EWC clonning WLAN, Role etc configurations.

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hi,

I need to create more than 10 auth and non auth roles and about 6 more WLAN services. They will be exacly same with one of the existing role and WLAN. I only need to change the topology settings (for different vlans). Unfortunately there is no option for clonning existing configs.

So can I dump the configurations via CLI then copy-edit-paste them for creating the needed roles and WLAN services? If it is possible can you share some code as I never used EWC CLI?

Thanks,

Rahman
Photo of Rahman Duran

Rahman Duran

  • 2,012 Points 2k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Roy Noh

Roy Noh, Employee

  • 1,078 Points 1k badge 2x thumb
Hello Rahman,

It it's possible to copy, edit and paste by CLI commands.
You can check current configuration of EWC by "show run-config"
Below is a role part of the result for the command.

role
    create "Guest" snmpid 4 1
    "Guest"
        filter-status enable
        ulfilterap enable
        apcustom disable
        name "Guest"
        default-cos no-change
        access-control allow
        traffic-mirror enable
        acfilters

You can edit it as your own purpose and paste it to the CLI prompt.

Please read carefully the link below since misconfiguration could affect your network seriously.

http://documentation.extremenetworks.com/wireless/CLI/downloads/Wireless_CLI_Reference_Guide.pdf

Thank you
Photo of Roy Noh

Roy Noh, Employee

  • 1,078 Points 1k badge 2x thumb
Here is an example for you.


EWC.lab.extremenetworks.com# role
    create "Test"
EWC.lab.extremenetworks.com:role#     create "Test"
EWC.lab.extremenetworks.com:role#     "Test"
        filter-status enable
EWC.lab.extremenetworks.com:role:Test#         filter-status enable
EWC.lab.extremenetworks.com:role:Test#         ulfilterap enable
EWC.lab.extremenetworks.com:role:Test#         apcustom disable
EWC.lab.extremenetworks.com:role:Test#         name "Test"
EWC.lab.extremenetworks.com:role:Test#         default-cos no-change
EWC.lab.extremenetworks.com:role:Test#         access-control allow
EWC.lab.extremenetworks.com:role:Test#         traffic-mirror enable
EWC.lab.extremenetworks.com:role:Test#         acfilters
EWC.lab.extremenetworks.com:role:Test:acfilters#
apply                delete               help                 set-filter-topology 
config               end                  logout               set-snmpruletype    
create               exit                 move                 show                
EWC.lab.extremenetworks.com:role:Test:acfilters# exit
EWC.lab.extremenetworks.com:role:Test# exit
EWC.lab.extremenetworks.com:role#     create "Test1"
    "Test1"
EWC.lab.extremenetworks.com:role#     "Test1"
        filter-status enable
EWC.lab.extremenetworks.com:role:Test1#         filter-status enable
EWC.lab.extremenetworks.com:role:Test1#         ulfilterap enable
EWC.lab.extremenetworks.com:role:Test1#         apcustom disable
EWC.lab.extremenetworks.com:role:Test1#         name "Test1"
EWC.lab.extremenetworks.com:role:Test1#         default-cos no-change
EWC.lab.extremenetworks.com:role:Test1#         access-control allow
EWC.lab.extremenetworks.com:role:Test1#         traffic-mirror enable
EWC.lab.extremenetworks.com:role:Test1#         acfilters
EWC.lab.extremenetworks.com:role:Test1:acfilters# exit
EWC.lab.extremenetworks.com:role:Test1# exit

EWC.lab.extremenetworks.com:role#
EWC.lab.extremenetworks.com:role# show
                                                                        
Role name        Topology   Class of Service  Mode       Filter defined 
                                                                        
Lab Demo         no-change  no-change         no-change  Yes            
Unregistered     no-change  no-change         no-change  Yes            
Enterprise User  no-change  no-change         no-change  Yes            
Guest            no-change  no-change         no-change  Yes            
Lab Demo Turbo   no-change  no-change         no-change  Yes            
GLB_ROLES        no-change  no-change         no-change  Yes            
Failsafe         no-change  no-change         no-change  Yes            
Administrator    no-change  no-change         no-change  Yes            
Deny Access      no-change  no-change         no-change  Yes            
Guest Access     no-change  no-change         no-change  Yes            
Quarantine       no-change  no-change         no-change  Yes            
Notification     no-change  no-change         no-change  Yes            
Assessing        no-change  no-change         no-change  Yes            
Test             no-change  no-change         no-change  Yes            
Test1            no-change  no-change         no-change  Yes            
                                                                        
EWC.lab.extremenetworks.com:role#

Please notice - Type in "exit" to go back to upper level.

Thanks
Photo of Rahman Duran

Rahman Duran

  • 2,012 Points 2k badge 2x thumb
Hello Roy,

Thank you for the example. I will try it. I will also create a feature request about clonning btw.

Regards,

Rahman
(Edited)
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,588 Points 5k badge 2x thumb
You can also use Policy manager in ExtremeControl to copy and paste roles/rules/services.
Photo of Rahman Duran

Rahman Duran

  • 2,012 Points 2k badge 2x thumb
Unfortunately this does not work. I can create role via CLI but can not assign topology just after creating it. "Error: unrecognized command "topology-name"."


this is what I paste to CLI

role
create "acu-sehir-unauth"
"acu-sehir-unauth"
topology-name "B@EWC(vlan62)"
filter-status enable
ulfilterap enable
apcustom disable
name "acu-sehir-unauth"
default-cos no-change
access-control contain2vlan
traffic-mirror none

acfilters
create 1 proto any eth 800 mac any interface-ip in dst out src allow priority none tos-dscp none cos none traffic-mirror none
create 2 proto udp eth 800 mac any 0.0.0.0/0 port 68 in dst out src allow priority none tos-dscp none cos none traffic-mirror none
create 3 proto udp eth 800 mac any 0.0.0.0/0 port 53 in dst out src allow priority none tos-dscp none cos none traffic-mirror none
create 4 proto udp eth 800 mac any 0.0.0.0/0 port 67 in dst out src allow priority none tos-dscp none cos none traffic-mirror none

Any idea why it does not work?

Thanks,

Rahman
Photo of Rahman Duran

Rahman Duran

  • 2,012 Points 2k badge 2x thumb
Ok, I got it working. The trick was to set topology-name at the end and use "Apply" command. Here is the working  codes:

rolecreate "acu-savsat-unauth"
"acu-savsat-unauth"
filter-status enable
ulfilterap enable
apcustom disable
name "acu-savsat-unauth"
default-cos no-change
access-control contain2vlan
traffic-mirror none
topology-name "B@EWC(vlan67)"
apply

acfilters
create 1 proto any eth 800 mac any interface-ip in dst out src allow priority none tos-dscp none cos none traffic-mirror none
create 2 proto udp eth 800 mac any 0.0.0.0/0 port 68 in dst out src allow priority none tos-dscp none cos none traffic-mirror none
create 3 proto udp eth 800 mac any 0.0.0.0/0 port 53 in dst out src allow priority none tos-dscp none cos none traffic-mirror none
create 4 proto udp eth 800 mac any 0.0.0.0/0 port 67 in dst out src allow priority none tos-dscp none cos none traffic-mirror none
apply

Thanks,

Rahman
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
A "Duplicate Role and Rename" feature would be useful.  I will second that!  Several times I find myself wanting to do this.. I had the capability when I was using Policy Manager for Wireless, but I haven't used PM for wireless in a while.  Maybe I should revisit that.
(Edited)
Photo of Umut Aydin

Umut Aydin, Escalation Support Engineer

  • 2,290 Points 2k badge 2x thumb
I would do it over WebGui.
You never know what you maybe miss if doing it over CLI and I don't think it will be faster?!

Yes..C4 for cloning feature.
Photo of Rahman Duran

Rahman Duran

  • 2,012 Points 2k badge 2x thumb
Well, it was actually a lot faster. Problem is not creating the roles via GUI. Problem is writing maybe 10-15 filter rule per role which are all the same for all roles. This is way faster with cloning or in this situation copy-edit-paste via CLI.
(Edited)