Vous êtes sur la page 1sur 12

Home

EXOS - Setup and Configuration


Examples in GNS3 (Linux)

guybrushthreepwood

Mar 11, 2015 11:35 AM

EXOS Setup and Configuration Examples in GNS3 (Linux)


Register with Extreme Networks, and download the extremexosvm1532.zip file (or
newer). I strongly urge you to download the EXOS User Guide, and the EXOS
Command Reference. They'll come in handy.
Extract the zip file, and navigate to the /extremexosvm1532/XOS_VM_LAB/ folder.
Extract EXOS_VM_15_3_2.zip, and you'll end up with the exosvm.vmdk file that we
need.
In GNS3, click Edit->Preferences->QEMU VMs->New.

Leave Type as Default, and name it whatever you wish. Click Next.

Increase the amount of RAM from 256MB to 1024MB. Click Next.

Browse and select the exosvm.vmdk file we extracted. Click Finish. Back at the QEMU
screen, make sure your new device is highlighted, and click Edit.

Click the Network tab, and increase the amount of network adapters to 8.

Click the Advanced tab, and in the Additional settings field, type "-nographic -enablekvm". Click Ok. Back at the QEMU screen, click Apply and OK.
Drop an instance of your new device into a blank topology, start it, right-click it, and
choose Console.

Now, if you elected to not use "-nographic", you'll see GRUB appear in the QEMU
window. Selecting the "Primary Image with serial console" is preferred, but not
required. If you DID add "-nographic" and are using the console, you won't see this
option.

Once you reach the login prompt, give it a few seconds to move from "pending-AAA"
to a plain login prompt. The user name is admin, with no password. At this point, it
will ask you a bunch of questions. Just accept the defaults, and keep pressing Enter
until you reach the "Summit-PC.1#" prompt.
Now, this is where things are different than IOS, EOS, Junos, etc... There's no such
thing as an Privileged Exec or Global Config mode. Everything from show commands
to configuration is done in this one mode. And don't worry that the number next to
the prompt keeps increasing. That's normal.
At this point, I'll so a few basic ways of configuring EXOS. Let's get started
configuring, shall we?

In this example, I created 3 vlans, and assigned them to ports 1 - 7 ( port 0 is the
mgmt interface). Now, something you may have already noticed is that we don't go
into interface config mode, and assign a port to a VLAN. By default, all ports in the
switch are associated to the Vlan Default, so first we have to delete them from that
Vlan, andthen we can add them to the Vlans we created. The command structure is a
little strange.To create a vlan, it's "create vlan vlan_name", and to configure one it's "
config vlan vlan_name [add | delete] ports [all | port_list] ".
Next, in order to make the vlans we created active, we have to enable each of the
Vlans. If we didn't, they wouldn't work. Now, type "show vlan" to verify.

I truncated the output, but you can see that the three Vlans we created are here,
they've automagically been assigned Vlan IDs, and it shows the number of active
ports. We'll see this again, so let's move on.

Like many other vendors whose names aren't Cisco, EXOS supports LLDP. This
simple 3 switch setup (which we'll also be seeing again) will help you see how LLDP
works. Here's what we do:
Switch 1:
enable lldp ports 1
Switch 2:
enable lldp ports 1, 2
Switch 3:
enable lldp ports 2
We could also enable it on all ports, by typing "enable lldp ports all".

Type "show lldp neighbors" to see the mac addresses of the switches connected to
Switch Two, and which ports they are in.
To see all the gory lldp details, type "show lldp"

This will show you the tx interval, hold multiplier, delay, Flags, etc...
Let's move on. Next, we'll set up stp. By default, EXOS uses emistp, but let's change
that to rstp (or dot1w, as they call it).

Here's our three switch topology. To set up rstp, first we create a new spanning tree
domain and vlan. Then, we specify the stp mode, tag our new vlan, remove the ports

from Default and add them to the new vlan (specify tagged), add our tag to the
spanning tree domain, then enable stpd and our vlan.
Here's what we do on Switch 1:
create stpd stpd1
create vlan vlan1
conf stpd stpd1 mode dot1w
conf vlan vlan1 tag 100
conf vlan Default delete ports 1, 3
conf vlan vlan1 add ports 1, 3 tagged
conf stpd stpd1 tag 100
enable stpd stpd1
enable vlan1
Type the same commands for the other two switches, just specify the correct ports.

Here's what we can see, by typing "show stpd stpd1". We can see our BridgeID, the
mac of the root bridge, root path cost, the mode we're in, our Vlan Tag, number of
topology changes, and so on.
Next, let's setup a DHCP server on our switch, and then enable dhcp-snooping.
First, here are the commands we need to type:
create vlan vlan1
conf vlan Default delete ports 1 - 3
conf vlan vlan1 add ports 1 - 3
enable dhcp ports 1 - 3 vlan vlan1
conf vlan vlan1 ipaddress 10.10.10.1/24
conf vlan vlan1 dhcp-address-range 10.10.10.2 - 10.10.10.200
conf vlan vlan1 dhcp-lease-timer 36400
conf vlan vlan1 dhcp-options default-gateway 10.10.10.1
conf vlan vlan1 dhcp-options dns-server primary 1.1.1.1

To verify that our DHCP server is working, type "show dhcp-server vlan vlan1". Here
we can see the range, lease timer, gateway, port range. and even the IP/MAC/, State,
and Lease time of the clients.
Now, let's enable DHCP snooping. Here's the topology:

The switch will have dhcp-snooping enabled, R1 is our trusted DHCP server, and R2
will be a rogue DHCP server. Here's how we set this up:
create vlan vlan1
conf vlan Default delete ports 1 - 4
conf vlan vlan1 add ports 1 - 4
enable ip-security dhcp-snooping vlan vlan1 ports 1 - 4 violation-action drop-packet
block-port duration 172800
Next, we configure a Trusted DHCP port (or we could set up a trusted server):
config trusted-ports ports 4 trust-for dhcp-server
At this point, I set up the DHCP servers on the two Cisco routers, then typed "show
ip-security dhcp-snooping violations vlan vlan1" to see if R2 got blocked:

And there he is. I also type "ip dhcp" on the two VPCS devices, and they obtained IP
from the proper DHCP server, but I'll omit that.
The User Guide also mentions setting up mac-locking, but unfortunately, that
command is missing.
Now let's set up LACP between two switches with two shared links.

Switch 1:
enable sharing 1 grouping 1, 2 lacp
conf sharing 1 lacp activity-mode active
enable ports 1, 2
Type the same commands on the other switch, but set the activity-mode to
passive.We can verify the LAG by typing "show lacp"

This shows the status of the LAG, whether it's enabled, our partner's mac address,
and number of links.
For something different, let's set up BFD for OSPF. Here's the setup:

I tried this with 2 cisco routers in place of switches 2 and 3, but while I could see the
ospf neighbor relationship form between the routers, it never showed up on the
switch. Anyway, here's how we set it up with 3 switches.

Switch 1
create vlan vlan1
config vlan Default delete ports 1, 2 (change for other switches)
config vlan vlan1 add ports 1, 2
config vlan vlan1 ipaddress 10.10.10.2/24
config bfd vlan vlan1 transmit-interval 500
config bfd vlan vlan1 receive-interval 500
config bfd vlan vlan1 detection-multiplier 3
enable iproute bfd 10.10.10.1 vr VR-Default
enable iproute bfd 10.10.10.3 vr VR-Default
config ospf vlan vlan1 bfd on
enable ipforwarding
config ospf vlan vlan1 area 0.0.0.0
config ospf routerid 1.1.1.2
enable vlan1
enable bfd vlan vlan1
enable ospf
Switch 2
create vlan vlan1
config vlan Default delete ports 2
config vlan vlan1 add ports 2
config vlan vlan1 ipaddress 10.10.10.1/24
config bfd vlan vlan1 transmit-interval 500
config bfd vlan vlan1 receive-interval 500
config bfd vlan vlan1 detection-multiplier 3
enable iproute bfd 10.10.10.2 vr VR-Default
config ospf vlan vlan1 bfd on
enable ipforwarding
config ospf vlan vlan1 area 0.0.0.0
config ospf routerid 1.1.1.1
enable vlan1
enable bfd vlan vlan1
enable ospf
Switch 3
create vlan vlan1
config vlan Default delete ports 1
config vlan vlan1 add ports 1
config vlan vlan1 ipaddress 10.10.10.3/24
config bfd vlan vlan1 transmit-interval 500
config bfd vlan vlan1 receive-interval 500
config bfd vlan vlan1 detection-multiplier 3
enable iproute bfd 10.10.10.2 vr VR-Default
config ospf vlan vlan1 bfd on
enable ipforwarding
config ospf vlan vlan1 area 0.0.0.0
config ospf routerid 1.1.1.3
enable vlan1
enable bfd vlan vlan1
enable ospf
By typing "show bfd sessions", we can see which devices are part of the session.
*NOTE* this currently only works on directly connected devices (one hop).

This is the output from Switch 1.


Next up is Vlan Aggregation. Basically, you create subVlans inside a switch, and
attached those to a SuperVlan. All broadcast and unknown traffic remains local to
the subVLAN and does not cross the subVLAN boundary. All traffic within the
subVLAN is switched by the subVLAN, allowing traffic separation between subVLANs
(while using the same default router address among the subVLANs).
Here's the setup:
create vlan vsuper
create vlan vsub1
create vlan vsub2
create vlan vsub3
conf vsuper ipaddress 192.168.3.1/24
enable ipforwarding
conf ospf add vsuper area 0
enable ospf
conf vlan Default delete ports 1 7
conf vlan vsub1 add ports 2, 3
conf vlan vsub2 add ports 4, 5
conf vlan vsub3 add ports 6, 7
conf vsuper add subvlan vsub1
conf vsuper add subvlan vsub2
conf vsuper add subvlan vsub3
disable subvlan-proxy-arp vlan all
enable vsuper
enable vsub1
enable vsub2
enable vsub3
We can verify it by typing "show vlan":

If you look closely, you'll notice that the vsuper vlan has the "S" flag, indicating that
it's a SuperVlan, and the vsub vlans are all flagged with "s" indicating that they are
subVlans. We can also see the amount of ports associated with each vlan.
Lastly, I'll show something relatively new to me. IP Multinetting. It allows one vlan to
have secondary subnets, and yet each subnet are in their own broadcast domain.
Here's the topology:

To set it up, we type this into the switch:


conf default delete port 1 - 3
create vlan multinet
conf multinet ipaddress 192.168.34.1/24
conf multinet add secondary-ipaddress 192.168.35.1/24
conf multinet add secondary-ipaddress 192.168.37.1/24
conf vlan multinet add ports 1 3
enable ipforwarding
enable vlan multinet
enable rip
conf rip add multinet
We can verify it by having devices on each subnet try pinging their respective
gateways: