Header Only - DO NOT REMOVE - Extreme Networks

XOS Fabric Attached


Userlevel 5
Hi Community

I recently started playing with the Extreme Fabric Connect (Old Avaya Fabric) and some Fabric Attached XOS switches and 39xx AP's.

I have two questions/comments that I thought would be good to share here and get some feedback.

1. When I connect a default XOS (X440-g2) switch to the Fabric (Via a FA port configured on the VSP fabric swithces) I expected the management vlan and all other fabric related info, to be pushed the the XOS switch from the fabric via LLDP. This would be a typical ZTP deployment scenario.
The problem I have is with the latest version of XOS (22.4.1.4) , LLDP is not enabled by default.
The FA management vlan and all other settings is only pushed to the XOS switch once I run the "Enble LLDP ports all" command.
Comment: LLDP should be enabled by default when you unpack a new switch.

2. On the Fabric Attached XOS switch I create a vlan and map an I-SID to the vlan. This mapping is then advertised via LLDP to the Fabric and learnt accordingly.
Why can I not map a i-sid to a VMAN? surely mapping a I-Sid to a vlan should be the same as mapping it to a VMAN. A typical scenario would be if I have various tenants on a network and each tenant was a Voice,Video and Data vlan. I would like to map the tenant a single port on a XOS switch, that is mapped to a VMAN, and what ever traffic is ingressing on this port should arrive on the remote side of the fabric and egressed. (Similar to how I would map a VMAN to a VPLS service across a MPLS network).
If this client connected directly to the Fabric connect switch I would be able to Map the interface to a I-Sid (isid 1234 elan-transparent port x/x) and that would work fine, but what if I had a XOS fabric attached switch between client and Fabric?

Looking forward to some comments on Fabric 😉

14 replies

Userlevel 2
On my XOS switches LLDP is enabled by default on all ports.
Did you start from factory defaults with 22.4 or did you simply upgrade from an existing config ?

About your 2nd question.. keep in mind that the link between the FA Proxy (XOS) and the FA Server (VSP) only runs regular 802.1Q tagging. VMAN would require QinQ on that link and this is not currently supported.
The Transparent-UNI approach, if it does what you want, will only work on a Fabric Connect switch (.i.e. an SPB ISIS BEB, like the VSP) but not on a FA Proxy switch (like the XOS).
Userlevel 7
As stated by Ludo, LLDP is enabled by default since... 22.2 maybe. So a default config from that version onward will have lldp enabled on all ports. A switch, currently, is not shipped in that release, but if you have XMC, you can use ZTP+ to have that automatic upgrade to the release you need.
Userlevel 5
So I have been playing some more in my LAB.
we are running XOS 22.4 in the x440-g2 switches.

I can confirm that when I connect a default x440 to the fabric it does indeed learn the LLDP neighbor:
- Avaya/Extreme Fabric Attach element
Element Type : 4
State : 8
Management Vlan: 1000
SystemId : bc🇦🇩ab:08:f4:00
Link Info : 00-00-00-cb

The problem I have is when I create a vlan and add a ISID mapping, this is not advertised via LLDP to the fabric.
Only after I run "enable lldp ports all" does the x440 start advertising the newly created ISID service to the fabric and the output looks as follows:

- Avaya/Extreme Fabric Attach element
Element Type : 4
State : 8
Management Vlan: 1000
SystemId : bc🇦🇩ab:08:f4:00
Link Info : 00-00-00-cb

- Extreme Fabric Attach NSI/VLAN map
Status VlanID NSI
------ ------ --------
2 20 20020
Userlevel 7
Hi,

I've tested that with many beta versions and GA, also on a x440G2, and never ran into such an issue. Can you paste your VSP interface config? btw, is the x440g2 single-homed or dual-homed to the Fabric? FA authentication is disabled, correct? When you do your test, how long do you wait before re-enabling lldp?
Userlevel 5
Hi Stephane

The x440 is single port uplinked to the Fabric.

The VSP Interface connecting to the x440 looks as follows:

interface GigabitEthernet 1/12
default-vlan-id 0
no shutdown
no spanning-tree mstp force-port-state enable
fa
fa enable
no fa message-authentication
fa management i-sid 1000 c-vid 1000
exit

Yes FA Auth is disabled.

I wait for the 30 sec LLDP timer and see nothing learned regarding the VLAN and ISID mappings, I have given it over 5 minutes and nothing.

Only once I enable the lldp ports all do I see the mappings advertised via LLDP, as soon as the 30sec timer expires.

The current code version is as follows:

Primary ver: 22.4.1.4
Userlevel 7
fwiw, lldp default timer on EXOS is 120sec, instead of 30sec on VOSS. Nonetheless, you shouldn't run into such an issue. If this is not production, I would recommend to start from scratch, from a default config on EXOS. Something must be hidden somewhere in your config. Do you have some default.xsf or autoexec.xsf files doing some automatic config, or NMS pushing some config as well that might interfere?
Userlevel 2
Trying the same on VOSS vm and a 22.4 vm,
I'm struggling to find the commands to run on both the extreme and the VOSS ? Any pointers ?
Userlevel 7
on EXOS, nothing complicated:

config vlan xxxx add nsi xxxxxx

on VOSS, on the interface:

fa enable
no fa message-authentication
no shutdown
Userlevel 2
Cool any good pointers in VOSS documentation on FA and how you can incoroporate this with extreme devices ?

For instans what does this bring me in terms of functionality ?
Userlevel 2
There is a simple overview in the doc "Configuring Fabric Basics and Layer 2
Services on VSP Operating System Software"

But essentially FA gives you these benefits:
- Ability to connect an FA Client device (e.g. ExtremeWireless AP) to the XOS switch, and not needing to configure any VLANs for it; not only onboarding the AP, but when the AP gets configured for new SSIDs the AP can on its own request the VLAN:ISID from the XOS switch, which can signal that back to the Fabric Connect FA Server. So no need to configure any VLANs on XOS.
- Ability to do Network Access Control and use new FA RADIUS attributes which instead of placing users on VLANs can place users directly on VLAN:ISID service (bindings); again no need to manage the XOS with VLANs.
- Or simply ability to manually attach an edge device to a VLAN:ISID; in this case one configures the VLAN, assigns the I-SID and adds the VLAN to the access port; in this cased you are only gaining that you don't need to manage the XOS uplinks into the FA Server.
Userlevel 2
Thank you for this , it's a bit clearer now what I could gain from doing this.
Hello All,

For those who have been able to attach an exos to fabric, please help 🙂

I have all Fabric configured on the Avaya side, I enabled FA on my SMLT (It's a trunk).

on Exos is where I am wondering how to add a vlan. on Avaya, if I add a fabric attached VLAN, it auto creates VLAN and then adds it to the fabric attached ports.

on EXOS, it looks like I have to create the vlan, then config it with the nsi, which I did:

450TEST.27 # show vlan fabric attach assignments
Fabric Attach Mode: Proxy
Port VLAN VLAN Name Type ISID/NSI Status
------- ---- -------------------------------- ------- -------- --------
3 VLAN_0003 Static 70003 Pending

How about the attaching of the fabric on the ports on exos, don't I have to do that first? LLDP is enabled on both of my ports that are running sharing:

LLDP-MED fast start repeat count : 3
LLDP Port Configuration:
Port Rx Tx SNMP --- Optional enabled transmit TLVs --
Mode Mode Notification LLDP 802.1 802.3 MED AvEx DCBX

47 Enabled Enabled -- PNDCM --- ---- ---- ---- --
48 Enabled Enabled -- PNDCM --- ---- ---- ---- --

Is there any article on how to fabric attach on EXOS that I can refer to?

Does the new software 22.5.1 support zero touch fabric attach to get the mgmt vlan?

Thanks,
Userlevel 7
Hi,

on EXOS, you'll need to create the VLAN then specify an I-SID (NSI) so that it will be configured on the Fabric. The EXOS config can be manual or dynamic through NAC or Policy, for example. Don't forget to do a "no fa message-authentication" on Avaya side.
Thanks, that works.

Is message auth something you are working to support, Avaya comes standard with it enabled...

Also, for the FA MGMT VLAN, will it automatically create the MGMT VLAN and try DHCP on it? That part is not working for me.

Thanks,

Reply