XOS Fabric Attached

  • 0
  • 1
  • Question
  • Updated 1 week ago
  • (Edited)
Hi Community

I recently started playing with the Extreme Fabric Connect (Old Avaya Fabric) and some Fabric Attached XOS switches and 39xx AP's.

I have two questions/comments that I thought would be good to share here and get some feedback.

1. When I connect a default XOS (X440-g2) switch to the Fabric (Via a FA port configured on the VSP fabric swithces) I expected the management vlan and all other fabric related info, to be pushed the the XOS switch from the fabric via LLDP. This would be a typical ZTP deployment scenario.
The problem I have is with the latest version of XOS (22.4.1.4) , LLDP is not enabled by default.
The FA management vlan and all other settings is only pushed to the XOS switch once I run the "Enble LLDP ports all" command.
Comment: LLDP should be enabled by default when you unpack a new switch.

2. On the Fabric Attached XOS switch I create a vlan and map an I-SID to the vlan. This mapping is then advertised via LLDP to the Fabric and learnt accordingly.
Why can I not map a i-sid to a VMAN? surely mapping a I-Sid to a vlan should be the same as mapping it to a VMAN. A typical scenario would be if I have various tenants on a network and each tenant was a Voice,Video and Data vlan. I would like to map the tenant a single port on a XOS switch, that is mapped to a VMAN, and what ever traffic is ingressing on this port should arrive on the remote side of the fabric and egressed. (Similar to how I would map a VMAN to a VPLS service across a MPLS network).
If this client connected directly to the Fabric connect switch I would be able to Map the interface to a I-Sid (isid 1234 elan-transparent port x/x) and that would work fine, but what if I had a XOS fabric attached switch between client and Fabric?

Looking forward to some comments on Fabric ;)
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 4,888 Points 4k badge 2x thumb

Posted 1 month ago

  • 0
  • 1
Photo of Ludovico Stevens

Ludovico Stevens, Employee

  • 170 Points 100 badge 2x thumb
On my XOS switches LLDP is enabled by default on all ports.
Did you start from factory defaults with 22.4 or did you simply upgrade from an existing config ?

About your 2nd question.. keep in mind that the link between the FA Proxy (XOS) and the FA Server (VSP) only runs regular 802.1Q tagging. VMAN would require QinQ on that link and this is not currently supported.
The Transparent-UNI approach, if it does what you want, will only work on a Fabric Connect switch (.i.e. an SPB ISIS BEB, like the VSP) but not on a FA Proxy switch (like the XOS).
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,302 Points 10k badge 2x thumb
As stated by Ludo, LLDP is enabled by default since... 22.2 maybe. So a default config from that version onward will have lldp enabled on all ports. A switch, currently, is not shipped in that release, but if you have XMC, you can use ZTP+ to have that automatic upgrade to the release you need.
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 4,888 Points 4k badge 2x thumb
So I have been playing some more in my LAB.
we are running XOS  22.4 in the x440-g2 switches.

I can confirm that when I connect a default x440 to the fabric it does indeed learn the LLDP neighbor:
    - Avaya/Extreme Fabric Attach element
      Element Type   : 4
      State          : 8
      Management Vlan: 1000
      SystemId       : bc:ad:ab:08:f4:00
      Link Info      : 00-00-00-cb

The problem I have is when I create a vlan and add a ISID mapping, this is not advertised via LLDP to the fabric.
Only after I run "enable lldp ports all" does the x440 start advertising the newly created ISID service to the fabric and the output looks as follows:

    - Avaya/Extreme Fabric Attach element
      Element Type   : 4
      State          : 8
      Management Vlan: 1000
      SystemId       : bc:ad:ab:08:f4:00
      Link Info      : 00-00-00-cb

    - Extreme Fabric Attach NSI/VLAN map
    Status  VlanID  NSI
    ------  ------  --------
         2      20     20020
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,302 Points 10k badge 2x thumb
Hi,

I've tested that with many beta versions and GA, also on a x440G2, and never ran into such an issue. Can you paste your VSP interface config? btw, is the x440g2 single-homed or dual-homed to the Fabric? FA authentication is disabled, correct? When you do your test, how long do you wait before re-enabling lldp?
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 4,888 Points 4k badge 2x thumb
Hi Stephane

The x440 is single port uplinked to the Fabric.

The VSP Interface connecting to the x440 looks as follows:

interface GigabitEthernet 1/12
default-vlan-id 0
no shutdown
no spanning-tree mstp  force-port-state enable
fa
fa enable
no fa message-authentication
fa management i-sid 1000 c-vid 1000
exit

Yes FA Auth is disabled.

I wait for the 30 sec LLDP timer and see nothing learned regarding the VLAN and ISID mappings, I have given it over 5 minutes and nothing.

Only once I enable the lldp ports all do I see the mappings advertised via LLDP, as soon as the 30sec timer expires.

The current code version is as follows:

Primary ver:      22.4.1.4
(Edited)
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,302 Points 10k badge 2x thumb
fwiw, lldp default timer on EXOS is 120sec, instead of 30sec on VOSS. Nonetheless, you shouldn't run into such an issue. If this is not production, I would recommend to start from scratch, from a default config on EXOS. Something must be hidden somewhere in your config. Do you have some default.xsf or autoexec.xsf files doing some automatic config, or NMS pushing some config as well that might interfere?
Photo of andreas

andreas

  • 1,218 Points 1k badge 2x thumb
Trying the same on VOSS vm and a 22.4 vm, 
I'm struggling to find the commands  to run on both the extreme and the VOSS ? Any pointers ? 
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,302 Points 10k badge 2x thumb
on EXOS, nothing complicated:

config vlan xxxx add nsi xxxxxx

on VOSS, on the interface:

fa enable
no fa message-authentication
no shutdown
Photo of andreas

andreas

  • 1,218 Points 1k badge 2x thumb
Cool any good pointers in VOSS documentation on FA and how you can incoroporate this with extreme devices ? 


For instans what does this bring me in terms of functionality ? 
Photo of Ludovico Stevens

Ludovico Stevens, Employee

  • 170 Points 100 badge 2x thumb
There is a simple overview in the doc "Configuring Fabric Basics and Layer 2
Services on VSP Operating System Software"

But essentially FA gives you these benefits:
- Ability to connect an FA Client device (e.g. ExtremeWireless AP) to the XOS switch, and not needing to configure any VLANs for it; not only onboarding the AP, but when the AP gets configured for new SSIDs the AP can on its own request the VLAN:ISID from the XOS switch, which can signal that back to the Fabric Connect FA Server. So no need to configure any VLANs on XOS.
- Ability to do Network Access Control and use new FA RADIUS attributes which instead of placing users on VLANs can place users directly on VLAN:ISID service (bindings); again no need to manage the XOS with VLANs.
- Or simply ability to manually attach an edge device to a VLAN:ISID; in this case one configures the VLAN, assigns the I-SID and adds the VLAN to the access port; in this cased you are only gaining that you don't need to manage the XOS uplinks into the FA Server.
Photo of andreas

andreas

  • 1,218 Points 1k badge 2x thumb
Thank you for this ,  it's a bit clearer now what I could gain from doing this.