Contents

1   Introduction

This document describes procedures for how to install Extreme X460 Switches to be used as Control Switches.

This document is to be used as part of the guide CEE Installation. It supports the reference CEE configuration as described in document BOM for Certified HW Configurations, Reference [1], Cloud Execution Environment (1.1 HP c7000), and only that configuration.

1.1   Prerequisites

This section describes the prerequisites which must be fulfilled before the Extreme switches can be configured. Allow 30 to 60 minutes to configure a switch pair, if all prerequisites are in place.

1.1.1   Installation Data

Required site-specific data:

	The customer-specific, local version of IP and VLAN Plan
	CEE Region name.
	A password for Extreme admin user. Default setting is blank for a new switch.
	A list of all connected ports, port 1-8, towards enclosure 0.
	A list of all connected ports, port 9-16, towards enclosure 1.
	A list of all connected ports, port 17-24, towards enclosure 2.

The address variables used in the document IP and VLAN plan, Reference [2], are used throughout this document, and are summarized in the table below. The IP address <TFTP Server Address> is that of the kickstart or LCT server, obtained during the preparation process as described in the document Preparation of Kickstart Server.

Network/VLAN	IPv4 Address Variable
fuel_ctrl_sp (admin)	<TFTP Server Address>
cee_ctrl_sp (management)	<Control_switch_A (static)>
cee_ctrl_sp (management)	<Control_switch_B (static)>
cee_ctrl_sp (management)	<Traffic_switch VRRP (static)>

1.1.2   Hardware and Software Required

Required hardware:

One pair of Extreme X460 switches

Required software:

EXOS firmware, refer to BOM for Certified HW Configurations, Reference [1].

1.1.3   Tools

The following tools are required:

A kickstart server or LCT (kickstart vs LCT table), prepared with:

	NIC
	Software to enable console port access
	TFTP server accessible, with EXOS firmware

Required cables:

Cable	Use
Adapter USB-to-RS-232	Console connection
Adapter RJ45-to-RS-232	Console connection
Two cat6 Ethernet cables	One cable is connected directly to the management port during installation to download SW to switch if needed. The other cable is connected to USB-to-RS-232 and RJ45-to-RS-232 for connection to console port

Note:  

The switches have one native management port (Ethernet) and one console port on the front panel. Both use RJ45.

1.1.4   Conditions

Before the installation can be performed, the following conditions must apply:

Software packages, see download instructions in Section 2.

	Upgrade package for Extreme firmware. Refer to BOM for Certified HW Configurations, Reference [1].
	Installation package for Extreme firmware SSH module.

Other equipment

Serial number for at least one of the Extreme Switches. This is used when downloading software, if the firmware is not already available.

2   Prepare to Configure Extreme X460 Switches

This section describes the preparations needed before Extreme switches are configured.

To prepare for the installation, perform the following:

1. Download the needed software packages from http://www.extremenetworks.com/partners/partners-hub.aspx.

   Note:  

   Serial number of Extreme Switch is required to download the software.

   
   
2. Create a folder for Extreme software on for the TFTP server:

   Folder for Extreme software used in this document is <TFTP Boot server directory>/Extreme/

3. Copy the extracted software to the folder created, make sure that the software is accessible.

3   Configuration of Extreme X460 Switches

The Extreme switch configuration covered in this section is a manual procedure, taking each switch in turn:

1. Follow the steps from Step 1 in Section 3.1 to Step 41 in Section 3.1, marked for Switch A
2. Follow the steps from Step 2 in Section 3.1 to Step 38 in Section 3.1, marked for Switch B

Note:  

Configuration must be done in the sequence described in this document, otherwise there is risk that a loop in the network is created.

3.1   Configuration of Switch

Configure the switch:

1. Identify the switch having a tag name attached to it (one of the alternatives below):

   Switch	Tag Name
   A	<CEE Region Name>_SWA_X460
   B	<CEE Region Name>_SWB_X460

2. Connect USB-to-RS-232 and RJ45-to-RS-232 to console port.

   Note:  

   See Figure 1 for location of port.

   
   
3. Remove cable from management port (if already connected). Connect Ethernet cable.

   Note:  

   See Figure 1 for location of port.

   
   
4. Access the switch from console port.
5. If username and password are requested, continue with Step 6 otherwise continue with Step 8.
6. Check if file default.xsf exists.

   ls default.xsf

   If output contains ls: default.xsf: No such file or directory continue with Step 7.

   Rename default.xsf.

   mv default.xsf default.xsf.old

   Rename file default.xsf to file default.xsf.old on switch? (y/N)

   Enter Yes.

7. Unconfigure switch.

   unconfigure switch all

   Restore all factory defaults and reboot? (y/N)

   Enter Yes.

   The reboot can take about five minutes.

   After reboot , when the authentication service text Authentication Service (AAA) on the master node is now available for login.

   is displayed:

   Enter admin as user.

   Enter no password.

8. Set default configuration.

   This switch currently has all management methods enabled for convenience reasons.
   Please answer these questions about the security settings you would like to use.
   
   Telnet is enabled by default. Telnet is unencrypted and has been the target of
   security exploits in the past.
   
   Would you like to disable Telnet? [y/N]:

   Enter Yes.

   SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be
   configured to eliminate this problem.
   
   Would you like to disable SNMP? [y/N]:

   Enter No.

   All ports are enabled by default. In some secure applications, it maybe more
   desirable for the ports to be turned off.
   
   Would you like unconfigured ports to be turned off by default? [y/N]:

   Enter Yes.

   Changing the default failsafe account username and password is highly
   recommended. If you choose to do so, please remember the username and
   password as this information cannot be recovered.
   Would you like to change the failsafe account username and password now? [y/N]:

   Enter No.

   Would you like to permit failsafe account access via the management port? [y/N]:

   Enter No.

   The following text will be shown for firmware later than EXOS version 15.4.2.8 :

   The switch can proactively attempt to send basic configuration and
   operational switch information for the purpose of assisting technical
   support to resolve customer-reported issues. Uploaded data is encrypted if
   the ssh.xmod is installed. Otherwise, a reduced switch data set is sent
   in clear text that contains no customer-specific information.
   
   Would you like to disable the automatic switch reporting service? [Y/n]:

   Enter Yes.

   Since you have chosen less secure management methods, please remember to
   increase the security of your network by taking the following actions:
   
   * change your admin password
   * change your failsafe account username and password
   * change your SNMP public and private strings
   * consider using SNMPv3 to secure network management traffic

   Note:  

   Do not change the admin password, later steps expects empty password.

   
   
9. List installed versions.

   The following example of a printout shows the OS and modules installed with version. Check the version on the actual printout against that in BOM for Certified HW Configurations, Reference [1]. If the version is correct, go to Step 20.

   show version images

   Card Partition Installation Date Version Name Branch
   ------------------------------------------------------------------------------
   Switch primary Fri Jan 23 14:04:50 UTC 2015 15.6.1.4 summitX-15.6.1.4.xos v1561b4
   Switch primary Fri Jan 23 14:06:05 UTC 2015 15.6.1.4 summitX-15.6.1.4-ssh.xmod v1561b4
   Switch secondary Fri Jan 23 14:09:42 UTC 2015 15.6.1.4 summitX-15.6.1.4.xos v1561b4
   Switch secondary Fri Jan 23 14:10:56 UTC 2015 15.6.1.4 summitX-15.6.1.4-ssh.xmod v1561b4

10. Configure temporary management IP address. Perform one of the following commands, depending on which switch is being configured:

    Switch	Command
    A	configure vlan mgmt ipaddress <Control_switch_A (static)> <Netmask fuel_ctrl_sp
    B	configure vlan mgmt ipaddress <Control_switch_B (static)> <Netmask fuel_ctrl_sp

    For example, type the following:

    configure vlan mgmt ipaddress 192.168.2.8 255.255.255.0

11. Install OS.

    Transfer the image from TFTP server to Extreme X460 switch:

    download image <TFTP Server Address> Extreme/summitX-<Version Name>.xos VR-mgmt

    Do you want to install image after downloading?

    Enter Yes.

12. Install SSH module.

    Transfer the image from kickstart server to the Extreme X460 switch:

    download image <TFTP Server Address> Extreme/summitX-<Version Name>-ssh.xmod VR-mgmt

    Do you want to install image after downloading?

    Enter Yes.

13. Save configuration.

    save configuration primary

    No default configuration database has been selected to boot up the system.
    Save configuration will set the new configuration as the default database.
    The configuration file primary.cfg already exists.
    Do you want to save configuration to primary.cfg and overwrite it? (y/N)

    Enter Yes.

14. Reboot switch.

    Reboot the switch to use the new OS:

    reboot

    Are you sure you want to reboot the switch? (Y/N)

    Enter Yes.

    The reboot can take about five minutes.

15. Log on by console.

    After reboot , when the authentication service text Authentication Service (AAA) on the master node is now available for login.

    is displayed:

    Enter admin as user.

    Enter no password.

16. Install OS on second partition.

    Transfer the image from TFTP server to Extreme X460 switch:

    download image <TFTP Server Address> Extreme/summitX-<Version Name>.xos VR-mgmt secondary

    Do you want to install image after downloading?

    Enter Yes.

17. Install SSH module on second partition.

    Transfer the image from kickstart server to the Extreme X460 switch:

    download image <TFTP Server Address> Extreme/summitX-<Version Name>-ssh.xmod VR-mgmt secondary

    Do you want to install image after downloading?

    Enter Yes.

18. Change used partition.

    use image primary

19. Remove temporary management IP address configured in Step 10.

    unconfigure vlan mgmt ipaddress

20. Delete Ports from Default VLAN:

    configure vlan default delete ports all

21. Configure sharing for Inter Switch Link

    enable sharing 51 grouping 51,52 algorithm address-based L3_L4 lacp

    configure sharing 51 lacp timeout short

22. Configure sharing for links from Control switch towards Enclosure 0

    enable sharing 1 grouping <list of ports connected to enclosure 0> algorithm address-based L3_L4 lacp

    configure sharing 1 lacp timeout short

23. Configure sharing for links from Control switch towards Enclosure 1.

    enable sharing 9 grouping <list of ports connected to enclosure 1> algorithm address-based L3_L4 lacp

    configure sharing 9 lacp timeout short

24. Configure sharing for links from Control switch towards Enclosure 2.

    enable sharing 17 grouping <list of ports connected to enclosure 2> algorithm address-based L3_L4 lacp

    configure sharing 17 lacp timeout short

25. Create CEE administration VLAN.

    create vlan cee_ctrl_sp tag 2

    configure vlan cee_ctrl_sp add ports 41 untagged

    Perform one of the following commands, depending on which switch is being configured:

    Switch	Command
    A	configure vlan cee_ctrl_sp ipaddress <Control_switch_A (static)> <Netmask cee_ctrl_sp
    B	configure vlan cee_ctrl_sp ipaddress <Control_switch_B (static)> <Netmask cee_ctrl_sp

    configure vlan cee_ctrl_sp add ports 49,50,51 tagged

    configure vlan cee_ctrl_sp add ports 1,9,17 tagged

26. Create PXE boot VLAN

    create vlan fuel_ctrl_sp tag 28

    configure vlan fuel_ctrl_sp add ports 51 untagged

    configure vlan fuel_ctrl_sp add ports 1,9,17 untagged

27. Create subrack control VLAN

    create vlan subrack_ctrl_sp tag 3

    configure vlan subrack_ctrl_sp add ports 49,51 tagged

    configure vlan subrack_ctrl_sp add ports 1,9,17 tagged

    configure vlan subrack_ctrl_sp add ports 42,43,44 untagged

28. Configure port for kickstart server

    configure vlan cee_ctrl_sp add ports 47 tagged

    configure vlan fuel_ctrl_sp add ports 47 untagged

    configure vlan subrack_ctrl_sp add ports 47 tagged

29. Enable ports

    enable ports 1,9,17,41-44,47,49-52

30. Set system name. Perform one of the following commands:

    Switch	Command
    A	configure snmp sysName <CEE Region name>_SWA_X460
    B	configure snmp sysName <CEE Region name>_SWB_X460

31. Enable and configure NTP.

    configure iproute add <Traffic_switch_A (static)> 255.255.255.255 <Traffic_switch VRRP (static)> vr VR-Default

    configure iproute add <Traffic_switch_B (static)> 255.255.255.255 <Traffic_switch VRRP (static)> vr VR-Default

    Note:  

    The switch IP addresses for configure iproute are on sw_ctrl_vip.

    
    

    enable ntp

    enable ntp vlan cee_ctrl_sp

    configure ntp server add <Traffic_switch_A (static)>

    configure ntp server add <Traffic_switch_B (static)>

    Note:  

    The switch IP addresses for enable ntp are on sw_ctrl_vip.

    
    
32. Enable SSH.

    enable ssh2 vr VR-Default

    WARNING: Generating new server host key This could take approximately 15 minutes and cannot be canceled. Continue?

    Enter Yes.

33. Disable SNMP Community.

    disable snmp community public

    disable snmp community private

34. Save configuration.

    save configuration primary

    Do you want to save configuration to primary.cfg and overwrite it? (y/N)

    Enter Yes.

    save configuration secondary

    The configuration file secondary.cfg already exists.
    Do you want to save configuration to secondary.cfg and overwrite it? (y/N)

    Enter Yes.

    Saving configuration on master ...... done!
    Configuration saved to secondary.cfg successfully.
    
    The current selected default configuration database to boot up the system
    (primary.cfg) is different than the one just saved (secondary.cfg).
    Do you want to make secondary.cfg the default database? (y/N)

    Enter No.

35. Reboot the switch.

    reboot

    Are you sure you want to reboot the switch? (Y/N)

    Enter Yes.

    The reboot time can be 5-10 minutes.

36. End console port session.
37. Remove console port cable inserted in Step 2.
38. Remove Ethernet cable and reinsert cable that was removed in Step 3.
39. If you have followed this section from the instructions in Replace Extreme X460 Switch, to configure a single replacement switch, then return to that document, section Conclude Replacement.
40. If you have followed this section from the instructions in Extreme Switch Firmware Upgrade, to upgrade an X460 switch, then return to that document, section Check the Status of the Upgraded Switch.
41. If you have followed the configuration steps for Switch A, go to Step 2 for Switch B.

Reference List

[1] BOM for Certified HW Configurations, 1/006 51-CSA 113 125/5 Uen
[2] IP and VLAN plan, 2/102 62-CRA 119 1862/5 Uen