This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Dynamically enable / disable multicast port rate limiting, EXOS?

Dynamically enable / disable multicast port rate limiting, EXOS?

Anonymous
Not applicable

‎04-22-2022 11:21 AM

The scenario is that VLAN assignment is being achieved through dynamic VLAN assignment + fabric attach via ExtremeControl on EXOS, to a VOSS core.

All EXOS switches have the same template config, all ports are in a guest VLAN, and equally as part of that have multicast and broadcast limiting enabled. Equally all the ports have SLPP enabled, and STP using the ezspantree.py. This is belt and braces, or first and second line loop protection. Using ezspantree helps dynamically control the STP config as the VLAN dynamically changes.

The issue is that some of the VLANs are AV based, so the multicast limiting needs to be dynamically adjusted or removed.

So some options I was considering:

  • I know in policy you can configure rate limiting, so could policy be used instead to dynamically apply or not apply multicast / broadcast rate limiting instead of CLI based config?
  • I have seen somewhere some additional RADIUS attributes in ERS switches that can be sent to enable features like STP on the port. Seen it, but after a good look can not find it for reference (hopefully someone will know what I mean). Sure I have also read that some of these where coming to EXOS, so if they have, maybe there is one for multicast?
  • Could use universal port to trigger the config change on a VLAN change event, or something of that nature?

So putting it out there, see what the thoughts might be.

Many thanks in advance
0 Kudos
2 REPLIES 2

Anonymous
Not applicable

‎04-23-2022 08:52 AM

Hi Bill,

Thanks for posting back.

At this time I've created a UPM, it is my first attempt so not sure if it works or coded correctly. Will test hopefully next week and report back. Have found it difficult to find good documentation on figuring out how to write scripts like these, plenty of examples but no detailed explanation. So you are left figuring out what each statement means, what are other options and possibilities. Some questions I have as an example:

  • What are gate commands like AND, OR. See plenty of reference to AND && assuming OR is ||?
  • If statements, can you do if, elseif, elseif. Believe you can only do if, else, endif
  • See statements like (!$match($policy,AV-Policy1)), does the ! mean NOT?
  • Is (!$match($policy,AV-Policy1)) the same as ($policy == AV-Policy1)
  • What other $ commands are there, what do each mean, is there an example for each?
  • Can you do while loops?
  • What other operators can you use?
  • etc
So here is what I have created by trying to reverse engineer other scripts. There is some limited explanation in the ExtremeEXOS User Guide, but not the detail I have mention above.

In summary the event nl.ClientAuthenticated triggers the message below whenever a client authenticates, so I am just hooking into the variables to find matches on AV polices or Voice polices being applied and triggering the commands for multicast or LLDP.

Network Login %protocol% user %user% logged in MAC %mac% port %port% VLAN(s) \"%vlan%\" policy \"%policy%\", authentication %auth%

  • protocol - String
  • user - String
  • mac - MAC
  • port - Slot Port
  • vlan - VLAN
  • auth - String
  • policy - String
Not sure if I am doing it correctly, but made an assumption I can grab the values in the message above using EVENT.LOG_PARAM_x, where x is order of the list above starting at 0.

Again, not sure this is completely correct as seen some examples that just seem to reference using notation like {0}, {1} and so on?

Here is the script. It is basically doing two things:

  • It is looking for specific AV policy names, if there is a match on any, it will disable multicast limiting, otherwise it will enable it
  • It is looking for specific Voice policy, if there is a match, it will configure LLDP MED details

create log filter name clientAuthFilter
configure log filter clientAuthFilter add events nl.ClientAuthenticated
create log target upm clientAuthUPM
configure log target upm clientAuthUPM filter filter-name clientAuthFilter
enable log target upm clientAuthUPM

create upm profile clientAuthUPM

#********************************
# Last Updated: April 2022
# Version: 1.0
# Person: Martin Flammia
# Requirements: Policy / Netlogin
#********************************
# @MetaDataStart
# @ScriptDescription It is looking for specific AV policy names, if there is a match on any, it will disable multicast limiting, otherwise it will enable it
# @ScriptDescription It is looking for specific Voice policy, if there is a match, it will configure LLDP MED details
# @VariableFieldLabel "nl.authentication protocol string"
set var protocol $(EVENT.LOG_PARAM_0)
# @VariableFieldLabel "nl.authentication user string"
set var user $(EVENT.LOG_PARAM_1)
# @VariableFieldLabel "nl.authentication mac MAC"
set var mac $(EVENT.LOG_PARAM_2)
# @VariableFieldLabel "nl.authentication port slot/port"
set var port $(EVENT.LOG_PARAM_3)
# @VariableFieldLabel "nl.authentication vlan VLAN"
set var vlan $(EVENT.LOG_PARAM_4)
# @VariableFieldLabel "nl.authentication auth string"
set var string $(EVENT.LOG_PARAM_5)
# @VariableFieldLabel "nl.authentication policy string"
set var policy $(EVENT.LOG_PARAM_5)
# @MetaDataEnd
#
configure cli mode persistent

if (!$match($policy,AV-Policy1)) || (!$match($policy,AV-Policy2)) || (!$match($policy,AV-Policy2)) || (!$match($policy,AV-Policy2)) || (!$match($policy,AV-Policy2)) then
create log entry "AV Policy $policy is being applied so disabling multicast"
config port $port rate-limit flood multicast no-limit
else
create log entry "Policy $policy is being applied so enabling multicast"
config port $port rate-limit flood multicast 300
endif

if (!$match($policy,Voice-Policy)) then
create log entry "LLDP config for phone being added"
configure lldp port $port advertise vendor-specific med capabilities
configure lldp port $port advertise vendor-specific dot1 vlan-name vlan $vlan
configure lldp port $port advertise vendor-specific med policy application voice vlan $vlan dscp 46
configure lldp port $port advertise vendor-specific med power-via-mdi
endif

Be appreciative for any help related to more in-depth detail around the scripting, and any adjustments to the script if requried.

Many thanks,

Martin
0 Kudos

Bill_Handler
Contributor II

‎04-23-2022 08:40 AM

I’d delve deeper into Policy for this if all your switches are policy enabled .  Alternatively, I wonder if a workflow could also be created to adjust the multicast settings as you want, with the specific workflow being triggered when the VLAN is dynamically applied.
0 Kudos
GTM-P2G8KFN