Extenders Interact with the Controlling Bridge?
Edge Control Protocol
Port Extension Control and Status Protocol
Redundant Controlling Bridges
Extended Edge Switching Rings
Forming a Ring
Data Plane Establishment and Operation
Link Failure Handling
Uneven Cascade Lengths and Ring Re-balancing
Dual Controlling Bridges in Ring Topologies (MLAGs)
Cross-Connect MLAGs
One-Arm MLAGs
Optimized IP Multicast Replication
Supported Bridge Port Extender Models
Supported Platforms
Extended Edge Switching on Stacking Overview
ZTPStack Behavior
Software Upgrade
Bridge Port Extender General Limitations
ExtremeXOS Feature Compatibility with V400 Virtual Port Extenders
Configuring Extended Edge Switching Topology with Full Automation
Configuring Extended Edge Switching Topology with Partial Automation (Auto-configuration)
Manually Configuring Bridge Port Extenders
Configuring Extended Edge Switching Ring Topology
Troubleshooting an Extended Edge Switching Topology
Selecting How VLAN Membership is Implemented for Extended Ports
Configuring IP Multicast Replication
Unconfiguring the entire VPEX Setup and Disabling VPEX Mode
Removing Bridge Port Extenders from Slot Assignments
Unconfiguring MLAG Slot Assignment
Adding and Removing Bridge Port Extenders
Replacing Bridge Port Extenders
Inserting Additional Bridge Port Extenders on Cascades
Inserting Additional Bridge Port Extenders on Rings
Removing Bridge Port Extenders from Cascades
Removing Bridge Port Extenders from Rings
Showing Bridge Port Extender Information
Taking a Bridge Port Extender Offline
Rebooting VPEX
Full Automation Configuration Example
Partial Automation Configuration Example
Manual Configuration Example
Removing Bridge Port Extender from a Cascade Example
Redundant Controlling Bridges Configuration Example
Simple Ring Configuration Example
Upgrading the Controlling Bridge and Bridge Ports Extenders
BGP Auto-peering
Auto-peering Introduction
BGP Auto-peering Feature Description
IP Multicast Forwarding (PIM-DM)
External Router Support
BGP Auto-peering Plug-and-Play Redundancy
AutoBGP LAG Active/Standby Mode
Routing through the Underlay (VXLAN and AutoBGP Networks)
VXLAN to Non-VXLAN Routing in a Non-AutoBGP Network
VXLAN to Non-VXLAN Routing in an AutoBGP Network
VXLAN to VXLAN Routing in an AutoBGP Network
EVPN and VRF Support
Asymmetric Routing
Supported Platforms
BGP Auto-peering Feature Limitations
Configuring BGP Auto-peering
BGP Auto-peering Examples
BGP Auto-peering Simple Leaf/Spine Example
BGP Auto-peering Leaf/Spine with VXLAN Example
OSPFv2 Auto-peering
OSPFv2 Auto-peering Introduction
OSPFv2 Auto-peering Feature Description
OSPFv2 Auto-peering Limitations
OSPFv2 Auto-peering Supported Platforms
Configuring OSFPv2 Auto-peering
Universal Port
Profile Types
Static Profiles
Dynamic Profiles
Dynamic Profile Trigger Types
Device Triggers
User Authentication Triggers
Time Triggers
Event Management System Triggers
How Device-detect Profiles Work
How User Authentication Profiles Work
Profile Configuration Guidelines
Obtaining Profiles
Profile Rules
Multiple Profiles on the Same Port
Supported Configuration Commands and Functions
Universal Port Variables
Collecting Information from Supplicants
Supplicant Configuration Parameters
Universal Port Configuration Overview
Device-Detect Configurations
User-Authentication Configurations
Time-of-Day Configurations
EMS-Event Configurations
Using Universal Port in an LDAP or Active Directory Environment
Configuring Universal Port Profiles and Triggers
Creating and Configuring New Profiles
Editing an Existing Profile
Configuring a Device Event Trigger
Configuring a User Login or Logout Event Trigger
Configuring a Universal Port Timer
Configuring a Timer Trigger
Creating an EMS Event Filter
Configuring an EMS Event Trigger
Enabling and Disabling an EMS Event Trigger
Unconfiguring a Timer
Managing Profiles and Triggers
Manually Executing a Static or Dynamic Profile
Displaying a Profile
Displaying Timers
Displaying Universal Port Events
Displaying Profile History
Verifying a Universal Port Profile
Handling Profile Execution Errors
Disabling and Enabling a Profile
Deleting a Profile
Deleting a Timer
Deleting an EMS Event Trigger
Sample Universal Port Configurations
Sample MAC Tracking Profile
Switch Configuration
MAC Tracking EMS Log Message
Profile Configuration
Policy File Configuration
Console Logs
Universal Port Handset Provisioning Module Profiles
Device-Triggered Generic Profile
Authentication-Triggered Generic Profile
Authentication-Triggered Avaya Profile
Sample Static Profiles
Sample Configuration with Device-Triggered Profiles
Sample Configuration with User-Triggered Profiles
Sample Timer-Triggered Profile
Sample Profile with QoS Support
Sample Event Profile
Configuring Universal Port Example
Sample Configuration for Generic VoIP LLDP
Sample Configuration for Generic VoIP 802.1X
Sample Configuration for Avaya VoIP 802.1X
Sample Configuration for a Video Camera
Using CLI Scripting
Setting Up Scripts
Enabling and Disabling CLI Scripting
Creating Scripts
Creating a Script File
Creating Scripts for Use with the Universal Port Feature
ExtremeXOS Shell RC Script
Python Scripting
Creating Sockets Using Python Scripts
Python Scripting Examples
Using Script Variables
Creating Variables
Using Special Characters in Scripts
Using Operators
Using Control Structures in Scripts
Using Built-In Functions
Control Script Configuration Persistence
Saving, Retrieving, and Deleting Session Variables
Nesting Scripts
Executing Scripts
Execute a Script File
Executing a Universal Port Script
Configuring Error Handling
Aborting a Script
Displaying CLI Scripting Information
Viewing CLI Scripting Status
Viewing CLI Scripting Variables
Controlling CLI Script Output
CLI Scripting Examples
LLDP Overview
Supported Advertisements (TLVs)
Mandatory TLVs
Optional TLVs
Avaya–Extreme Networks Optional TLVs
LLDP MED Optional TLVs
BGP Config Discovery Optional TLV
LLDP Redundancy Support on Stacking
LLDP Packets
Transmitting LLDP Messages
Receiving LLDP Messages
LLDP Management
Configuring and Managing LLDP
Configuration Overview
Enabling and Disabling LLDP
Configuring LLDP Timers
Configuring SNMP for LLDP
Configuring Optional TLV Advertisements
Configuring Standards-Based TLVs
Port description TLV
System name TLV
System Description TLV
System Capabilities TLV
Management Address TLV
VLAN Name TLV
Port VLAN ID TLV
Port and Protocol VLAN ID TLV
MAC/PHY Configuration/Status TLV
Power Via MDI TLV
Link Aggregation TLV
Maximum frame size TLV
Configuring Avaya-Extreme TLVs
PoE Conservation Level Request TLV
Call Server TLV
File Server TLV
802.1Q Framing TLV
Configuring LLDP MED TLVs
LLDP MED capabilities TLV
LLDP MED Fast-Start Feature
Network policy TLV
Location identification TLV
Extended power-via-MDI TLV
SNMP Traps for LLDP MED
Clearing LLDP Neighbor Entries
Unconfiguring LLDP
Displaying LLDP Information
Displaying LLDP Port Configuration Information and Statistics
Display LLDP Information Collected from Neighbors
OAM
CFM
CFM Overview
Ping and Traceroute
Supported Instances for CFM
CFM Groups
Configuring CFM
Creating Maintenance Domains
Creating and Associating MAs
Creating MPs and the CCM Transmission Interval
Configuring EAPS for CFM Support
Assigning MEP Group Names to New MEP
Assign MEP Group Name to Existing MEP
Add a RMEP to MEP Group
Monitoring CFM in EAPS
Displaying MEP Groups
Executing Layer 2 Ping and Traceroute Messages
Displaying CFM
CFM Example
Y.1731—Compliant Performance Monitoring
Frame-Delay Measurement
Frame-Loss Measurement
Dual-Ended Frame-Loss Measurement
Single-Ended Frame-Loss Measurements
Availability Time and Severly Errored Seconds (SES)
Configuring a CFM Segment
Managing a CFM Segment
Clearing CFM Information
Y.1731 MIB Support
EFM OAM—Unidirectional Link Fault Management
Unidirectional Link Fault Management
Configuring Unidirectional Link Fault Management
Two-Way Active Measurement Protocol
TWAMP-Test Protocol
Bidirectional Forwarding Detection (BFD)
BFD Overview
Limitations
Configuring BFD
Configuring BFD Intervals
Setting Strict BFD Session Protection
Displaying BFD Information
Clearing BFD Information
BFD Hardware Assist
BFD MIB Table Support
BFD Session Up/Down Traps
PoE
Extreme Networks PoE Devices
Summary of PoE Features
Power Delivery
Enabling PoE to the Switch
Power Reserve Budget
PD Disconnect Precedence
Port Disconnect or Fault
PoE Usage Threshold
Legacy Devices
PoE Operator Limits
Configuring PoE
Enable Inline Power
Setting the Disconnect Precedence
Configuring the Usage Threshold
Configuring the Switch to Detect Legacy PDs
Configuring the Operator Limit
Configuring PoE Port Labels
Power Cycling Connected Powered Devices
Displaying PoE Settings and Statistics
Clearing Statistics
Displaying System Power Information
Display System PoE Status
Displaying PoE Status and Statistics on Stand-alone Switches
Displaying Port PoE Information
Displaying Port PoE Configuration
Display Port PoE Status
Displaying Port PoE Statistics
Status Monitoring and Statistics
Viewing Port Statistics
Viewing Port Errors
Port Link-Flap Detection
Link-Flap Detection Threshold Value Dependencies
Link-Flap Detection Syslog Messages
SNMP Traps
Port Link-Flap Statistics
Configuring Port Link-Flap Detection
Using the Port Monitoring Display Keys
Viewing VLAN Statistics
Configuring VLAN Statistics
Guidelines and Limitations
Performing Switch Diagnostics
Running Diagnostics
LED Behavior During Diagnostic Testing
Displaying Diagnostic Test Results
Using the System Health Checker
Using ELSM
About ELSM
ELSM Hello Messages
ELSM Port States
Link States
ELSM Link States
ELSM Timers
Configuring ELSM on a Switch
Enabling ELSM
Configuring the ELSM Hello Timer
Configuring the ELSM Hold Threshold
Configure Automatic Restart
Disabling ELSM
Displaying ELSM Information
Clearing ELSM Counters
Using ELSM with Layer 2 Control Protocols
ELSM Configuration Example
Viewing Fan Information
Viewing the System Temperature
System Temperature Output
SummitStack
ExtremeSwitching Switches Only
Using the Event Management System/Logging
Sending Event Messages to Log Targets
Primary and Backup Systems—SummitStack Only
Filtering Events Sent to Targets
Target Configuration
Severity
Configuring Severity Level
Components and Conditions
Filtering By Components and Conditions
Matching Expressions
Matching Parameters
Formatting Event Messages
Displaying Real-Time Log Messages
Displaying Event Logs
Log Buffer Threshold Alert
Uploading Event Logs
Displaying Counts of Event Occurrences
Displaying Debug Information
Logging Configuration Changes
Securing Syslog Transport Layer Security Sessions
Avoiding Potential Loss of TLS Syslog Logging
Disabling OCSP for TLS Connections to Remote Syslog Servers
Syslog TLS OCSP Attribute Configuration
Using the XML Notification Client
Introduction
HTTP Client Interface
Configuring XML Notification
Displaying XML Notification
Configuring Log Target in EMS
Examples
Using sFlow
Configuring sFlow
Configuring the Local Agent
Configuring the Remote Collector Address
Enabling sFlow Globally on the Switch
Enabling sFlow on the Desired Ports
Additional sFlow Configuration Options
Polling Interval
Global Sampling Rate
Per Port Sampling Rate
Maximum CPU Sample Limit
Unconfiguring sFlow
sFlow Configuration Example
Displaying sFlow Information
Monitoring CPU Utilization
Disabling CPU Monitoring
Enable CPU Monitoring
Displaying CPU Utilization History
VLANs
VLANs Overview
Benefits
Virtual Routers and VLANs
Types of VLANs
Port-Based VLANs
Spanning Switches with Port-Based VLANs
Tagged VLANs
Protocol-Based VLANs
Defining Protocol Filters
Configuring a VLAN to Use a Protocol Filter
Deleting a Protocol Filter
Precedence of Tagged Packets Over Protocol Filters
Default VLAN
VLAN Names
Configuring VLANs on the Switch
VLAN Configuration Overview
VLAN ID and VLAN ID List Specification
Creating and Deleting VLANs
Managing a VLAN IP Address
Configuring a VLAN Tag
Adding and Removing Ports from a VLAN
Adding and Removing VLAN Descriptions
Renaming a VLAN
Enabling and Disabling VLANs
VLAN Configuration Examples
IP and MAC Anycast
Displaying VLAN Information
Private VLANs
PVLAN Overview
VLAN Translation in a PVLAN
VLAN Isolation
PVLAN Components
PVLAN Support over Multiple Switches
Extending Network and Subscriber VLANs to Other Switches
MAC Address Management in a PVLAN
Layer 3 Communications
PVLAN Limitations
Configuring PVLANs
Creating PVLANs
Configuring Network VLAN Ports for VLAN Translation
Configuring Non-Isolated Subscriber VLAN Ports
Configuring Isolated Subscriber VLAN Ports
Configuring a PVLAN on Multiple Switches
Configuring a Network or Subscriber VLAN Extension to Another Switch
Adding a Loopback Port to a Subscriber VLAN
Managing Layer 3 Communications in a PVLAN
Delete PVLANs
Remove a VLAN from a PVLAN
Deleting a Loopback Port from a Subscriber VLAN
Displaying PVLAN Information
Displaying Information for all PVLANs
Displaying Information for a Specific PVLAN
Displaying Information for a Network or Subscriber VLAN
Displaying PVLAN FDB Entries
PVLAN Configuration Example 1
PVLAN Configuration Example 2
VLAN Translation
VLAN Translation Behavior
Unicast Traffic
Broadcast Behavior
Multicast Behavior
VLAN Translation Limitations
Interfaces
Configuring Translation VLANs
Displaying Translation VLAN Information
Displaying Information for a Translation or Member VLAN
Displaying Translation VLAN FDB Entries
VLAN Translation Configuration Examples
Basic VLAN Translation
VLAN Translation with ESRP Redundancy
VLAN Translation with STP Redundancy
Port-Specific VLAN Tag
Port-Specific Tags in L2VPN
Configuring Port-Specific VLAN Tags
VMAN (PBN)
VMAN Overview
Customer Network Ports
Customer Edge Ports
Assigning Port CVID on Port-based or CEP VMAN Service
Coexistence with Tagged VLANs Interfaces, CEP VMAN Interfaces, and Tagged VMAN Interfaces
Protocol and Feature Interactions
CVID Translation
CVID Egress Filtering
VMAN Configuration Options and Features
ACL Support
Secondary Ethertype Support
QoS Support
Egress Queue Selection
VMAN Double Tag Support
Configuration
Configuring VMANs (PBNs)
Guidelines for Configuring VMANs
Procedure for Configuring VMANs
Configuring VMAN Options
Configuring the Ethertype for VMAN Ports
Selecting the Tag used for Egress Queue Selection
Displaying VMAN Information
Configuration Examples
VMAN CEP Example
Multiple VMAN Ethertype Example
FDB
FDB Contents
How FDB Entries Get Added
How FDB Entries Age Out
FDB Entry Types
Dynamic Entries
Static Entries
Blackhole Entries
Private VLAN Entries
Managing the FDB
Increasing the FDB Table Size
Adding a Permanent Unicast Static Entry
Adding a Permanent Multicast Static Entry
Configuring the FDB Aging Time
Adding Virtual MAC Entries from IP ARP Packets
Managing Reports of Duplicate MAC Addresses for Static Entries
Clearing FDB Entries
Supporting Remote Mirroring
Displaying FDB Entries and Statistics
Display FDB Entries
Display FDB Statistics
MAC-Based Security
Managing MAC Address Learning
Managing Egress Flooding
Guidelines for Enabling or Disabling Egress Flooding
Configuring Egress Flooding
Displaying Learning and Flooding Settings
Creating Blackhole FDB Entries
Managing MAC Address Tracking
Adding and Deleting MAC Addresses for Tracking
Enabling and Disabling MAC Address Tracking on Ports
Enabling and Disabling SNMP Traps for MAC Address Changes
Configuring Automatic Responses to MAC Tracking Events
Displaying the Tracked MAC Addresses and Tracking Statistics
Clearing the Tracking Statistics Counters
Integrated Application Hosting
Data Center Solutions
Data Center Overview
Introduction to Data Center Bridging
Data Center Bridging Exchange Protocol
Custom Application Support
Priority-based Flow Control
Introduction to the XNV Feature
VM Port Configuration
VM Authentication Process
File Synchronization
Network Management and Inventory
Introduction to the Direct Attach Feature
Managing the DCBX Feature
Enabling DCBX on Switch Ports
Configuring DCBX Application Priority Instances
Displaying DCBX Configuration and Statistics
DCBX Configuration Example
Managing the XNV Feature, VM Tracking
Limitations
Managing VM Tracking on the Switch
Managing VM Tracking on Specific Ports
Configuring the Authentication Method and Sequence
XNV and MLAG
XNV Dynamic VLAN
Tracking XNV Per VM Statistics
Managing the Repository Server
Selecting the Repository Server Directory
Creating the MANIFEST File
Creating a VMMAP File
Creating VPP Files
Creating Policy Files
Managing Switch Access to the Repository Server
Manage NMS Server Authentication
Configuring the NMS Server Software
Configure the NMS Client Software
Displaying NMS Authenticated VMs
Managing Network Authentication (Using the VMMAP File)
Manage Local Database Authentication
Managing the Local VPP Database
Managing VM Entries in the Local Authentication Database
Example XNV Configuration
MAC and IP Addresses
General VLAN Configuration
VMWare Server Setup
Repository Server Setup
Example ACL Rules
General Switch XNV Feature Configuration
Local VM Authentication Configuration
Network (VMMAP) Authentication Configuration
NMS Server Authentication Configuration
Managing Direct Attach to Support VEPA
AVB
Overview
AVB Feature Pack License
Configuring and Managing AVB
MRP/MSRP/MVRP LAG Support
gPTP LAG Support
Displaying AVB Information
Layer 2 Tunneling and Filtering
Layer 2 Protocol Tunneling
Protocol Tunneling
Implementing L2PT in ExtremeXOS
Protocol Filtering
Implementing Protocol Filtering in ExtremeXOS
Protocol Filters
L2PT Limitations
Virtual Routers
Overview of Virtual Routers
Types of Virtual Routers
System Virtual Routers
User Virtual Routers
VRFs
Local-Only Virtual Routers
Direct Route Leaking Between Virtual Routers
VR Configuration Context
Managing Virtual Routers
Creating and Deleting User Virtual Routers
Creating and Deleting VRFs
Enabling and Disabling VRFs
Configuring and Removing a VR Description
Changing the VR Context
Adding and Deleting Routing Protocols
Configuring Ports to Use One or More Virtual Routers
Deleting Ports from a Virtual Router
Adding Ports to a Single Virtual Router
Adding Ports to Multiple Virtual Routers
Displaying Ports and Protocols
Configuring the Routing Protocols and VLANs
Configuration Tasks for Layer 3 VPNs
Layer 3 VPN Configuration Overview
Configuring a VPN ID
Configuring the Route Distinquisher
Configuring Route Targets
Enabling and Disabling Layer 3 VPN SNMP Traps for a VR
Virtual Router Configuration Example
Fabric Attach
Fabric Attach Overview
Fabric Attach Operation Modes
Fabric Attach Proxy Mode
Fabric Attach Server Mode
Fabric Attach Standalone Proxy Mode
Fabric Attach Client Mode
Network Service Identifier Mappings
LLDP
RADIUS/Policy/NetLogin
Defining VLAN/NSI Mappings with RADIUS Standards Attributes or VSAs
Fabric Attach Automatic LAG Creation
Fabric Attach Support over Multi-switch Link Aggregation Groups (MLAGs)
Fabric Attach Authentication
RADIUS Vendor-Specific Attributes (VSAs) for Fabric Attach
Zero Touch Client
Fabric Attach Triggered Signaling
Configuring Fabric Attach
Fabric Attach and Extended Edge Switching Configuration Examples
Single-ARM MLAG Ring Topology Configuration Examples
FA Clients Connected to BPEs with Extended Edge Switching Ring MLAG-Connected CBs FA Server Peers
FA Clients Connected to BPEs with Extended Edge Switching Ring MLAG-Connected CB FA Proxy Peers
FA Clients Connected to BPEs with Extended Edge Switching Ring MLAG-Connected CB FA Standalone Peers
Cross-Connect MLAG Topology Configuration Examples
Cross-Connect MLAG Topology Configuration Example
Fabric Attach Automatic LAG Configuration Example
Policy Manager
Policy Manager and Policies Overview
Creating and Editing Policies
Using the Edit Command
Using a Separate Machine to Edit Policies
Checking Policies
Refreshing Policies
Applying Policies
Applying ACL Policies
Applying Routing Policies
ACLs
ACLs Overview
Two-Stage ACL
Feature Description
Two-Stage Policy Example
ACL Rule Syntax
Matching All Egress Packets
Comments and Descriptions in ACL Policy Files
Types of Rule Entries
Match Conditions
Actions
Action Modifiers
Counting Packets and Bytes
Logging Packets
Metering Packets
Mirroring Packets
Redirecting Packets
Replacing DSCP or 802.1p Fields
ACL Rule Syntax Details
IPv6 Traffic with L4 Match Conditions
Fragmented Packet Handling
Wide Key ACLs
Configuring Wide Key ACL Modes
Layer-2 Protocol Tunneling ACLs
ACL Byte Counters
Dynamic ACLs
Creating the Dynamic ACL Rule
Configuring the ACL Rule on the Interface
Configuring ACLs on a Management Port
Configuring ACL Priority
Configuring User Zones
Network-Zone Support in ACLs
Configuring Network-Zone Support in ACLs
Creating a Network-Zone
Deleting a Network-Zone
Adding or Removing Network-Zone Attributes
Refreshing Network-Zones
Monitoring Network-Zone Support in ACLs
show access-list network-zone
CCOS ACL Match Criteria
ACL Evaluation Precedence
Precedence
Rule Evaluation
Precedence of Dynamic ACLs
Precedence of L2/L3/L4 ACL Entries
Precedence Among Interface Types
Precedence with Egress ACLs
Redundant Rules
Applying ACL Policy Files
Displaying and Clearing ACL Counters
Example ACL Rule Entries
ACL Mechanisms
ACL Slices and Rules
ACL Allocation to Slices—All Platforms
Compatible and Conflicting Rules
Single Virtual Group for User ACLs
Rule Evaluation and Actions
Slice and Rule Use by Feature
System Configuration Example
ACL Error Messages
ACL Counters-Shared and Dedicated
Policy-Based Routing
Layer 3 Policy-Based Redirect
Layer 2 Policy-Based Redirect
LAG Port Selection
Policy-Based Redirection Redundancy
Multiple Next-hop Support
Health Checking for ARP, NDP, and Ping
Packet Forward/Drop
Configuring Packet Forward Drop
ACL Troubleshooting
Routing Policies
Routing Policies Overview
Routing Policy File Syntax
Policy Match Type
Policy Match Conditions
Autonomous System Expressions
Policy Action Statements
Applying Routing Policies
Policy Examples
Translating an Access Profile to a Policy
Translating a Route Map to a Policy
Quality of Service
Applications and Types of QoS
Voice Applications
Video Applications
Critical Database Applications
Web Browsing Applications
File Server Applications
Traffic Groups
ACL-Based Traffic Groups
CoS 802.1p-Based Traffic Groups
DiffServ-Based Traffic Groups
Port-Based Traffic Groups
VLAN-Based Traffic Groups
Precedence of Traffic Groups
Introduction to Rate Limiting, Rate Shaping, and Scheduling
Single-Rate QoS
Dual-rate QoS
Rate Specification Options
Disabling Rate Limiting and Rate Shaping
Scheduling
Introduction to WRED
Explicit Congestion Notification (ECN)
Meters
QoS Profiles
Egress Qos Profiles
Egress Port Rate Limiting and Rate Shaping
Configuring Overhead-Bytes in Calculating Rate-Limiting and Rate-Shaping
Class of Service (CoS)
Class of Service (CoS) Settings
Port Groups
CoS Port Resource
CoS Global Enable Action
Meter and Flood Actions
Meter and Flood Limitations
Configuring QoS
Configuring QoS on SummitStack and ExtremeSwitching Switches
Configuration Summary
Selecting the QoS Scheduling Method
Configuring 802.1p or DSCP Replacement
Replacement of 802.1p Priority Information on Egress
Replacement of DSCP on Egress
Replacing a DSCP on Egress
DiffServ Example
Configuring Egress QoS Profile Rate Shaping
Creating or Deleting an Egress QoS Profile
Configuring an Egress QoS Profile
Configuring WRED on an Egress QoS Profile
Configuring Egress Port Rate Limits
Configuring Egress Traffic
Configuring Traffic Groups
Configuring an ACL-Based Traffic Group
Configuring a CoS 802.1p-Based Traffic Group
Enabling and Disabling 802.1p Examination
Changing the 802.1p Priority to QoS Profile Mapping
Configuring a DiffServ-Based Traffic Group
Enabling and Disabling Diffserv Examination
Changing the DSCP to QoS Profile Mapping
Configuring a Port-Based Traffic Group
Configuring a VLAN-Based Traffic Group
Creating and Managing Meters
Creating Meters
Configuring a Meter
Applying a Meter to Ingress Traffic
Deleting a Meter
Adjusting the Byte Count Used to Calculate Traffic Rates
Controlling Flooding, Multicast, and Broadcast Traffic on Ingress Ports
Displaying QoS Configuration and Performance
Displaying Traffic Group Configuration Data
Displaying 802.1p Priority to QoS Profile Mappings
Displaying DiffServ DSCP to QoS Profile Mappings
Displaying Port and VLAN QoS Settings
Displaying Performance Statistics
Displaying QoS Profile Traffic Statistics
Displaying Congestion Statistics
Network Login
Network Login Overview
Web-Based, MAC-Based, and 802.1X Authentication
Multiple Supplicant Support
Network Login Multiple Authentication Support
Support for Attaching and Detaching the UPM profile
Campus and ISP Modes
Spanning Tree Protocol (STP) Support with NetLogin Campus Mode
Network Login and Hitless Failover
Initial Hitless Failover
Network Login over LAG
Network Login over MLAG
Configuring Network Login
Enabling or Disabling Network Login on the Switch
Enabling or Disabling Network Login on a Specific Port
Configuring the Move Fail Action
Displaying Network Login Settings
Setting Netlogin Traps
Exclusions and Limitations
Authenticating Users
Local Database Authentication
Creating a Local Network Login Account--User Name and Password Only
Specifying a Destination VLAN
Adding VLANs when Creating a Local Network Login Account
Adding VLANs at a Later Time
Modifying an Existing Local Network Login Account
Updating the Local Network Login Password
Updating VLAN Attributes
Displaying Local Network Login Accounts
Deleting a Local Network Login Account
802.1X Authentication
Interoperability Requirements
Supplicant Side
Authentication Server Side
Enabling and Disabling 802.1X Network Login
802.1X Network Login Configuration Example
Configuring Guest VLANs
Using Guest VLANs
Guidelines for Configuring Guest VLANs
Creating Guest VLANs
Enabling Guest VLANs
Modifying the Supplicant Response Timer
Disabling Guest VLANs
Unconfiguring Guest VLANs
Displaying Guest VLAN Settings
Post-authentication VLAN Movement
802.1X Authentication and Network Access Protection
Example Scenarios Using NAP
Scenario 1--Healthy Supplicant
Scenario 2--Unhealthy Supplicant
Using NAP-Specific VSAs to Authenticate 802.1X Supplicants
ACLS for Remediation Servers
Web-Based Authentication
Enabling and Disabling Web-Based Network Login
Configuring the Base URL
Configuring the Redirect Page
Configuring Proxy Ports
Configuring Session Refresh
Configuring Logout Privilege
Configuring the Login Page
Configuring a Network Login Banner
Login Page Contents
Uploading the Login File to the Switch
General Guidelines
Limitations
Customizable Authentication Failure Response
Customizable Graphical Image in Logout Popup Window
Web-Based Network Login Configuration Example
Web-Based Authentication User Login
MAC-Based Authentication
Enabling and Disabling MAC-Based Network Login
Associating a MAC Address to a Specific Port
Adding and Deleting MAC Addresses
Displaying the MAC Address List
Configuring MAC Authentication Case Option for User Name and Password
Configuring Reauthentication Period
Securing MAC Configuration Example
MAC-Based Network Login Configuration Example
MAC-Based Authentication Delay
Additional Network Login Configuration Details
Configuring Network Login MAC-Based VLANs
Network Login MAC-Based VLANs Rules and Restrictions
Configuring the Port Mode
Configuring Ingress Filtering
Displaying Network Login MAC-Based VLAN Information
FDB Information
VLAN and Port Information
Network Login MAC-Based VLAN Example
Configuring Dynamic VLANs for Network Login
Specifying the Uplink Ports
Enabling Dynamic VLANs for Network Login
Dynamic VLAN Example with Web-Based Network Login
Displaying Dynamic VLAN Information
Configuring Network Login Port Restart
Guidelines for Using Network Login Port Restart
Enabling Network Login Port Restart
Disabling Network Login Port Restart
Displaying the Port Restart Configuration
Authentication Failure and Services Unavailable Handling
Configuring Authentication Failure VLAN
Dependency on authentication database order
Configuring Authentication Service-Unavailable VLAN
ONEPolicy
ONEPolicy Overview
Implementing Policy
Convergence End Point (CEP) Detection
Captive Portal Redirection
VLAN/VXLAN to Policy Mapping
Device Response to Invalid Policy
Policy-Based Mirrors
Rule Trap and Syslog for ONEPolicy
VCAP Partitioning
Layer 7 Policy/Application Signature
ACL Style Policy
User-based Dynamic Access Control Lists (ACL)
Role-based ACLs
Policy and Lowest Common Denominator Stacking
Standard and Enhanced Policy Considerations
Loop Prevention with Spanning Tree Protocol
Terms and Definitions
Policy Roles
The Policy Role
Defining a Policy Role
Roles in a Secure Network
Setting Default VLAN for Policy Role
Assigning a Class of Service to Policy Role
Adding Tagged, Untagged, and Forbidden Ports to the VLAN Egress Lists
Overwriting VLAN Tags Priority and Classification Settings
Classification Rules
Specifying Storage Type
Forward and Drop
Allowed Traffic Rule-Type on a Port
Rule Precedence
Quality of Service in a Policy Rules Context
Blocking Non-Edge Protocols at the Edge Network Layer
Platform Rule Allocation
Applying Policy Using the RADIUS Response Attributes
NetLogin Authentication
NetLogin Session Timeout and Idle Timeout
Applying Policy Using Hybrid Authentication Mode
Authentication Override
Configuring Policy
ONEPolicy Configuration Examples
Policy Configuration Example
Roles
Policy Domains
Platform Configuration
Configuring Guest Policy on Edge Platforms
Configuring Policy for the Edge Student Fixed Switch
Configuring PhoneFS Policy for the Edge Fixed Switch
Configuring Policy for the Edge Faculty Fixed Switch
Configuring PhoneES Policy for the Services Edge Switch
Configuring Policy for the Services Edge Switch
Configuring the Distribution Layer Role
Captive Portal Redirection Example
Sending a Change of Authentication (CoA) from FreeRADIUS Example
Example Dynamic ACL VSA String
VXLAN
VXLAN Overview
Overlay Routing
Routing Traffic into Tunnels
Routing Traffic from Tunnels
Routing in and out of Tunnels (RIOT)
Route and Neighbor Distribution
Time to Live (TTL) Processing
Differentiated Services Code Point (DSCP)/IP Type of Service (ToS) processing
Optimized VXLAN Replication Using Underlay Multicast
Unicast and Multicast VXLAN
Virtual Network Flood Modes
Flood Mode Standard
Flood Mode Explicit
Flood Mode Multicast
Assisted Replication
Assisted Replication Overview
Assisted Replication Benefits
Assisted Replication Operation
Assisted Replication with VXLAN Access Points
Assisted Replication Supported Platforms
Assisted Replication Limitations
OSPFv2 VXLAN Extensions
Multiprotocol Border Gateway Protocol (MBGP) Support for VXLAN
Address Resolution Protocol (ARP) Learning over Tunnels
Address Resolution Protocol (ARP) Suppression
Dynamic Virtual Networks
Edge Automation
VXLAN Learning
Dynamic Learning
Load Balancing
Quality of Service
Redundant Access
Multi-switch Link Aggregation (MLAG)
Statistics
VXLAN + VMAN Customer Edge Ports Support
Policy and VXLAN
Configuring VXLAN
Adding and Deleting Tunnel Terminating Ports
Configuring Local Endpoints
Enabling and Disabling Remote Endpoints
Configuring Edge Automation
configure database max-retry-interval
Configuring Assisted Replication
Configuring Policy and VXLAN
Configuration Example for Flood Mode Standard
Configuration Example for Flood Mode Explicit
Configuration Example for MLAG
Identity Management
Identity Management Overview
Identity Information Capture
Identity Names
Kerberos Authentication Type Support
Application of ACLs and Policies for Identities
How Roles Affect Ports
Authenticated and Unauthenticated Roles
Blacklist and Whitelist Roles
Greylist Roles
User-Defined Roles
Identity Attributes on an LDAP Server
Match Criteria for Selecting User-Defined Roles
Role Precedence and Priority
Application of Rules or Policies
Role-Based Policy Enforcement
Group Attributes Support
Network Zone Support for Policy Files
Role Refresh
Switch Configuration Changes in Response to Identity Management Events
Identity Management Feature Limitations
Configuring Identity Management
Basic Identity Management Feature Configuration
Configuring the Maximum Database Size
Selecting the Access-List Source-Address Type
Enabling and Disabling Identity Management
Enabling and Disabling Identity Management on Ports
Enabling and Disabling SNMP Traps
Adjusting the Aging Time for Stale Entries
Resetting the Identity Management Configuration to the Default Values
Adding and Deleting Entries in the Blacklist and Whitelist
Configuring Entries in Greylist
Configuring List-Precedence
Configuring Kerberos Snooping
Configuring a Kerberos Server List
Adjusting the Kerberos Snooping Aging Time
Forced Kerberos Logout
Configure Default and User-Defined Roles
Creating and Deleting User-Defined Roles
Configuring Rules or Policies for Default and User-Defined Roles
Configuring LDAP Server Access
Support for Multiple Windows Domains
Changing the Role Priority
Configuring Kerberos Authentication Type
Managing the Identity Management Feature
Clearing the Identity Management Counters
Refreshing the Role Selection for Users
Enabling/Disabling Snooping Identities
Displaying Identity Management Information
Displaying Database Entries
Displaying Configuration Information
Displaying Statistics
Security
Security Features Overview
Security Mode Overview
Secure Mode
Federal Information Processing Standards (FIPS) Mode
Ciphers and Message Authentication Codes (MACs) Supported by Security Modes
Priority with Multiple Security Modes
Using Safe Defaults Mode
MAC Security
MAC Locking
MAC Locking Limitations
MAC Locking Functionality
Configuring MAC Locking
Managing MAC Locking
MAC Locking Configuration Example
Limiting Dynamic MAC Addresses
Configuring Limit Learning
Display Limit Learning Information
Example of Limit Learning
Limiting MAC Addresses with ESRP Enabled
MAC Address Lockdown
MAC Address Lockdown with Timeout
Understanding the Lockdown Timer
Examples of Active and Inactive Devices
Examples of Disconnecting and Reconnecting Devices
Example of Port Movement
Configuring MAC Address Lockdown with Timeout
Enabling and Disabling MAC Address Lockdown with Timeout
Displaying MAC Address Lockdown Information
MAC Security with Pre-shared Key Authentication
Overview
MAC Security with Pre-shared Keys Authentication Limitations
MAC Security with Pre-shared Keys Authentication Supported Platforms
Configuring MAC Security with Pre-shared Keys Authentication
Troubleshooting MAC Security
DHCP Server
Enabling and Disabling DHCP
Configuring the DHCP Server
Displaying DHCP Information
IP Security
DHCP Snooping and Trusted DHCP Server
Configuring DHCP Snooping
Configuring Trusted DHCP Server
Configuring Trusted DHCP Ports
Displaying DHCP Snooping and Trusted Server Information
Clearing DHCP Snooping Entries
Configuring the DHCP Relay Agent Option (Option 82) at Layer 2
Configuring DHCP Binding
Source IP Lockdown
Configuring Source IP Lockdown
Displaying Source IP Lockdown Information
Clear Source IP Lockdown Information
ARP Learning
Configuring ARP Learning
Adding a Permanent Entry to the ARP Table
Configuring DHCP Secured ARP
Displaying ARP Information
Gratuitous ARP Protection
Configuring Gratuitous ARP
Displaying Gratuitous ARP Information
ARP Validation
Configuring ARP Validation
Displaying ARP Validation Information
VSA RADIUS Support for DHCP Snooping and ARP Validation
DHCP Security Support for MLAG Controlling Bridge
Denial of Service Protection
Configuring Simulated Denial of Service Protection
Configuring Denial of Service Protection
Configuring Trusted Ports
Displaying DoS Protection Settings
Protocol Anomaly Protection
Flood Rate Limitation
Authenticating Management Sessions Through a TACACS+ Server
Configuring the TACACS+ Client for Authentication and Authorization
Changing the TACACS+ Server
Specifying TACACS+ Server Addresses
Configuring the TACACS+ Client Timeout Value
Configuring the Shared Secret Password for TACACS+ Communications
Enabling and Disabling the TACACS+ Client Service
Requiring the Privilege Level Attribute for Authentication
TACACS+ Configuration Example
Configuring the TACACS+ Client for Accounting
Specifying the Accounting Server Addresses
Configuring the TACACS+ Client Accounting Timeout Value
Configuring the Shared Secret Password for TACACS+ Accounting Servers
Enabling and Disabling TACACS+ Accounting
TACACS+ Accounting Configuration Example
Authenticating Management Sessions Through a RADIUS Server
How Extreme Switches Work with RADIUS Servers
Configuration Overview for Authenticating Management Sessions
Authenticating Network Login Users Through a RADIUS Server
Differences Between Network Login Authentication and Management Session Authentication
Configuration Overview for Authenticating Network Login Users
Authentication
Authentication Retransmission Algorithm
Accounting
Accounting Retransmission Algorithm
Authentication NMS Realm
Per Realm Authentication Enable/Disable
Supported RADIUS Attributes
Configuring the RADIUS Client
Configuring the RADIUS Client for Authentication and Authorization
Specifying the RADIUS Server Addresses
Configuring the RADIUS Client Timeout Value
Configuring the Shared Secret Password for RADIUS Communications
Enabling and Disabling the RADIUS Client Service
Configuring the RADIUS Client for Accounting
Specifying the RADIUS Accounting Server Addresses
Configuring the RADIUS Client Accounting Timeout Value
Configure the Shared Secret Password for RADIUS Accounting Servers
Enabling and Disabling RADIUS Accounting
RADIUS Server Configuration Guidelines
Configuring User Authentication (Users File)
Session Management Entries
Network Login User Entries
Network Login MAC Address Entries
Standard RADIUS Attributes Used by Extreme Switches
Extreme Networks VSAs
Configuring the Dictionary File
Change-of-Authorization (Dynamic Authorization) Overview
Disconnect Request
NAS Identification
User Session Identification
Disconnect Responses
Security
Limitations
Change of Authorization
Retry Detection
Change-of-Authorization Mandatory Attributes
New Attribute Support
RADIUS Port Bounce
Additional RADIUS Configuration Examples
Installing and Testing the FreeRADIUS Server
Configuring the FreeRADIUS Server
Configuring the RADIUS-to-LDAP Attribute Mappings
Configuring Additional Attributes Mappings
Modifying the RADIUS Schema
Configuring the Authentication Method for Supplicants
Starting the FreeRADIUS Server
Implementation Notes for Specific RADIUS Servers
Cistron RADIUS
RSA Ace
Steel-Belted Radius
Microsoft IAS
Setting Up Open LDAP
Installing OpenLDAP
Configuring OpenLDAP
Configuring slapd for Startup
Adding New Schemas
Populating the LDAP Database with Organization and User Entries
Restarting the LDAP Server
LDAP Configuration Example
FreeRADIUS Sample Dictionary Values
Configuring a Windows 7/Windows 8 Supplicant for 802.1X Authentication
Hypertext Transfer Protocol
Secure Shell 2
SSH Server Overview
Understanding SSH Server
SSH Default Enabled Parameters During Installation
Enabling SSH2 for Inbound Switch Access
Standard Key Authentication
User Key-Based Authentication
Public-Key Infrastructure (PKI) in Secure Shell (SSH) Overview
Example: Configuring PKI for SSH Secure Login Using X509v3 Certificates
SSH X.509v3 Authentication Using RADIUS
Enabling SSH2
Setting SSH2 Rekeying Interval
Enabling/Disabling DSA and X509v3 Public Key Algorithms
Viewing SSH2 Information
Using ACLs to Control SSH2 Access
Sample SSH2 Policies
Configuring SSH2 to Use ACL Policies
Using SCP2 from an External SSH2 Client
Understanding the SSH2 Client Functions on the Switch
SSH/SCP Client Upgrade Limitations
Using SFTP from an External SSH2 Client
Disabling Unapproved Crypto Algorithms
Disabling Unapproved Crypto Algorithms
Configuring Unapproved Crypto Algorithms
Configuration Example: Enable/Disable Ciphers in Default Mode
Configuration Example: Enable/Disable MACs in Default Mode
Configuration Example: Enable/Disable Ciphers in FIPS Mode
Configuration Example: Enable/Disable MACs in FIPS Mode
Configuration Example: Enable/Disable Ciphers in Secure Mode
Configuration Example: Enable/Disable MACs in Secure Mode
Diffie-Hellman Overview
Configuring the Diffie-Hellman Minimal Supported Group
Configuration Example: DH-16 Key-Exchange Algorithm
Configuration Example: DH-1 Key-Exchange Algorithm
Secure Socket Layer
Enabling and Disabling SSL
Creating Self-Signed Certificates and Private Keys
Downloading a Certificate Key from a TFTP Server
Downloading a Private Key from a TFTP Server
Configuring Pregenerated Certificates and Keys
Creating Certificate Signing Requests and Private Keys
Displaying SSL Information
Using Public-Key Infrastructure (PKI) in Your Network
Setting Up PKI
PKI Limitations
ExtremeXOS Image Integrity Check
Secure Boot
CLEAR-Flow
CLEAR-Flow Overview
Configuring CLEAR-Flow
Displaying CLEAR-Flow Configuration and Activity
Adding CLEAR-Flow Rules to ACLs
CLEAR-Flow Rule Match Type
CLEAR-Flow Rule Match Conditions
Count Expression
Delta Expression
Ratio Expression
Delta-Ratio Expression
Rule-True-Count Expression
CLEAR-Flow Rule Actions
Permit/Deny
QoS Profile
Mirror
SNMP Trap
Syslog
CLI
Keyword Substitution
Predefined CLEAR-Flow Counters
CLEAR-Flow Rule Examples
Count Expression Example
Delta Expression Example
Ratio Expression Example
Delta-Ratio Expression Example
EAPS
EAPS Protocol Overview
EAPS Benefits
EAPS Single Ring Topology
EAPS Multiple Ring Topology
Two Rings Connected by One Switch
Multiple Rings Sharing an EAPS Common Link
Spatial Reuse with an EAPS Common Link
Additional Common Link Topology Examples
Fast Convergence
EAPS and Hitless Failover—SummitStack Only
EAPS Licensing
Configuring EAPS
Single Ring Configuration Tasks
Creating and Deleting an EAPS Domain
Adding the EAPS Control VLAN
Adding Protected VLANs
Configuring the EAPS Domain Priority
Defining the Switch Mode (Master or Transit)
Configuring the Ring Ports
Configuring the Polling Timers and Timeout Action
Enabling and Disabling EAPS on the Switch
Enabling and Disabling Fast Convergence
Enabling and Disabling an EAPS Domain
Configuring EAPS Support for Multicast Traffic
Unconfiguring an EAPS Ring Port
Disabling EAPS Loop Protection Warning Messages
Common Link Topology Configuration Tasks
EAPS Shared Port Configuration Rules
Common Link Configuration Overview
Creating and Deleting a Shared Port
Defining the Mode of the Shared Port
Configuring the Link ID of the Shared Port
Configuring the Shared Port Timers and Timeout Action
Unconfiguring an EAPS Shared Port
Clearing the EAPS Counters
Displaying EAPS Information
Displaying Single Ring Status and Configuration Information
Displaying Domain Counter Information
Displaying Common Link Status and Configuration Information
Displaying Common Link Counter Information
Configuration Examples
Migrating from STP to EAPS
Creating and Configuring the EAPS Domain
Creating and Configuring the EAPS Control VLAN
Enabling EAPS and Verify EAPS Status
Configuring the STP Protected VLAN as an EAPS Protected VLAN
Verifying the EAPS Blocking State for the Protected VLAN
Verifying the STP Status and Disabling STP
Designing and Implementing a Highly Resilient Enterprise Network Using EAPS
Designing and Configuring the Unified Access Layer
Creating and Configuring the EAPS Domain
Creating and Configuring the EAPS Control VLAN
Creating and Configuring EAPS Protected VLANs
Enabling the EAPS Protocol and EAPS Domain
Verifying the EAPS Configuration and Status
Designing and Configuring the Aggregation Layer
Creating and Configuring the EAPS Domains
Creating and Configuring the EAPS Control VLANs
Creating and Configuring the EAPS Shared Ports
Enabling the EAPS Protocol and EAPS Domain
Creating and Configuring the EAPS Protected VLANs
Verifying the EAPS Configuration and Operating State
Designing and Configuring L3 Services on EAPS
Configuring IP Addresses on the EAPS Protected VLANs
Configuring OSPF on the EAPS Protected VLANs
Configuring VRRP on the EAPS Protected VLANs
Verifying OSPF and VRRP Configuration Status
Designing and Configuring the Core Layer with EAPS
Creating and Configuring the Backbone EAPS Domain
Creating and Configuring the Backbone EAPS Control VLAN
Creating and Configuring the Backbone EAPS Protected VLANs
Configuring an IP Address and OSPF on the Backbone VLAN
Verifying EAPS and OSPF Configuration Status
Designing and Configuring the Data Center Switches with EAPS
Creating and Configuring the Data Center EAPS Domain
Creating and Configuring the Data Center EAPS Control VLAN
Create and Configure the Data Center EAPS Protected VLANs
Configuring an IP Address and OSPF on the Backbone VLAN
Verifying EAPS and OSPF Configuration Status
CFM Support in EAPS
Configuring EAPS for CFM Support
Binding to a MEP Group
Create MPs and the CCM Transmission Interval
Displaying EAPS MEP Group Bindings
Displaying EAPS Output Change
Configuration Example
Limitations
Platforms Supported
ERPS
ERPS Overview
Supported ERPS Features
G.8032 Version 2
CFM Link Monitoring
Revertive and Non-revertive Mode
Force Switch
Clear Command
Manual Switch
R-APS Control MAC
Timers
Interoperability with EAPS
Sample Configuration
Configuring ERPS
ERPS Version 1 Commands
ERPS Version 2 Commands
Sample Configuration
Debugging ERPS
ERPS Feature Limitations
STP
Spanning Tree Protocol Overview
Compatibility Between IEEE 802.1D-1998 and IEEE 802.1D-2004 STP Bridges
Default Port Path Cost
Bridge Priority
Spanning Tree Protocol (STP) Bridge Priority Incrementing/Decrementing by One
Port Priority
Edge Port Behavior
Restricted Role
Loop Protect
Loop Protect Port Modes
STP Filter Configuration
Backup Root
Multisource Detection
Restrict Topology Change Notification
BPDU Restrict on Edge Safeguard
Disable Forwarding of Spanning Tree Protocol (STP) Bridge Protocol Data Units (BDPUs)
Span Tree Domains
Member VLANs
Carrier VLAN
Protected VLAN
Specifying the Carrier VLAN
STPD Modes
Encapsulation Modes
STPD Identifier
STP States
Binding Ports
Manually Binding Ports
Automatically Binding Ports
Automatically Inheriting Ports--MSTP Only
Rapid Root Failover
STP and Hitless Failover—SummitStack Only
STP Configurations
Basic STP Configuration
Multiple STPDs on a Port
VLANs Spanning Multiple STPDs
EMISTP Deployment Constraints
Per VLAN Spanning Tree
STPD VLAN Mapping
Native VLAN
Rapid Spanning Tree Protocol
RSTP Concepts
Port Roles
Link Types
Configuring Link Types
Configuring Edge Safeguard
Configuring Auto Edge
RSTP Timers
RSTP Operation
Root Port Rapid Behavior
Designated Port Rapid Behavior
Receiving Bridge Behavior
Propagating Topology Change Information
Rapid Reconvergence
Compatibility With STP (802.1D)
Multiple Spanning Tree Protocol
MSTP Concepts
MSTP Regions
Configuring MSTP Region Identifiers
Unconfiguring an MSTP Region
Common and Internal Spanning Tree
Configuring the CIST
CIST Root Bridge
CIST Regional Root Bridge
CIST Root Port
Enabling the CIST
Multiple Spanning Tree Instances
Configuring the MSTI and the MSTI ID
MSTI Regional Root Bridge
MSTI Root Port
Enabling the MSTI
Boundary Ports
MSTP Port Roles
MSTP Port States
MSTP Link Types
MSTP Edge Safeguard
MSTP Timers
MSTP Hop Counts
Configuring MSTP on the Switch
MSTP Operation
STP and Network Login
STP and ONEPolicy
STP and MLAG
STP Rules and Restrictions
Configuring STP on the Switch
STP FDB Flush Criteria
Displaying STP Settings
STP Configuration Examples
Basic 802.1D Configuration Example
EMISTP Configuration Example
RSTP 802.1w Configuration Example
MSTP Configuration Example
ESRP
ESRP Overview
ESRP Master Election
Master Switch Behavior
Pre-Master Switch Behavior
Slave Switch Behavior
Neutral Switch Behavior
Electing the Master Switch
ESRP Failover Time
ESRP Election Algorithms
ESRP Election Algorithms
ESRP Domains
ESRP Groups
ESRP Extended Mode Features
Linking ESRP Switches
ESRP-Aware Switches
Configuring ESRP
Guidelines
ESRP Configuration Overview
Creating and Deleting an ESRP Domain
Configuring the ESRP Domain ID
Adding and Deleting a Master VLAN
Adding and Deleting a Member VLAN
Enabling and Disabling an ESRP Domain
Configuring ESRP-Aware Switches
Operation with Other ExtremeXOS Features
ESRP and IP Multinetting
ESRP and STP
ESRP and VRRP
ESRP Groups and Host Attach
Port Configurations and ESRP
Using ELRP with ESRP
Using ELRP with ESRP to Recover Loops
Configuring ELRP
Configuring Pre-Master Polling
Configuring Master Polling
Configuring Ports
Displaying ELRP Information
Advanced ESRP Features
ESRP Tracking
ESRP Environment Tracking
ESRP VLAN Tracking
ESRP Unicast Route Table Tracking
ESRP Ping Tracking
Displaying ESRP Tracking Information
ESRP Tracking Example
ESRP Port Restart
ESRP Host Attach
ESRP Port Weight and Don‘t Count
Selective Forwarding
Display Selective Forwarding Information
Display ESRP Information
ESRP Configuration Examples
Single Domain Using Layer 2 and Layer 3 Redundancy
Multiple Domains Using Layer 2 and Layer 3 Redundancy
ESRP Over IPv6 Configuration Example
VRRP
VRRP Overview
VRRP Guidelines
VRRP Master Election
VRRP Master Preemption
VRRP Tracking
VRRP Tracking Mode
VRRP VLAN Tracking
VRRP Route Table Tracking
VRRP Ping Tracking
VRRP Address Support for IPv4
VRRP Address Support for IPv6
NTP VRRP Virtual IP support
VRRPv3 Interoperation with VRRPv2
VRRP Fabric Routing
Fabric Routing Functionality
Enabling Fabric Routing Mode
Fabric Routing Limitations
VRRP and Hitless Failover
VRRP Host Mobility
VRRP Grouping to Increase VR Scaling
VRRP Grouping Limitations
VRRP Grouping Description
Enabling Fabric Routing on VRs
Characteristics of VRs in a Group
Switching Between Individual VR Mode and High-Scale Mode (Group)
Configuring VRRP
Creating and Deleting VRRP Router Instances
Adding and Deleting VRRP Router IP Addresses
Adding an IPv6 Link Local Address to a VRRP Router
Configuring the VRRP Router Advertisement Interval
Configuring VRRP Router Advertisement by Link Local Address Only
Configuring Master Preemption
Configuring VRRP Router Priority
Configuring the Accept Mode
Configuring NTP VRRP Virtual IP support
Configuring VRRP Version Support
Configuring VRRP Tracking
Configuring the Tracking Mode
Adding and Deleting Tracked Routes
Adding and Deleting Tracked VLANs
Adding and Deleting Tracked Pings
Configuring VRRP Fabric Routing
Configuring Host Mobility
Configuring VRRP Groups
Managing VRRP
Enabling and Disabling VRRP and VRRP Router Instances
Clearing VRRP Counters
Displaying VRRP Information
Displaying VRRP Router Information
Displaying VRRP Router Information and Statistics for VLANs
Displaying VRRP Tracking Information
VRRP Configuration Examples
Simple VRRP Network Examples
VRRP Load Sharing Example
VRRP Tracking
VRRP Groups Configuration Example
MPLS
MPLS Overview
How MPLS Works
MPLS Protocol Preference
MPLS Terms and Acronyms
LDP Support
LDP Neighbor Discovery
Advertising Labels
Propagating Labels
Label Advertisement Modes
Label Retention Modes
LSP Control Modes
MPLS Routing
MPLS Layer Details
MPLS Shim Header
MPLS Label Stack
Penultimate Hop Popping
Label Binding
Label Space Partitioning
Routing Using Matching and Calculated LSP Next Hops
Matching LSP Next Hops
OSPF Calculated LSP Next Hops
BGP Calculated LSP Next Hops
LSP Precedence and Interaction
Multivendor Support for Calculated LSPs
Layer 2 VPN over MPLS Overview (VPLS and VPWS)
Layer 2 VPN Support
Layer 2 VPN Service Deliminators
MPLS Pseudowires
Transporting 802.1Q Tagged Frames
Establishing LDP LSPs to PW Endpoints
Using LDP to Signal PW Label Mappings
LSP Selection
Layer 2 VPN Domains
MAC Learning
Spanning Tree Protocols
IP Protocol Considerations
MPLS Layer 2 VPN Characteristics
Layer 3 VPN over MPLS Overview
H-VPLS Overview
Eliminating Packet Replication by the MTU
Simplifying Customer Service Provisioning
Redundant Spoke Pseudowire Connections
MAC Address Withdrawal TLV Support
Event Log Messages
SNMP Support
Protected VPLS and H-VPLS with ESRP Redundancy Overview
Fault Tolerant Access Points Assumptions and Limitations
H-VPLS Redundant Edge Network
Fault Tolerant VPLS Operation
Performance of Fault Tolerant VPLS Access Points
Deployment and Application Considerations
Event Log Messages
SNMP Support
VPLS STP Redundancy Overview
Failure Recovery Scenario without VPLS STP Redundancy
Failure Recovery Scenario with VPLS STP Redundancy
Requirements and Limitations
Enabling and Disabling VPLS STP Redundancy
VPLS EAPS Redundancy Overview
Requirements and Limitations
Failure Recovery Scenario 1
Failure Recovery Scenario 2
Failure Recovery Scenario 3
RSVP-TE Overview
RSVP Elements
Message Types
Reservation Styles
RSVP Traffic Engineering
RSVP Tunneling
RSVP Objects
ERO Exclude Option
Establishing RSVP-TE LSPs
RSVP-TE Implementation
Explicit Route Path LSPs
Route Recording
LSP Session Attributes
Bandwidth Reservation
Bandwidth Management for RSVP-TE LSPs
Redundant LSPs
Improving LSP Scaling
Supporting Quality of Service Features
Propagation of IP TTL
Configuring MPLS
Configuration Overview
Moving MPLS From VR to VR
Configuring the MPLS LSR ID
Adding MPLS Support to VLANs
Enabling and Disabling MPLS on an LSR
Enabling and Disabling MPLS on a VLAN
Enabling LDP on the Switch
Enabling and Disabling LDP on a VLAN
Creating Static LSPs
Configuring Penultimate Hop Popping
Configuring QoS Mappings
Mapping Dot1p to EXP Bits
Enabling and Disabling LDP Loop Detection
Configuring an LDP Label Advertisement Filter
Configuring LDP Session Timers
Restoring LDP Session Timers
Clearing LDP Protocol Counters
Resetting MPLS Configuration Parameter Values
Managing the MPLS BFD Client
Displaying MPLS Configuration Information
Displaying MPLS Basic Configuration Information
Displaying LDP Basic Configuration Information
Displaying MPLS Interface Information
Displaying LDP Interface Information
Displaying MPLS Label Information
Displaying MPLS Label Mapping Information
Displaying MPLS QoS Mapping Information
Displaying LDP Peer Session Information
Displaying LDP Protocol Counters
Displaying LDP LSP Forwarding Database
Displaying RSVP-TE LSP Configuration Information
Displaying the RSVP-TE Paths
Displaying the RSVP-TE Path Profile
Displaying the RSVP-TE LSP
MPLS Configuration Example
Configuring MPLS Layer-2 VPNs (VPLS and VPWS)
Configuring MPLS for Establishing Layer 2 VPN Instances
Creating or Deleting a Layer 2 VPN Domain
Enabling or Disabling a Layer 2 VPN Domain
Adding or Deleting a Layer 2 VPN Peer
Add or Delete a Layer 2 VPN Service
Enabling or Disabling a Layer 2 VPN Service
Managing Layer 2 VPN Packet Forwarding Options
Configuring the Layer 2 VPN MTU
Managing VPLS Redundancy Options
Displaying Layer 2 VPN Status
Displaying Layer 2 VPN Statistics
Managing Layer 2 VPN SNMP Traps
VPLS VPN Configuration Examples
Basic Point-to-Point VPLS Configuration Example
Multipoint Full Mesh VPLS Configuration Example
VPLS with Redundant EAPS Configuration Example
Core 1 Router Configuration
Core 2 Router Configuration
Configuring H-VPLS
Configuring H-VPLS Spoke Nodes
Configuring H-VPLS Core Nodes
Configuring the MAC Address Withdrawal Feature
Displaying H-VPLS Configuration Information
Configuring Protected VPLS
Configuring RSVP-TE
Enabling and Disabling RSVP-TE on the Switch
Enabling and Disabling RSVP-TE on a VLAN
Configuring RSVP-TE Protocol Parameters
Creating or Deleting an RSVP-TE LSP
Creating an RSVP-TE Path
Configuring an Explicit Route
Reserving Bandwidth for MPLS
Creating and Deleting an RSVP-TE Profile
Configuring an RSVP-TE Profile
Adding a Path to an RSVP-TE LSP
Setting up Fast-Reroute Protection for an LSP
RSVP-TE Configuration Example
Troubleshooting MPLS
Using LSP Ping
Using LSP Trace
Using the Health Check VCCV Feature
IPv4 Unicast Routing
IPv4 Unicast Overview
Router Interfaces
GRE Tunnel
IP Maximum Transmission Unit Configuration
TCP Maximum Segment Size Adjustment
IPv6 Transport in IPv4 GRE Tunnel
GRE Tunnel Example Configuration
Populating the Routing Tables
Dynamic Routes
Static Routes
ExtremeXOS Resiliency Enhancement for IPv4 Static Routes
Multiple Routes
Relative Route Priorities
IP Route Sharing and ECMP
Equal-cost Multi-path Routing (ECMP) Hashing Alternatives for IPv4/IPv6
Compressed Routes
Event Log Messages
Exceptional Scenarios
ECMP Handling When IP Route Sharing Is Enabled
ECMP Handling When IP Route Sharing Is Disabled
Hardware Routing Table Management
Extended IPv4 Host Cache
Introduction to Hardware Forwarding Tables
LPM Table Management
Extended IPv4 Host Cache Management Guidelines
IPv4 Host Entry Population Sequence
Calculating the Number of Routes Needed
ECMP Hardware Table
Configuring Unicast Routing
Configuring Basic Unicast Routing
Adding a Default Route or Gateway
Configuring Static Routes
Configuring the Relative Route Priority
Configuring Hardware Routing Table Usage
Configuring IP Route Sharing
Managing IP Route Sharing
Viewing the IP Route Sharing Configuration
Configuring Route Compression
Configuring Static Route Advertisement
Displaying the Routing Configuration and Statistics
Viewing IP Routes
Viewing the IP ARP Table
Viewing IP ARP Statistics
Viewing the IP Configuration for a VLAN
Viewing Compressed Routes
Routing Configuration Example
Address Resolution Protocol (ARP) and Neighbor Discovery (ND)
Proxy ARP
ARP-Incapable Devices
Proxy ARP Support for Reachable Routes in the Network
Proxy ARP Between Subnets
IPv4 Multinetting
Multinetting Topology
How Multinetting Affects Other Features
ARP
Route Manager
IRDP
Unicast Routing Protocols
IGMP Snooping and IGMP
Multicast Routing Protocols
EAPS, ESRP, and STP
DHCP Server
DHCP Relay
VRRP
Configuring IPv4 Multinetting
IP Multinetting Examples
DHCP/BOOTP Relay
Managing DHCP/BOOTP Relay
Configuring the DHCP Relay Agent Option (Option 82) at Layer 3
Enabling and Disabling the DHCP Relay Agent Option
Enabling and Disabling DHCP Packet Checking
Configuring the DHCP Packet Handling Policy
Configuring the DHCP Agent Circuit ID Suboption
Viewing the DHCP/BOOTP Relay Statistics and Configuration
DHCP Smart Relay
Broadcast UDP Packet Forwarding
Configuring UDP Forwarding
Configuring UDP Echo Server Support
IP Broadcast Handling
IP Broadcast Handling Overview
VLAN Aggregation
VLAN Aggregation Properties
VLAN Aggregation Limitations
SubVLAN Address Range Checking
Isolation Option for Communication Between SubVLANs
VLAN Aggregation Example
Verify the VLAN Aggregation Configuration
IP Network Address Translation (NAT)
IPv6 Unicast Routing
IPv6 Unicast Overview
Router Interfaces
Tunnels
Specifying IPv6 Addresses
Scoped Addresses
IPv6 Addresses Used in Examples
Neighbor Discovery Protocol
Managing Neighbor Discovery
Create and Delete Static Entries
Configure the Neighbor-Discovery Cache Size
Manage Neighbor-Discovery Cache Updates
Clear the Neighbor-Discovery Cache
Return to the Neighbor-Discovery Cache Default Configuration
Display Neighbor-Discovery Cache Entries
IPv6 Router Advertisement Options for DNS
IPv6 Router Advertisement Filtering
Managing Duplicate Address Detection
DAD Overview
Configure DAD
Display DAD Configuration and Statistics
Clear the DAD Counters
Populating the Routing Table
Dynamic Routes
Static Routes
ExtremeXOS Resiliency Enhancement for IPv6 Static Routes
Multiple Routes
Relative Route Priorities
Unique Local Address (ULA) for IPv6
Managing IPv6 Unicast Routing
Enabling Route Sharing for IPv6
Configuring Basic IP Unicast Routing
Managing Router Discovery
Enable and Disable Router Discovery
Add and Delete Prefixes for Router Discovery
Configure Router Discovery Settings
Display Router Discovery Configuration Settings
Managing Tunnels
Create an IPv6-in-IPv4 Tunnel
Create an IPv6-to-IPv4 Tunnel
Delete a Tunnel
Configure an IPv6 Address for a Tunnel
Display Tunnel Information
Verifying the IP Unicast Routing Configuration
Managing IPv6 Routes and Hosts in External Tables
IPv6 ECMP and 32-Way ECMP
DHCPv6 Relay Remote-ID Option
DHCPv6 Relay Agent Prefix Delegation
Relay Agent Behavior in Prefix Delegation
DHCPv6 Client
DHCP Unique Identifier
DHCP Unique Identifier Content
Client Requested DHCPv6 Options
Configuring DHCPv6 BOOTP Relay
Configure Route Compression
Hardware Forwarding Behavior
Hardware Forwarding Limitations
Hardware Tunnel Support
Routing Configuration Example
Tunnel Configuration Examples
6in4 Tunnel Configuration Example
6to4 Tunnel Configuration Example
Host Configurations
GRE Tunnel Configuration Example
RIP
IGPs Overview
RIP Versus OSPF and IS-IS
Advantages of RIP, OSPF, and IS-IS
Overview of RIP
Routing Table
Split Horizon
Poison Reverse
Triggered Updates
Route Advertisement of VLANs
RIP Version 1 Versus RIP Version 2
Route Redistribution
Configuring Route Redistribution
Redistribute Routes into RIP
RIP Configuration Example
RIPng
RIPng Overview
RIPng versus OSPFv3 and IS-IS
Advantages of RIPng, OSPFv3, and IS-IS
RIPng Routing
Routing Table
Split Horizon
Poison Reverse
Triggered Updates
Route Advertisement of VLANs
Route Redistribution
Configuring Route Redistribution
Redistributing Routes into RIPng
RIPng Configuration Example
OSPF
OSPF Overview
OSPF Edge Mode
BFD for OSPF
Link State Database
Database Overflow
Opaque LSAs
Graceful OSPF Restart
Restarting and Helper Mode
Planned and Unplanned Restarts
Configuring Graceful OSPF Restart
Areas
Backbone Area (Area 0.0.0.0)
Stub Areas
Not-So-Stubby-Areas
Normal Area
Virtual Links
Point-to-Point Support
Route Redistribution
Import Policy
Configuring Route Redistribution
Redistribute Routes into OSPF
OSPF Timers and Authentication
OSPF Inter-VR Route Redistribution
Configuring OSPF
Configuring OSPF Wait Interval
OSPF Wait Interval Parameters
OSPF Configuration Example
Configuration for ABR 1
Configuration for IR 1
Displaying OSPF Settings
OSPFv3
OSPFv3 Overview
OSPFv3 Edge Mode
BFD for OSPFv3
Link State Database
Graceful OSPFv3 Restart
Restarting and Helper Mode
Planned and Unplanned Restarts
Configuring Graceful OSPFv3 Restart
Areas
Backbone Area (Area 0.0.0.0)
Stub Areas
Not-So-Stubby-Areas
Normal Area
Virtual Links
Link-Type Support
Import Policy
Route Redistribution
Configuring Route Redistribution
Redistributing Routes into OSPFv3
OSPFv3 Timers
Virtual Routing and Forwarding (VRF) for OSPFv3
OSPFv3 Authentication
IPsec Authentication
Authentication Trailer
IS-IS
IS-IS Overview
Establishing Adjacencies
Point-to-Point Adjacency
Broadcast Adjacency
IS-IS Hierarchy
IS-IS and IP Routing
Summary Addresses
External Connectivity
Authentication
Dynamic Hostname
Route Leaking
Metric Types
IS-IS Restart
IPv4 and IPv6 Topology Modes
Route Redistribution
Configuring Route Redistribution
Configuring IS-IS
Configuring L1 Routers
Configuring L1/L2 Routers
Configuring L2 Routers
Configuring IS-IS Timers
Configuring the Graceful Restart Feature
Configuring Hello Padding
Configuring Interlevel Filters
Configuring the Dynamic Hostname Feature
Configuring the Adjacency Check Feature
Configuring an Import Policy
Configure the Multi-Topology Feature
Displaying IS-IS Information
Displaying General Information for Global IS-IS
Displaying Router-Specific Information
Displaying Router Summary Addresses
Displaying IS-IS Interface Information
Displaying Link State Database Information
Displaying IPv4 and IPv6 Topology Information
Displaying IS-IS Neighbors
Displaying IS-IS Counter Data
Managing IS-IS
Configuring Password Security
Managing Transit Traffic with the Overload Bit
Clearing the IS-IS Counters
Originating an L2 Default Route
Managing IP Summary Addresses
Managing an IS-IS Area Address
Managing VLAN Interfaces
Adding a VLAN Interface
Setting the VLAN Interface Link Type
Setting the VLAN Interface Circuit Type
Configuring VLAN Interface Metrics
Configuring the DIS Priority for Broadcast Interfaces
Configuring Interface Participation in a Mesh Environment
Resetting a VLAN Interface to the Default Values
Deleting a VLAN Interface
Managing IS-IS Routers
Adding an IS-IS Router
Changing the IS-IS Level of a Router
Resetting an IS-IS Router to the Default Values
Restarting All IS-IS Routers in a Virtual Router
Disabling an IS-IS Router
Deleting an IS-IS Router
Configuration Example
BGP
BGP Overview
BGP Four-Byte AS Numbers
BGP Attributes
BGP Community Attributes
Extended Community Attributes
Extended Community Processing
Associating the Extended Community Attribute to the BGP Route
Syntax in Match block
Syntax in Set block
Examples of Extended Communities
Extended Community Syntax
Extended Community Match Rule in Policy
Extended Community Set Rule in Policy
Extended Communities and BGP Route Aggregation
Multiprotocol BGP
Route Reflectors
Route Confederations
Inactive Route Advertisement
Default Route Origination and Advertisement
Using the Loopback Interface
Looped AS_Path Attribute
BGP Peer Groups
Bidirectional Forwarding Detection (BFD) for BGP
BGP Route Flap Dampening
BGP Route Selection
Private AS Number Removal from Route Updates
Route Redistribution
BGP ECMP
BGP Mulitipath-Relax
BGP Static Network
Graceful BGP Restart
Graceful Restart in the Restarting Switch
Graceful Restart on the Receiving Switch
Planned and Unplanned Restarts
Cease Subcodes
Maximum Number of Prefixes Reached
Administrative Shutdown
Peer De-configured
Other Configuration Change
Connection Collision Resolution
Fast External Fallover
Capability Negotiation
IPv4 Capability Negotiation
IPv6 Capability Negotiation
Route Refresh
Configuration Overview
Configuring BGP Router Settings
Configure the BGP Router ID
Configure the AS Number
Configure the AS Number and Community Display Formats
Configure the BGP Local Preference
Configure the BGP MED
Configure BGP ECMP
Configure BGP Multipath-Relax
Configure Graceful BGP Restart
Configuring Fast External Fallover
Configuring BGP Neighbors
Create and Delete BGP Neighbors
Configure a Description for a Neighbor
Configure a Password for Neighbor Communications
Configure the Supported Address Families and Route Refresh
Configure Timers for BGP Neighbor Communications
Configure the Neighbor Shutdown Priority
Setting an Alternative Local Autonomous System (AS)
Configuring Route Acceptance
Assign a Weight Value to Routes Learned from a Neighbor
Configure the Maximum Number of Prefixes
Configure Acceptance of Looped BGP Routes from Neighbors
Configuring Route Origination
Configure the Source Interface Address
Enable and Disable Default Route Origination
Configure Inactive Route Advertisement
Configure the Originating Next Hop Address for Outgoing Updates
Include or Exclude the Community Path Attribute
Remove Private AS Numbers from Route Updates
Configure a Route Map Filter
Enable and Disable the Soft Input Reset Feature for a Neighbor
Configure Route Flap Dampening
Configuring Bidirectional Forwarding Detection (BFD) on BGP Neighbor
Configure Maximum AS Path Length
Configuring BGP Peer Groups
Create or Delete a BGP Peer Group
Add Neighbors to a BGP Peer Group
Configure a Remote AS Number for a Peer Group
Create and Delete BGP Static Networks
Import Routes from Other Protocols to BGP
Export BGP Routes to other Protocols
Configure Route Aggregation
Configure Route Reflectors
Configure a Route Confederation
Managing BGP
Enable and Disable BGP Neighbors
Enable and Disable a Peer Group
Enable and Disable BGP
Refresh BGP Routes
Configure BFD for BGP
Reapply a Policy
Clear BGP Flap, Session, or Route Statistics
Clear BGP Neighbor Counters
Displaying BGP Information
Display BGP Router Configuration and Route Statistics
Display Peer Group Configuration Information
Display BGP Route Information
Display Layer 3 VPN Peer Session Information
Display BGP Memory Usage
Configuration Examples
BGP IPv6 Example
Graceful BGP Restart Configuration Example for IPv4
Graceful BGP Restart Configuration Example for IPv6
Route Reflector Example for IPv4
Route Reflector Example for IPv6
Route Reflector (Switch1) Configuration
Switch2 Route Reflector Client Configuration
Switch3 Route Reflector Client Configuration
Switch4 Configuration
Configuration Display for Switch1
Configuration Display for Switch2
Route Confederation Example for IPv4
Route Confederation Example for IPv6
Default Route Origination Example for IPv4
Default Route Origination Example for IPv6
BGP Speaker Black Hole Example
Step 1
Step 2
Step 3
Output
BGP Route Filtering Example for IPv4
Router A Configuration
Router B Configuration
BGP Routes Before Policy Application
Creating and Applying the Route Filter Policy
BGP Routes After Policy Application
BGP Route Filtering Example for IPv6
Router A Configuration
Router B Configuration
BGP Routes Before Policy Application
Creating and Applying the Route Filter Policy
BGP Routes After Policy Application
Route Aggregation Example for IPV4
Route Aggregation Example for IPv6
Layer 3 Virtual Private Network
Overview of Layer 3 VPN
Overview of BGP/MPLS Network
Overlapping Customer Address Spaces
Multi-protocol BGP Extension
Multiple Forwarding Tables
Quality of Service in BGP/MPLS VPN
Virtual Routing and Forwarding Instances
L3VPN BOOTP Relay
L3VPN Configuration Example
Ethernet Virtual Private Network (EVPN)
EVPN Overview
EVPN Supported Platforms
EVPN Limitations
EVPN Supported Route Types
Configuring EVPN Overview
Recommended Configuration
Configuring EVPN
Applying Manual Route Targets to EVPN Instances
BGP EVPN Partial Route Target Matching
EVPN Commands
Displaying EVPN Information
EVPN Configuration Examples
EVPN with iBGP Configuration Example
EVPN with eBGP Configuration Example
EVPN with eBGP Between Leaf and Spine Configuration Example
EVPN with Symetric Routing Configuration Example
Multicast Routing and Switching
Multicast Routing Overview
Multicast Table Management
IP Multicast Hardware Lookup Modes
IPv4 Multicast Route Table
L3 Hash Table
IP Multicast Group Table
PIM Overview
PIM Edge Mode
PIM Dense Mode
PIM-DM Without State Refresh
PIM-DM with State Refresh
PIM Sparse Mode
PIM Mode Interoperation
PIM Source Specific Multicast
Configuring the PIM-SSM Address Range
PIM Snooping
PIM Register Policy
PIM DR Priority
PIM ECMP Load Splitting
IPv6 Specific Features
Anycast Rendezvous Point (RP) Using PIM (RFC 4610)
PIM Multicast Routing Over GRE Tunnels
IGMP Overview
IGMP Snooping
IGMP Snooping Filters
Static IGMP
IGMP Loopback
Limiting the Number of Multicast Sessions on a Port
Enabling and Disabling IGMP Snooping Fast Leave
IGMP-SSM Mapping
Limitations
Configuring IGMP-SSM Mapping
Displaying IGMP-SSM Mappings
IGMP Statistics
Configuring EAPS Support for Multicast Traffic
Configuring IP Multicast Routing
Enabling Multicast Forwarding
Configuring PIM
Configuring Multicast Static Routes
Disabling IP Multicast Compression
Configuring Anycast RP Using PIM (RFC 46010)
Multicast Over MLAG Configuration
PIM Configuration Examples
PIM-DM Configuration Example
PIM-SM Configuration Example
PIM-SSM Configuration Example
PIM Snooping Configuration Example
Configuring PIM Multicast Routing Over GRE Tunnels
Multicast VLAN Registration
Basic MVR Deployment
Static and Dynamic MVR
Configuring MVR Address Range
Configuring Static and Dynamic MVR
MVR Configuration Example
MVR Forwarding
Inter-Multicast VLAN Forwarding
MVR Configurations
MVR with EAPS
MVR with STP
MVR in a VMAN Environment
Displaying Multicast Information
Displaying the Multicast Routing Table
Displaying the Multicast Cache
Looking Up a Multicast Route
Looking Up the RPF for a Multicast Source
Displaying the PIM Snooping Configuration
Displaying Anycast Rendezvous Point (RP) Using PIM (RFC 4610)
Troubleshooting PIM
Multicast Trace Tool
Multicast Router Information Tool
IPv6 Multicast
Multicast Listener Discovery (MLD) Overview
ExtremeXOS Resiliency Enhancement for IPv6 Static Routes
Managing MLD
Enabling and Disabling MLD on a VLAN
MLD Snooping
MLD Snooping Filters
Limiting the Number of Multicast Sessions on a Port
Configuring MLD Snooping
Clearing MLD Group Registration
Configuring Static MLD
MLD Loopback
Displaying MLD Information
MLD SSM Mapping
SSM Address Range
Handling MLD Reports
SSM Data Forwarding
DNS Request/Response
DNS Timers
DNS Server
Configuring MLD SSM Mapping
MSDP
MSDP Overview
Supported Platforms
Limitations
PIM Border Configuration
MSDP Peers
MSDP Default Peers
Peer Authentication
Policy Filters
SA Request Processing
MSDP Mesh-Groups
Anycast RP
SA Cache
Maximum SA Cache Entry Limit
SNMP MIBs
Keychain Manager
Keychain Manager Overview
Configuring and Using Keychain Manager
RADIUS over TLS
TLS Connection Persistence
PKI Authentication of TLS Connections
Revocation Checking of Server Certificates via OCSP
Limitations
Supported Platforms
RADIUS Over TLS CLI Commands
Setting Up FreeRADIUS TLS
Software Upgrade and Boot Options
ExtremeXOS Upgrade Process
Creating a Backup Configuration File
Download URL Method
Downloading a New Image
Image Integrity Checking
Hash Verification
Finding the Inactive Partition
Installing a Core Image
Installing a Core Image with NMS
Copying an Image from the Active to Inactive Partition
Reboot Options
Reboot the Switch
Reboot a Node in a SummitStack
Understanding the Image Version String
Image Types and Image Filename Prefixes
Software Signatures
Understanding Core Dump Messages
Installing a Modular Software Package
Upgrading a Modular Software Package
Configuration Changes
Image Configuration Overview
Automatic Saving of Configuration Files
View a Configuration
Comparing Configurations
Restore Factory Defaults
Uploading ASCII-Formatted Configuration Files
Summary of Tasks
Upload the ASCII Configuration File To a TFTP Server
Download the ASCII Configuration File to the Switch
Verify that the ASCII Configuration File is on the Switch
Load the ASCII Configuration File
Save the Configuration
Using Autoconfigure and Autoexecute Files
Using TFTP to Upload the Configuration
Using TFTP to Download the Configuration
Synchronizing Nodes
Automatic Synchronization of Configuration Files
Upgrading the BootROM
Upgrading the Firmware
Displaying the BootROM and Firmware Versions
Troubleshooting
Troubleshooting Checklists
Layer 1
Layer 2
Layer 3
LEDs
Using the Command Line Interface
General Tips and Recommendations
The ExtremeSwitching switch displays only the "(pending-AAA) login" prompt
Node Prompt—SummitStack Only
Command Prompt
Port Configuration
Software License Error Messages
VLANs
STP
ESRP
VRRP
Using ELRP to Perform Loop Tests
About Standalone ELRP
Non-periodic ELRP Requests
Periodic ELRP Requests
ELRP Egress Port Disable
Exclude Port List
ELRP with Dynamic VLANs
ELRP with Virtual Extensible LAN (VXLAN)
Hardware-Assisted ELRP
Configuring Standalone ELRP
Configuring Non-periodic Requests
Configuring Periodic Requests
Configuring Exclude Port List
Displaying Standalone ELRP Information
Example: ELRP on Protocol-Based VLANs
Using Simple Loop Prevention Protocol (SLPP) Guard
Configuring Simple Loop Prevention Protocol (SLPP) Guard
Debug Mode
Saving Debug Information
Enabling the Send Debug Information Switch
Copy Debug Information to Removable Storage Devices
Copying Debug Information to a TFTP Server
Managing Debug Files
Evaluation Precedence for ACLs
TOP Command
TFTP Server Requirements
System Odometer
Monitored Components
Recorded Statistics
Temperature Operating Range
Understanding the Error Reading Diagnostics Message
Proactive Tech Support
Locating a Collector
Configuring Proactive Tech Support
Technical Support Bundles for Troubleshooting
Supported Standards, Protocols, and MIBs
Extreme Networks Proprietary MIBs
EXTREME ACL MIB
CTRON Alias MIB
EXTREME-CFGMGMT-MIB
ENTERASYS-APPLICATION-SIGNATURE-MIB
ENTERASYS-CONVERGENCE-END-POINT-MIB
EXTREME ENTERASYS ENTITY SENSOR MIB
ENTERASYS-MAC-AUTHENTICATION-MIB
ENTERASYS-MIRROR-CONFIG-MIB
ENTERASYS-MULTI-AUTH-MIB
ENTERASYS-POLICY-PROFILE-MIB
ENTERASYS-RADIUS-ACCT-CLIENT-EXT-MIB
ENTERASYS-RADIUS-AUTH-CLIENT-MIB
ENTERASYS-RADIUS-DYNAMIC-AUTHOR-SERVER-EXT-MIB
ENTERASYS SYSLOG MIB
ENTERASYS-VLAN-AUTHORIZATION-MIB
EXTREME-AUTOPROVISION-MIB
EXTREME-CFM-MIB
EXTREME-CLEARFLOW-MIB
EXTREME-CPU-MONITOR-TOTAL-UTILIZATION-MIB
EXTREME-EAPS-MIB
EXTREME-EDP-MIB
EXTREME-ENTITY-MIB
EXTREME-ERPS-MIB
EXTREME-ESRP-MIB
EXTREME-FDB-MIB
EXTREME-MAC-AUTH-MIB
EXTREME MLAG MIB
EXTREME-MPLS-MIB
EXTREME-MPLS-TE-MIB
EXTREME-OSPF-MIB
EXTREME-PoE-MIB
EXTREME-PORT-MIB
Pseudowire LSP Sharing MIB
EXTREME-QOS-MIB
EXTREME-PVLAN-MIB
EXTREME-SNMPv3-MIB
EXTREME-STP-EXTENSIONS-MIB
EXTREME-STPNOTIFICATIONS-MIB
EXTREME-SYSTEM-MIB
EXTREME-V2TRAP-MIB
EXTREME-VLAN-MIB
EXTREME-VM-MIB
MIB Support Details
ETMONSERVICEABILITYTRAP
IEEE 802.1AB (LLDP-MIB)
IEEE 802.1AB (LLDP-EXT-DOT1-MIB)
IEEE 802.1AB (LLDP-EXT-DOT3-MIB)
IEEE 802.1AG (CFM MIB)
IEEE8021-PAE-MIB
IEEE8021X-EXTENSIONS-MIB
ISIS-MIB (draft-ietf-isis-wg-mib-10.txt)
OSPFv3-MIB (draft-ietf-ospf-ospfv3-mib-10)
PIM-MIB (draft-ietf-pim-mib-v2-01.txt)
SNMPv3 MIBs
RFC 1213 (MIB-II)
RFC 1493 (BRIDGE-MIB) and draft-ietf-bridge-rstpmib-03.txt
RFC 4363 (P-BRIDGE-MIB)
RFC 4363 (Q-BRIDGE-MIB)
RFC 1724 (RIPv2-MIB)
RFC 1850 (OSPF-MIB)
RFC 2233 (IF-MIB)
RFC 2613 (SMON)
RFC 2665 (EtherLike-MIB)
RFC 2668 (MAU-MIB)
RFC 2787 (VRRP-MIB)
RFC-3433 (Entity Sensor MIB)
RFC 3621 (PoE-MIB)
RFC 4022 (TCP-MIB)
RFC 4087 (TUNNEL-MIB)
RFC 4113 (UDP-MIB)
RFC-4133 (ENTITY MIB)
RFC 4292 (IP-FORWARD-MIB)
RFC 4293 (IP-MIB)
RFC 5601 (PW-STD-MIB)
RFC 5602 (PW-MPLS-STD-MIB)
RFC 5603 (PW-ENET-STD-MIB)
RFC 5643
RFC 6933 (ENTITY-MIB)
VPLS-MIB (draft-ietf-l2vpn-vpls-mib-02.txt)
Creating and Deleting User-Defined Roles
To create or delete a role, use the following commands:
create identity-management role
role_name
match-criteria
match_criteria
{priority
pri_value
}
delete identity-management role {
role-name
| all}
To create or delete a child role, use the following commands:
configure identity-management role
role_name
add child-role
child_role
configure identity-management role
role_name
delete child-role [
child_role
| all]