Extreme X460 Configuration
Cloud Execution Environment

Contents

1Introduction
1.1Prerequisites

2
Prepare to Configure Extreme X460 Switches

3
Configuration of Extreme X460 Switches
3.1Configuration of Switch

Reference List

1   Introduction

This document describes procedures for how to install Extreme X460 Switches to be used as Control Switches.

This document is to be used as part of the guide CEE Installation.

1.1   Prerequisites

This section describes the prerequisites which must be fulfilled before the Extreme switches can be configured. Allow 30 to 60 minutes to configure a switch pair, if all prerequisites are in place.

1.1.1   Installation Data

Required site-specific data:

The customer-specific, local version of IP and VLAN plan
CEE region name.
A password for the Extreme admin user. The default setting is blank for a new switch.
A list of all connected ports, port 1-8, towards enclosure 0.
A list of all connected ports, port 9-16, towards enclosure 1.
A list of all connected ports, port 17-24, towards enclosure 2.

The address variables are summarized in the table below. For more information, refer to IP and VLAN plan, Reference [1]. The IP address <tftp_server_address> is that of the kickstart or LCT server, obtained during the preparation process, as described in the document Preparation of Kickstart Server.

Network/VLAN

IPv4 Address Variable

fuel_ctrl_sp (admin)

<tftp_server_address>

cee_ctrl_sp (management)

<control_switch_a_static_ip>

cee_ctrl_sp (management)

<control_switch_b_static_ip>

cee_ctrl_sp (management)

<traffic_switch_vrrp_static_ip>

1.1.2   Hardware and Software Required

Required hardware:

One pair of Extreme X460 switches

Required software:

EXOS firmware

1.1.3   Tools

The following tools are required:

A kickstart server or LCT (kickstart vs LCT table), prepared with:

NIC
Software to enable console port access
TFTP server accessible, with EXOS firmware

Required cables:

Cable

Use

Adapter USB-to-RS-232

Console connection

Adapter RJ45-to-RS-232

Console connection

Two cat6 Ethernet cables

One cable is connected directly to the management port during installation to download software to the switch if needed. The other cable is connected to USB-to-RS-232 and RJ45-to-RS-232 for connection to console port.

Note:  
The switches have one native management port (Ethernet) and one console port on the front panel. Both use RJ45.

Figure 1   Extreme X460 Switch, Front

1.1.4   Conditions

Before the installation can be performed, the following conditions must apply:

Software packages, see download instructions in Section 2:

Upgrade package for the Extreme firmware.
Installation package for the Extreme firmware SSH module.

Other equipment:

Serial number for at least one of the Extreme Switches. This is used when downloading software, if the firmware is not already available.

2   Prepare to Configure Extreme X460 Switches

This section describes the preparations needed before Extreme switches are configured.

To prepare for the installation, perform the following:

  1. Download the needed software packages from http://www.extremenetworks.com/partners/partners-hub.aspx.
    Note:  
    The serial number of the Extreme switch is required to download the software.

  2. Create a folder for Extreme software on for the TFTP server:

    Folder for Extreme software used in this document is <tftp_boot_server_directory>/Extreme/

  3. Copy the extracted software to the folder created. Make sure that the software is accessible.

3   Configuration of Extreme X460 Switches

The Extreme switch configuration covered in this section is a manual procedure, taking each switch in turn:

  1. Follow the steps from Step 1 in Section 3.1 to Step 41 in Section 3.1, marked for Switch A.
  2. Follow the steps from Step 2 in Section 3.1 to Step 38 in Section 3.1, marked for Switch B.
Note:  
The configuration must be done in the sequence described in this document, otherwise there is risk that a loop in the network is created.

3.1   Configuration of Switch

Configure the switch:

  1. Identify the switch having a tag name attached to it (one of the alternatives below):

    Switch

    Tag Name

    A

    <cee_region_name>_SWA_X460

    B

    <cee_region_name>_SWB_X460

  2. Connect USB-to-RS-232 and RJ45-to-RS-232 to the console port.
    Note:  
    See Figure 1 for the location of the port.

  3. Remove the cable from the management port (if already connected). Connect the Ethernet cable.
    Note:  
    See Figure 1 for the location of the port.

  4. Access the switch from the console port.
  5. If username and password are requested, continue with Step 6, otherwise continue with Step 8.
  6. Check if the file default.xsf exists:

    ls default.xsf

    If the output contains ls: default.xsf: No such file or directory continue with Step 7.

    Rename default.xsf:

    mv default.xsf default.xsf.old

    Rename file default.xsf to file default.xsf.old on switch? (y/N)

    Enter Yes.

  7. Unconfigure the switch:

    unconfigure switch all

    Restore all factory defaults and reboot? (y/N)

    Enter Yes.

    The reboot can take about five minutes.

    After the reboot, when the authentication service text Authentication Service (AAA) on the master node is now available for login. is displayed:

    Enter admin as user.

    Enter no password.

  8. Set default configuration:

    This switch currently has all management methods enabled for convenience reasons.
    Please answer these questions about the security settings you would like to use.

    Telnet is enabled by default. Telnet is unencrypted and has been the target of security exploits in the past.

    Would you like to disable Telnet? [y/N]:

    Enter Yes.

    SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be configured to eliminate this problem.

    Would you like to disable SNMP? [y/N]:

    Enter No.

    All ports are enabled by default. In some secure applications, it maybe more desirable for the ports to be turned off.

    Would you like unconfigured ports to be turned off by default? [y/N]:

    Enter Yes.

    Changing the default failsafe account username and password is highly recommended. If you choose to do so, please remember the username and password as this information cannot be recovered.
    Would you like to change the failsafe account username and password now? [y/N]:

    Enter No.

    Would you like to permit failsafe account access via the management port? [y/N]:

    Enter No.

    The following text will be shown for firmware later than EXOS version 15.4.2.8 :

    The switch can proactively attempt to send basic configuration and operational switch information for the purpose of assisting technical support to resolve customer-reported issues. Uploaded data is encrypted if the ssh.xmod is installed. Otherwise, a reduced switch data set is sent in clear text that contains no customer-specific information.

    Would you like to disable the automatic switch reporting service? [Y/n]:

    Enter Yes.

    Since you have chosen less secure management methods, please remember to increase the security of your network by taking the following actions:

    * change your admin password
    * change your failsafe account username and password
    * change your SNMP public and private strings
    * consider using SNMPv3 to secure network management traffic

    Note:  
    Do not change the admin password. Later steps expect empty password.

  9. List the installed versions.

    The following printout is an example that shows the OS version and modules installed. If the version is correct, go to Step 20.

    show version images

    Card Partition Installation Date Version Name Branch
    ------------------------------------------------------------------------------
    Switch primary Fri Jan 23 14:04:50 UTC 2015 15.6.1.4 summitX-15.6.1.4.xos v1561b4
    Switch primary Fri Jan 23 14:06:05 UTC 2015 15.6.1.4 summitX-15.6.1.4-ssh.xmod v1561b4
    Switch secondary Fri Jan 23 14:09:42 UTC 2015 15.6.1.4 summitX-15.6.1.4.xos v1561b4
    Switch secondary Fri Jan 23 14:10:56 UTC 2015 15.6.1.4 summitX-15.6.1.4-ssh.xmod v1561b4

  10. Configure temporary management IP address. Perform one of the following commands, depending on which switch is being configured:

    Switch

    Command

    A

    		 

    configure vlan mgmt ipaddress <control_switch_a_static_ip> <netmask-for-fuel_ctrl_sp>

    configure vlan mgmt ipaddress <control_switch_a_static_ip><netmask-for-fuel_ctrl_sp>

    B

    		 

    configure vlan mgmt ipaddress <control_switch_b_static_ip> <netmask-for-fuel_ctrl_sp>

    configure vlan mgmt ipaddress <control_switch_b_static_ip><netmask-for-fuel_ctrl_sp>

    For example:

    configure vlan mgmt ipaddress 192.168.2.8 255.255.255.0

  11. Install the OS.

    Transfer the image from TFTP server to Extreme X460 switch:

    download image <tftp_server_address> Extreme/summitX-<version_name>.xos VR-mgmt
    download image <tftp_server_address>⇒
 Extreme/summitX-<version_name>.xos VR-mgmt

    Do you want to install image after downloading?

    Enter Yes.

  12. Install the SSH module.

    Transfer the image from the kickstart server to the Extreme X460 switch:

    download image <tftp__server_address> Extreme/summitX-<version_name>-ssh.xmod VR-mgmt
    download image <tftp__server_address>⇒
 Extreme/summitX-<version_name>-ssh.xmod VR-mgmt

    Do you want to install image after downloading?

    Enter Yes.

  13. Save the configuration:

    save configuration primary

    No default configuration database has been selected to boot up the system.
    Save configuration will set the new configuration as the default database.
    The configuration file primary.cfg already exists.
    Do you want to save configuration to primary.cfg and overwrite it? (y/N)

    Enter Yes.

  14. Reboot the switch to use the new OS:

    reboot

    Are you sure you want to reboot the switch? (Y/N)

    Enter Yes.

    The reboot can take about five minutes.

  15. Log on by console.

    After the reboot, when the authentication service text Authentication Service (AAA) on the master node is now available for login. is displayed:

    Enter admin as user.

    Enter no password.

  16. Install the OS on the second partition.

    Transfer the image from the TFTP server to the Extreme X460 switch:

    download image <tftp_server_address> Extreme/summitX-<version_name>.xos VR-mgmt secondary
    download image <tftp_server_address>⇒
 Extreme/summitX-<version_name>.xos VR-mgmt secondary

    Do you want to install image after downloading?

    Enter Yes.

  17. Install the SSH module on the second partition.

    Transfer the image from the kickstart server to the Extreme X460 switch:

    download image <tftp_server_address> Extreme/summitX-<version_name>-ssh.xmod VR-mgmt secondary
    download image <tftp_server_address>⇒
 Extreme/summitX-<version_name>-ssh.xmod VR-mgmt secondary

    Do you want to install image after downloading?

    Enter Yes.

  18. Change the used partition:

    use image primary

  19. Remove the temporary management IP address configured in Step 10:

    unconfigure vlan mgmt ipaddress

  20. Delete ports from the default VLAN:

    configure vlan default delete ports all

  21. Configure sharing for Inter Switch Link:

    enable sharing 51 grouping 51,52 algorithm address-based L3_L4 lacp
    enable sharing 51 grouping 51,52 algorithm⇒
 address-based L3_L4 lacp

    configure sharing 51 lacp timeout short

  22. Configure sharing for links from the Control switch towards Enclosure 0:

    enable sharing 1 grouping <list_of_ports_connected_to_enclosure0> algorithm address-based L3_L4 lacp 
    enable sharing 1 grouping⇒
 <list_of_ports_connected_to_enclosure0> algorithm⇒
 address-based L3_L4 lacp

    configure sharing 1 lacp timeout short

  23. Configure sharing for links from the Control switch towards Enclosure 1:

    enable sharing 9 grouping <list_of_ports_connected_to_enclosure1> algorithm address-based L3_L4 lacp 
    enable sharing 9 grouping⇒
 <list_of_ports_connected_to_enclosure1> algorithm⇒
 address-based L3_L4 lacp

    configure sharing 9 lacp timeout short

  24. Configure sharing for links from the Control switch towards Enclosure 2:

    enable sharing 17 grouping <list_of_ports_connected_to_enclosure2> algorithm address-based L3_L4 lacp 
    enable sharing 17 grouping⇒
 <list_of_ports_connected_to_enclosure2> algorithm⇒
 address-based L3_L4 lacp

    configure sharing 17 lacp timeout short

  25. Create the CEE administration VLAN:

    create vlan cee_ctrl_sp tag 2

    configure vlan cee_ctrl_sp add ports 41 untagged

    Perform one of the following commands, depending on which switch is being configured:

    Switch

    Command

    A

    		 

    configure vlan cee_ctrl_sp ipaddress <control_switch_a_static_ip> <netmask-for-cee_ctrl_sp

    configure vlan cee_ctrl_sp ipaddress⇒
 <control_switch_a_static_ip> <netmask-for-cee_ctrl_sp

    B

    		 

    configure vlan cee_ctrl_sp ipaddress <control_switch_b_static_ip> <netmask-for-cee_ctrl_sp

    configure vlan cee_ctrl_sp ipaddress⇒
 <control_switch_b_static_ip> <netmask-for-cee_ctrl_sp

    configure vlan cee_ctrl_sp add ports 49,50,51 tagged

    configure vlan cee_ctrl_sp add ports 1,9,17 tagged

  26. Create the PXE boot VLAN:

    create vlan fuel_ctrl_sp tag 28

    configure vlan fuel_ctrl_sp add ports 51 untagged

    configure vlan fuel_ctrl_sp add ports 1,9,17 untagged

  27. Create the subrack control VLAN:

    create vlan subrack_ctrl_sp tag 3

    configure vlan subrack_ctrl_sp add ports 49,51 tagged

    configure vlan subrack_ctrl_sp add ports 1,9,17 tagged

    configure vlan subrack_ctrl_sp add ports 42,43,44 untagged
    configure vlan subrack_ctrl_sp⇒
 add ports 42,43,44 untagged

  28. Configure the port for the kickstart server:

    configure vlan cee_ctrl_sp add ports 47 tagged

    configure vlan fuel_ctrl_sp add ports 47 untagged

    configure vlan subrack_ctrl_sp add ports 47 tagged

  29. Enable the ports:

    enable ports 1,9,17,41-44,47,49-52

  30. Set system name. Perform one of the following commands:

    Switch

    Command

    A

    configure snmp sysName <cee_region_name>_SWA_X460

    B

    configure snmp sysName <cee_region_name>_SWB_X460

  31. Enable and configure NTP.

    configure iproute add <traffic_switch_a_static_ip> 255.255.255.255 <traffic_switch_vrrp_static_ip> vr VR-Default
    configure iproute add <traffic_switch_a_static_ip>⇒
 255.255.255.255 <traffic_switch_vrrp_static_ip>⇒
 vr VR-Default

    configure iproute add <traffic_switch_b_static_ip> 255.255.255.255 <traffic_switch_vrrp_static_ip> vr VR-Default
    configure iproute add <traffic_switch_b_static_ip>⇒
 255.255.255.255 <traffic_switch_vrrp_static_ip>⇒
 vr VR-Default

    Note:  
    The switch IP addresses for configure iproute are on sw_ctrl_vip.

    enable ntp

    enable ntp vlan cee_ctrl_sp

    configure ntp server add <traffic_switch_a_static_ip>

    configure ntp server add <traffic_switch_b_static_ip>

    Note:  
    The switch IP addresses for enable ntp are on sw_ctrl_vip.

  32. Enable SSH:

    enable ssh2 vr VR-Default

    WARNING: Generating new server host key This could take approximately 15 minutes and cannot be canceled. Continue?

    Enter Yes.

  33. Disable SNMP Community:

    disable snmp community public

    disable snmp community private

  34. Save the configuration:

    save configuration primary

    Do you want to save configuration to primary.cfg and overwrite it? (y/N)

    Enter Yes.

    save configuration secondary

    The configuration file secondary.cfg already exists.
    Do you want to save configuration to secondary.cfg and overwrite it? (y/N)

    Enter Yes.

    Saving configuration on master ...... done!
    Configuration saved to secondary.cfg successfully.

    The current selected default configuration database to boot up the system (primary.cfg) is different than the one just saved (secondary.cfg).
    Do you want to make secondary.cfg the default database? (y/N)

    Enter No.

  35. Reboot the switch.

    reboot

    Are you sure you want to reboot the switch? (Y/N)

    Enter Yes.

    The reboot time can be 5-10 minutes.

  36. End the console port session.
  37. Remove the console port cable inserted in Step 2.
  38. Remove the Ethernet cable and reinsert the cable that was removed in Step 3.
  39. If you have followed this section from the instructions in Replace Extreme X460 Switch to configure a single replacement switch, then return to that document, section Conclude Replacement.
  40. If you have followed this section from the instructions in Extreme Switch Firmware Upgrade to upgrade an X460 switch, then return to that document, section Check the Status of the Upgraded Switch.
  41. If you have followed the configuration steps for Switch A, go to Step 2 for Switch B.

Reference List

[1] IP and VLAN plan, 2/102 62-CRA 119 1862/5 Uen
Legal | © Ericsson AB 2016–2018