How to migrate configuration from EOS to EXOS??

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I need to configure my x440-g2 with exos to use in my network.
all switches that i have are c5 and b5 witch eos ... now i need to translate eos config file to exos....

and this is my base config to migrate:


set ip address 172.16.0.XXX mask 255.255.240.0 gateway 172.16.0.1

#SNMP
clear snmp access ro security-model v1 
clear snmp access ro security-model v2c 
clear snmp access public security-model v1 
clear snmp access public security-model v2c 
clear snmp access public security-model usm
clear snmp group ro ro security-model v1
clear snmp group ro ro security-model v2c
clear snmp group public public security-model v1
clear snmp user public
clear snmp group public public

set snmp user USER authentication md5 PASSWORD encryption des privacy PASSWORD nonvolatile
set snmp group read_write user USER security-model usm
set snmp access read_write security-model usm privacy exact read All write All notify All nonvolatile

#global
set length 24
set width 150 default
set summertime enable CEST
set summertime recurring last Sunday March 02:00 last Sunday October 03:00 60
set timezone 'CET' 1 0
set ssh enabled
set sntp client unicast
set sntp server 172.16.XX.XX
set sntp server 172.16.XX.XX precedence 2
set prompt XXXXXXX
set system name XXXXXX
set system location XXXXX
set logout 60
set logging default severity 6
set logging application STP level 7
set logging server 1 ip-addr 172.16.XX.XX state enable
set gvrp disable
set ciscodp status disable
set banner login "LOL"
set system login USER super-user enable local-only yes
set system login admin super-user enable local-only yes
clear system login ro
clear system login rw

set password admin
set password USER

#ports
set spantree mstcfgid cfgname 'SPT-NAME' rev 1
set spantree adminedge ge.1.1-46 true
set lldp port tx-tlv sys-name mgmt-addr ge.1.47-48
set igmpsnooping interfacemode ge.1.1-48 enable
set dhcpsnooping trust port lag.0.1 enable
set dhcpsnooping trust port ge.1.47-48 enable
set dhcpsnooping enable
#jesli jest LAG
set lacp aadminkey lag.0.1 100
set lacp singleportlag enable
set port lacp port ge.1.47-48 aadminkey 100 enable

#NAC
set vlanauthorization enable
set policy maptable response tunnel
set multiauth precedence dot1x mac

set eapol auth-mode forced-auth ge.1.47-48
set eapol auth-mode auto ge.1.1-46
set multiauth port mode force-auth ge.1.47-48
set multiauth port mode auth-reqd ge.1.1-46
set macauthentication port  enable ge.1.1-46
set eapol enable


please help me or i'll broke that ...#$@$! x440....
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
  • frustraded

Posted 2 years ago

  • 0
  • 1
Photo of Taykin Izzet

Taykin Izzet , Employee

  • 3,206 Points 3k badge 2x thumb
Marek, we do have an Python script that can be used in Windows or Linux that can convert the configuration from EOS to EXOS. The script might not convert everything, so it would be recommended to review the converted output and test before placing into production.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-convert-EOS-configurations-to-EXOS-...
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Hi Marek,

E2X is not able to create a good conversion of your template. :-(

With a few adjustments of the template it converts parts of it to the following (edited for this post):

# IP address
configure vlan Default ipaddress 172.16.0.2 255.255.240.0
configure iproute add default 172.16.0.1

# LAG for ports 47 and 48
enable sharing 47 grouping 47-48 algorithm address-based L3 lacp

# Basic STP config - this is incomplete!
# a newly created VLAN needs to be added to STP
configure mstp region 'SPT-NAME
'configure mstp revision 1
configure stpd s0 mode mstp cist
enable stpd s0
configure stpd s0 ports link-type edge 1-46

# Prompt / Name and Banner
configure snmp sysName "XXXXXX"
configure snmp sysLocation "XXXXX"
configure banner before-login acknowledge save-to-configuration
LOL
Press RETURN to proceed to login


# SSH
configure ssh2 key
enable ssh2

# Syslog
configure syslog add 172.16.0.1:514 local4
configure log target syslog 172.16.0.1:514 local4 severity debug-data
enable log target syslog 172.16.0.1:514 local4

# SNTP and timezone
configure sntp-client primary 172.16.0.1
enable sntp-client
configure timezone name CET 60 autodst name CEST 60 begins every last Sunday March at 02 00 ends every last Sunday October at 03 00

The interactive mode of E2X contains How-Tos for SNMP:

# remove default SNMP credentials
disable snmp community public
disable snmp community private
disable snmpv3 default-user
disable snmpv3 default-group
configure snmp delete community readonly all
configure snmp delete community readwrite all
configure snmpv3 delete user admin
configure snmpv3 delete user initial
configure snmpv3 delete user initialmd5
configure snmpv3 delete user initialsha
configure snmpv3 delete user initialmd5Priv
configure snmpv3 delete user initialshaPriv

# configure SNMPv3
configure snmpv3 add user <USERNAME> authentication sha <AUTHPASS> privacy aes <PRIVPASS>
configure snmpv3 add group <GROUPNAME> user <USERNAME> sec-model usm
configure snmpv3 add access <GROUPNAME> sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultAdminView

I hope that gets you started with a template for EXOS.

Thanks,
Erik
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
Thank you
i also have lines like these:

#SNMP
disable snmp access (all)
configure snmpv3 delete access (all)
configure snmpv3 delete user (all)
configure snmpv3 delete group (all)

configure snmpv3 add access read_write sec-model usm write-view (only)

are these lines ok ?

you wrote :
# Basic STP config - this is incomplete!
# a newly created VLAN needs to be added

i have in my network Cisco Switchec (x20), Extreme C5 (x11), Extreme B5 (x3) and Extreme S4 (x2) switches and they dont neet no special spantree vlan... do i really need to add new vlan for  my new x440 (x6)? what is it for (Also i have Netsight Suite to manage my infrastructure)?




regards
Marek (Mark)
(Edited)
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Hi Marek,

your SNMP commands look OK.

EXOS does not use STP by default. It needs to be enabled to use it. On EXOS, VLANs and/or ports need to be added to STP to use it for this VLAN / port. The Default VLAN 1 is the only VLAN added to EXOS STP by default. You do not need to add a new VLAN for STP, but rather all new VLANs need to be added to STP.

The RADIUS and MAC auth / dot1X config can be created by ExtremeControl (formerly known as NAC).

Erik
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
Thank you

and what about these lines ?:


set igmpsnooping interfacemode ge.1.1-48 enable

set dhcpsnooping trust port lag.0.1 enable
set dhcpsnooping trust port ge.1.47-48 enable
set dhcpsnooping enable



my translation:

configure igmp snooping filters per-port
enable igmp snooping

configure trusted-ports 51-52 trust-for dhcp-server
enable ip-security dhcp-snooping vlan VLAN_0XXX ports 51-52  violation-action drop-packet

and how aobout if i would add radius servers (my 2 nac gateways)? or it will be added by nac (when i will configure SNMPv3 on switches and i will add  IPs of my new switches to NAC Console and NAC manager) ??


regards
Marek (Mark)
(Edited)
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Hi Marek,

on EXOS, IGMP snooping is enabled by default, you may not need additional configuration.

I have not tested DHCP snooping on EXOS, so I cannot comment on that part.

When adding a switch to NAC (ExtremeControl), NAC can be used to configure the RADIUS servers. After the switch is added, NAC can be used to configure authentication on the switch. This needs a working SNMP configuration.

You can add the RADIUS server configuration manually, if you prefer that.

Erik
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
Thank you very much ! :)