Solved

Configuration needed on Extreme Switch X690/X450 to be added on Netsight 8.1

  • 16 December 2018
  • 3 replies
  • 234 views

I'm new with Netsight/Extreme Management Center. I successfully installed the Netsight 8.1 VM and be able to access the the web interface. My next goal is to add all the switches on the network which compose of x690 and x450 switches. My question is, is there any additional configuration to be done on the switches to be able to add on the Netsight or be able to discover the switches like SNMP? Please provide me step by step procedure on how I can add the switches and be able to monitor them on the Netsight.
icon

Best answer by Tomasz 16 December 2018, 23:09

Hello Acevirgil,

for NetSight/XMC to be able to manage your devices, two things must comply both sides: Telnet/SSH credentials and SNMP credentials. Out of the box, there are some default accounts on EXOS switches for all those, but their security might not be satisfying for your organization. We always recommend to use SSH instead of Telnet and SNMPv3 with both authentication and privacy (encryption) instead of SNMPv1/v2c.
First of all, prepare your switch:
  • enable ssh
  • disable telnet
  • create account admin
  • configure snmpv3 add user authentication sha privacy aes
  • configure snmpv3 add group user sec-model usm
  • configure snmpv3 add access sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultAdminView"
If your device starts with 'safe defaults' script and you disabled SNMP or quit the script without drilling down the details, your SNMP access might be shut down at all. Confirm that with 'show management' and if it's disabled, do 'enable snmp access snmpv3'.
This is just for basics but rest like SNMP Traps can be set via XMC.

Once you have this set up, you can add your devices to XMC manually or by discovery. There is third option called Zero-Touch Provisioning Plus.
Before you add your devices, you must replicate what has been done on the switches. So in XMC go to Administration -> Profiles and create SNMP credentials and CLI credentials (bottom half of the page). Then combine those into a single access profile (top half of the page) and it is ready to use.
So you can go to Network, and over there just click on the menu to select 'Add device' and you specify IP address and relevant access profile.
You can also go to a site for discovery, where you have to specify range/subnet of your interest and an access profile that has to be tested against devices visible in the network. If the device is accessible with credentials from your access profile, it is assumed that's your device you want to manage. You can also set a lot of options what to do on devices that have been successfully discovered.
Details for XMC side:
https://emc.extremenetworks.com/content/oneview/docs/admin/docs/ov_admin_profiles.html
https://emc.extremenetworks.com/content/oneview/docs/network/devices/docs/ct_ov_at_add_device2.html
https://emc.extremenetworks.com/content/oneview/docs/network/devices/docs/l_ov_site_tab.htm

After all you can do many things from XMC itself: schedule backups, upgrade firmware, run scripts (CLI/TCL/Python), automate stuff (Tasks, Alarms), gather device/interface statistics for alarms and reports, configure XMC as Syslog and SNMP Trap target on a switch, configure AAA and security policies on a switch and many more. :)

Hope that helps,
Tomasz
View original

3 replies

Userlevel 5
Hello Acevirgil,

for NetSight/XMC to be able to manage your devices, two things must comply both sides: Telnet/SSH credentials and SNMP credentials. Out of the box, there are some default accounts on EXOS switches for all those, but their security might not be satisfying for your organization. We always recommend to use SSH instead of Telnet and SNMPv3 with both authentication and privacy (encryption) instead of SNMPv1/v2c.
First of all, prepare your switch:
  • enable ssh
  • disable telnet
  • create account admin
  • configure snmpv3 add user authentication sha privacy aes
  • configure snmpv3 add group user sec-model usm
  • configure snmpv3 add access sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultAdminView"
If your device starts with 'safe defaults' script and you disabled SNMP or quit the script without drilling down the details, your SNMP access might be shut down at all. Confirm that with 'show management' and if it's disabled, do 'enable snmp access snmpv3'.
This is just for basics but rest like SNMP Traps can be set via XMC.

Once you have this set up, you can add your devices to XMC manually or by discovery. There is third option called Zero-Touch Provisioning Plus.
Before you add your devices, you must replicate what has been done on the switches. So in XMC go to Administration -> Profiles and create SNMP credentials and CLI credentials (bottom half of the page). Then combine those into a single access profile (top half of the page) and it is ready to use.
So you can go to Network, and over there just click on the menu to select 'Add device' and you specify IP address and relevant access profile.
You can also go to a site for discovery, where you have to specify range/subnet of your interest and an access profile that has to be tested against devices visible in the network. If the device is accessible with credentials from your access profile, it is assumed that's your device you want to manage. You can also set a lot of options what to do on devices that have been successfully discovered.
Details for XMC side:
https://emc.extremenetworks.com/content/oneview/docs/admin/docs/ov_admin_profiles.html
https://emc.extremenetworks.com/content/oneview/docs/network/devices/docs/ct_ov_at_add_device2.html
https://emc.extremenetworks.com/content/oneview/docs/network/devices/docs/l_ov_site_tab.htm

After all you can do many things from XMC itself: schedule backups, upgrade firmware, run scripts (CLI/TCL/Python), automate stuff (Tasks, Alarms), gather device/interface statistics for alarms and reports, configure XMC as Syslog and SNMP Trap target on a switch, configure AAA and security policies on a switch and many more. :)

Hope that helps,
Tomasz
Userlevel 5
Duh, edit doesn't work in those EXOS commands those usernames and passwords were meant to be put between greater/smaller signs but the web page didn't like that.
You can always expand your knowledge on those commands and SNMP operation in general with EXOS User Guide and Command Reference:
https://www.extremenetworks.com/support/documentation/extremexos-22-6/

KR,
Tomasz
Hello Tomasz,

Thank you for providing the procedure. After following the steps, I can now add the switches successfully on XMC and see the green status on the device page.

Thanks a lot!

Reply