06-07-2021 08:15 PM
Does anyone have a template configuration for a EXOS switch? Historically speaking, I was a Cisco guy. I’m trying to learn EXOS and would like a template configuration if anyone has one. May as well through in a Extreme Networks Router Template too if you have one.
Solved! Go to Solution.
06-08-2021 11:51 AM
Hi N3Tw0rk1,
Here an example of template to be adapted for your needs:
# SNMP
configure snmp sysName SWITCH-NAME
configure snmp sysContact MyCONTACT
# timezone
configure timezone name CET 60 autodst name CEST begins every last sunday march at 2 0 ends every last sunday october at 3 0
create qosprofile "QP2
create qosprofile "QP3
create qosprofile "QP4
create qosprofile "QP5
create qosprofile "QP6
create qosprofile "QP7
create ports group "Default (IRL.1)
create ports group "Default (TXQ.0)
configure ports group "Default (IRL.1)" add 1-22,23-24
configure ports group "Default (TXQ.0)" add 1-22,23-24
# management VLAN
configure vlan default delete ports all
create vlan RouterVLAN
configure vlan RouterVLAN description RouterVLAN
configure vlan RouterVLAN tag 3
configure vlan RouterVLAN ipaddress 10.200.3.1 255.255.255.0
disable ipforwarding vlan RouterVLAN
# stp
disable stpd s0
configure stpd bpdu-forwarding on
enable stpd s0
create vlan VoiceVLAN tag 2
configure vlan VoiceVLAN add nsi 1200002
enable stpd s0 auto-bind VoiceVLAN
create vlan WKS tag 4
configure vlan WKS add nsi 1200004
enable stpd s0 auto-bind WKS
enable stpd s0 auto-bind IP_TV
configure vlan VoiceVLAN add ports 1-2 tagged
configure vlan WKS add ports 7-8 untagged
configure ports 1-2 description-string IP-PHONE
configure ports 7-8 description-string WORKSTATION
configure stpd s0 ports auto-edge on 1-22
configure stpd s0 ports edge-safeguard enable 1-22 bpdu-restrict
# default route
configure iproute add default 10.200.3.254
# Multicast rate limit
# on all ports except uplink
configure ports 23-24 rate-limit flood broadcast 10000
configure ports 23-24 rate-limit flood multicast 10000
configure ports 23-24 rate-limit flood unknown-destmac 10000
configure ports 1-22 rate-limit flood broadcast 500
configure ports 1-22 rate-limit flood multicast 500
# Sharing
enable sharing 23 grouping 23-24 algorithm address-based L2 lacp
# QoS
configure qosscheduler strict-priority ports "Default (TXQ.0)
configure ports group "Default (TXQ.0)" delete 23
configure qosscheduler strict-priority ports 23
configure qosprofile QP1 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP2 maxbuffer 100 weight 1
configure qosprofile QP2 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP3 maxbuffer 100 weight 1
configure qosprofile QP3 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP4 maxbuffer 100 weight 1
configure qosprofile QP4 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP5 maxbuffer 100 weight 1
configure qosprofile QP5 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP6 maxbuffer 100 weight 1
configure qosprofile QP6 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP7 maxbuffer 100 weight 1
configure qosprofile QP7 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP8 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure dot1p type 0 qosprofile QP1 ingress-meter ingmeter0
configure dot1p type 1 qosprofile QP2 ingress-meter ingmeter1
configure dot1p type 2 qosprofile QP3 ingress-meter ingmeter2
configure dot1p type 3 qosprofile QP4 ingress-meter ingmeter3
configure dot1p type 4 qosprofile QP5 ingress-meter ingmeter4
configure dot1p type 5 qosprofile QP6 ingress-meter ingmeter5
configure dot1p type 6 qosprofile QP7 ingress-meter ingmeter6
configure dot1p type 7 qosprofile QP8 ingress-meter ingmeter7
configure cos-index 8 qosprofile QP4 replace-tos 64
# Module mcmgr configuration.
configure igmp snooping filters per-vlan
# netlogin
configure netlogin port 23 authentication mode optional
# Module aaa configuration.
configure radius 1 server 10.250.250.10 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret
configure radius 1 timeout 10
configure radius 1 retries 3
configure radius 2 server 10.250.251.11 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2
configure radius 2 timeout 10
configure radius 2 retries 3
configure radius-accounting 1 server 10.250.1.81 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2
configure radius-accounting 1 timeout 10
configure radius-accounting 2 server 10.250.1.91 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2
configure radius-accounting 2 timeout 10
enable radius
disable radius mgmt-access
enable radius netlogin
enable radius-accounting
enable radius-accounting netlogin
# Module dosprotect configuration.
enable dos-protect simulated
# SSLP-guard config
# on all ports except uplink
enable slpp guard ports 1-22
configure slpp guard ports 1-22 recovery-timeout none
# SSH2
enable ssh2
y
# LLDP
configure lldp ports all advertise port-description
configure lldp ports all advertise system-name
configure lldp ports all advertise system-capabilities
configure lldp ports all advertise management-address
configure lldp port all advertise vendor-specific dot1 port-vlan-id
configure lldp port all advertise vendor-specific dot1 port-protocol-vlan-id
configure lldp port all advertise vendor-specific dot1 vlan-name
configure lldp port all advertise vendor-specific med capabilities
configure lldp port 1-22 advertise vendor-specific med power-via-mdi
# LLDP-MED
configure lldp port 1-22 advertise vendor-specific med capabilities
configure lldp port 1-22 advertise vendor-specific dot1 vlan-name
configure lldp port 1-22 advertise vendor-specific med power-via-mdi
configure lldp port 1-22 advertise vendor-specific med policy application voice vlan VoiceVLAN dscp 46
configure lldp port 1-22 advertise vendor-specific dot1 port-protocol-vlan-id
enable lldp ports all
configure fabric attach ports 23-24 authentication key
azertyuiop
azertyuiop
configure fabric attach ports 23-24 authentication enable
configure vlan 3 add nsi 1200003
# netlogin
configure policy maptable response tunnel
configure policy vlanauthorization enable
enable policy
enable netlogin dot1x mac
configure netlogin authentication protocol-order dot1x mac web-based cep
enable netlogin ports 1-22 dot1x
enable netlogin ports 1-22 mac
configure netlogin add mac-list default
configure netlogin ports 1-22 allowed-users 3
configure netlogin ports 1-22 authentication mode optional
configure netlogin ports 1-22 restart
configure netlogin authentication service-unavailable add vlan InternetVLAN ports 1-22 untagged
enable netlogin authentication service-unavailable vlan ports 1-22
configure netlogin ports 1-22 authentication mode optional
disable netlogin ports 2,4,6,8,10,12,14,16,20,22 dot1x mac web-based
# DNS
configure dns-client add name-server 10.250.1.1 vr VR-Default
configure dns-client add name-server 10.250.1.2 vr VR-Default
configure dns-client default-domain zorg.local
# enable PoE
enable inline-power 1-22
enable inline-power
# nodealias
# on all ports except uplink
enable nodealias ports all
disable nodealias ports 23-24
# ntp
enable ntp vr VR-Default
enable ntp vlan RouterVLAN
configure ntp server add 10.250.200.2 vr VR-Default
configure ntp server add 10.250.190.1 vr VR-Default
# SNMP
configure snmpv3 add user snmp_you authentication sha SHA-SECRET aes AES-SECRET
configure snmpv3 add group snmpv3Write user snmp_you sec-model usm
configure snmpv3 add access snmpv3Write sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultadminView
disable snmp access snmp-v1v2c
enable snmp access snmpv3
enable snmp access
# IGMP snooping
configure igmp snooping filters per-vlan
# set admin's account password
configure account admin password
aaadmin
aaadmin
save configuration
y
And check this : https://extremeportal.force.com/ExtrArticleDetail?an=000081953&q=failsafe%20account
Regards,
Mig
06-08-2021 12:14 PM
Guys,
Thank you!!
06-08-2021 11:51 AM
Hi N3Tw0rk1,
Here an example of template to be adapted for your needs:
# SNMP
configure snmp sysName SWITCH-NAME
configure snmp sysContact MyCONTACT
# timezone
configure timezone name CET 60 autodst name CEST begins every last sunday march at 2 0 ends every last sunday october at 3 0
create qosprofile "QP2
create qosprofile "QP3
create qosprofile "QP4
create qosprofile "QP5
create qosprofile "QP6
create qosprofile "QP7
create ports group "Default (IRL.1)
create ports group "Default (TXQ.0)
configure ports group "Default (IRL.1)" add 1-22,23-24
configure ports group "Default (TXQ.0)" add 1-22,23-24
# management VLAN
configure vlan default delete ports all
create vlan RouterVLAN
configure vlan RouterVLAN description RouterVLAN
configure vlan RouterVLAN tag 3
configure vlan RouterVLAN ipaddress 10.200.3.1 255.255.255.0
disable ipforwarding vlan RouterVLAN
# stp
disable stpd s0
configure stpd bpdu-forwarding on
enable stpd s0
create vlan VoiceVLAN tag 2
configure vlan VoiceVLAN add nsi 1200002
enable stpd s0 auto-bind VoiceVLAN
create vlan WKS tag 4
configure vlan WKS add nsi 1200004
enable stpd s0 auto-bind WKS
enable stpd s0 auto-bind IP_TV
configure vlan VoiceVLAN add ports 1-2 tagged
configure vlan WKS add ports 7-8 untagged
configure ports 1-2 description-string IP-PHONE
configure ports 7-8 description-string WORKSTATION
configure stpd s0 ports auto-edge on 1-22
configure stpd s0 ports edge-safeguard enable 1-22 bpdu-restrict
# default route
configure iproute add default 10.200.3.254
# Multicast rate limit
# on all ports except uplink
configure ports 23-24 rate-limit flood broadcast 10000
configure ports 23-24 rate-limit flood multicast 10000
configure ports 23-24 rate-limit flood unknown-destmac 10000
configure ports 1-22 rate-limit flood broadcast 500
configure ports 1-22 rate-limit flood multicast 500
# Sharing
enable sharing 23 grouping 23-24 algorithm address-based L2 lacp
# QoS
configure qosscheduler strict-priority ports "Default (TXQ.0)
configure ports group "Default (TXQ.0)" delete 23
configure qosscheduler strict-priority ports 23
configure qosprofile QP1 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP2 maxbuffer 100 weight 1
configure qosprofile QP2 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP3 maxbuffer 100 weight 1
configure qosprofile QP3 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP4 maxbuffer 100 weight 1
configure qosprofile QP4 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP5 maxbuffer 100 weight 1
configure qosprofile QP5 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP6 maxbuffer 100 weight 1
configure qosprofile QP6 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP7 maxbuffer 100 weight 1
configure qosprofile QP7 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure qosprofile QP8 maxbuffer 100 weight 1 ports "Default (TXQ.0)
configure dot1p type 0 qosprofile QP1 ingress-meter ingmeter0
configure dot1p type 1 qosprofile QP2 ingress-meter ingmeter1
configure dot1p type 2 qosprofile QP3 ingress-meter ingmeter2
configure dot1p type 3 qosprofile QP4 ingress-meter ingmeter3
configure dot1p type 4 qosprofile QP5 ingress-meter ingmeter4
configure dot1p type 5 qosprofile QP6 ingress-meter ingmeter5
configure dot1p type 6 qosprofile QP7 ingress-meter ingmeter6
configure dot1p type 7 qosprofile QP8 ingress-meter ingmeter7
configure cos-index 8 qosprofile QP4 replace-tos 64
# Module mcmgr configuration.
configure igmp snooping filters per-vlan
# netlogin
configure netlogin port 23 authentication mode optional
# Module aaa configuration.
configure radius 1 server 10.250.250.10 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret
configure radius 1 timeout 10
configure radius 1 retries 3
configure radius 2 server 10.250.251.11 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2
configure radius 2 timeout 10
configure radius 2 retries 3
configure radius-accounting 1 server 10.250.1.81 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2
configure radius-accounting 1 timeout 10
configure radius-accounting 2 server 10.250.1.91 client-ip 10.200.3.1 vr VR-Default shared-secret Your-shared-secret!2
configure radius-accounting 2 timeout 10
enable radius
disable radius mgmt-access
enable radius netlogin
enable radius-accounting
enable radius-accounting netlogin
# Module dosprotect configuration.
enable dos-protect simulated
# SSLP-guard config
# on all ports except uplink
enable slpp guard ports 1-22
configure slpp guard ports 1-22 recovery-timeout none
# SSH2
enable ssh2
y
# LLDP
configure lldp ports all advertise port-description
configure lldp ports all advertise system-name
configure lldp ports all advertise system-capabilities
configure lldp ports all advertise management-address
configure lldp port all advertise vendor-specific dot1 port-vlan-id
configure lldp port all advertise vendor-specific dot1 port-protocol-vlan-id
configure lldp port all advertise vendor-specific dot1 vlan-name
configure lldp port all advertise vendor-specific med capabilities
configure lldp port 1-22 advertise vendor-specific med power-via-mdi
# LLDP-MED
configure lldp port 1-22 advertise vendor-specific med capabilities
configure lldp port 1-22 advertise vendor-specific dot1 vlan-name
configure lldp port 1-22 advertise vendor-specific med power-via-mdi
configure lldp port 1-22 advertise vendor-specific med policy application voice vlan VoiceVLAN dscp 46
configure lldp port 1-22 advertise vendor-specific dot1 port-protocol-vlan-id
enable lldp ports all
configure fabric attach ports 23-24 authentication key
azertyuiop
azertyuiop
configure fabric attach ports 23-24 authentication enable
configure vlan 3 add nsi 1200003
# netlogin
configure policy maptable response tunnel
configure policy vlanauthorization enable
enable policy
enable netlogin dot1x mac
configure netlogin authentication protocol-order dot1x mac web-based cep
enable netlogin ports 1-22 dot1x
enable netlogin ports 1-22 mac
configure netlogin add mac-list default
configure netlogin ports 1-22 allowed-users 3
configure netlogin ports 1-22 authentication mode optional
configure netlogin ports 1-22 restart
configure netlogin authentication service-unavailable add vlan InternetVLAN ports 1-22 untagged
enable netlogin authentication service-unavailable vlan ports 1-22
configure netlogin ports 1-22 authentication mode optional
disable netlogin ports 2,4,6,8,10,12,14,16,20,22 dot1x mac web-based
# DNS
configure dns-client add name-server 10.250.1.1 vr VR-Default
configure dns-client add name-server 10.250.1.2 vr VR-Default
configure dns-client default-domain zorg.local
# enable PoE
enable inline-power 1-22
enable inline-power
# nodealias
# on all ports except uplink
enable nodealias ports all
disable nodealias ports 23-24
# ntp
enable ntp vr VR-Default
enable ntp vlan RouterVLAN
configure ntp server add 10.250.200.2 vr VR-Default
configure ntp server add 10.250.190.1 vr VR-Default
# SNMP
configure snmpv3 add user snmp_you authentication sha SHA-SECRET aes AES-SECRET
configure snmpv3 add group snmpv3Write user snmp_you sec-model usm
configure snmpv3 add access snmpv3Write sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultadminView
disable snmp access snmp-v1v2c
enable snmp access snmpv3
enable snmp access
# IGMP snooping
configure igmp snooping filters per-vlan
# set admin's account password
configure account admin password
aaadmin
aaadmin
save configuration
y
And check this : https://extremeportal.force.com/ExtrArticleDetail?an=000081953&q=failsafe%20account
Regards,
Mig
06-07-2021 08:24 PM
This the guide you are looking for.