cancel
Showing results for 
Search instead for 
Did you mean: 

Does anyone have a template configuration for a EXOS switch?

Does anyone have a template configuration for a EXOS switch?

N3Tw0rk1
New Contributor

Does anyone have a template configuration for a EXOS switch?  Historically speaking,  I was a Cisco guy.  I’m trying to learn EXOS and would like a template configuration if anyone has one.  May as well through in a Extreme Networks Router Template too if you have one.

1 ACCEPTED SOLUTION

Miguel-Angel_RO
Valued Contributor II

Hi N3Tw0rk1,

Here an example of template to be adapted for your needs:

# SNMP

configure snmp sysName SWITCH-NAME

configure snmp sysContact MyCONTACT

# timezone

configure timezone name CET 60 autodst name CEST begins every last sunday march at 2 0 ends every last sunday october at 3 0

create qosprofile "QP2

create qosprofile "QP3

create qosprofile "QP4

create qosprofile "QP5

create qosprofile "QP6

create qosprofile "QP7

create ports group "Default (IRL.1)

create ports group "Default (TXQ.0)

configure ports group "Default (IRL.1)" add 1-22,23-24

configure ports group "Default (TXQ.0)" add 1-22,23-24

# management VLAN

configure vlan default delete ports all

create vlan RouterVLAN

configure vlan RouterVLAN description RouterVLAN

configure vlan RouterVLAN tag 3

configure vlan RouterVLAN ipaddress 10.200.3.1 255.255.255.0

disable ipforwarding vlan RouterVLAN

# stp

disable stpd s0

configure stpd bpdu-forwarding on

enable stpd s0

create vlan VoiceVLAN tag 2

configure vlan VoiceVLAN add nsi 1200002

enable stpd s0 auto-bind VoiceVLAN

create vlan WKS tag 4

configure vlan WKS add nsi 1200004

enable stpd s0 auto-bind WKS

enable stpd s0 auto-bind IP_TV

configure vlan VoiceVLAN add ports 1-2 tagged

configure vlan WKS add ports 7-8 untagged

configure ports 1-2 description-string IP-PHONE

configure ports 7-8 description-string WORKSTATION

configure stpd s0 ports auto-edge on 1-22

configure stpd s0 ports edge-safeguard enable 1-22 bpdu-restrict

# default route

configure iproute add default 10.200.3.254

# Multicast rate limit

# on all ports except uplink

configure ports 23-24 rate-limit flood broadcast 10000

configure ports 23-24 rate-limit flood multicast 10000

configure ports 23-24 rate-limit flood unknown-destmac 10000

configure ports 1-22 rate-limit flood broadcast 500

configure ports 1-22 rate-limit flood multicast 500

# Sharing

enable sharing 23 grouping 23-24 algorithm address-based L2 lacp

# QoS

configure qosscheduler strict-priority ports "Default (TXQ.0)

configure ports group "Default (TXQ.0)" delete 23

configure qosscheduler strict-priority ports 23

configure qosprofile QP1 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP2 maxbuffer 100 weight 1

configure qosprofile QP2 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP3 maxbuffer 100 weight 1

configure qosprofile QP3 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP4 maxbuffer 100 weight 1

configure qosprofile QP4 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP5 maxbuffer 100 weight 1

configure qosprofile QP5 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP6 maxbuffer 100 weight 1

configure qosprofile QP6 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP7 maxbuffer 100 weight 1

configure qosprofile QP7 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP8 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure dot1p type 0 qosprofile QP1 ingress-meter ingmeter0

configure dot1p type 1 qosprofile QP2 ingress-meter ingmeter1

configure dot1p type 2 qosprofile QP3 ingress-meter ingmeter2

configure dot1p type 3 qosprofile QP4 ingress-meter ingmeter3

configure dot1p type 4 qosprofile QP5 ingress-meter ingmeter4

configure dot1p type 5 qosprofile QP6 ingress-meter ingmeter5

configure dot1p type 6 qosprofile QP7 ingress-meter ingmeter6

configure dot1p type 7 qosprofile QP8 ingress-meter ingmeter7

configure cos-index 8 qosprofile QP4 replace-tos 64

# Module mcmgr configuration.

configure igmp snooping filters per-vlan

# netlogin

configure netlogin port 23 authentication mode optional

# Module aaa configuration.

configure radius 1 server 10.250.250.10 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret

configure radius 1 timeout 10

configure radius 1 retries 3

configure radius 2 server 10.250.251.11 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2

configure radius 2 timeout 10

configure radius 2 retries 3

configure radius-accounting 1 server 10.250.1.81 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2

configure radius-accounting 1 timeout 10

configure radius-accounting 2 server 10.250.1.91 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2

configure radius-accounting 2 timeout 10

enable radius

disable radius mgmt-access

enable radius netlogin

enable radius-accounting

enable radius-accounting netlogin

# Module dosprotect configuration.

enable dos-protect simulated

# SSLP-guard config

# on all ports except uplink

enable slpp guard ports 1-22

configure slpp guard ports 1-22 recovery-timeout none

# SSH2

enable ssh2

y

# LLDP

configure lldp ports all advertise port-description

configure lldp ports all advertise system-name

configure lldp ports all advertise system-capabilities

configure lldp ports all advertise management-address

configure lldp port all advertise vendor-specific dot1 port-vlan-id

configure lldp port all advertise vendor-specific dot1 port-protocol-vlan-id

configure lldp port all advertise vendor-specific dot1 vlan-name

configure lldp port all advertise vendor-specific med capabilities

configure lldp port 1-22 advertise vendor-specific med power-via-mdi

# LLDP-MED

configure lldp port 1-22 advertise vendor-specific med capabilities

configure lldp port 1-22 advertise vendor-specific dot1 vlan-name

configure lldp port 1-22 advertise vendor-specific med power-via-mdi

configure lldp port 1-22 advertise vendor-specific med policy application voice vlan VoiceVLAN dscp 46

configure lldp port 1-22 advertise vendor-specific dot1 port-protocol-vlan-id

enable lldp ports all

configure fabric attach ports 23-24 authentication key

azertyuiop

azertyuiop

configure fabric attach ports 23-24 authentication enable

configure vlan 3 add nsi 1200003

# netlogin

configure policy maptable response tunnel

configure policy vlanauthorization enable

enable policy

enable netlogin dot1x mac

configure netlogin authentication protocol-order dot1x mac web-based cep

enable netlogin ports 1-22 dot1x

enable netlogin ports 1-22 mac

configure netlogin add mac-list default

configure netlogin ports 1-22 allowed-users 3

configure netlogin ports 1-22 authentication mode optional

configure netlogin ports 1-22 restart

configure netlogin authentication service-unavailable add vlan InternetVLAN ports 1-22 untagged

enable netlogin authentication service-unavailable vlan ports 1-22

configure netlogin ports 1-22 authentication mode optional

disable netlogin ports 2,4,6,8,10,12,14,16,20,22 dot1x mac web-based

# DNS

configure dns-client add name-server 10.250.1.1 vr VR-Default

configure dns-client add name-server 10.250.1.2 vr VR-Default

configure dns-client default-domain zorg.local

# enable PoE

enable inline-power 1-22

enable inline-power

# nodealias

# on all ports except uplink

enable nodealias ports all

disable nodealias ports 23-24

# ntp

enable ntp vr VR-Default

enable ntp vlan RouterVLAN

configure ntp server add 10.250.200.2 vr VR-Default

configure ntp server add 10.250.190.1 vr VR-Default

# SNMP

configure snmpv3 add user snmp_you authentication sha SHA-SECRET aes AES-SECRET

configure snmpv3 add group snmpv3Write user snmp_you sec-model usm

configure snmpv3 add access snmpv3Write sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultadminView

disable snmp access snmp-v1v2c

enable snmp access snmpv3

enable snmp access

# IGMP snooping

configure igmp snooping filters per-vlan

# set admin's account password

configure account admin password

aaadmin

aaadmin

save configuration

y

And check this : https://extremeportal.force.com/ExtrArticleDetail?an=000081953&q=failsafe%20account

Regards,

Mig

 

View solution in original post

3 REPLIES 3

N3Tw0rk1
New Contributor

Guys,

 

     Thank you!!

 

Miguel-Angel_RO
Valued Contributor II

Hi N3Tw0rk1,

Here an example of template to be adapted for your needs:

# SNMP

configure snmp sysName SWITCH-NAME

configure snmp sysContact MyCONTACT

# timezone

configure timezone name CET 60 autodst name CEST begins every last sunday march at 2 0 ends every last sunday october at 3 0

create qosprofile "QP2

create qosprofile "QP3

create qosprofile "QP4

create qosprofile "QP5

create qosprofile "QP6

create qosprofile "QP7

create ports group "Default (IRL.1)

create ports group "Default (TXQ.0)

configure ports group "Default (IRL.1)" add 1-22,23-24

configure ports group "Default (TXQ.0)" add 1-22,23-24

# management VLAN

configure vlan default delete ports all

create vlan RouterVLAN

configure vlan RouterVLAN description RouterVLAN

configure vlan RouterVLAN tag 3

configure vlan RouterVLAN ipaddress 10.200.3.1 255.255.255.0

disable ipforwarding vlan RouterVLAN

# stp

disable stpd s0

configure stpd bpdu-forwarding on

enable stpd s0

create vlan VoiceVLAN tag 2

configure vlan VoiceVLAN add nsi 1200002

enable stpd s0 auto-bind VoiceVLAN

create vlan WKS tag 4

configure vlan WKS add nsi 1200004

enable stpd s0 auto-bind WKS

enable stpd s0 auto-bind IP_TV

configure vlan VoiceVLAN add ports 1-2 tagged

configure vlan WKS add ports 7-8 untagged

configure ports 1-2 description-string IP-PHONE

configure ports 7-8 description-string WORKSTATION

configure stpd s0 ports auto-edge on 1-22

configure stpd s0 ports edge-safeguard enable 1-22 bpdu-restrict

# default route

configure iproute add default 10.200.3.254

# Multicast rate limit

# on all ports except uplink

configure ports 23-24 rate-limit flood broadcast 10000

configure ports 23-24 rate-limit flood multicast 10000

configure ports 23-24 rate-limit flood unknown-destmac 10000

configure ports 1-22 rate-limit flood broadcast 500

configure ports 1-22 rate-limit flood multicast 500

# Sharing

enable sharing 23 grouping 23-24 algorithm address-based L2 lacp

# QoS

configure qosscheduler strict-priority ports "Default (TXQ.0)

configure ports group "Default (TXQ.0)" delete 23

configure qosscheduler strict-priority ports 23

configure qosprofile QP1 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP2 maxbuffer 100 weight 1

configure qosprofile QP2 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP3 maxbuffer 100 weight 1

configure qosprofile QP3 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP4 maxbuffer 100 weight 1

configure qosprofile QP4 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP5 maxbuffer 100 weight 1

configure qosprofile QP5 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP6 maxbuffer 100 weight 1

configure qosprofile QP6 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP7 maxbuffer 100 weight 1

configure qosprofile QP7 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure qosprofile QP8 maxbuffer 100 weight 1 ports "Default (TXQ.0)

configure dot1p type 0 qosprofile QP1 ingress-meter ingmeter0

configure dot1p type 1 qosprofile QP2 ingress-meter ingmeter1

configure dot1p type 2 qosprofile QP3 ingress-meter ingmeter2

configure dot1p type 3 qosprofile QP4 ingress-meter ingmeter3

configure dot1p type 4 qosprofile QP5 ingress-meter ingmeter4

configure dot1p type 5 qosprofile QP6 ingress-meter ingmeter5

configure dot1p type 6 qosprofile QP7 ingress-meter ingmeter6

configure dot1p type 7 qosprofile QP8 ingress-meter ingmeter7

configure cos-index 8 qosprofile QP4 replace-tos 64

# Module mcmgr configuration.

configure igmp snooping filters per-vlan

# netlogin

configure netlogin port 23 authentication mode optional

# Module aaa configuration.

configure radius 1 server 10.250.250.10 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret

configure radius 1 timeout 10

configure radius 1 retries 3

configure radius 2 server 10.250.251.11 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2

configure radius 2 timeout 10

configure radius 2 retries 3

configure radius-accounting 1 server 10.250.1.81 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2

configure radius-accounting 1 timeout 10

configure radius-accounting 2 server 10.250.1.91 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2

configure radius-accounting 2 timeout 10

enable radius

disable radius mgmt-access

enable radius netlogin

enable radius-accounting

enable radius-accounting netlogin

# Module dosprotect configuration.

enable dos-protect simulated

# SSLP-guard config

# on all ports except uplink

enable slpp guard ports 1-22

configure slpp guard ports 1-22 recovery-timeout none

# SSH2

enable ssh2

y

# LLDP

configure lldp ports all advertise port-description

configure lldp ports all advertise system-name

configure lldp ports all advertise system-capabilities

configure lldp ports all advertise management-address

configure lldp port all advertise vendor-specific dot1 port-vlan-id

configure lldp port all advertise vendor-specific dot1 port-protocol-vlan-id

configure lldp port all advertise vendor-specific dot1 vlan-name

configure lldp port all advertise vendor-specific med capabilities

configure lldp port 1-22 advertise vendor-specific med power-via-mdi

# LLDP-MED

configure lldp port 1-22 advertise vendor-specific med capabilities

configure lldp port 1-22 advertise vendor-specific dot1 vlan-name

configure lldp port 1-22 advertise vendor-specific med power-via-mdi

configure lldp port 1-22 advertise vendor-specific med policy application voice vlan VoiceVLAN dscp 46

configure lldp port 1-22 advertise vendor-specific dot1 port-protocol-vlan-id

enable lldp ports all

configure fabric attach ports 23-24 authentication key

azertyuiop

azertyuiop

configure fabric attach ports 23-24 authentication enable

configure vlan 3 add nsi 1200003

# netlogin

configure policy maptable response tunnel

configure policy vlanauthorization enable

enable policy

enable netlogin dot1x mac

configure netlogin authentication protocol-order dot1x mac web-based cep

enable netlogin ports 1-22 dot1x

enable netlogin ports 1-22 mac

configure netlogin add mac-list default

configure netlogin ports 1-22 allowed-users 3

configure netlogin ports 1-22 authentication mode optional

configure netlogin ports 1-22 restart

configure netlogin authentication service-unavailable add vlan InternetVLAN ports 1-22 untagged

enable netlogin authentication service-unavailable vlan ports 1-22

configure netlogin ports 1-22 authentication mode optional

disable netlogin ports 2,4,6,8,10,12,14,16,20,22 dot1x mac web-based

# DNS

configure dns-client add name-server 10.250.1.1 vr VR-Default

configure dns-client add name-server 10.250.1.2 vr VR-Default

configure dns-client default-domain zorg.local

# enable PoE

enable inline-power 1-22

enable inline-power

# nodealias

# on all ports except uplink

enable nodealias ports all

disable nodealias ports 23-24

# ntp

enable ntp vr VR-Default

enable ntp vlan RouterVLAN

configure ntp server add 10.250.200.2 vr VR-Default

configure ntp server add 10.250.190.1 vr VR-Default

# SNMP

configure snmpv3 add user snmp_you authentication sha SHA-SECRET aes AES-SECRET

configure snmpv3 add group snmpv3Write user snmp_you sec-model usm

configure snmpv3 add access snmpv3Write sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultadminView

disable snmp access snmp-v1v2c

enable snmp access snmpv3

enable snmp access

# IGMP snooping

configure igmp snooping filters per-vlan

# set admin's account password

configure account admin password

aaadmin

aaadmin

save configuration

y

And check this : https://extremeportal.force.com/ExtrArticleDetail?an=000081953&q=failsafe%20account

Regards,

Mig

 

GTM-P2G8KFN