guybrushthreepwood 11-Mar-2015 11:35 EXOS Setup and Configuration Examples in GNS3 (Linux)Register with Extreme Networks, and download the extremexosvm1532.zip file (or newer). I strongly urge you to download the EXOS User Guide, and the EXOS Command Reference. They'll come in handy.Extract the zip file, and navigate to the /extremexosvm1532/XOS_VM_LAB/ folder. Extract EXOS_VM_15_3_2.zip, and you'll end up with the exosvm.vmdk file that we need.In GNS3, click Edit->Preferences->QEMU VMs->New.

Leave Type as Default, and name it whatever you wish. Click Next.

Increase the amount of RAM from 256MB to 1024MB. Click Next.

Browse and select the exosvm.vmdk file we extracted. Click Finish. Back at the QEMU screen, make sure your new device is highlighted, and click Edit.

Click the Network tab, and increase the amount of network adapters to 8.

Click the Advanced tab, and in the Additional settings field, type "-nographic -enable-kvm". Click Ok. Back at the QEMU screen, click Apply and OK.Drop an instance of your new device into a blank topology, start it, right-click it, and choose Console.

Now, if you elected to not use "-nographic", you'll see GRUB appear in the QEMU window. Selecting the "Primary Image with serial console" is preferred, but not required. If you DID add "-nographic" and are using the console, you won't see this option.

Once you reach the login prompt, give it a few seconds to move from "pending-AAA" to a plain login prompt. The user name is admin, with no password. At this point, it will ask you a bunch of questions. Just accept the defaults, and keep pressing Enter until you reach the "Summit-PC.1#" prompt.Now, this is where things are different than IOS, EOS, Junos, etc... There's no such thing as an Privileged Exec or Global Config mode. Everything from show commands to configuration is done in this one mode. And don't worry that the number next to the prompt keeps increasing. That's normal.At this point, I'll so a few basic ways of configuring EXOS. Let's get started configuring, shall we?

In this example, I created 3 vlans, and assigned them to ports 1 - 7 ( port 0 is the mgmt interface). Now, something you may have already noticed is that we don't go into interface config mode, and assign a port to a VLAN. By default, all ports in the switch are associated to the Vlan Default, so first we have to delete them from that Vlan, and then we can add them to the Vlans we created. The command structure is a little strange.To create a vlan, it's "create vlan vlan_name", and to configure one it's " config vlan vlan_name [add | delete] ports [all | port_list] ".Next, in order to make the vlans we created active, we have to enable each of the Vlans. If we didn't, they wouldn't work. Now, type "show vlan" to verify.

I truncated the output, but you can see that the three Vlans we created are here, they've automagically been assigned Vlan IDs, and it shows the number of active ports. We'll see this again, so let's move on.

Like many other vendors whose names aren't Cisco, EXOS supports LLDP. This simple 3 switch setup (which we'll also be seeing again) will help you see how LLDP works. Here's what we do:Switch 1:enable lldp ports 1Switch 2:enable lldp ports 1, 2Switch 3:enable lldp ports 2We could also enable it on all ports, by typing "enable lldp ports all".

Type "show lldp neighbors" to see the mac addresses of the switches connected to Switch Two, and which ports they are in.To see all the gory lldp details, type "show lldp"

This will show you the tx interval, hold multiplier, delay, Flags, etc... Let's move on. Next, we'll set up stp. By default, EXOS uses emistp, but let's change that to rstp (or dot1w, as they call it).

Here's our three switch topology. To set up rstp, first we create a new spanning tree domain and vlan. Then, we specify the stp mode, tag our new vlan, remove the ports from Default and add them to the new vlan (specify tagged), add our tag to the spanning tree domain, then enable stpd and our vlan.Here's what we do on Switch 1:create stpd stpd1create vlan vlan1conf stpd stpd1 mode dot1wconf vlan vlan1 tag 100conf vlan Default delete ports 1, 3conf vlan vlan1 add ports 1, 3 taggedconf stpd stpd1 tag 100enable stpd stpd1enable vlan1Type the same commands for the other two switches, just specify the correct ports.

Here's what we can see, by typing "show stpd stpd1". We can see our BridgeID, the mac of the root bridge, root path cost, the mode we're in, our Vlan Tag, number of topology changes, and so on.Next, let's setup a DHCP server on our switch, and then enable dhcp-snooping.First, here are the commands we need to type:create vlan vlan1conf vlan Default delete ports 1 - 3conf vlan vlan1 add ports 1 - 3enable dhcp ports 1 - 3 vlan vlan1conf vlan vlan1 ipaddress 10.10.10.1/24 conf vlan vlan1 dhcp-address-range 10.10.10.2 - 10.10.10.200conf vlan vlan1 dhcp-lease-timer 36400conf vlan vlan1 dhcp-options default-gateway 10.10.10.1conf vlan vlan1 dhcp-options dns-server primary 1.1.1.1

To verify that our DHCP server is working, type "show dhcp-server vlan vlan1". Here we can see the range, lease timer, gateway, port range. and even the IP/MAC/, State, and Lease time of the clients.Now, let's enable DHCP snooping. Here's the topology:

The switch will have dhcp-snooping enabled, R1 is our trusted DHCP server, and R2 will be a rogue DHCP server. Here's how we set this up:create vlan vlan1conf vlan Default delete ports 1 - 4conf vlan vlan1 add ports 1 - 4enable ip-security dhcp-snooping vlan vlan1 ports 1 - 4 violation-action drop-packet block-port duration 172800Next, we configure a Trusted DHCP port (or we could set up a trusted server):config trusted-ports ports 4 trust-for dhcp-serverAt this point, I set up the DHCP servers on the two Cisco routers, then typed "show ip-security dhcp-snooping violations vlan vlan1" to see if R2 got blocked:

And there he is. I also type "ip dhcp" on the two VPCS devices, and they obtained IP from the proper DHCP server, but I'll omit that.The User Guide also mentions setting up mac-locking, but unfortunately, that command is missing.Now let's set up LACP between two switches with two shared links.

Switch 1:enable sharing 1 grouping 1, 2 lacpconf sharing 1 lacp activity-mode activeenable ports 1, 2Type the same commands on the other switch, but set the activity-mode to passive.We can verify the LAG by typing "show lacp"

This shows the status of the LAG, whether it's enabled, our partner's mac address, and number of links.For something different, let's set up BFD for OSPF. Here's the setup:

I tried this with 2 cisco routers in place of switches 2 and 3, but while I could see the ospf neighbor relationship form between the routers, it never showed up on the switch. Anyway, here's how we set it up with 3 switches.Switch 1create vlan vlan1config vlan Default delete ports 1, 2 (change for other switches)config vlan vlan1 add ports 1, 2config vlan vlan1 ipaddress 10.10.10.2/24config bfd vlan vlan1 transmit-interval 500config bfd vlan vlan1 receive-interval 500config bfd vlan vlan1 detection-multiplier 3enable iproute bfd 10.10.10.1 vr VR-Defaultenable iproute bfd 10.10.10.3 vr VR-Defaultconfig ospf vlan vlan1 bfd onenable ipforwardingconfig ospf vlan vlan1 area 0.0.0.0config ospf routerid 1.1.1.2enable vlan1enable bfd vlan vlan1enable ospfSwitch 2create vlan vlan1config vlan Default delete ports 2config vlan vlan1 add ports 2config vlan vlan1 ipaddress 10.10.10.1/24config bfd vlan vlan1 transmit-interval 500config bfd vlan vlan1 receive-interval 500config bfd vlan vlan1 detection-multiplier 3enable iproute bfd 10.10.10.2 vr VR-Defaultconfig ospf vlan vlan1 bfd onenable ipforwardingconfig ospf vlan vlan1 area 0.0.0.0config ospf routerid 1.1.1.1enable vlan1enable bfd vlan vlan1enable ospf

Switch 3create vlan vlan1config vlan Default delete ports 1config vlan vlan1 add ports 1config vlan vlan1 ipaddress 10.10.10.3/24config bfd vlan vlan1 transmit-interval 500config bfd vlan vlan1 receive-interval 500config bfd vlan vlan1 detection-multiplier 3enable iproute bfd 10.10.10.2 vr VR-Defaultconfig ospf vlan vlan1 bfd onenable ipforwardingconfig ospf vlan vlan1 area 0.0.0.0config ospf routerid 1.1.1.3enable vlan1enable bfd vlan vlan1enable ospfBy typing "show bfd sessions", we can see which devices are part of the session. *NOTE* this currently only works on directly connected devices (one hop).

This is the output from Switch 1.Next up is Vlan Aggregation. Basically, you create subVlans inside a switch, and attached those to a SuperVlan. All broadcast and unknown traffic remains local to the subVLAN and does not cross the subVLAN boundary. All traffic within the subVLAN is switched by the subVLAN, allowing traffic separation between subVLANs (while using the same default router address among the subVLANs).Here's the setup:create vlan vsupercreate vlan vsub1create vlan vsub2create vlan vsub3conf vsuper ipaddress 192.168.3.1/24enable ipforwardingconf ospf add vsuper area 0enable ospfconf vlan Default delete ports 1 7conf vlan vsub1 add ports 2, 3conf vlan vsub2 add ports 4, 5conf vlan vsub3 add ports 6, 7conf vsuper add subvlan vsub1conf vsuper add subvlan vsub2conf vsuper add subvlan vsub3disable subvlan-proxy-arp vlan allenable vsuperenable vsub1enable vsub2enable vsub3We can verify it by typing "show vlan":

If you look closely, you'll notice that the vsuper vlan has the "S" flag, indicating that it's a SuperVlan, and the vsub vlans are all flagged with "s" indicating that they are subVlans. We can also see the amount of ports associated with each vlan.Lastly, I'll show something relatively new to me. IP Multinetting. It allows one vlan to have secondary subnets, and yet each subnet are in their own broadcast domain. Here's the topology:

To set it up, we type this into the switch:conf default delete port 1 - 3create vlan multinetconf multinet ipaddress 192.168.34.1/24conf multinet add secondary-ipaddress 192.168.35.1/24conf multinet add secondary-ipaddress 192.168.37.1/24conf vlan multinet add ports 1 3enable ipforwardingenable vlan multinetenable ripconf rip add multinetWe can verify it by having devices on each subnet try pinging their respective gateways: