Ethernet Routing Switch 4800, 5900, 8800 Virtual Services Platform 4000, 4900, 7000, 7200, 7400, 8000, 9000 5520 Series, 5420 Series Engineering > Shortest Path Bridging (802.
© 2021, Extreme Networks, Inc. All Rights Reserved. Notice While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Extreme Networks, Inc. assumes no liability for any errors. Extreme Networks, Inc. reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes.
PARTNER (AS APPLICABLE), THE TERMS OF USE FOR HOSTED SERVICES ARE AVAILABLE ON THE EXTREME NETWORKS WEBSITE, https://extremeportal.force.com OR SUCH SUCCESSOR SITE AS DESIGNATED BY EXTREME NETWORKS, AND ARE APPLICABLE TO ANYONE WHO ACCESSES OR USES THE HOSTED SERVICE. BY ACCESSING OR USING THE HOSTED SERVICE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE DOING SO (HEREINAFTER REFERRED TO INTERCHANGEABLY AS “YOU” AND “END USER”), AGREE TO THE TERMS OF USE.
Copyright Except where expressly stated otherwise, no use should be made of materials on this site, the Documentation, Software, Hosted Service, or hardware provided by Extreme Networks.
AT THE EXTREME NETWORKS CHANNEL PARTNER’S EXPENSE, DIRECTLY FROM THE APPLICABLE THIRD PARTY SUPPLIER. WITH RESPECT TO CODECS, IF THE EXTREME NETWORKS CHANNEL PARTNER IS HOSTING ANY PRODUCTS THAT USE OR EMBED THE G.729 CODEC, H.264 CODEC, OR H.265 CODEC, THE EXTREME NETWORKS CHANNEL PARTNER ACKNOWLEDGES AND AGREES THE EXTREME NETWORKS CHANNEL PARTNER IS RESPONSIBLE FOR ANY AND ALL RELATED FEES AND/OR ROYALTIES. THE G.729 CODEC IS LICENSED BY SIPRO LAB TELECOM INC. SEE WWW.SIPRO.COM/CONTACT.HTML. THE H.
permitted to use such Marks without prior written consent from Extreme Networks or such third party which may own the Mark. Nothing contained in this site, the Documentation, Hosted Service(s) and product(s) should be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written permission of Extreme Networks or the applicable third party. Extreme Networks is a registered trademark of Extreme Networks, Inc.
SDN Fx : Software Defined Networking with FA, FC, FE SMLT : Split MLT (Extreme Clustering) SPB : Shortest Path Bridging SPBM : Shortest Path Bridging MAC TLV : Type Length Value VID : VLAN identifier VLACP : Virtual LACP VLAN : Virtual LAN VPN : Virtual Private Network Revision Control No Date Version Revised By Remarks 1 12/21/2010 1.0 PRMGT Modifications to Software Baseline section 2 2/28/2011 1.1 PRMGT Remove reference to BEB to BCB.
support. 13 5/21/2015 3.2 John Vant Erve Changes to section 12.2. Updated section 5 and 6 in reference to VoSS 4.2. Added section 7. John Vant Erve 14 7/9/2015 3.3 Ludo Stevens Added ETREE, CFM table, and added ER5900 and VSP7200 switches Goeran Friedl 15 11/19/2015 October 2021 3.4 John Vant Erve Added FA and FE. ©2021 Extreme Networks, Inc.
Table of Contents Figures ........................................................................................................................................................ 14 Tables.......................................................................................................................................................... 15 1. 2. 3. 4. Overview .............................................................................................................................................
8.5 Activating SPB............................................................................................................................. 46 8.6 Migrating traffic to SPB ............................................................................................................... 48 8.7 Multicast ...................................................................................................................................... 49 8.8 Migrating a VLAN to an L2 VSN.............................
20.1.5 VSP 7000 – Fabric Interconnect Mesh............................................................................................... 98 20.1.6 SMLT – Normal IST ........................................................................................................................... 99 20.1.7 SMLT - Virtual IST (vIST) ................................................................................................................. 101 20.1.8 L2VSN Configuration ..................................
22.1.1 Configuration.................................................................................................................................... 229 22.1.2 Configuration using EDM – Using 8005 as an example ................................................................... 258 22.1.3 Verify Operations ............................................................................................................................. 266 22.2 SMLT Configuration .......................................
22.12 Multicast over IP Shortcuts ................................................................................................... 371 22.12.1 IP Shortcuts Multicast configuration ................................................................................................. 372 22.12.2 Enable IP Multicast at VLAN level .................................................................................................... 372 22.13 Verify Operations..................................................
Figures Figure 1: SPBM Service Type Encapsulations ........................................................................................... 20 Figure 2: SPB L2 VSN................................................................................................................................. 28 Figure 3: SPB L3 VSN................................................................................................................................. 29 Figure 4: Inter VSN Routing ................................
Tables Table 1: IEEE Standards culminating with SPBM....................................................................................... 18 Table 2: CFM Support ................................................................................................................................. 25 Table 3: UNI Type ....................................................................................................................................... 37 Table 4: SPB Features and Product Release Matrix .........
Conventions This section describes the text, image, and command conventions used in this document. Symbols Tip – Highlights a configuration or technical tip. Note – Highlights important information to the reader. Warning – Highlights important information about an action that may result in equipment damage, configuration or data loss. Text Bold text indicates emphasis.
1. Overview 1.1 Evolution of Ethernet Bridging The evolution of Ethernet technologies continues with the IEEE 802.1aq standard of Shortest Path Bridging. This next generation virtualization technology will revolutionize the design, deployment and operations of the Enterprise Campus core networks along with the Enterprise Data Centre. The benefits of the technology will be clearly evident in its ability to provide massive scalability while at the same time reducing the complexity of the network.
Standard Year Name Loop free Topology by: Service IDs Provisioning Virtualization of IEEE 802.1Q 1998 Virtual LANs Spanning Tree 4096 Edge and Core Layer 2 (VLAN Tagging) SMLT Provider Bridging Spanning Tree 4096x4096 Edge and Core Layer 2 (QinQ) SMLT Provider Backbone Bridging (MacInMac) Spanning Tree 16 Million Edge and Core Layer 2 Shortest Path Bridging LinkStateProtocol (IS-IS) 16 Million Only Service Access Points IEEE: Layer 2 IEEE 802.1ad IEEE 802.1ah IEEE 802.
1.2 SPB Benefits The benefits that SPB brings to the Enterprise network can be listed as follows. Backbone provisioning simplicity Provisioning an SPB core is as simple as enabling SPB and IS-IS globally on all the nodes and on the core facing links. The IS-IS protocol operates at layer 2, it does not need IP addresses configured on the links to form IS-IS adjacencies with neighboring switches (like OSPF does). Hence there is no need to configure any IP addresses on any of the core links.
MAC corresponding to the destination SPB node across the backbone where the service traffic will get de-capsulated. The encapsulation used is shown in Figure 1. As such, the nodes within the SPB backbone will have no knowledge of the addresses used within the service VSNs (C-MACs or IP addresses) transported across and only need to provide reachability to the B-MAC addresses within the backbone.
Multicast Multicast over SPB L2 VSNs, L3 VSNs, or IP Shortcuts is supported on the ERS 8800 beginning in the 7.2 release, on the VSP 4000 in the 3.1 release, the VSP 7200 in the 4.2.1 release, the VSP 9000 in the 3.4 release and the VSP 8000 in the 4.1 release. The ERS 4800 in release 5.9 and the ERS 5900 in release 7.0 support multicast over L2 VSNs only; please note multicast is constrained to within the VSN only.
2. SPB Terminology 2.1 SPB Shortest Path Bridging (SPB) is being standardized by the IEEE as the next evolution step. It provides shortest path forwarding using layer 2 to provide shortest path forwarding. SPB uses the IS-IS protocol operating at layer 2 allowing for large networks with fast convergence, equal cost paths, and easy provisioning without having to add complex addition protocols in the core to support virtualization of VLAN’s or VRF’s.
Source address learning is disabled Unknown mac discard is disabled Essentially the VLAN becomes a header indicating the SPBM network to use. Modification of the VLAN behavior is necessary to ensure proper control over the SPBM traffic. Although it is recommended to use BVIDs that are in the upper range, using a BVID less than 4000 may have to be used if tunneling SPB across an MPLS or IP network via a router GRE tunnel.
02:be:b0:00:00:02 40 00be.b000.0002 ERS-2 2/2 10 02:be:b0:00:00:02 41 00be.b000.0002 ERS-2 2/2 10 02:be:b0:00:00:30 40 00be.b000.0030 ERS-3 2/2 20 02:be:b1:00:03:04 40 00be.b000.0030 ERS-3 2/2 20 02:be:b0:00:00:30 41 00be.b000.0030 ERS-3 2/2 20 02:be:b0:00:00:40 40 00be.b000.0040 ERS-4 2/2 20 02:be:b0:00:00:40 41 00be.b000.0040 ERS-4 2/2 20 02:be:b1:00:03:04 41 00be.b000.
2.7 Backbone Edge Bridges (BEB) and Backbone Core Bridges (BCB) The BEB provides the boundary between the MACinMAC SPBM domain and virtualized service domain. At the BEBs, VLANs or VRFs are mapped into ISIDs based on the local service provisioning. As such, all nodes within the SPBM backbone will have no knowledge of the addresses within the virtualized services VSNs (C-MAC or IP addresses). Only the BEB nodes will contain a C-MAC table (or FDB), and if configured, a VRF IP forwarding table.
– – Hierarchal relationship exists between domains based on levels. Recommended values of levels are as follows Customers – Largest (e.g., 7) Providers – In between (e.g., 3) Operators – Smallest (e.g.
Starting in software release 7.1.1 for the ERS 8800, release 3.4 for the VSP 9000, release 3.0 for the VSP 4000, 5.7 for the ERS 4800, and 10.2 for the VSP 7000, CFM commands will now automatically create a MEP and a MIP at a specific level for every SPB B-VLAN provisioned on the switch. Hence, you no longer have to configure explicit MEPs and MIPs and associated VLANs with MEPs and MIPs. Previously configured MIPs and MEPs will still continue to work if you upgrade from either 7.0 or 7.1 to release 7.1.1.
3. SPB Support Topologies 3.1 SPB L2 VSN Figure 2: SPB L2 VSN A SPB L2 VSN topology is simply made up of a number of Backbone Edge Bridges (BEB) used to terminate Layer 2 VSNs. The control plane uses IS-IS for forwarding at a Layer 2 level. Only the BEB bridges are aware of any VSN and associated MAC addresses while the backbone bridges simply forward traffic at the Backbone MAC (B-MAC) level. The backbone switches will know how to reach every B-MACs using the shortest path determined by IS-IS.
3.2 SPB L3 VSN Figure 3: SPB L3 VSN A SPB L3 VSN topology is very similar to a SPB L2 VSN topology with the exception that a Backbone Service Instance Identifier (ISID) will be assigned at a Virtual Router (VRF) level instead of at a VLAN level. All VRFs in the network that share the same ISID will be able to participate in the same VSN.
3.3 Inter VSN Routing Figure 4: Inter VSN Routing Inter VSN allows routing between IP networks on Layer 2 VLANs with different ISIDs. As illustrated in the diagram above, routing between VLANs 10 and 20 occurs on one of the SPB core switches shown in the middle of the diagram. End users from the BEB switches as shown on the right and left of the diagram are able to forward traffic between the yellow and green VLANs (VLANs 10 & 20) via the VRF instance configured on the switch shown.
3.4 SPB IP Shortcuts Figure 5: SPB IP Shortcuts IP shortcuts allow routing between VLANs in the global routing table/network routing engine (GRT/NRE/VRF-0). No ISID configuration is used. IP is enabled on the B-VLAN IS-IS instance on the BEB switches. This provides normal IP forwarding between BEB sites over an IS-IS backbone.
4. UNI Types 4.
4.
4.
4.
4.
4.6 UNI Type – Example UNI Type Switched C-VLAN Transparent ETREE Port VLAN ISID 1 10 1000 1 12 2000 2 11 1000 2 12 3000 All 14 4000 All 15 1000 5 All 5000 10 All 5000 P PVLAN 6000 P – Promiscuous Ports will see all traffic on PVLAN I PVLAN 6000 I – Isolated ports will only see traffic from Promiscuous port on PVLAN Each endpoint is uniquely identified by (Port, VLAN). The same port can send traffic to different ISIDs from different VLANs.
5. Summary of SPB Features and Product Release Matrix Modular OS Capability Feature Matrix ERS 8800 VSP 9000 (7.2) (4.1) L2 VSN Y Y L2 VSN with Multicast (IGMP) Y VSP OS (VOSS) VSP 8000 VSP 7200 Stackable OS (BOSS) VSP 4000 VSP7000 ERS4800 ERS5900 (5.0) (10.4) (5.9) (7.
Modular OS Capability Feature Matrix ERS 8800 VSP 9000 (7.2) (4.1) Enterprise Fabric Connectivity Management (802.1ag) Y Y CFM, L2 Ping, Traceroute, and Tracetree Y BCB Mode (NNINNI) L2 Ping for Access VLAN (CVLAN) VSP OS (VOSS) VSP 8000 VSP 7200 Stackable OS (BOSS) VSP 4000 VSP7000 ERS4800 ERS5900 (5.0) (10.4) (5.9) (7.
6. SPB Feature and License Matrix Modular OS Capability Feature Matrix VSP OS (VOSS) Stackable OS (BOSS) ERS 8800 (7.2) VSP 9000 (4.1) VSP 8000 VSP 7200 (5.0) VSP 4000 (5.0 VSP7000 (10.4) ERS4800 (5.9) ERS5900 (7.0) L2 VSN Premier Base Base Base Base Base Base L3 VSN Premier Premier Premier Premier N/A N/A N/A IPv4 Shortcuts Premier Base Base Base N/A N/A N/A Multicast L2 VSN Premier Premier Base Base Base Base (5.
7. Scaling Modular OS SPB Capabilities ERS 8000 VSP 9000 (7.2) (4.1) Chassis VSP OS (VOSS) Stackable OS (BOSS) VSP8000 VSP7200 VSP4000 VSP7000 ERS4800 ERS5900 (5.0) (5.0) (5.0) (10.4) (5.9) (7.
On VSP 4000, 7200 and 8000 the following table should be used to determine the number of ISIDs supported per BEB. I-SIDs are used for Layer 2 VSN, Layer 3 VSN, Transparent-UNI, E-Tree, and Multicast. Number of ISIS interfaces (NNIs) VSP 4000 (5.0) VSP 7200 (5.0) VSP 8000 (5.
8. Migration & Upgrades This section describes the procedures and restrictions that apply when upgrading the software load from a prior ERS/VSP software release not supporting SPB. Also described are the procedures to follow when services are being migrated to a configuration that exercises the SPB features. These should be interpreted as additional and NOT as a replacement for procedures and restrictions that may be imposed by prior releases. 8.
8.4 VSP 7000 The core of the Extreme VSP 7000 is a fifth generation Layer 3 Switching ASIC rated at 1,280Gbps. This provides the Extreme VSP 7000 with incredible capacity to support wire speed I/O and Extreme FI (Fabric Interconnect) Stacking concurrently. The VSP 7000 delivers a new take on the traditional Top-of-Rack Switch requirement.
Desired Deployment Model Needed Rear-port Mode SMLT (IST) Needed SPB enabled Virtual Servers (e.g. ESX) NIC teaming Server NIC teaming (LACP) Minimum Required Software vToR FI Stacking Disabled (= Stacking enabled) No Can be Yes – Vport hashing on nonSLT ports Yes – On DMLT ports (with or without LACP) 10.1.0 (10.3.
8.5 Activating SPB Once the network is upgraded the following minimum steps must be followed before any services can be provisioned. SPB leverages the usage of default parameters and link metrics, system-id values etc., to minimize the number of configurations steps. Customers that desire to use non default parameters should do so in accordance with the configuration and engineering guidelines.
o Please note that only one adjacency is supported between a pair of SPB bridges (one physical port or one MLT instance) Enable IS-IS globally. Configure IEEE 802.1ag (a.k.a CFM) in order to enable network connectivity troubleshooting tools. Verify basic SPB connectivity by checking the SBPM unicast-fib and the FDB entries for the BVLANs. Verify basic SPB unicast connectivity using the l2ping and l2traceroute commands between all the switches in the network for both the B-VLANs.
8.6 Migrating traffic to SPB Pre migration checks for configuration migration to SPB should include an audit to determine if the desired configuration and traffic is something that is supported by SPB. The following kinds of traffic are supported by SPB. Layer-2 bridged traffic. IPv4 unicast routed traffic on the Global Router. IPv4 unicast routed traffic using a VRF. IPv4 Unicast routed traffic using an IPVPN (ERS 8800 only). IPv4 multicast routed traffic. ERS8000 software release 7.
8.7 Multicast Multicast over SPB for L2 VSN, IP Shortcuts, and L3 VSN is supported in the 7.2 release for the ERS 8800, 3.1 for the VSP 4000, 4.1 for the VSP8000, 4.2.1 for the VSP 7200, and the 3.4 release for the VSP 9000. Multicast over SPB for L2 VSN is supported in release 5.9 for the ERS4800 and release 7.0 for the ERS 5900. If the VSP 9000 is used in the network, ensure that it is operating at release 3.3.x or higher.
o Simply provision by enabling SPB multicast globally, enable MVPN on the VRF, and enable IP SPB Multicast on some or all of the VLANs within the L3VSN o It is not a requirement to enable IP Shortcuts in order to support IP Multicast in the L3VSN o IPVPN creation and ISID assignment for the IPVPN is required – but the IPVPN does not need to be enabled o Any device in the L3VSN can start a multicast stream o Note that you can still use any of the various IGMP features on the VRF VLAN such as all
8.8 Migrating a VLAN to an L2 VSN The following procedure can be used to provide L2 connectivity for a VLAN across the SPB core. Follow the pre-migration procedures checks described in the section “Common Procedures and Exclusions on Migration” Identify the UNI and NNI ports that are currently port members of the VLAN on all the switches in the network. On all the switches in the network which are currently connected by the VLAN – remove the NNI ports from the membership list of the VLAN.
o On all the switches where the VLAN is configured – map the VLAN to an ISID. This will restore L2 connectivity (the l2tracetree command can be used to validate L2 connectivity within the VLAN at this point). L3 will be restored once the routing protocols configured on top of the VLAN converge. o Once all the VLANs identified for migration have been assigned an ISID – the configuration part of the migration is completed. At this point all the traffic flows should be back to normal. 8.
9. Field Introduction & Support Specifications 9.1 Hardware and Deployment Specifications Product Specifications Line Cards – R, RS, and 88xx modules 8692SF with Supermezz or 8895SF Only the 10G & 40G capable modules support SPB NNI Interfaces; any of the other line card modules can be used as UNI ports.
9.2 Installation and Commissioning Specifications Please check the section on upgrades and migration for information on impact on existing features when SPB features are enabled. 9.3 Interoperability and Backwards / Forward Compatibility Specifications For the ERS 8800 only, new SPBM 802.1aq TLVs have been defined by IANA after the 7.1.0.0 release. Release 7.1.0.x and 7.1.1.x both used pre-standard (draft) TLVs. In release 7.1.3.0, both the pre-standard (draft) and new 802.1aq standard TLVs are supported.
10. VSP 7000 – Fabric Interconnect The VSP 7000 by default operates in Fabric Interconnect stacking mode. The VSP 7000 can be provisioned in rear-port mode where the rear Fabric Interconnect ports will be treated as multiple virtual ports over the 4 physical Fabric Interconnect Ports. When in rear-port mode, the VSP 7000 operates in a standalone mode. Two modes of operation are available in rear-port mode, standard or Shortest Path Bridging (SPB).
connection their throughput is shown in the table above for both transmit & receive (Full Duplex). In rear-port SPB operational state, virtual port 40 is not available. Hence, the red port is reduced to 160Gbps. In rear port mode, the front panel Up and Down LEDs blink in a quick pattern (125ms) to indicate rear-port mode is operational. In the 10.2 release, SPBM is officially only supported in rear port SPB mode. In the 10.2.
11. ISIS Metrics - Optional You can configure the link metric to overwrite the default metric value. By configuring the metric, you can specify a preferred path. Low cost reflects high-speed media, and high cost reflects slower media. For the wide metric, the value ranges from 1 to 16,777,215.
12. ISIS Accept Policy Beginning in software release 4.1 for the VSP 4000/8000, 4.2.1 for the VSP 7200, and release 4.0 for the VSP 9000, IS-IS accept policies for IPv4 is introduced. Prior to this release, the ISIS IPv4 routes received over the SPB cloud are installed directly into the routing table. There is no ability to filter those routes and apply incoming route policies to them. Hence, networks that are being migrated from other routing protocols to ISIS/SPB are vulnerable to routing loops.
13. ISIS External Metric Beginning in the software release 5.0 for the VSP 4000/7200/8000, ISIS external metrics is introduced. By default, internal metric is always preferred over external metrics. Hence, when advertising external networks, it is recommended to advertise these routes as external similar to what OSPF does with external type1 and type 2.
14. SPB over L2/L3 networks 14.
either layer 2 or layer 3 networks. Hub and spoke plus mesh topologies are supported. Fabric extend is supported natively as of release 5.0 for the VSP 8000 and VSP 7200 and with the ONA for the VSP 4000.
14.2 Fabric Extend Solutions Fabric Extend enables Enterprises to extend Extreme Fabric Connect technology over Layer 2 or Layer 3 core networks. With the introduction of logical IS-IS interfaces, new WAN solution deployment options will be available that allow SPB Fabric to run over IP MPLS VPNs, or to aggregate VLAN tunnels (PseudowireMPLS or PBB E-Lines) to be leveraged as wide area hub-and-spoke connectivity/topology models.
MTU Configuration The VSP 8000 and VSP 7200 default MTU size is 1950 and cannot be changed. When using the VSP 4000 with the ONA, an MTU size from 750 to 1950 is supported with a default setting of 1950. For the VSP 4000 to work with a VSP 8000 or VSP 7200, the MTU size must be left at the default setting of 1950. If the core network does not support jumbo frames, the VSP 4000 with ONA must be used on all sites.
Fabric Extend (FE) considerations vIST session over Fabric Extend logical interface is not supported in software release 5.0 release. However Logical interface tunnels can be terminated/originated to other BEBs from vIST peers. FE ISIS logical interface over IP and ISIS logical interface over VLANs will not be supported on the same node simultaneously. Egress shaping over Logical interface is not supported in this release.
SPB Fabric over MPLS Pseudo-wire/E-Line Provider Network Hub-and-Spoke over provider point to point VLAN Tunnels October 2021 ©2021 Extreme Networks, Inc.
SPB Fabric over MPLS VPLS/ELAN/VLAN Provider Network Hub-and-Spoke IP Tunnels over L2 segment Please note the VSP 8000 and VSP 7200 only supports a single next hop IP address. If the core network is a flat layer 2 network from the main site to multiple spoke sites, a VSP 4000 with ONA can be used instead of the VSP 8000 as it does not have this restriction.
SPB Fabric over MPLS IP-VPN Wide Area Provider Network (WAN) Hub-and-Spoke over IP VPN October 2021 ©2021 Extreme Networks, Inc.
SPB Fabric over IP-Campus Network IP Tunnel Mesh between Fabric nodes October 2021 ©2021 Extreme Networks, Inc.
Multi-Hub Site Topology Hub-and-Spoke over IP VPN October 2021 ©2021 Extreme Networks, Inc.
Extreme Fabric Orchestrator - EFO Fabric Extend – Tunnel Creation Full Mesh October 2021 ©2021 Extreme Networks, Inc.
Extreme Fabric Orchestrator - EFO Fabric Extend – Tunnel Creation Hub and Spoke October 2021 ©2021 Extreme Networks, Inc.
15. Fabric Attach 15.1 Fabric Attach Solution Overview Fabric Attach (FA) is a feature that provides the service provisioning benefits of Fabric Connect to networking stub attached devices that do not support SPBM and where it makes little sense to IS-IS computing shortest paths. These devices can include WLAN Access Points, wiring closet access switches, servers, virtual machines, IP cameras, and Internet of Things (IoT).
October 2021 ©2021 Extreme Networks, Inc.
Fabric Attach element model FA Server When a switch is enabled as an FA Server, it receives IEEE 802.1AB Logical Link Discovery Protocol (LLDP) messages from FA Proxy switches and/or FA Client devices requesting the creation of Switched UNI service identifiers (I-SIDs). An FA Server can receive requests and consequently attach to multiple FA Proxy switches and/or FA Client devices. The I-SIDs thus created is required to join a Shortest Path Bridging (SPB) network.
Please note if the FA Client is a WLAN 9100 AP, presently it is not ISID aware. It will always generate VLAN bindings with a null ISID. Hence, it can only be deployed in conjunction with FA Client NEAP(MHSA) authentication on the FA Proxy via IDE where the FA Proxy is required to relay the VLAN and ISID values, it obtained from Radius attributes, to the FA Server.
Fabric Attach Discovery and Signaling TLV Type [127] TLV Length [50 octets] Extreme OUI [0004-0D] Subtype [11] HMACSHA Digest Element Type State Mgmt VLAN Rsvd System ID 7 bits 9 bits 3 octets 1 octet 32 octets 6 bits 6 bits 12 bits 1 octet 10 octets IEEE 802.1AB Logical Link Discovery Protocol (LLDP) is exchanged between Fabric Attach Client, Proxy, and Server components as part of an FA solution. The FA Client or Proxy will send LLDP PDUs to the FA Server switch, i.e.
Please note, in regards to the FA Proxy, FA Auto Attach does not at this time automate the following items: Disabling of Spanning Tree on the uplink ports to the FA Server MLT configuration of the uplink, i.e. if connected to an SMLT cluster of FA Servers VLACP configuration on the FA uplink ports if configured on the FA Server Removal of the default VLAN 1 from the FA uplink October 2021 ©2021 Extreme Networks, Inc.
16. SPB SMLT BEB Design Best Practices 16.
16.2SMLT BEB – Virtual Inter-Switch Trunk (vIST) A traditional IST uses direct physical links configured as an MLT between a pair of cluster switches. Unlike a traditional IST, a vIST instead uses a virtual IST channel between a pair of cluster switches. This IST virtual channel is supported across the SPBM cloud and is not dependent on local physical ports. Hence, this eliminates the single point of failure with a dedicated MLT.
16.
16.4SMLT BEB – RSMLT Both RSMLT and RSMLT Edge is supported providing the SMLT cluster is either a VSP 9000 or ERS 8800 SMLT cluster or a VSP 4000/7200/8000 vIST SMLT cluster For RSMLT, if the OSPF network has multiple entry points via multiple SPB nodes, OSPF route policies must be configured on the SPB BEB switches to deny OSPF routes from each remote BEB entry point to prevent routing loops. October 2021 ©2021 Extreme Networks, Inc.
16.
16.6SMLT BEB – VSP 7000 Guidelines For the VSP 7000, it is important to not enable the filter-untagged-frame option on the IST port members. Prior to releases to 10.4.0, the default PVID of all IST ports must be the primary B-VLAN ID. This will happen automatically providing SPB is enabled first prior to enabling the IST. You can check the default PVID by entering the ACLI command show vlan interface info .
17. SPB NNI SMLT – migrating existing SMLT network to SPB When migrating from a legacy SMLT network to SPBM, under certain circumstances, you may have to change the MLT configuration as only one adjacency (port or MLT) is allowed between a pair of SPB switches. Please see the drawings shown below illustrating the various options. Please note this section does not apply to the ERS 4800 or ERS 5900 as SMLT is not supported on these products.
In reference to switch C, IS-IS cannot be enabled on the MLT bundle. If you wish to keep the MLT bundle, from switch C’s perspective, enable IS-IS on the physical port to switch A and one of the physical ports to switch B. This applies when migrating from SMLT to SPB. If green field, then one should configure what is shown in figure 2.
IS-IS is enabled on the link between nodes A and C. Between B and D, you cannot configure SPB on the MLT if it assigned with an SMLT ID. Once the SMLT ID is removed, then SPB can be enabled on the MLT. Figure 14: NNI – SMLT Square Figure 15: NNI – Full Mesh A Figure 16: NNI – Full Mesh B This diagram illustrates a common SMLT Full Mesh topology. Each switch has a local SMLT MLT defined with two Ethernet port members.
IS-IS should only be configured on one of the links between nodes B and D. Please note that the switches can only be ERS 8800 or VSP 9000. Figure 18: NNI – SMLT Full Mesh B October 2021 ©2021 Extreme Networks, Inc.
18.
19. SPB Best Practices The following are best practices when setting up SPB. IS-IS Recommended to leave the IS-IS SYS-ID (B-MAC) with its default value to ensure no duplication in the network o If you do change manually the SYS-ID, please take the necessary steps to ensure there is no duplication in the network In release 5.0 for the VSP 4000/7200/8000, duplicate SYS-ID detection is supported Create two B-VLANs to allow load distribution over both B-VLANs.
A L3 VSN VLAN can also be a L2 VSN VLAN o For example, an ISID can be assigned to a VRF for L3 VSN.
20. SPB Configuration On the ERS 4800, ERS 8800, and VSP 7000, it is recommended to change the Spanning Tree mode to MSTP. By default, the VSP 4000, VSP 7200, VSP 8000, VSP 9000, and ERS 5900 support MSTP. This helps when using tools such as VLAN Manager in COM where the VLAN provisioned is broken down by Spanning Tree instance.
20.1 SPB Configuration 20.1.1 ERS 8800 – Converting from CLI to ACLI As the ERS 8000 supports CLI and ACLI, it is highly recommended to use ACLI as all other switches from Extreme only support ACLI. If you are presently using CLI, you can convert to ACLI using the following configuration. ERS8800-1:5# copy /flash/config.cfg /flash/backup.cfg ERS8800-1:5# save config file /flash/config_acli.cfg backup /flash/config.
spbm 1 nick-name spbm 1 b-vid primary manual-area
values it is very critical to ensure that each SPB enabled switch in the network uses a unique ISIS System-Id value. If you do decide to change the System ID, it is recommended to set the locally administered bit. The second least significant bit of the most significant byte of the MAC address should be set to 1 to indicate the MAC address as locally administered. For more details, please go to http://en.wikipedia.org/wiki/MAC_address.
20.1.
On the ERS 4800 and VSP 7000, for all MLT’s, ISIS is enabled at the port level, i.e. on each port that is a member of the MLT. Verify Operations: show isis interface show isis adjacencies show isis lsdb tlv 22 detail show isis int-l1-cntl-pkts October 2021 ©2021 Extreme Networks, Inc.
20.1.4 CFM Configuration CFM configuration configure terminal cfm spbm mepid 4001 cfm spbm enable configure terminal cfm spbm mepid 901 cfm spbm enable config terminal cfm spbm mepid <1-8191> cfm spbm enable By default, the CFM a Maintenance Domain name of spbm is used while two Maintenance Associations are created using the two B-VLAN IDs.
20.1.5 VSP 7000 – Fabric Interconnect Mesh 20.1.5.1 Rear Port Mode In the 10.2 release, the VSP 7000 can be configured in Fabric Interconnect Mesh (FI) mode by setting the rear-port mode to SPB. This allows the VSP 7000 to run SPB via the rear ports using stacking cables to connect to other VSP 7000s. In the 10.2.1 release, SMLT is supported allowing for either SPB or SMLT to operate via the rear port. In the 10.3 release, both SPB and SMLT are supported via the rear ports.
20.1.6 SMLT – Normal IST Enabling IST config terminal vlan create 2 type port-mstprstp 0 interface vlan 2 ip address 10.1.2.1 255.255.255.252 exit mlt 1 enable name IST mlt 1 member 3/1,4/1 mlt 1 vlan 2 interface mlt 1 ist peer-ip 10.1.2.2 vlan 2 ist enable exit router isis spbm 1 smlt-peer-system-id 0001.8128.87df exit config terminal vlan create 2 type port-mstprstp 0 interface vlan 2 ip address 10.1.2.2 255.255.255.
spbm 1 smlt-virtual-bmac spbm 1 smlt-peer-system-id exit Verify Operations: show mlt show ist mlt show isis spbm October 2021 ©2021 Extreme Networks, Inc.
20.1.7 SMLT - Virtual IST (vIST) The following shows how to provision the virtual IST. This feature will allow a SMLT cluster to have an IST between two cluster switches that does not require a physical connection between the cluster switches, i.e. an MLT with two or more ports. In practice it usually makes sense to use a direct connection between the vIST peers where this connection is now a regular NNI link and need not be a MLT. Enabling vIST config terminal router isis spbm 1 smlt-peer-system-id e45d.
Verify Operations: show virtual-ist show isis spbm Only C-VLANs (VLAN to which an ISID is assigned) can be assigned to SMLT ports with vIST. For each C-VLAN added, an ISID must be assigned to both SMLT cluster switches to allow learning between the two cluster switches including IP Shortcuts and L3VSN CVLANs. BEB-1 BEB-2 IP Shortcuts Example – CVLAN Configuration vlan create 1000 type port-mstprstp 0 vlan i-sid 1000 4001000 vlan mlt 1000 1 interface vlan 1000 ip address 192.168.100.1 255.255.255.
20.1.
20.1.
20.1.10Flex UNI Switched Configuration Assuming we wish to forward tagged VLANs 10 and 11 plus untagged traffic between nodes 4002 and a vIST SMTL cluster made up of 8201 and 8202.
20.1.11Transparent UNI Configuration Transparent UNI configure terminal i-sid 10088 elan-transparent port 1/15 configure terminal vlan member remove 1 1/15 i-sid 10088 port 1/15 Adding Ports to Transparent UNI ISID removes it from all VLANS. Do you wish to continue (y/n) ? y exit Please note that 7001 is a VSP7000 switch while 4001 is a VSP4000 switch. VSP 7000: config terminal i-sid port VSP 4000, VSP 7200, and VSP 8000: i-sid
Transparent UNI - SMLT configure terminal mlt 6 mlt 6 member 1/18 interface mlt 6 smlt exit i-sid 100888 elan-transparent mlt 6 Adding MLT to Transparent UNI ISID removes it from all VLANS. Do you wish to continue (y/n)? y exit configure terminal vlan member remove 1 1/28 i-sid 100888 port 1/28 Please note that 7001 is a VSP7000 switch while 4001 and 4002 are VSP4000 switches using vIST. VSP 7000: config terminal i-sid
20.1.12 Private VLAN (ETREE) Configuration The Etree feature allows private VLANs to traverse the SPBM network for Layer 2 services. Global Private VLAN Configuration vlan 200 private-vlan primary private-vlan association 201 exit vlan 201 private-vlan isolated exit configure terminal vlan create 200 type pvlan-mstprstp 0 secondary 201 vlan i-sid 200 2000 VSP 4000, VSP 7200 & VSP 8000: vlan create type pvlan-mstprstp 0 secondary vlan i-sid
VMWare ESX Private VLAN Configuration ESX PVLAN Config: Create new vSphere Distributed Switch...
Private VLAN Trunk Configuration mlt mlt mlt mlt mlt interface gigabitEthernet switchport switchport trunk encapsulation dot1q switchport mode trunk exit 1 1 1 1 1 enable name ESX-Trunk members 1/1-1/5 encapsulation dot1q private-vlan trunk vlan 200 interface gigabitEthernet 1/47,1/48 private-vlan trunk exit vlan members add 200 1/47,1/48 VSP 4000, VSP 7200 & VSP 8000: Interface interface gigabitEthernet private-vlan trunk exit vlan members add MLT mlt mlt mlt m
Promiscuous Interface Configuration mlt mlt mlt mlt mlt interface gigabitEthernet switchport switchport private-vlan mapping 200 201 switchport mode private-vlan promiscuous exit interface gigabitEthernet 1/4 private-vlan promiscuous exit vlan member add 200 1/4 VSP 4000, VSP 7200 & VSP8000: Interface 1 1 1 1 1 enable name ESX-Trunk members 1/1-1/5 encapsulation dot1q private-vlan promiscuous vlan 200 mlt 2 enable name "LAG2-UnPr“ interface mlt 2 lacp enable key 1 exit interface gigabitEthernet
lacp enable exit VMWare ESX Promiscuous VM Configuration ESX Promiscuous VM Config: Assign Primary Port Group to VM October 2021 ©2021 Extreme Networks, Inc.
Isolated Interface Configuration interface gigabitEthernet 1/6 private-vlan isolated exit vlan members add 200 1/6 interface gigabitEthernet switchport switchport private-vlan host-association 200 201 switchport mode private-vlan host exit VSP 4000, VSP 7200 & VSP 8000: mlt mlt mlt mlt mlt mlt mlt mlt mlt 1 1 1 1 2 2 2 2 2 enable name "MLT1-UnIs" member 1/4-1/5 private-vlan isolated vlan 200 enable name "MLT2-TgIs" member 1/6-1/7 encapsulation dot1q private-vlan isolated vlan 200 Interface inte
VMWare ESX Isolated VM Configuration ESX Promiscuous VM Config: Assign Secondary Port Group to VM October 2021 ©2021 Extreme Networks, Inc.
20.1.13 L3VSN Configuration L3 VSN with direct interface redistribution configure terminal interface loopback 1 ip address 1 10.1.90.1/255.255.255.255 exit router isis ip-source-address 10.1.90.1 spbm 1 ip enable exit ip vrf blue interface gigabitethernet 3/29 no shutdown encapsulation dot1q exit vlan create 2255 type port-mstprstp 0 vlan member 2255 3/29 interface vlan 2255 vrf blue ip address 10.198.55.1 255.255.255.
vlan members interface vlan vrf ip address exit router vrf ipvpn ISID ipvpn enable isis redistribute direct isis redistribute direct enable exit isis apply redistribute direct vrf Although you can use any number from 1 to 16,777,215 as an ISID value, it is recommended not to use a value from 16,000,001 to 16,777,215. This range is used for Multicast over SPB.
20.1.14 L3VSN – leaking routes between VRF’s L3 VSN with two separate VRF’s (red and blue) with one common shared VRF (shared). Allows routing from the red or blue VRF to the shared VRF and vise-versa, but, no routing between the red and blue VRF’s. For all VRFs (red, blue, and shared), please see configuration step in the previous example titled L3VSN Configuration. .
20.1.15 IP Shortcuts IP Shortcuts with direct interface redistribution configure terminal interface loopback 1 ip address 1 10.1.90.1/255.255.255.255 exit router isis ip-source-address 10.1.90.1 spbm 1 ip enable exit interface gigabitethernet 3/29 no shutdown encapsulation dot1q exit vlan create 55 type port-mstprstp 0 vlan member 55 3/29 interface vlan 55 ip address 10.198.55.1 255.255.255.
Although the above example only shows direct interface redistribution into ISIS, other protocols such as BGP, OSPF, RIP, and Static can also be redistributed. Verify Operations: show isis spbm (verify SPB IP is enabled globally) show ip interface show ip route show isis spbm ip-unicast-fib ping l2 ping l2 traceroute ip-address show isis lsdb tlv 135 detail show isis lsdb sysid tlv 135 detail 20.1.
20.1.17IP Shortcuts – leaking routes between GRT and VRF IP Shortcuts and L3 VSN (VRF blue) where we wish to share the IP Shortcuts 192.168.55.0/24 subnet to the blue VRF. configure terminal router vrf blue ip prefix-list "shared" 192.168.55.
20.1.18IP Shortcuts – redistribution of ISIS and OSPF This section goes over several methods on how to redistribute ISIS into OSPF and vise-versa. ERS 8000 – redistribution of ISIS into OSPF and vise-versa configure terminal no ip alternative-route ip route preference protocol spbm-level1 130 route-map "reject" 1 no permit enable exit router ospf as-boundary-router enable accept adv-rtr 10.1.1.2 enable route-policy "reject" redistribute isis redistribute isis enable exit ip ospf apply accept adv-rtr 10.1.
VSP 9000 or 4000/7200/8000 prior to release 5.0 – redistribution of ISIS into OSPF and viseversa configure terminal no ip alternative-route route-map "reject" 1 no permit enable exit router ospf as-boundary-router enable redistribute isis redistribute isis enable exit router isis accept adv-rtr 0.90.02 accept adv-rtr 0.90.02 route-map "reject" accept adv-rtr 0.90.
VSP 4000/7200/8000 release 5.0 or higher – redistribution of ISIS into OSPF and viseversa using External Metrics configure terminal no ip alternative-route route-map "reject" 1 no permit match metric-type-isis external enable exit router ospf as-boundary-router enable redistribute isis redistribute isis enable exit router isis accept adv-rtr 0.90.02 accept adv-rtr 0.90.02 route-map "reject" accept adv-rtr 0.90.
For route to go into ECMP, both the internal and external metric must be the same o External type routes Will only consider the external route metric (prefix-cost) For route to go into ECMP, only the external metric must be the same External metrics is supported as of release 5.
VSP 4000/7200/8000 – Change metric on BEB-1 to a higher value (worst metric) to use BEB-2 as default switch for all OSPF external routes configure terminal no ip alternative-route route-map "reject" 1 no permit enable exit router ospf as-boundary-router enable redistribute isis redistribute isis metric 200 redistribute isis enable exit router isis accept adv-rtr 0.90.02 accept adv-rtr 0.90.02 route-map "reject" accept adv-rtr 0.90.
20.1.
Although you can use any number from 1 to 16,777,215 as an ISID value, it is recommended not to use a value from 16,000,001 to 16,777,215. This range is used for Multicast over SPB. The VRF portion of the configuration can be added on any SPB switch in the network. For redundancy, the VRF portion of the configuration should be added on another SPB switch with VRRP Backup Master enabled.
20.1.20 IPv6 Shortcuts IPv6 Shortcuts with direct interface redistribution configure terminal interface loopback 1 ip address 1 10.4.4.1.1/255.255.255.255 ipv6 interface address fd40::4:4:1/128 exit router isis ip-source-address 10.1.90.
spbm 1 ipv6 enable exit ipv6 forwarding router isis redistribute direct redistribute direct enable exit isis apply redistribute direct Although the above example only show direct interface redistribution into ISIS, other protocols such as OSPFv3 and Static can also be enabled.
20.1.21 SPB Multicast Configuration 20.1.21.
20.1.21.
show isis spbm ip-multicast-route group source show isis lsdb tlv 186 detail show isis lsdb sysid tlv 186 detail The following commands can be performed on the sending BEB node: show ip igmp sender l2 tracemroute source group The following commands can be performed on receiving BEB nodes: show ip igmp cache show ip igmp group October 2021 ©2021 Extreme Networks, Inc.
20.1.22 Multicast 239.255.255/24 – UPnP Filtering Please be aware that if protocols such as Microsoft Universal Play and Play (UPnP) are enabled, multicast addresses in the 239.255.255/24 may be seen by SPB bridges depending if protocols such as UPnP is enabled on a Microsoft host. If you wish to deny the 239.255.255/24 address space, either an IGMP access list can be created at a VLAN level or an ACL can be created at a port level. IGMP Access List – Assuming the local VLAN is using an IP subnet of 10.14.
ACL – ERS 8000 filter filter filter filter filter filter filter filter filter filter filter filter act 1 act 1 ip dstIp act 1 ethernet etherType apply act 1 acl 1 type inPort act 1 acl port 1 acl set 1 default-action permit acl ace 1 1 acl ace action 1 1 deny acl ace ethernet 1 1 ether-type eq 0x800 acl ace ip 1 1 dst-ip eq 239.255.255.0-239.255.255.255 acl ace 1 1 enable October 2021 ©2021 Extreme Networks, Inc.
20.1.23 Connectivity Fault Management (CFM) Configuration 20.1.23.1 Manual CFM Configuration: Software releases 7.0 and 7.1 for the ERS 8800 and 3.3 for the VSP 9000 A Maintenance Domain (MD) up to 22 characters must be defined. To simplify the configuration when migrating to a future software release that support the simplified configuration for CFM, it is recommended to use a MD name of spbm.
Verify results using default values ERS-8800:5# show cfm md info ================================================================================ Maintenance Domain ================================================================================ Domain Name Domain Index Level Domain Type cmac spbm 1 2 4 4 NODAL NODAL Total number of Maintenance Domain entries: 2.
20.1.24CFM Configuration Example – 7.1.1.x or higher This ensures that we get full OAM functionalities across: o SPB -> Backbone VLAN-ids (BVIDs) i.e. Infrastructure o CMAC -> Customer VLANs (CVLANs) i.e. Services If a node is acting as a BCB (i.e. it has no CVLANs) no point enabling CFM CMAC on it Use a higher level (6) on CMAC CFM Leave default level (4) on SPBM CFM October 2021 ©2021 Extreme Networks, Inc.
20.1.25Fabric Extend Configuration Fabric Extend Configuration in VRF config terminal router isis ip-tunnel-source-address vrf ##see note below exit logical-intf isis <1-255> dest-ip name isis isis spbm <1-100> isis spbm 1 l1-metric <1-16777215; optional if you wish to set the metric> isis enable exit Please note that the IP Tunnel Source Address must either be a brouter or a loopback address.
20.1.26 ONA: Assigning a Static IP address to the Open Network Adapter Assuming if we wish to add a static IP address to the ONA, please perform the following steps to factory default the ONA: Place PC to device side Power down the ONA – remove PoE on network side or remove DC adapter Hold down the mode switch located on the device side of the ONA, i.e.
Point browser to 192.168.100.1 and click on Edit Parameters o Set Operational Mode = 1 and at minimum, set the IP address, IP Mask, and Default Gateway If using DHCP, only set the Operation Mode to 1 o Click on Save when done and then click on Return to Main Configuration Page when the Extreme Open Network Adapter page is displayed o Either power off/on the ONA or click the Reboot into Operational Mode via the Main Configuration Page October 2021 ©2021 Extreme Networks, Inc.
October 2021 ©2021 Extreme Networks, Inc.
20.1.27 Fabric Extend over Routed Infrastructure using VRF to interconnect to routed network Please begin by enable IP Shortcuts on all switches – see section above titled IP Shortcuts. On the VSP 4000 switches (4001 and 4002), we will create loopback 10 to be used for both the OSPF router-id and for the tunnel source IP address. On the VSP 8000 switch (8201), we will simple just use a brouter interface and use this IP address as the tunnel source.
Verify Core Operations Before beginning the Fabric Extend configuration, please ensure that nodes 8201, 4001, and 4002 are learning all the various remote networks via OSPF. 8201:1#show ip route -s 10.8.0.0/16 vrf fab_ext ====================================================================================== IP Route - VRF fab_ext ====================================================================================== NH INTER DST MASK NEXT VRF/ISID COST FACE PROT AGE TYPE PRF 10.8.1.8 | 10.8.3.8 10.8.3.
Fabric Extend Configuration including ONA configuration for VSP 4000 router isis ip-tunnel-source-address 10.8.15.2 vrf fab_ext exit logical-intf isis 1 dest-ip 10.4.4.41 name "tunnel_to_4001" isis isis spbm 1 isis spbm 1 l1-metric 10000 isis enable exit logical-intf isis 2 dest-ip 10.4.4.42 name "tunnel_to_4002" isis isis spbm 1 isis spbm 1 l1-metric 10000 isis enable exit vlan create 1050 name "ona_vlan1050" type portmstprstp 0 vlan members 1050 1/35 interface Vlan 1050 ip address 10.8.105.1 255.255.255.
Verify ISIS Interfaces 4002:1#show isis inter ================================================================================ ISIS Interfaces ================================================================================ IFIDX TYPE LEVEL OP-STATE ADM-STATE ADJ UP-ADJ SPBM-L1-METRIC tunnel_to_8201 pt-pt Level 1 UP UP 1 1 10000 1 out of 1 Total Num of ISIS interfaces 4002:1#show isis logical-interface =================================================================================================
Verify ONA Operations 4002:1#show khi fe-ona status ======================================================= ONA STATUS ======================================================== ONA Device Status : UP Running Release Name : VEGA1101.1.0.0.0int007 Last Image Upgrade Status : UPGRADE_SUCCESS Last Image File Used For Upgrade : VEGA1101.1.0.0.0int007.
20.1.28 Fabric Extend over Routed Infrastructure using GRT to interconnect to routed network Please note that the preferred method is using a VRF for the core routing as shown in the previous example. If you use the GRT method as shown below, please ensure you add a route policy to prevent all the core IP interfaces, local and loopback, from being advertised into ISIS. Please begin by enable IP Shortcuts on all switches – see section above titled IP Shortcuts.
Core GRT – Route Map/Route Policy If using the GRT method for Fabric Extend, you have to add a route-map or route policy to prevent the local OSPF networks from also being advertised by ISIS. For this example, we will route a route-map for nodes 8201, 4001, and 4002. ip prefix-list "no_local_ospf" 10.8.15.
Fabric Extend Configuration router isis ip-tunnel-source-address 10.8.15.2 exit logical-intf isis 1 dest-ip 10.4.4.41 name "tunnel_to_4001" isis isis spbm 1 isis spbm 1 l1-metric 10000 isis enable exit logical-intf isis 2 dest-ip 10.4.4.42 name "tunnel_to_4002" isis isis spbm 1 isis spbm 1 l1-metric 10000 isis enable exit vlan create 1050 name "ona_vlan1050" type port-mstprstp 0 vlan members 1050 1/35 interface Vlan 1050 ip address 10.8.105.1 255.255.255.
Verify the route-map is working Verify that the OSPF networks are only learned by OSPF and not ISIS. In this example only the ONA networks (10.8.105.0/24 and 10.8.107.0/24) should be learned by ISIS. 8201:1#show ip route -s 10.8.0.0/16 ===================================================================================== IP Route - GlobalRouter ====================================================================================== NH INTER VRF/ISID DST MASK NEXT COST FACE PROT AGE TYPE PRF 10.8.1.8 10.8.1.
Verify ISIS Interfaces 4002:1#show isis inter ================================================================================ ISIS Interfaces ================================================================================ IFIDX TYPE LEVEL OP-STATE ADM-STATE ADJ UP-ADJ SPBM-L1-METRIC tunnel_to_8201 pt-pt Level 1 UP UP 1 1 10000 1 out of 1 Total Num of ISIS interfaces 4002:1#show isis logical-interface =================================================================================================
Verify ONA Operations 4002:1#show khi fe-ona status ======================================================= ONA STATUS ======================================================== ONA Device Status : UP Running Release Name : VEGA1101.1.0.0.0int007 Last Image Upgrade Status : UPGRADE_SUCCESS Last Image File Used For Upgrade : VEGA1101.1.0.0.0int007.
20.1.29 Fabric Extend over E-LAN/VPLS (L2) network using Layer 3 over Layer 2 tunneling using VSP 4000 Fabric Extend can be transported over a layer 2 core using VXLAN IP tunneling. For this example, we will assume there is no VLAN tagging to the core L2 network. For this simple setup, we can simply use a brouter port to the core and use the brouter IP address as the IP tunnel source address. If you require VLAN tagging to the core, please see the next section.
ip vrf fab_ext interface GigabitEthernet 1/33 no shutdown no spanning-tree mstp force-port-state enable vrf fab_ext brouter vlan 300 subnet 10.8.30.45/24 exit vlan create 107 name "ona_vlan106" type portmstprstp 0 vlan members 107 1/35 interface Vlan 107 ip address 10.8.107.1 255.255.255.0 exit interface GigabitEthernet 1/37 no shutdown exit router isis ip-tunnel-source-address 10.8.30.45 port 1/37 vrf fab_ext exit logical-intf isis 1 dest-ip 10.8.30.
Verify VRF Operations 4001:1#show ip interface vrf fab_ext ================================================================================ IP Interface - VRF fab_ext ================================================================================ VLAN BROUTER INTERFACE IP NET BCASTADDR REASM FORMAT MAXSIZE ID PORT ADDRESS MASK Port1/33 10.8.30.41 255.255.255.0 ones 1500 300 true All 1 out of 1 Total Num of IP interfaces displayed 4001:1#ping 10.8.30.42 vrf fab_ext 10.8.30.42 is alive 4001:1#ping 10.
Verify ONA Operations 4001:1#show khi fe-ona status ======================================================= ONA STATUS ======================================================== ONA Device Status : UP Running Release Name : VEGA1101_beta.1.0.0.0int014 Last Image Upgrade Status : UPGRADE_SUCCESS Last Image File Used For Upgrade : VEGA1101_beta.1.0.0.0int014.
4001:1#show isis adjacencies ================================================================================ ISIS Adjacencies ================================================================================ L STATE UPTIME PRI HOLDTIME SYSID HOST-NAME INTERFACE 1 UP 1 UP tunnel_to_4002 tunnel_to_4005 03:42:50 127 03:42:22 127 23 a012.90d3.ec65 20 d4ea.0ee0.
20.1.30 Fabric Extend over E-LAN/VPLS (L2) network using Layer 3 over Layer 2 tunneling with VSP8000 or VSP7200 When using the VSP 8000 or VSP 7200, please note that they only support a single next hop IP address for all tunnels going through a single port. The ONA on the VSP 4000 does not have this restriction and as shown in the previous example, it can it used to provide tunnels to many remote sites over a flat layer 2 core.
Configure Core Networking ip vrf fab_ext ip vrf fab_lpbk vlan create 300 type port-mstprstp 0 vlan members 300 2/4 interface Vlan 300 vrf fab_ext ip address 10.8.30.1 255.255.255.0 exit interface GigabitEthernet 1/37 no shutdown vrf fab_lpbk brouter port 1/37 vlan 302 subnet 10.8.31.254/24 no spanning-tree mstp force-port-state enable exit interface GigabitEthernet 1/39 no shutdown vrf fab_ext brouter port 1/39 vlan 301 subnet 10.8.31.
ip vrf fab_ext vlan create 300 type port-mstprstp 0 vlan members 300 1/33 interface Vlan 300 vrf fab_ext ip address 10.8.30.45 255.255.255.0 exit interface GigabitEthernet 1/33 no shutdown no spanning-tree mstp force-port-state enable exit interface loopback 10 ip address 10 10.4.4.45/32 vrf fab_ext exit router vrf fab_ext ip route 10.8.4.81 255.255.255.255 10.8.30.
Verify Routing Before beginning the Fabric Extend configuration, please ensure that nodes 8201, 4002, and 4005 are able to route to each other, i.e. check the routing to the lpbk addresses used for the Fabric Extend tunnels. 4002:1#ping 10.8.30.1 vrf fab_ext 10.8.30.1 is alive 4002:1#ping 10.8.4.81 vrf fab_ext 10.8.4.81 is alive 8201:1#ping 10.8.30.42 vrf fab_ext 10.8.30.42 is alive 8201:1#ping 10.8.30.45 vrf fab_ext 10.8.30.45 is alive 8201:1#ping 10.8.30.42 vrf fab_lpbk source 10.8.4.81 10.8.30.
Fabric Extend and ONA Configuration router isis ip-tunnel-source-address 10.8.4.81 vrf fab_lpbk exit logical-intf isis 1 dest-ip 10.4.4.42 name "tunnel_to_4002" isis isis spbm 1 isis enable exit logical-intf isis 2 dest-ip 10.4.4.45 name "tunnel_to_4005" isis isis spbm 1 isis enable exit vlan create 105 name "ona_vlan105" type port-mstprstp 0 vlan members 105 1/35 interface Vlan 105 ip address 10.8.105.1 255.255.255.
vlan create 107 name "ona_vlan107" type port-mstprstp 0 vlan members 107 1/35 interface Vlan 107 ip address 10.8.105.1 255.255.255.0 exit interface GigabitEthernet 1/35 no shutdown exit interface GigabitEthernet 1/37 no shutdown exit router isis ip-tunnel-source-address 10.4.4.45 port 1/37 mtu 1950 vrf fab_ext exit logical-intf isis 1 dest-ip 10.8.4.81 name "tunnel_to_8201" isis isis spbm 1 isis enable exit October 2021 ©2021 Extreme Networks, Inc.
Verify Operations 8201:1#show isis interface ================================================================================ ISIS Interfaces ================================================================================ IFIDX TYPE LEVEL OP-STATE ADM-STATE ADJ UP-ADJ SPBM-L1-METRIC Port1/17 tunnel_to_4002 tunnel_to_4005 pt-pt pt-pt pt-pt Level 1 Level 1 Level 1 UP UP UP 1 1 1 UP UP UP 1 1 1 10 20000 20000 3 out of 3 Total Num of ISIS interfaces 8201:1#show isis adjacencies ======================
8201:1#show ip route ====================================================================================== IP Route - GlobalRouter ====================================================================================== NH INTER DST MASK NEXT VRF/ISID COST FACE PROT AGE TYPE PRF 10.1.1.81 10.4.4.2 10.4.4.5 10.8.105.0 10.8.107.0 192.168.96.0 192.168.100.0 192.168.144.0 192.168.150.0 October 2021 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.
20.1.31 Fabric Extend over E-LAN/VPLS (L2) network using VLAN Tunnels Fabric Extend can also be transported over a layer 2 core without using VXLAN IP tunneling. In this case, logical ISIS interfaces are tunneling using B-VID translation where the two B-VLAN ID’s are mapped to two different logical VLAN ID’s. Please note that two core VLAN ID’s are required for each point-to-point NNI connection between two BEB nodes.
Verify ISIS Interfaces 8201:1#show isis logical-interface ====================================================================================== ISIS Logical Interfaces ====================================================================================== TUNNEL L3_TUNNEL_NEXT_HOP_INFO IFIDX NAME ENCAP L2_INFO VIDS(PRIMARY) DEST-IP PORT/MLT VLAN VRF TYPE PORT/MLT 1 2 fe_to_4001 fe_to_4002 L2-P2P-VID L2-P2P-VID Port2/4 Port2/4 300-301(300) 302-303(302) --- --- --- --- 8201:1#show isis interface ====
Verify L2 Forwarding Table 8201:1#show isis spbm unicast-fib ====================================================================================== SPBM UNICAST FIB ENTRY INFO ====================================================================================== BVLAN SYSID HOST-NAME COST DESTINATION OUTGOING ADDRESS INTERFACE 02:40:02:ff:ff:ff a0:12:90:d3:ec:65 02:40:02:ff:ff:ff a0:12:90:d3:ec:65 02:82:01:ff:ff:ff b0:ad:aa:47:08:84 02:82:01:ff:ff:ff b0:ad:aa:47:08:84 02:40:01:ff:ff:ff d4:ea:0e:10:e4:65 02:
20.1.32 Fabric Attach Configuration Fabric Attach Server – VSP 4000, VSP 8000 or VSP 7200 Fabric Attach (FA) is globally enabled by default and must be enabled on a port or MLT interface. By enable FA on a port or MLT, this will in turn enable LLDP on this interface and send out both FA TLVs and standard LLDP TLVs. Also, authentication is enabled by default.
Fabric Attach– Using MLT Uplink MLT configuration needs to be manually configured for example if using the FA Proxy switch to connect to a SMLT cluster. config terminal mlt <1-32> name member learning mlt <1-32> enable vlan members remove 1 Fabric Attach – Proxy Standalone As mentioned above, FA Proxy is enabled by default. To configure the switch for FA Proxy Standalone, please enter the command shown below.
Automated FA Client Port Mode When this option is enabled and FA Clients are present, the EAP settings for the interface on which the client is discovered, are automatically updated based on the FA Client type. If the FA Clients of the appropriate type are deemed no longer valid (when element aging causes the FA Client to be deleted from the discovered elements list), the EAP port settings revert to the previous state. Automated configuration only applies to FA-enabled ports.
20.1.
20.1.
Verify Operations - LLDP At this stage, as long as the FA Server has Fabric Attach enabled at a port or MLT level, the FA Proxy switch 4801 should have discovered the FA Server switches 8201 and 8202.
4801(config)#show lldp neighbor vendor-specific avaya fabric-attach Neighbors LLDP info - Avaya FA TLVs Port: 2 Fabric Attach Data: Element Type: server Management VLAN: 1100 System ID: b0:ad:aa:47:08:85:30:07:00:07 Element State Flags (0x90): trafficTagged provisionModeSpbm Exported I-SID/VLAN Assignments: No I-SID/VLAN Assignments.
Fabric Attach Extended Logging Status: Enabled Fabric Attach Primary Server Id: b0:ad:aa:47:08:85:30:07:00:07 (SPBM) Fabric Attach Primary Server Descr: VSP-8284XSQ (5.0.0.
Verify Operations - FA Elements 8201 & 8202 8201:1#show fa elements ================================================================================ Fabric Attach Discovery Elements ================================================================================ MGMT ELEM ASGN PORT TYPE VLAN STATE SYSTEM ID AUTH AUTH 1/3 proxy 1100 T / S cc:f9:54:b4:ac:00:20:00:00:01 AP AP ================================================================================ Fabric Attach Authentication Detail =============
20.1.34.1 Fabric Attach – Adding a Platform VLAN on FA Server for Management VLAN In order for the FA Proxy switch to get an IP address via DHCP, we will need to add a platform VLAN and add an IP address with DHCP. We will do this on the FA Server switches and enable the RSMLT Edge option assuming IP Shortcuts has already been enabled – please see the IP Shortcuts section for configuration details.
Verify Operations - DHCP At this stage, the Fabric Attach Proxy switch should get an IP address via DHCP plus all the Fabric Attach elements should be discovered. 4801(config)#show ip Bootp/DHCP Mode: DHCP Stack IP Address: Switch IP Address: Switch Subnet Mask: Default Gateway: October 2021 When Needed Configured In Use 192.168.1.2 192.168.1.1 255.255.255.0 0.0.0.0 10.12.110.10 255.255.255.0 10.12.110.1 Last BootP/DHCP 0.0.0.0 10.12.110.10 255.255.255.0 10.12.110.1 ©2021 Extreme Networks, Inc.
20.1.34.2 Fabric Attach – Adding a L2VSN Service Continuing from the base setup above, assuming we wish to add an L2VSN service from the FA Proxy switch for a local user to a remote SPBM node. This can be easily accomplished by simply adding a VLAN and ISID on the FA Proxy switch which in turn will be automatically added as an ELAN on the FA Server switches. All we then need to do is create an L2VSN with the same ISID on terminating SPBM switch.
4801#show logging sort-reverse Type Time Idx I 99 00:02:10:00 Src Message Fabric Attach: binding activation success (trunk 1 20050/50) Verify Operations - FA Server switches 8201 and 8202 8201:1#show fa assignment ================================================================================ Fabric Attach Assignment Map ================================================================================ Interface I-SID Vlan State Origin 1/3 1/3 1/3 1/3 20050 5001100 5001110 5001120 50 1100 1110 1120
20.1.34.3 Fabric Attach – Adding a L3VSN Service Continuing from the base setup above, assuming we wish to add an L3VSN service. This can be easily accomplished by simply adding a VLAN and ISID on the FA Proxy switch which in turn will be automatically added as an ELAN on the FA Server switches. In this example, we will create a platform VLAN on the FA Server switches with RSMLT Edge support.
8201:1#show i-sid 700140 ====================================================================================== Isid Info ====================================================================================== ISID PORT MLT ORIGIN ISID ID TYPE VLANID INTERFACES INTERFACES 700140 ELAN N/A - c140:7 DISC_BOTH Verify Operations – LLDP bindings 4801#show lldp neighbor vendor-specific avaya fabric-attach Neighbors LLDP info - Avaya FA TLVs Port: 3 Fabric Attach Data: Element Type: server Management VLAN: 11
Fabric Attach Server Configuration – adding platform VLAN configure terminal configure terminal ip vrf green vlan create 140 type port-mstprstp 0 vlan i-sid 140 700140 interface vlan 140 vrf green ip address 10.1.140.1 255.255.255.
Verify Operations – IP routing VSP Cluster Switches show ip route vrf green show ip rsmlt vrf green show ip arp vrf green ping vrf green source October 2021 ©2021 Extreme Networks, Inc.
20.1.34.4 Fabric Attach - Adding a WLAN 9100 FA Client with EAP Device authentication via Identity Engines Continuing from the base setup above, assuming we wish to add an FA client. For this example, we will add a FA WLAN 9100 AP client and use Identity Engines to authenticate the AP and push down all the VLAN and ISID combinations required. Fabric Attach Proxy Configuration – ERS 4800 configure terminal fa zero-touch-options auto-port-mode-fa-client radius server host 10.12.120.
Verify Operations At this point, we should be able to discover the FA Client assuming a WLAN 9100 AP is attached to port 11.
Adding Platform VLANs On the FA Server switches, assuming IP Shortcuts has been enabled, we will add the the C-VLAN’s used by the FA Proxy and FA Client assuming the Management VLAN has already been configured - see section titled “Fabric Attach – Adding a Platform VLAN on FA Server for Management VLAN”. vlan create 1110 name "Corp_vlan1110" type port-mstprstp 0 vlan i-sid 1110 5001110 interface Vlan 1110 ip address 10.12.111.1 255.255.255.
Identity Engines Setup – Add an internal group for the AP’s We will create a new group to be used for the IDE policy as a container for all the AP MAC address that will be authenticated when an AP connects to the Fabric Attach Proxy switch. October 2021 ©2021 Extreme Networks, Inc.
Identity Engines Setup – Set the RADIUS outbound values to be used to provision all the VLANs on the Fabric Attach Proxy switch Please note we need to add the management VLAN, VLAN create, and all the necessary VLANs that will be used on the wireless AP’s. For a Fabric Attach Proxy setup, the ISID value must be entered for all user VLANs including the management VLAN, i.e. 1100:5001100 for VLAN 1100 using ISID 5001100. October 2021 ©2021 Extreme Networks, Inc.
Identity Engines Setup – Set the RADIUS policy to be used to authenticate the MAC addresses for the wireless AP’s The FA Proxy switch zero touch option of auto-port-mode-fa-client must be enabled for the above policy to work. The policy as shown above is recommended to provide the most secure method for authenticating the WLAN 9100 AP where we are checking for a FA Client Type = 6 (FA Client – Wireless AP Type 1) in addition to the device address. October 2021 ©2021 Extreme Networks, Inc.
Identity Engines Setup – Add switch 4801 as an Fabric Attach Proxy authenticator Select Policy Name from previous step October 2021 ©2021 Extreme Networks, Inc.
Identity Engines Setup – Adding Fabric Attach Client AP to the FA-WLAN-AP-Group The first time the Fabric Attach client AP is connected to the ERS 4800 switch, it will fail device authentication and you will need to add the AP device MAC to the internal store. To do this, via Ignition Dashboard, click on the site name and go to RADIUS AAA Summary -> Failed tab -> double-click the MAC entry, and add the MAC to the group container created above October 2021 ©2021 Extreme Networks, Inc.
October 2021 ©2021 Extreme Networks, Inc.
Verify Operations – FA Proxy VLAN After IDE is configured with a policy and the AP is authenticated: 4801#show eapol multihost non-eap-mac status 11 Port Client MAC Address State 11 64:A7:DD:03:39:03 Authenticated By RADIUS Total number of authenticated clients: 1 Vid Pri N/A N/A Note the default PVID is now the management PVID of 1100 and the C-VLAN PVIDs of 1110 and 1120 have been added port 11 as per the policy on Identity Engines.
Verify Operations – IDE Monitor Via IDE, go to Monitor -> -> Access to look at the record details. October 2021 ©2021 Extreme Networks, Inc.
Verify Operations – FA Server After IDE configured with a policy and the AP being authenticated, the VLAN and ISID assignment should be learned on the FA server.
EAP RADIUS Assigned VLANs : Non-EAP RADIUS Assigned VLANs : Non-EAP RADIUS Password Attribute Format : Non-EAP User Based Policies : Non-EAP User Based Policies Filter On MAC Addresses : EAP Protocol : Use Most Recent RADIUS Assigned VLAN : Non-EAP ReAuthentication : Block Different RADIUS Assigned VLAN Authentication : Dummy ADAC Radius Requests : ADAC Non-EAP Phone Authentication : Fail Open VLAN : Fail Open VLAN ID : Fail Open VLAN Continuity Mode : Disabled Disabled MACAddr Disabled Disabled Enabled Di
WAP 9132 Verify Operations - Assuming a WAP 9132 is connected to port 11 on the Proxy switch and using SSH to connect the WAP 9132 A17142803390B# show fabric-attach status Fabric Attach Status State Element Type Element State Management VLAN Element Gig1 MAC Element Gig2 MAC Message Auth Key Address Address enabled FA Client - Wireless Access Point Type 1 untagged 0 64:a7:dd:03:39:03 64:a7:dd:03:39:04 set A17142803390B# show fabric-attach elements Fabric Attach Elements Interface Element IP Element Typ
20.1.34.5 Fabric Attach – Changing the FA authentication key By default, the FA WLAN 9100 client, FA proxy, and FA server all ship with a pre-defined secret FA key. The only exception is with the non-secure image for an ERS 4800 switch. To disable FA message authentication, enter the following command.
20.1.35Fabric Attach Proxy Standalone Assuming we are using an ERS 4800 for the Fabric Attach Proxy Standalone switch connected to a ERS 8800 IST core. In regards to the core switches, we need to configure C-VLANs 1100, 1110, and 1120 with tagged trunk links to the ERS 4800. In regards to the Wireless Access Points, by default, LLDP and Fabric attach is enabled.
Fabric Attach Proxy Standalone Configuration - ERS 8800 SMLT Cluster Assuming IP Shortcuts has been enabled on the ERS 8800 cluster, we need to add the management VLAN and all other C-VLANs used by the FA Proxy Standalone switch and FA Client. The configuration shown below simply shows the management VLAN configuration (VLAN 1100) with DHCP enabled. The other two C-VLAN configuration will be similar.
Identity Engines Setup – Add an internal group for the AP’s We will create a new group to be used for the IDE policy as a container for all the AP MAC address that will be authenticated when an AP connects to the Fabric Attach Proxy Standalone switch. October 2021 ©2021 Extreme Networks, Inc.
Identity Engines Setup – Set the RADIUS outbound values to be used to provision all the VLANs on the Fabric Attach Proxy Standalone switch Please note we need to add the management VLAN, VLAN create, and all the necessary VLANs that will be used on the wireless AP’s. For a Fabric Attach Standalone Proxy setup, the VLAN-ISID value must be entered with an ISID value of 0 for all user VLANs including the management VLAN, i.e. 1100:0 for VLAN 1100. October 2021 ©2021 Extreme Networks, Inc.
Identity Engines Setup – Set the RADIUS policy to be used to authenticate the MAC addresses for the wireless AP’s The FA Proxy switch zero touch option of auto-port-mode-fa-client must be enabled for the above policy to work. The policy as shown above is recommended to provide the most secure method for authenticating the WLAN 9100 AP where we are checking for a FA Client Type = 6 (FA Client – Wireless AP Type 1) in addition to the device address. October 2021 ©2021 Extreme Networks, Inc.
Identity Engines Setup – Add switch 4802 as an Fabric Attach Proxy Standalone authenticator Select Policy Name from previous step October 2021 ©2021 Extreme Networks, Inc.
Identity Engines Setup – Adding Fabric Attach Client AP to the FA-WLAN-AP-Group The first time the Fabric Attach client AP is connected to the ERS 4800 switch, it will fail device authentication and you will need to add the AP device MAC to the internal store. To do this, via Ignition Dashboard, click on the site name and go to RADIUS AAA Summary -> Failed tab -> double-click the MAC entry, and add the MAC to the group container created above October 2021 ©2021 Extreme Networks, Inc.
October 2021 ©2021 Extreme Networks, Inc.
Verify Operations – FA Elements 4802#show fa elements Unit/ Port Element Type 1/11 Client Element Subtype Element VLAN Auth Wireless AP (Type 1) 0 AP System ID 64:a7:dd:03:39:0b:00:00:00:01 Legend: Auth - AP=Authentication Pass, AF=Authentication Fail, NA=Not Authenticated 4802#show logging sort-reverse Type Time Idx Src Message I | I I I I I I I 11) | I I 00:04:15:44 168 Trap: lldpRemTableChange Deletes = 8 00:04:14:44 00:04:14:44 00:04:14:44 00:04:14:44 00:04:14:44 00:04:14:44 00:04:14:44
MED-Capabilities: CNLDI / C MED-Device type: Endpoint Class 1 (Supported/Current) Sys capability: O-Other; R-Repeater; B-Bridge; W-WLAN accesspoint; r-Router; T-Telephone; D-DOCSIS cable device; S-Station only. Total neighbors: 1 Med Capabilities-C: N-Network Policy; L-Location Identification; I-Inventory; S-Extended Power via MDI - PSE; D-Extended Power via MDI - PD.
Verify Operations – IDE Monitor Via IDE, go to Monitor -> -> Access to look at the record details. October 2021 ©2021 Extreme Networks, Inc.
Verify Operations - EAP Setting on ERS 4800 assuming an AP has successfully authenticated on port 11 The FA zero touch setting of auto-port-mode-fa-client will automatically enable the following EAP settings: 4802#show eapol multihost non-eap-mac status Port Client MAC Address State 11 64:A7:DD:03:39:0B Authenticated By RADIUS Total number of authenticated clients: 1 4802#show eapol port 11 EAP Administrative State : Protocol Version : Port-mirroring on EAP ports : EAP User Based Policies : EAP User Based P
4802#show eapol multihost interface 11 Port: 11 MultiHost Status : Enabled Total Maximum Number of Clients : 1 Maximum Number of EAP Clients : 1 Maximum Number of Non-EAP Clients : 1 Allow Local Non-EAP Clients : Disabled Non-EAP RADIUS Authentication : Enabled Non-EAP AutoLearned After Single Auth (MHSA) : Enabled Non-EAP DHCP Phone Authentication : Disabled EAPoL Request Packet Generation Mode : Multicast EAP RADIUS Assigned VLANs : Disabled Non-EAP RADIUS Assigned VLANs : Disabled EAP Protocol : Enabled
20.2 Using EDM 20.2.
d) Configuration -> IS-IS -> IS-IS -> Interfaces -> Insert -> enter index number, select Port or Mlt, then AdminStatus = off (enable once SPBM is enabled in next step) e) Configuration -> IS-IS -> IS-IS -> Interfaces ->
h) Configuration -> IS-IS -> IS-IS -> Globals -> AdminState = on -> Apply October 2021 ©2021 Extreme Networks, Inc.
20.2.2 VSN Configuration Extending a VLAN (L2VSN) EDM Configuration -> VLAN -> VLANs –> Advanced -> Select VLAN -> ISID = <0..16777215> -> Apply October 2021 ©2021 Extreme Networks, Inc.
Extending a VLAN (L3VSN) EDM a) Configuration -> IP -> VRF –> Insert -> Enter ID, VRF name, any other options -> Insert b) Configuration -> IP -> IP-VPN –> VPN -> Insert -> Select VRF ID -> Insert c) Configuration -> IP -> IP-VPN –> VPN ->
October 2021 ©2021 Extreme Networks, Inc.
20.2.3 Connectivity Fault Management (CFM) Configuration – release 7.0 or 7.1.1. Add Maintenance Domain (string up to 22 characters), Maintenance Association (string up to 22 characters), and maintenance end point (id from 1 to 8191). There may only be one MEP per SPB VLAN in the 7.1 release and CFM is only supported on SPB VLANs. When assigning a Maintenance Intermediate Point (MIP) level to an SPB VLAN, the value may be 0 to 7; there is only one MIP supported per SPB VLAN in the 7.1 release.
c) Configuration -> Edit -> Diagnostics –> CFM -> MD -> select MD instance -> MaintenanceAssociation -> select MA index -> MaintenanceEndPoint -> Insert > enter id, AdminState = enable -> Insert. Repeat for each B-VLAN. Please keep note of MA Id used as this will be required for next step d) Configuration -> VLAN -> VLANs -> Advanced -> select B-VLAN -> Nodal -> NodalMepList = ... Repeat for each B-VLAN. October 2021 ©2021 Extreme Networks, Inc.
October 2021 ©2021 Extreme Networks, Inc.
21. VLAN and ISID Restrictions using TACACS+ via Identity Engines For security concerns, customers may wish to restrict users from only entering specific VLAN and ISID combinations. For example, for building x, an administrator wishes to only allow a local user to add VLANs 2000-2399 and only use I-SIDs 2002000-2002399. Regular expressions via Identity Engines TACACS+ Device Command Sets can be used to restrict specific ranges.
21.1TACACS+ Switch Configuration VSP 7000, ERS 4800/5900 TACACS+ Configuration tacacs server host key Enter key: ***** Confirm key: ***** tacacs authorization enable tacacs accounting enable tacacs authorization level all cli password telnet tacacs cli password serial tacacs Please note SNMP and WEB access will be disabled one TACACS+ is enabled. Both options can be re-enabled again after initially enabled TACACS+.
21.
IDE – For the TACACS+ Policy, make sure you select the above device command set for the appropriate user via Configuration -> Site Configuration -> Access Policies ->TACACS+ -> October 2021 ©2021 Extreme Networks, Inc.
22. Configuration Examples 22.1 SPB – Core Setup For this configuration example, we will show how to provision SPB on the following platforms: Common SBP Settings Switch Parameter Value All switches B-VLANs 4051, 4052 where 4051 is the primary B-VLAN VLAN Names BVLAN-1 and BVLAN-2 IS-IS Area 49.0001 IS-IS Enable SPBM Enable, using instance 1 Unique SPB Settings Platform System Name Nick Name CFM MEPID VSP 4000 400x 0.40.0x 40x VSP 7000 700x 0.70.0x 700x VSP 9000 900x 0.
SMLT IST Settings SMLT Cluster VLAN VLAN Members Subnet VLACP 9001 & 9002 2 3/1 & 3/2 10.5.2.0/30 Yes – Long timeout 8005 & 8006 2 2/1 & 2/2 10.2.1.0/30 Yes – Long timeout 7001 & 7002 2 38-39 10.70.2.0/30 No SMLT vIST Settings SMLT Cluster VLAN Subnet 4001 & 4002 2 10.4.2.0/30 For compatibility between the VSP 9000 and VSP 4000 with the ERS 8800 and VSP 7000, it is recommended to change the Spanning Tree mode to MSTP on the ERS 8800 and VSP 7000.
22.1.1 Configuration For this configuration example, all switches are provisioned using ACLI which is the default setting on all switches with the exception of the ERS 8000. 22.1.1.1 Configuration Mode ACLI config terminal The ERS 8800 supports either CLI or ACLI. The VSP 4000, 7000, ERS 4800, and VSP 9000 only support ACLI. On an ERS 8800 switch, to change from CLI to ACLI, enter the CLI command config boot flags acli true and save boot.
22.1.1.3 VSP 7000 – Rear Port Mode Switch Parameter Value Rear port mode Enabled & SPB Rear Port 7001, 7002, 7003, 7004 For this example, the VSP 7000 is configured in Fabric Interconnect (FI) mode. Hence, we will change the rear-port mode to SPB. Enable rear-port mode on switches 7001, 7002, 7003, and 7004 7001, 7002, 7003 & 7004: rear-port mode enable spb Enabling rear port mode will disable Fabric Interconnect Stack operation. Switch configuration will be reset to partial-defaults.
starting configuring the switch in RSTP or MSTP mode. The syntax used to create VLANs in any of these new modes is NOT COMPATIBLE with the default mode (STP) ERS-8606:5(config)#save boot ERS-8606:5(config)#boot –y 22.1.1.5 System Name VSP 4000 Switches - Configure system name prompt <4001|4002> VSP 7000 Switches - Configure system name snmp-server name <7001|7002|7003|7004> ERS 8800 Switches - Configure system name prompt <8003|8004|8005|8006|8007> October 2021 ©2021 Extreme Networks, Inc.
VSP 9000 Switches - Configure system name prompt <9001|9002> ERS 4800 Switches - Configure system name snmp-server name 4801 22.1.1.6 Option – Configure out-of-band management interface As an option on the ERS 8000, VSP 7000, and VSP 9000, an out-of-band management interface can be configured.
VSP 9000 Switches – Add out-of-band configuration interface mgmtEthernet ip address exit As an option, a management virtual IP address can be configured valid for both CPU’s when two are used sys mgmt-virtual-ip / router vrf MgmtRouter ip route weight <1-65535> exit show interfaces mgmtEthernet show interfaces mgmtEthernet show interfaces mgmtEthernet
22.1.1.8 IST Configuration – SMLT Cluster switch 4001 & 4002, 9001 & 9002 and 8005 & 8006 Switch Feature Parameter Value 9001, 9002 IST MLT ID 1 VLAN 2 Timers Long (slow) Time-out Scale 3 VLACP MAC 01:80:c2:00:00:0f Slow periodic time 10000 IP address 10.5.2.1/30 Ports 3/1,3/2 IP address 10.5.2.2/30 Ports 3/1,3/2 IP address 10.2.1.1/30 Ports 2/1,2/2 IP address 10.2.1.2/30 Ports 2/1,2/2 VLAN ID 2 IP address 10.4.2.1/30 VLAN ID 2 IP address 10.4.2.
VSP 9000 SMLT Cluster: Add IST MLT, VLAN 2 with IP address, and enable VLACP 9001:1(config)#vlan create 2 name "IST_vlan2" type port-mstprstp 0 9001:1(config)#mlt 1 9001:1(config)#mlt 1 name IST 9001:1(config)#mlt 1 member 3/1,3/2 9001:1(config)#mlt 1 encapsulation dot1q 9001:1(config)#vlan mlt 2 1 9001:1(config)#interface vlan 2 9001:1(config-if)#ip address 10.5.2.1 255.255.255.252 9001:1(config-if)#exit 9001:1(config)#interface mlt 1 9001:1(config-mlt)#ist peer-ip 10.5.2.
ERS 8800 SMLT Cluster: Add IST MLT, VLAN 2 with IP address, and enable VLACP 8005:5(config)#vlan create 2 name "IST_VLAN" type port-mstprstp 0 8005:5(config)#mlt 1 8005:5(config)#mlt 1 name IST 8005:5(config)#mlt 1 member 2/1,2/2 8005:5(config)#mlt 1 encapsulation dot1q 8005:5(config)#vlan 2 mlt 1 8005:5(config)#interface vlan 2 8005:5(config-if)#ip create 10.2.1.1 255.255.255.0 8005:5(config-if)#exit 8005:5(config)#interface mlt 1 8005:5(config-mlt)#ist peer-ip 10.2.1.
22.1.1.9 IS-IS and SPB Global Configuration Switch Parameter Value B-VLANs 4051, 4052 where 4051 is the primary B-VLAN VLAN Names BVLAN-1 and BVLAN-2 IS-IS Area 49.0001 IS-IS Enable SPBM Enable, using instance 1 SPB Nick Name 0.40.01 SPB System-Name 4001 SPB All switches 4001 vIST Configuration 4002 SMLT Peer System ID a012.90d3.ec65 (System ID of 4002) ISID 2002 vIST peer 10.4.2.2 SPB Nick Name 0.40.
7002 7003 7004 8003 8004 8005 8006 8007 9001 October 2021 SMLT Peer System-ID 3cb1.5bff.5fdf (System ID of 7002) SPB Nick Name 0.70.02 SPB System-Name 7002 SMLT Peer System-ID fca8.41f6.37df (System ID of 7001) SPB Nick Name 0.70.03 SPB System-Name 7003 SPB Nick Name 0.70.04 SPB System-Name 7004 SPB Nick Name 0.80.03 SPB System-Name 8003 SPB Nick Name 0.80.04 SPB System-Name 8004 SPB Nick Name 0.80.05 SPB System-Name 8005 SMLT Peer System-ID 001e.1f48.
9002 SPB Nick Name 0.90.01 SPB System-Name 9002 SMLT Peer System-ID d4ea.0efd.e3df (System ID of 9001) Please note for the VSP7000, it is recommended to provision SPB first prior to enabling the IST. The default PVID on all IST ports must be the primary B-VLAN ID. This will happen automatically as long as SPB is enabled prior to enabling the IST. For the SMLT cluster switches, use the ACLI show isis system-id command on the peer cluster switch to get the System ID value.
SPBM Configuration – VSP 4000: Use the show isis system-id command on the peer cluster switch to get the smlt-peer-system-id value 4001:1(config)#spbm 4001:1(config)#router isis 4001:1(config-isis)#spbm 1 4001:1(config-isis)#spbm 1 nick-name 0.40.01 4001:1(config-isis)#spbm 1 b-vid 4051-4052 primary 4051 4001:1(config-isis)#spbm 1 smlt-peer-system-id a012.90d3.ec65 4001:1(config-isis)#manual-area 49.
SPBM Configuration – VSP 7000: Use the show isis system-id command on the peer cluster switch to get the smlt-peer-system-id value for the SMLT cluster switches 7001(config)#vlan configcontrol automatic 7001(config)#vlan create 4051 name BVLAN-1 type spbm-bvlan 7001(config)#vlan create 4052 name BVLAN-2 type spbm-bvlan 7001(config)#spbm 7001(config)#router isis 7001(config-isis)#spbm 1 7001(config-isis)#spbm 1 b-vid 4051-4052 primary 4051 7001(config-isis)#spbm 1 smlt-peer-system-id 3cb1.5bff.
SPBM Configuration – ERS 8800: Use the show isis system-id command on the peer cluster switch to get the smlt-peer-system-id value for the SMLT cluster switches 8003:5(config)#spbm 8003:5(config)#router isis 8003:5(config-isis)#spbm 1 8003:5(config-isis)#spbm 1 nick-name 0.80.03 8003:5(config-isis)#spbm 1 b-vid 4051-4052 primary 4051 8003:5(config-isis)#manual-area 49.
SPBM Configuration – VSP 9000: Use the show isis system-id command on the peer cluster switch to get the smlt-peer-system-id value 9001:1(config)#spbm 9001:1(config)#router isis 9001:1(config-isis)#spbm 1 9001:1(config-isis)#spbm 1 nick-name 0.90.01 9001:1(config-isis)#spbm 1 b-vid 4051-4052 primary 4051 9001:1(config-isis)#manual-area 49.0001 9001:1(config-isis)#spbm 1 smlt-peer-system-id d4ea.0efd.
VSP 4000 - SPB Interface Configuration 4001 & 4002: Same configuration on both switches 4001:1(config)#mlt 1 enable name 9001 4001:1(config)#mlt 1 member 1/45-1/46 4001:1(config)#mlt 1 encapsulation dot1q 4001:1(config)#interface mlt 1 4001:1(config-mlt)#isis 4001:1(config-mlt)#isis spbm 1 4001:1(config-mlt)#isis enable 4001:1(config-mlt)#exit 4001:1(config)#interface gigabitEthernet 1/47 4001:1(config-if)#isis 4001:1(config-if)#isis spbm 1 4001:1(config-if)#isis enable 4001:1(config-if)#exit 4001:1(config)
7001(config-if)#isis enable 7001(config-if)#spanning-tree mstp learning disable 7001(config-if)#exit ERS 8800 - SPB Interface Configuration 8003 & 8004: Same configuration on both switches 8003:5(config)#mlt 1 enable name isis_mlt_1 8003:5(config)#mlt 1 member 4/1-4/2 8003:5(config)#mlt 1 encapsulation dot1q 8003:5(config)#interface mlt 1 8003:5(config-mlt)#isis 8003:5(config-mlt)#isis spbm 1 8003:5(config-mlt)#isis enable 8003:5(config-mlt)#exit 8003:5(config)#interface GigabitEthernet 4/1-4/2 8003:5(conf
8005:5(config-if)#isis enable 8005:5(config-if)#no spanning-tree mstp force-port-state enable Disabling CIST would also disable all other MST instances. Are you sure you want to continue (y/n) ? y 8005:5(config-if)#exit 8007: 8007:5(config)#interface GigabitEthernet 3/27,3/28 8007:5(config-if)#isis 8007:5(config-if)#isis spbm 1 8007:5(config-if)#isis enable 8007:5(config-if)#no spanning-tree mstp force-port-state enable Disabling CIST would also disable all other MST instances.
9001:5(config-if)#no shutdown 9001:5(config-if)#no spanning-tree mstp force-port-state enable Disabling CIST would also disable all other MST instances. Are you sure you want to continue (y/n) ? y 9001:5(config-if)#exit ERS 4800 - SPB Interface Configuration 4801(config)#interface ethernet 45,46 4801(config-if)#isis 4801(config-if)#isis spbm 1 4801(config-if)#isis enable 4801(config-if)#spanning-tree mstp learning disable 22.1.1.
7001(config)#vlan ports 3 filter-untagged-frame enable 7001(config)#interface ethernet 3 7001(config-if)#vlacp timeout short 7001(config-if)#vlacp timeout-scale 5 7001(config-if)#vlacp enable 7001(config-if)#exit ERS 8800 - Interface Configuration 8003 & 8004: Same configuration on both switches 8003:5(config)#interface gigabitEthernet 4/1,4/2,4/7,4/20,4/30 8003:5(config-if)#untagged-frames-discard 8003:5(config-if)#vlacp fast-periodic-time 500 timeout short timeout-scale 5 funcmacaddr 01:80:c2:00:00:0f 80
4801(config)#interface ethernet 3 4801(config-if)#vlacp timeout short 4801(config-if)#vlacp timeout-scale 5 4801(config-if)#vlacp enable 4801(config-if)#exit October 2021 ©2021 Extreme Networks, Inc.
22.1.1.13 IST Configuration – SMLT Cluster switch 7001 & 7002 The following port based VLANs will be configured on the SMLT Switch cluster Switch Feature Parameter Value 7001 & 7002 IST MLT ID 1 VLAN 2 VLAN Port Members 38 & 39 Aggregation Disable on ports 38-39 Mode Off on ports 38-39 IP address 10.70.2.5/30 Ports 38,39 IP address 10.70.2.
VSP 7000 – Create MLT to be used by IST 7001 & 7002: Same configuration on both switches 7001(config)#mlt 1 name IST enable member 38,39 learning disable Verify MLT configuration 7001(config)#show mlt 1 Id Name Members Bpdu Mode Status 1 38-39 All Basic Enabled Trunk IST Type VSP 7000 – SPB Interface Configuration 7001 & 7002: Same configuration on both switches 7001(config)#interface ethernet 38,39 7001(config-if)#isis 7001(config-if)#isis spbm 1 7001(config-if)#isis enable 7001(config-if)#span
VSP 7000 – Create IST 7001(config)#interface mlt 1 7001(config-if)#ist peer-ip 10.70.2.6 vlan 2 7001(config-if)#ist enable 7002(config-if)#exit 7002(config)#interface mlt 1 7002(config-if)#ist peer-ip 10.70.2.5 vlan 2 7002(config-if)#ist enable 7002(config-if)#exit Verify IST Operation assuming the SMLT cluster peer is also configured 7001(config)#show ist MLT ID Enabled Running Master Peer IP Address Vlan ID 1 YES YES NO 10.70.2.
22.1.1.14 ISIS L1-metric – Optional As an option, we can change the default metric on the FI rear ports and SPB front ports to reflect the actual port speeds.
22.1.1.
VSP 4000 - CFM Configuration 4001: 4001:1(config)#cfm spbm mepid 401 4001:1(config)#cfm spbm enable 4002: 4002:1(config)#cfm spbm mepid 402 4002:1(config)#cfm spbm enable VSP 7000 – CFM Configuration 7001: 7001(config)#cfm spbm mepid 7001 7001(config)#cfm spbm enable 7002: 7002(config)#cfm spbm mepid 7002 7002(config)#cfm spbm enable 7003: 7003(config)#cfm spbm mepid 7003 7003(config)#cfm spbm enable 7004: 7004(config)#cfm spbm mepid 7004 7004(config)#cfm spbm enable ERS 8800 - CFM Configuration 8003: 800
8006:5(config)#cfm cmac enable 8007: 8006:5(config)#cfm spbm mepid 807 8006:5(config)#cfm spbm enable 8006:5(config)#cfm cmac mepid 807 8006:5(config)#cfm cmac enable VSP 9000 - CFM Configuration assuming 3.
22.1.1.16 QoS QoS by default is enabled on all NNI interfaces. Depending on the switch, QoS may still have to be enabled on the UNI interface or filters must be used to provide end-to-end QoS. On the VSP 4000, VSP 8000, VSP 7200, and VSP 9000, the interface level parameters 802.1p-override disable, enable-diffserv enable and no access-diffserv enable are the default settings. On an UNI interface, this has the overall result of honoring p-bits for bridge traffic and DSCP values for routed traffic.
22.1.2 Configuration using EDM – Using 8005 as an example If using EDM to config SPB, please follow the steps shown below. The following configuration is in reference to 9002 and assumes the base configuration has been configured – i.e. VLAN and SMLT configuration 22.1.2.1 SPB and B-VLAN Configuration 8005 - Step 1 – Via EDM, go to Configuration -> IS-IS -> SPBM -> Global and enable SPBM globally October 2021 ©2021 Extreme Networks, Inc.
8005: Step 2 – Via EDM, go to Configuration -> VLAN -> VLANs -> Basic -> Insert to add primary B-VLAN 4051 (make sure to select Type: spbm-bvlan) October 2021 ©2021 Extreme Networks, Inc.
8005: Step 3 – Via EDM, go to Configuration -> VLAN -> VLANs -> Basic -> Insert to add secondary B-VLAN 4052 (make sure to select Type: spbm-bvlan) October 2021 ©2021 Extreme Networks, Inc.
8005: Step 4 – Via EDM, go to Configuration -> IS-IS -> IS-IS -> Global, add the SPBM System ID and set the Admin State to enable October 2021 ©2021 Extreme Networks, Inc.
8005: Step 5 – Via EDM, go to Configuration -> IS-IS -> SPBM -> SPBM, add the SPBM node nickname, primary VLAN, and both primary and secondary VLANs as ERS-3 is part of an SMLT cluster 8005: Step 6 – Via EDM, go to Configuration -> IS-IS -> IS-IS -> Manual Area to add the IS-IS area which in our example is area 49.0001 8005: Step 7 – Via EDM, go to Configuration -> IS-IS -> SPBM -> SPBM and change the and SMLT peer B-MAC (001e.1f48.
October 2021 ©2021 Extreme Networks, Inc.
22.1.2.2 IS-IS and SPB Configuration 8005: Step 1 – Via EDM, go to Configuration -> IS-IS -> IS-IS -> Interfaces to add IS-IS on all appropriate interfaces; in regards to 8005, this will the IST interface, port 2/5 and 2/34. Do not enable IS-IS (AdminState = off) until SPBM is enabled on the interface 8005: Step 2 – Via EDM, go to Configuration -> IS-IS -> IS-IS -> Interfaces, select interface and then click on SPBM October 2021 ©2021 Extreme Networks, Inc.
8005: Step 3 – Via SBPM windows, select SPBM Id of 1 and enable SPBM 8005: Step 4 – Via EDM, go back to Configuration -> IS-IS -> IS-IS -> Interface and enable IS-IS on each interface October 2021 ©2021 Extreme Networks, Inc.
22.1.3 Verify Operations 22.1.3.1 Global Settings Step 1 – Verify IS-IS global settings: 8800:5#show isis Results: Example from 8003. Admin state should show enabled and in our case the configured B-MAC address of 0080.2dbe.23df should be displayed. 8003: ================================================================================ ISIS General Info ================================================================================ AdminState : enabled RouterType : Level 1 System ID : 0080.2dbe.
Step 2 – Verify IS-IS network information show isis net Results: From all switches 4001: ================================================================================ ISIS Net Info ================================================================================ NET 49.0001.d4ea.0e10.e465.00 4002: ================================================================================ ISIS Net Info ================================================================================ NET 49.0001.a012.90d3.ec65.
================================================================================ NET 49.0001.3cb1.5bff.5fdf.00 7003: ================================================================================ ISIS Net Info ================================================================================ NET 49.0001.7030.1823.7fdf.
ISIS Net Info ================================================================================ NET 49.0001.d4ea.0efd.e4ac.00 8003: ================================================================================ ISIS Net Info ================================================================================ NET 49.0001.0080.2dbe.23df.
================================================================================ ISIS Net Info ================================================================================ NET 49.0001.001e.1f48.f3df.00 8007: ================================================================================ ISIS Net Info ================================================================================ NET 49.0001.00e0.7bb3.07df.
22.1.3.
Step 2 – Verify IS-IS adjacencies show isis adjacencies Results: From switch 4001 and 7002 4001: ================================================================================ ISIS Adjacencies ================================================================================ INTERFACE L STATE UPTIME PRI HOLDTIME SYSID HOST-NAME Mlt1 1 UP 21:01:51 127 22 d4ea.0efd.e3df 9001 Port1/47 1 UP 1d 19:57:51 127 23 d4ea.0efd.
On each switch, verify the following: Option Verify IS-IS Interface TYPE The value displayed should be pt-pt which indicates Point to Point OP-STATE The value displayed should be UP which indicates that IS-IS have been configured and is operational for the interface index shown ADM-STATE IS-IS Adjacencies STATE HOST-NAME October 2021 Should be displayed as UP indicating there is an adjacency with its neighbor as shown via HOST-NAME ©2021 Extreme Networks, Inc.
22.1.3.3 Verify IS-IS SPB Information Step 1 – Verify IS-IS interfaces show isis spbm Results: From switch 4001, 7002, 9001, 8003, 8005, and 8007 4001: ================================================================================ ISIS SPBM Info ================================================================================ SPBM B-VID INSTANCE 1 4051-4052 PRIMARY NICK LSDB VLAN NAME TRAP 4051 0.40.
1 primary d4:ea:0e:fd:e3:e0 d4ea.0efd.e4ac 8003: ================================================================================ ISIS SPBM Info ================================================================================ SPBM B-VID INSTANCE 1 4051-4052 PRIMARY NICK LSDB VLAN NAME TRAP 4051 0.80.
8007: ================================================================================ ISIS SPBM Info ================================================================================ SPBM B-VID INSTANCE 1 4051-4052 PRIMARY NICK LSDB VLAN NAME TRAP 4051 0.80.
02:40:02:ff:ff:ff 4051 a012.90d3.ec65 4002 3/27 30 a0:12:90:d3:ec:65 4051 a012.90d3.ec65 4002 3/27 30 a0:12:90:d3:ec:66 4051 a012.90d3.ec65 4002 3/27 30 a0:12:90:d3:ec:65 4052 a012.90d3.ec65 4002 3/28 30 a0:12:90:d3:ec:66 4052 a012.90d3.ec65 4002 3/28 30 a0:12:90:d3:ec:66 4051 d4ea.0e10.e465 4001 3/27 30 d4:ea:0e:10:e4:65 4051 d4ea.0e10.e465 4001 3/27 30 02:40:01:ff:ff:ff 4052 d4ea.0e10.e465 4001 3/28 30 a0:12:90:d3:ec:66 4052 d4ea.0e10.
Option Verify IS-IS SPB B-VID PRIMARY VLAN NICK NAME The B-VLAN is displayed should be 4051 and 4052 where the primary B-VLAN should be 4051 The value displayed should be as follows per this configuration example: 4001: 0.40.01 4001: 0.40.02 7001: 0.70.01 7002: 0.70.02 7003: 0.70.03 7004: 0.70.04 9001: 0.90.01 9002: 0.90.02 8003: 0.80.03 8004: 0.80.04 8005: 0.80.05 8006: 0.80.06 8007: 0.80.
d4ea.0e10.e465.00-00 d4ea.0e10.e465.00-01 1 1 1175 1175 0x144a 0x11d9 0xabc 0x7421 4001 4001 d4ea.0e10.e465.00-02 1 1175 0x1085 0x9890 4001 d4ea.0e10.e465.00-03 1 1175 0xafd 0xa41 4001 a012.90d3.ec65.00-00 1 355 0x11f8 0xfb1c 4002 a012.90d3.ec65.00-01 1 355 0x11cd 0xb1ec 4002 a012.90d3.ec65.00-02 1 355 0x1073 0xb77f 4002 a012.90d3.ec65.00-03 1 355 0xaf6 0x3619 4002 fca8.41f6.37df.00-00 1 945 0x76c 0x68d7 7001 3cb1.5bff.5fdf.
7030.1823.9bdf.00-00 d4ea.0efd.e3df.00-00 1 1 431 736 0x1d1b 0xc1 0xf8a3 0x3177 7004 9001 d4ea.0efd.e4ac.00-00 1 737 0xbd 0x9a1a 9002 Level-1 : 19 out of 19 Total Num of LSP Entries Level-2 : 0 out of 0 Total Num of LSP Entries On each switch, verify the following: Option Verify LSP ID For each switch, the LSDB table should have a LSP ID entry for each neighbor including its own LSP ID for a total of seven entries HOST-NAME October 2021 ©2021 Extreme Networks, Inc.
22.1.3.
Host_name: 8004 Attributes: IS-Type 1 TLV:137 Host_name: 8004 Level-1 LspID: 0024.43b4.e3df.00-00 Chksum: 0x8c35 SeqNum: 0x00000aea Lifetime: 834 SeqNum: 0x00001556 Lifetime: 788 SeqNum: 0x0000023d Lifetime: 949 SeqNum: 0x0000144b Lifetime: 1005 SeqNum: 0x000011fa Lifetime: 1085 PDU Length: 841 Host_name: 8005 Attributes: IS-Type 1 TLV:137 Host_name: 8005 Level-1 LspID: 001e.1f48.f3df.
Level-1 LspID: fca8.41f6.37df.00-00 Chksum: 0x66d8 SeqNum: 0x0000076d Lifetime: 784 SeqNum: 0x00001d20 Lifetime: 911 SeqNum: 0x00001d1d Lifetime: 1007 SeqNum: 0x00001d1d Lifetime: 1082 SeqNum: 0x000000c2 Lifetime: 506 SeqNum: 0x000000be Lifetime: 508 PDU Length: 124 Host_name: 7001 Attributes: IS-Type 1 TLV:137 Host_name: 7001 Level-1 LspID: 3cb1.5bff.5fdf.00-00 Chksum: 0xf801 PDU Length: 195 Host_name: 7002 Attributes: IS-Type 1 TLV:137 Host_name: 7002 Level-1 LspID: 7030.1823.
Attributes: IS-Type 1 TLV:137 Host_name: 9002 4001: Example, to view ISIS adjacencies in reference to SPB bridge 9001 4001:1#show isis lsdb lspid d4ea.0efd.e3df.00-00 tlv 22 detail ================================================================================ ISIS LSDB (DETAIL) ================================================================================ Level-1 LspID: d4ea.0efd.e3df.
22.1.3.6 Verify CFM Configuration Step 1 – Verify CFM Maintenance Domain show cfm maintenance-domain Results: The following is shown from 8003 perspective which should be the same on all switches 4001: ================================================================================ Maintenance Domain ================================================================================ Domain Name Domain Index Level Domain Type spbm 1 4 NODAL Total number of Maintenance Domain entries: 1.
Step 2 – Verify CFM Maintenance Association Configuration and Status show cfm maintenance-association Results: The following is shown from 4001 perspective which should be the same on all switches 4001: ================================================================================ Maintenance Association Status ================================================================================ Domain Name Assn Name Domain Idx Assn Idx spbm 4051 1 1 spbm 4052 1 2 Total number of Maintenance Assoc
Step 3 – Verify CFM Maintenance Endpoint Configuration and Status show cfm maintenance-endpoint Results: The following is shown from 8003 perspective; the information should be the same on all switches except for the MEP ID (1 for 9001, 2 for 9002, 3 for 8003, 4 for 8004, 5 for 8005, 6 for 8006, 7 for 8007) 4001: ================================================================================ Maintenance Endpoint Config ================================================================================ DOMAIN
22.1.3.7 Use CFM Command to verify operations Step 1 – Use L2 ping command to verify network connectivity to neighbors. The neighbor format is BVID.
Step 2 – Use L2 traceroute command to verify network route to neighbors l2 traceroute vlan routernodename Results: The following is shown from 4001 perspective to switch 7001 4001: 4001:1#l2 traceroute vlan 4051 routernodename 7001 Please wait for l2traceroute to complete or press any key to abort l2traceroute to 7001 (3c:b1:5b:ff:5f:e0), vlan 4051 0 4001 (d4:ea:0e:10:e4:65) 1 9001 (d4:ea:0e:fd:e3:df) 2 8003 (00:80:2d:be:23:df) 3 8005 (00:24:43:b4:e3:df) 4 700
Verify the following information: Option Verify L2 PING Statistics If everything has been configured correctly and during normal operations, the packets received should display 0.00% packet loss LBMs lost If everything has been configured correctly and during normal operations, the LBMs loss should display 0.00% 22.1.3.
Ist Down : 5 Hello Sent : 94208 Hello Recv : 94099 Learn MAC Address Sent : 10663 Learn MAC Address Recv : 4596 MAC Address AgeOut Sent : 1286 MAC Address AgeOut Recv : 248 MAC Address Expired Sent : 0 MAC Address Expired Recv : 0 Delete Mac Address Sent : 2 Delete Mac Address Recv : 0 Smlt Down Sent : 0 Smlt Down Recv : 1 Smlt Up Sent : 8 Smlt Up Recv : 6 Send MAC Address Sent : 4 Send MAC Address Recv : 4 IGMP Sent : 3 IGMP Recv : 0 Port Down Sent :
22.2 SMLT Configuration Assuming the edge switches are Extreme stackable switches, we will also enable VLACP, VLAN tagging, SLPP, and untagged frames discard as per the SMLT best practices. For this example, we will create SMLT id 2 on the SMLT cluster 9001 & 9002, SMLT id 2 on the SMLT cluster 4001 & 4001, SLT 129 on the SMLT cluster 8005 & 8006, and SLT 65 on the SMLT cluster 7001 & 7002.
4001:1(config-if)#slpp packet-rx packet-rx-threshold 5 4001:1(config-if)#exit 4001:1(config)#slpp enable 4001:1(config)#slpp vid 1155 For 4002, use the same configuration as above except for the items shown below 4002:1(config-if)#slpp packet-rx packet-rx-threshold 50 8005 & 8006 SMLT Cluster Switches – SLT on port 2/21 using SLT id 129 8005 & 8006: Same configuration on both switches 8005:5(config)#interface GigabitEthernet 2/21 8005:5(config-if)#encapsulation dot1q 8005:5(config-if)#smlt 129 8005:5(conf
9001 & 9002 SMLT Cluster Switches – SMLT on port 3/25 9001 & 9002: Same configuration on both switches 9001:1(config)#mlt 2 enable 9001:1(config)#mlt 2 member 3/25 9001:1(config)#mlt 2 encapsulation dot1q 9001:1(config-mlt)#interface mlt 2 9001:1(config-mlt)#smlt 9001:1(config-mlt)#exit 9001:1(config)#vlan members remove 1 3/25 9001:1(config)#interface gigabitEthernet 3/25 9001:1(config-if)#no shutdown As per SMLT best practices, we will also enable VLACP, untagged frames discard, and SLPP.
22.2.1 Verify Operations Assuming a local VLAN have been provisioned on the SMLT cluster switches and also on the edge switch or server (next step for example via the L2VSN configuration), the SMLT state should be up and operational. 22.2.1.
2/21 129 smlt smlt 7001: (7002 will be the same) =============================================================================== SLT Info =============================================================================== PORT SMLT ADMIN CURRENT NUM ID TYPE TYPE 25 65 slt slt On each switch, verify the following: Option Verify CURRENT TYPE Depending on the switch, either SMLT or SLT should be displayed indicating that the local VLAN, port members, and SMLT ID are configured on both switches a
22.
22.3.
22.3.
22.3.2.1 Verify IS-IS ISID Step 1 – Show IS-IS ISID show isis spbm ISID all show isis spbm ISID all EDM Configuration -> IS-IS -> SPBM -> ISID Results: 4001: (4002 will be the same) =============================================================================== SPBM ISID INFO =============================================================================== ISID SOURCE NAME VLAN SYSID TYPE HOST_NAME 1001155 0.40.01 4051 d4ea.0e10.e465 config 4001 1001155 0.40.02 4052 a012.
1002256 0.80.06 4052 001e.1f48.f3df discover 8006 1002256 0.80.07 4052 00e0.7bb3.07df config 8007 On each switch, verify the following: Option Verify ISID For switches 4001, 4002, 7001, 7002, 9001, and 9002, for example, in reference to ISID 1001155, TYPE should show config in reference its own SYSID and discover to each neighbor. For switches 8005, 8006 and 8007, for example, in reference to ISID 1002256, TYPE should show config in reference its own SYSID and discover to each neighbor.
1001155(Both) Instance: 0 Metric: 0 B-MAC: 00-e0-7b-b3-07-df BVID:4052 Number of ISID's:1 1001155(Rx) In reference to 7001 as used in this example from 9001, verify the following: Option Verify Level 1 As this example is in reference 7001, IS-IS LDP ID of fca8.41f6.37df.00-00 should be displayed with its Host Name of 7001. TLV:144 Sub-tlv 3 TLV 144 sub-tlv 3 is the SPBM ISID TLV. The SPBM instance is set to 0 indicating only one instance is supported today.
22.3.2.3 Unknown unicast or multicast/broadcast traffic The multicast addresses are built out of two pieces. Each SPB node must be configured with a unique Nickname that is carried in the IS-IS link state database and is used to form the first portion of the multicast MAC address (with the multicast bit set: multicast address is Nickname & “3”). The second portion is the ISID id converted to hex forming the Multicast MAC address. For example, in reference to 8005: Nickname = 0.80.
22.3.2.
Learning Enabled Ports ALL Number of addresses: 4 MAC Address ISID Source Vid BVid Dest-MAC Dest-Sys-Name 00-0C-29-35-62-A4 1001155 Trunk 31 4051 3C-B1-5B-FF-5F-DF 7002 00-0C-29-9B-A8-31 1001155 Trunk 31 4051 D4-EA-0E-FD-E3-DF 9001 00-0C-29-D6-81-E5 1001155 Trunk 31 4051 D4-EA-0E-10-E4-65 4001 00-18-71-EA-31-BB 1001155 Port 10 1155 In reference to each switch, verify the following information: Option Verify INTERFACE The MAC address displayed will vary depending on the MAC address of t
22.4 VSP 7000 & ERS 4800 – In-band Management via L2VSN An L2VLSN can be created to provide in-band management for the VSP 7000 and ERS 4800. For example, let’s assume we wish to use the 10.12.11/0/24 subnet to manage the VSP 7000 and ERS 4800. On bridges 8005 and 8006, we will enable VRRP with backup-master to provide routing to the rest of the network. We will also have to enable IP Shortcuts on both 8005 and 8006 – please see section 17.10.
VSP 7000: Add in-band L2VSN and IP address 7001(config)#vlan create 101 name mgmt-101 type port 7001(config)#vlan mgmt 101 7001(config)#ip address 10.12.11.11 netmask 255.255.255.0 default-gateway 10.12.11.1 7001(config)#vlan ISID 101 1000101 For switches 7002, 7003, and 7004, use the same configuration as above except for the items shown below 7002(config)#ip address 10.12.11.12 netmask 255.255.255.0 default-gateway 10.12.11.1 7003(config)#ip address 10.12.11.13 netmask 255.255.255.0 default-gateway 10.
ERS 4800: Add in-band L2VSN and IP address 4801(config)#vlan create 101 name mgmt-101 type port 4801(config)#vlan mgmt 101 4801(config)#ip address 10.12.11.15 netmask 255.255.255.0 default-gateway 10.12.11.1 4801(config)#vlan ISID 101 1000101 4801(config)#show ip Bootp/DHCP Mode: Disabled Configured In Use Last BootP/DHCP Stack IP Address: 0.0.0.0 0.0.0.0 Switch IP Address: 10.12.11.15 10.12.11.15 0.0.0.0 Switch Subnet Mask: 255.255.255.0 255.255.255.0 0.0.0.0 Default Gateway: 10.12.11.
22.5 Multicast over L2VSN Continuing from example used in Section 17.2, we will simple enable multicast support for L2VSN ISID 1002256. October 2021 ©2021 Extreme Networks, Inc.
22.5.1 Enable SPB Multicast – Global ERS 8800 Switches 8005, 8006 & 8007: Same configuration on all switches 8005:5(config)#router isis 8005:5(config-isis)#spbm 1 multicast enable 8005:5(config-isis)#exit 22.5.2 Enable IGMP 22.5.2.1 Enable IGMPv2 at VLAN level ERS 8800 Switches 8005 & 8006: Same configuration on both switches 8005:5(config)#interface vlan 2256 8005:5(config-if)#ip igmp proxy 8005:5(config-if)#ip igmp snooping 8005:5(config-if)#ip igmp snoop-querier-addr 192.168.156.
22.5.2.2 Edge Switch Assuming the edge switch is an Extreme stackable switch with the latest firmware, enable IGMP snoop and proxy. Extreme Stackable Switches ACLI ERS-Stackable(config)#interface vlan 2256 ERS-Stackable(config-if)#ip igmp snoop ERS-Stackable(config-if)#ip igmp proxy ## If IGMPv3 is used: ERS-Stackable(config-if)#ip igmp version 3 October 2021 ©2021 Extreme Networks, Inc.
22.5.3 Verify Operations 22.5.3.1 Global Settings Step 1 – Verify SPB multicast is enabled show isis spbm multicast Results: 8007: (8005 and 8006 should be the same) =============================================================================== ISIS SPBM Info =============================================================================== SPBM B-VID PRIMARY NICK LSDB VLAN NAME TRAP 4051 0.80.
22.5.3.2 Verify IGMP cache/group and senders Assuming the multicast sender is using IGMPv3 (source IP 10.5.41.20@232.2.2.2) connect to Switch-2 off SPB bridges 8005 & 8006 with a receiver (10.5.41.10) connected to Switch-3 off SPB bridges 8007.
22.5.3.3 Verify SPB Multicast Routes Step 1 – Verify all SPB multicast routes show isis spbm ip-multicast-route all Results: 8007: 8007:3#show isis spbm ip-multicast-route all ====================================================================================== SPBM IP-MULTICAST ROUTE INFO ALL ====================================================================================== Type BEB VrfName Vlan Source Group VSN-ISID Data ISID BVLAN Source- Id snoop GRT 2256 10.5.41.20 232.2.2.
22.5.3.4 Verify multicast TLV’s Assuming the multicast sender is using IGMPv3 (source IP 10.5.41.20@232.2.2.2) connect to Switch-2 off SPB bridges 8005 & 8006 with a receiver (10.5.41.10) connected to Switch-4 off SPB bridges 8007. TLV 185 in relationship to bridges 8005 and 8006 should have the Tx bit set and also send TLV 144 with the Tx bit set. Each multicast group should have its own unique data ISID with a value of 1600000x. The receiver switches (8007) should have TLV 144 with the Rx bit set.
Metric:0 IP Source Address: 10.5.41.20 Group Address : 232.2.2.2 Data ISID : 16000002 TX : 1 Step 2 – Verify on the BEB bridges where the multicast receivers are located via TLV 144, the Rx bit is set with a B-MAC of 03-08-05-00-00-00 & 03-08-06-00-00-00 (03 indicated multicast while 08-05 & 08-06 are the Nick Names of BEB bridges 8005 & 8006 with the multicast source).
Number of ISID's:1 1002256(Both) Instance: 0 Metric: 0 B-MAC: 03-08-05-00-00-00 BVID:4051 Number of ISID's:1 16000002(Rx) Instance: 0 Metric: 0 B-MAC: 03-08-06-00-00-00 BVID:4052 Number of ISID's:1 16000002(Rx) October 2021 ©2021 Extreme Networks, Inc.
22.5.3.5 Trace Multicast Routes On the switch where the multicast sender is located, in our example this would be switch 8007, you can trace the multicast route by specifying the source, group, and VLAN. Step 1 – Verify all SPB multicast routes l2 tracemroute source group vlan Results: Since the multicast source is via bridges 8005 & 8006, we will use the following command to view the multicast route for group address 232.2.2.2 8005:3#l2 tracemroute source 10.5.
22.6 Inter VSN Routing Continuing from configuration example 22.3 (L2VSN), assuming we wish to route between the Layer 2 Red and Blue Layer 2 VSNs. This can be accomplished by creating a VRF instance and adding the appropriate VLANs. For redundancy purposes, we can also create a VRF between two SPB bridges and run VRRP between for redundancy. We will enable Inter VSN routing by adding a VRF instance and then adding the Blue VSN and Red VSN on 8005 and 8006 and run VRRP between them.
22.7 Inter-ISID Configuration In addition to the configuration to the configuration used in 22.3, we will add the following configuration. 22.7.1 VRF configuration 8005 & 8006 – Create VRF and add IP addressing to VLANs 1155 and 2256, enable VRRP with backup master, and make 8005 VRRP master for VLAN 1155 8005: 8005:5(config)#ip vrf inter-isid 8005:5(config)#interface vlan 1155 8005:5(config-if)#vrf inter-isid 8005:5(config-if)#ip address 10.5.40.2 255.255.255.0 8005:5(config-if)#ip vrrp address 10.5.40.
22.7.2 Verification 22.7.2.1 IP Route and ARP Table Step 1 – Verify route table for VRF inter-isid show ip route vrf inter-isid Results: 8005 8006#show ip route vrf inter-isid Response from 8005: ========================================================================================= IP Route - VRF inter-isid ========================================================================================= NH VRF INTER DST MASK NEXT COST FACE PROT AGE TYPE PRF 10.5.40.0 255.255.255.0 10.5.40.
I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route, U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route, S=SPBM Route PROTOCOL Legend: v=Inter-VRF route redistributed Step 2 – Verify VRRP operations show ip vrrp vrf inter-isid Results: 8005 8006# show ip vrrp vrf inter-isid Response from 8005: =============================================================================== VRRP Info - VRF inter-isid ===============================================================
56 2256 10.5.41.1 00:00:5e:00:01:38 Master Enabled 150 1 VRID P/V MASTER UP TIME HLD DWN CRITICAL IP (ENABLED) 55 1155 10.5.40.2 0 day(s), 00:07:57 0 0.0.0.0 (No) 56 2256 10.5.41.3 0 day(s), 00:06:35 0 0.0.0.
=============================================================================== IP_ADDRESS MAC_ADDRESS VLAN PORT TYPE TTL(10 Sec) 10.5.40.3 00:1e:1f:48:f2:24 1155 - LOCAL 2160 10.5.40.255 ff:ff:ff:ff:ff:ff 1155 - LOCAL 2160 10.5.41.3 00:1e:1f:48:f2:2d 2256 - LOCAL 2160 10.5.41.255 ff:ff:ff:ff:ff:ff 2256 - LOCAL 2160 10.5.40.1 00:00:5e:00:01:37 1155 - LOCAL 2160 10.5.41.1 00:00:5e:00:01:38 2256 - LOCAL 2160 10.5.41.10 00:0c:29:26:b5:af 2256 10.5.41.
2256 self 00:00:5e:00:01:38 Port-cpp 2256 learned 00:0c:29:26:b5:af ISID-1002256 2256 learned 00:0c:29:d9:96:59 Port-2/21 2256 learned 00:1e:1f:48:f2:2d ISID-1002256 2256 self 00:24:43:b4:e2:2d Port-cpp October 2021 false false 1 1 false false false false false 1 1 false true 1 ©2021 Extreme Networks, Inc.
22.
22.8.1 SPB IP Enable 22.8.1.1 IS-IS Layer 3 configuration 4001 4001:1(config)#interface loopback 1 4001:1(config-if)#ip address 1 10.4.4.1/255.255.255.255 4001:1(config-if)#exit 4001:1(config)#router isis 4001:1(config-isis)#ip-source-address 10.4.4.1 4001:1(config-isis)#spbm 1 ip enable 4001:1(config-isis)#exit 4002 4002:1(config)#interface loopback 1 4002:1(config-if)#ip address 1 10.4.4.2/255.255.255.255 4002:1(config-if)#exit 4002:1(config)#router isis 4002:1(config-isis)#ip-source-address 10.4.4.
8007 8007:5(config)#interface loopback 1 8007:5(config-if)#ip address 1 10.1.1.7/255.255.255.255 8007:5(config-if)#exit 8007:5(config)#router isis 8007:5(config-isis)#ip-source-address 10.1.1.7 8007:5(config-isis)#spbm 1 ip enable 8007:5(config-isis)#exit 22.8.1.
8005 and 8006 8005 & 8006: Same configuration on both switches assuming we are using SLT 129 via port 2/21 and MLT 1 for the IST 8005:5(config)#vlan create 2255 name "vsnblue-2255" type port-mstprstp 0 8005:5(config)# vlan members add 2255 2/21 8007 8007:5(config)#vlan create 2254 name "vsnred-2254" type port-mstprstp 0 8007:5(config)#vlan ports 4/35 tagging tagAll 8007:5(config)# vlan members add 2254 4/35 8007:5(config)# vlan members remove 1 4/35 22.8.
8005 and 8006 - Add IP address and VRF to VLANs 2254 and 2555, enable RSMLT Edge by setting the holdup timer to infinity (9999), and enable RSMT edge support globally 8005: 8005:5(config)#interface vlan 2255 8005:5(config-if)#vrf blue 8005:5(config-if)#ip address 192.168.33.1 255.255.255.
22.8.
22.8.
22.8.6 Verify Operations 22.8.6.1 Verify RSMLT Information 4001 & 4002 and 8005 & 8006 - Verify RSMLT is up and operational for both VRF instances show ip rsmlt vrf red show ip rsmlt vrf blue Results: 8005 8006#show ip rsmlt vrf blue Response from 8005: =============================================================================== Ip Rsmlt Local Info - VRF blue =============================================================================== VID IP MAC ADMIN OPER HDTMR HUTMR 2255 192.168.33.
=============================================================================== VID IP MAC ADMIN OPER HDTMR HUTMR 2255 192.168.33.
22.8.6.2 Verify IS-IS ISID Show IS-IS ISID pertaining to the vIST show isis spbm ISID all id <3002254|3002255> Results: 4001 & 4002: 4001:1#show isis spbm ISID all id 3002254 ================================================================================ SPBM ISID INFO ================================================================================ ISID SOURCE NAME VLAN SYSID TYPE HOST_NAME 3002254 0.40.01 4051 d4ea.0e10.e465 config 4001 3002254 0.40.02 4052 a012.90d3.
8005 & 8006: 8005:5#show ip vrf ipvpn VRF Name : blue Ipvpn-state : enabled ISID : 2002255 8007: 8007:5#show ip vrf ipvpn VRF Name : red Ipvpn-state : enabled ISID : 2002254 On each switch, verify the following: Option Verify VRF Name For the VRF Name of blue, the Ipvpn-state should display enabled with an ISID value of 2002255. For the VRF Name of red, the Ipvpn-state should display enabled with an ISID value of 2002254. Ipvpn-state ISID October 2021 ©2021 Extreme Networks, Inc.
22.8.6.
22.8.6.4 Show IS-IS LSP Details In a IS-IS network, each IS router advertises one or more IS-IS Link State Protocol Data Units (LSPs) with routing information. Within each LSP, there is a fixed header and a number of TLVs with encoded information. The following command is used to show details of a LSP in detail to a specific neighbor displaying the encoded information in the TLVs. Show IS-IS LSP details show isis lsdb tlv 184 detail show isis lsdb lspid .
Vrf ISID:2002254 Metric:1 Prefix Length:24 IP Address: 192.168.15.0 Level-1 LspID: 0024.43b4.e3df.00-00 SeqNum: 0x000023c1 Lifetime: 1182 Chksum: 0x56dd PDU Length: 772 Host_name: 8005 Attributes: IS-Type 1 TLV:184 SPBM IPVPN Reachability: Vrf ISID:2002255 Metric:1 Prefix Length:24 IP Address: 192.168.33.0 Level-1 LspID: 001e.1f48.f3df.
22.8.6.
In reference to each switch, verify the following information: Option Verify All local interfaces should display LOC whereas all learned routes should display ISIS with the appropriate next-hop address and type of IBSV. The next hop ISIS System-name should be displayed for remote networks Next PROT TYPE 22.8.6.6 Verify VRF L3 operations Step 1 - Use ping command to verify network connectivity to neighbors ping vrf source Results: Example from 4002 4002: 4002:1#ping 192.168.
Step 3 - Use l2 traceroute command to verify network connectivity to neighbors L2 traceroute ip-address vrf Results: Example from 4002 4002: 4002:1#l2 traceroute ip-address 192.168.133.1 vrf red Please wait for l2trace to complete or press any key to abort L2 Trace Statistics : IP 192.168.133.
Step 3 - Verify ARP and local MAC entry for local hosts show ip arp vrf show vlan mac-address-entry Results: Example from 4002 for vrf blue 4002: 4002:1#show ip arp vrf blue ========================================================================================== IP Arp - VRF blue ========================================================================================== IP_ADDRESS MAC_ADDRESS VLAN PORT TYPE TTL(10 Sec) TUNNEL 192.168.5.
22.9 Extending L3VSN to the VSP 7000 Cluster via L2VSN Continuing from the L3VSN example in Section 22.8, we will extend the blue vrf to the VSP 7000 7001 & 7002 SMLT cluster by adding a L2VSN between SPB bridges 8005 & 8006 and 7001 & 7002 and then adding the L2VSN VLAN provisioned on SPB bridges 8005 and 8006 to the blue vrf. For redundancy, we will also enable VRRP with Backup Master on 8005 & 8006.
22.9.1 L2VSN Configuration 8005 and 8006 8005 & 8006: Same configuration on both switches 8005:5(config)#vlan create 2258 type port-mstprstp 0 8005:5(config)#vlan ISID 2258 1002258 7001 and 7002 – Assuming we are using local ports 11. Please see section 17.2 for the SMLT configuration 7001 & 7002: Same configuration on both switches 7001(config)#vlan create 2258 type port 7001(config)#vlan configcontrol automatic 7001(config)#vlan members add 2258 25 7001(config)#vlan ISID 2258 1002258 22.9.
22.9.3 Verify Operations 22.9.3.
58 2558 enable up 200 (NO) Response from 8006: ================================================================================ VRRP Info - VRF blue ================================================================================ VRID P/V IP MAC STATE CONTROL PRIO 58 2558 192.168.58.1 00:00:5e:00:01:3a Master Enabled VRID P/V MASTER UP TIME HLD DWN CRITICAL IP (ENABLED) 58 2558 192.168.58.
22.9.3.3 IP Route Table Use the following command to display the routes for each VRF instance Display IP route table for each VRF instance show ip route vrf blue Results: Example from 4002 where the 192.168.58.
22.10 Multicast over L3VSN Continuing form example used in Section 22.8, we will simple enable multicast support for L3VSN ISID 2002254 (red vrf) between SPB bridges 4001, 4002, and 8007. October 2021 ©2021 Extreme Networks, Inc.
22.10.1Enable SPB Multicast – Global 22.10.1.1 IS-IS Layer 3 configuration 4001, 4002 and 8007: Enable SPB Multicast, global 4001, 4002, and 8007: Same configuration on all switches 4001:1(config)#router isis 4001:1(config)#spbm 1 multicast enable 4001:1(config)#exit 22.10.2 Enable Multicast VPN 4001, 4002 and 8007: Enable multicast VPN 4001, 4002, and 8007: Same configuration on all switches 4001:1(config)#router vrf red 4001:1(router-vrf)#mvpn enable 4001:1(router-vrf)#exit 22.10.
22.10.5Edge Switch Assuming the edge switch is an Extreme stackable switch with the latest firmware, enable IGMP snoop and proxy. Switch-3 & Switch-4: Enable IGMPv3, i.e. on VLAN 2254 ERS-Stackable(config)#interface vlan 2254 ERS-Stackable(config-if)#ip igmp snoop ERS-Stackable(config-if)#ip igmp proxy ## If IGMPv3 is used: ERS-Stackable(config-if)#ip igmp version 3 October 2021 ©2021 Extreme Networks, Inc.
22.10.6Verify Operations 22.10.6.1 Global Settings Verify SPB multicast is enabled show isis spbm multicast Results: From 4001 & 4002 4001 4002# show isis spbm multicast Response from 4001: multicast : enable fwd-cache-timeout : 210 Response from 4002: multicast : enable fwd-cache-timeout : 210 22.10.6.
================================================================================ Igmp Interface - VRF red ================================================================================ QUERY OPER QUERY IF INTVL STATUS VERS. VERS QUERIER V2254 125 active 2 2 WRONG LASTMEM MAXRSPT QUERY JOINS ROBUST QUERY MODE 192.168.15.2 100 0 0 2 10 routed-spb 1 out of 1 entries displayed 22.10.6.
239.1.1.1 Vlan2254 192.168.15.100 0 day(s), 00h:03m:47s 0 DYNAMIC NULL 4001 4002# show ip igmp group vrf red Response from 4001: ================================================================================ Igmp Group - VRF red ================================================================================ GRPADDR INPORT MEMBER EXPIRATION TYPE 239.1.1.1 V2254-1/3 192.168.15.
Step 2 - Verify IGMP sender show ip igmp sender vrf Results: From 8007 8007:5#show ip igmp sender vrf red ================================================================================ IGMP Sender - VRF red ================================================================================ PORT/ GRPADDR IFINDEX MEMBER 239.1.1.1 Vlan 2254 192.168.133.100 4/35 October 2021 MLT STATE NOTFILTERED ©2021 Extreme Networks, Inc.
22.10.6.
22.10.6.5 Verify multicast TLV’s Assuming we have a sender via switch 8007 and receivers via the two SMLT clusters. TLV 185 in relationship to switch 8007 should have the Tx bit set and also send TLV 144 with the Tx bit set. Each multicast group should have its own unique data ISID with a value of 1600000x. The receiver switches (9001, 9002, 8005, and 8006) should have TLV 144 with the Rx bit set.
Results: Receiver is via SPB bridge 4001 4001:1#show isis lsdb sysid d4ea.0e10.e465 tlv 144 sub-tlv 3 detail ================================================================================ ISIS LSDB (DETAIL) ================================================================================ | | Level-1 LspID: d4ea.0e10.e465.
22.10.6.6 Trace Multicast Routes On the switch where the multicast sender is located, in our example this would be switch 8007, you can trace the multicast route by specifying the source, group, and VLAN. Verify all SPB multicast routes l2 tracemroute source group vlan vrf Results: Since the multicast source is via switch 8007, we will use the following command to view the multicast route for group address 239.1.1.1 8007:5#l2 tracemroute source 192.
22.
22.11.1 IS-IS Layer 3 configuration VSP 4000 Switches - Create Loopback IP address for the IS-IS source address and enable SPB IP 4001: 4001:1(config)#interface loopback 1 4001:1(config-if)#ip address 10.4.4.1/32 4001:1(config-if)#exit 4001:1(config)#router isis 4001:1(config-isis)#ip-source-address 10.4.4.1 4001:1(config-isis)#spbm 1 ip enable 4001:1(config-isis)#exit 4002: 4002:1(config)#interface loopback 1 4002:1(config-if)#ip address 10.4.4.
ERS 8800 Switches - Create Loopback IP address for the IS-IS source address and enable SPB IP 8005: 8005:5(config)#interface loopback 1 8005:5(config-if)#ip address 10.1.1.5/32 8005:5(config-if)#exit 8005:5(config)#router isis 8005:5(config-isis)#ip-source-address 10.1.1.5 8005:5(config-isis)#spbm 1 ip enable 8005:5(config-isis)#exit 8006: 8006:5(config)#interface loopback 1 8006:5(config-if)#ip address 10.1.1.6/32 8006:5(config-if)#exit 8006:5(config)#router isis 8006:5(config-isis)#ip-source-address 10.1.
22.11.1.1 Redistribute direct interfaces For the SMLT cluster switches, we will also add a policy to suppress the IST interface VSP 4000 Switches - Create Loopback IP address for the IS-IS source address, enable SPB IP, and create route-map to suppress the IST network 4001 and 4002: Same configuration on both switches 4001:1(config)#ip prefix-list IST 10.4.2.
9001:1(config-isis)#redistribute direct enable 9001:1(config-isis)#exit 9001:1(config)#isis apply redistribute direct 8005 and 8006 - Create Loopback IP address for the IS-IS source address, enable SPB IP, and create route policy to suppress the IST network 8005 and 8006: Same configuration on both switches 8005:5(config)#ip prefix-list IST 10.2.1.
22.11.2 ECMP Enable ECMP using the following command ip ecmp 22.11.3 Local VLAN configuration VSP 4000 Switches - Create local VLAN, add ISID for the vIST, add IP address to VLAN, and ether enable RSMLT Edge or VRRP with Backup Master. For this example, we will enable RSMLT Edge 4001: 4001:1(config)#vlan create 1000 type port-mstprstp 0 4001:1(config)#vlan ISID 1000 3001000 4001:1(config)#vlan mlt 1000 2 4001:1(config)#interface vlan 1000 4001:1(config-if)#ip address 10.41.100.1 255.255.255.
9001 & 9002 SMLT Cluster Switches 9001 & 9002: Same configuration on both switches 9001:1(config)#vlan create 1200 type port-mstprstp 0 9001:1(config)#vlan mlt 1000 2 9001:1(config)#vlan mlt 1000 1 9001:1(config)#interface vlan 1000 9001:1(config-if)#ip address 10.12.100.1 255.255.255.0 9001:1(config-if)#ip rsmlt 9001:1(config-if)#ip rsmlt holdup-timer 9999 9001:1(config-if)#exit 9001:1(config)#ip rsmlt edge-support 9002: Same configuration as 9001 except for the IP address 9001:1(config-if)#ip address 10.
22.11.4 Verify Operations 22.11.4.1 Verify IP Route Table Verify IP Routes show ip route Results: From bridge 4001 4001: ================================================================================ IP Route - GlobalRouter ================================================================================ NH DST MASK NEXT VRF INTER COST FACE PROT AGE TYPE PRF 10.1.1.1 255.255.255.255 9001 GlobalRouter 10 4051 ISIS 0 IBSE 7 10.1.1.1 255.255.255.
TYPE Legend: I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route, U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route, S=SPBM Route PROTOCOL Legend: v=Inter-VRF route redistributed To display the B-MAC for the attribute “NEXT”, enter the CLI command show ip route info spbm-nh-as-mac or ACLI command show ip route spbm-nh-as-mac. 22.11.4.
GRT - 10.7.101.0/24 8007 4052 1/47 30 1 GRT - 10.12.100.0/24 8005 4051 9001 30 1 GRT - 10.12.100.0/24 8005 4052 9001 30 1 GRT - 10.12.100.0/24 8006 4051 1/47 30 1 GRT - 10.12.100.0/24 8006 4052 1/47 30 1 GRT - 10.41.100.0/24 4002 4051 9001 20 1 GRT - 10.41.100.0/24 4002 4052 1/47 20 1 October 2021 ©2021 Extreme Networks, Inc.
22.11.4.3 Verify IS-IS Extended IP Reachability TLV (135) IS-IS uses TLV 135 for extended IP reachability. You can view TLV 135 details by issuing the command shown below. Verify TLV 135 details show isis lsdb tlv 135 detail show isis lsdb lspid .00-00 tlv 135 detail show isis lsdb sysid tlv 135 detail Results: From bridge 8007 4001: 4001:1#show isis lsdb lspid 00e0.7bb3.07df.
22.12 Multicast over IP Shortcuts Continuing form example used in Section 22.11, we will simple enable multicast support for IP Shortcuts on all SPB bridges. October 2021 ©2021 Extreme Networks, Inc.
22.12.1 IP Shortcuts Multicast configuration Enable IP multicast globally 4001, 4002, 9001, 9002, 8005, 8006, and 8007: Same configuration on all switches 8005:5(config)#router isis 8005:5(config-isis)#spbm 1 multicast enable 8005:5(config-isis)#exit 22.12.
22.13 Verify Operations 22.13.1 Global Settings Verify SPB multicast is enabled show isis spbm multicast Results: From bridge 8007 8007: =============================================================================== ISIS SPBM Info ================================================================================ SPBM B-VID INSTANCE 1 4051-4052 PRIMARY NICK LSDB IP MULTICAST VLAN NAME TRAP 4051 0.80.
22.13.2 Verify IGMP cache/group and senders Assuming the multicast sender connect to Switch-2 (via 8005 and 8006) is sending a multicast stream using a group address of 232.1.1.1 while a receivers off Switch-3 joins this group.
Step 2 - Verify IGMP sender show ip sender Results: From 8005 and 8006 – the SPB bridge where the sender is located 8005 8006> show ip igmp sender Response from 8005: ================================================================================ IGMP Sender - GlobalRouter ================================================================================ PORT/ GRPADDR IFINDEX MEMBER MLT STATE 232.1.1.1 Vlan 1000 10.12.100.
22.13.3 Verify SPB Multicast Routes Assuming the multicast sender connect to switch 8007 is sending multicast stream 232.1.1.1 while the receivers joins this group.
22.13.4 Verify multicast TLV’s Assuming we have a sender via the SMLT cluster 8005 and 8006 and a receiver via 8007. TLV 186 in relationship to switch 8005 & 8006 should have the Tx bit set and also send TLV 144 with the Tx bit set. Each multicast group should have its own unique data ISID with a value of 1600000x. The receiver bridges (8007) should have TLV 144 with the Rx bit set.
BVID : 4052 TX : 1 Route Type : Internal Step 2 – Verify on the BEB bridges where the multicast receivers are located via TLV 144, the Rx bit is set with a B-MAC of 03-08-05-00-00-00 and 03-08-06-00-00-00 (03 indicated multicast while 08-05 is the Nick Name of BEB bridge 8005 and 08-06 is the Nick Name of the BEB bridge 8006 with the multicast source).
Instance: 0 Metric: 0 B-MAC: 03-00-00-00-00-00 BVID:4052 Number of ISID's:1 16000009(Tx) 8007:5#show isis lsdb lspid 00e0.7bb3.07df.00-00 tlv 144 detail ================================================================================ ISIS LSDB (DETAIL) ================================================================================ Level-1 LspID: 00e0.7bb3.07df.
Results: From bridge 8007 8005 8006> l2 tracemroute source 10.12.100.10 group 232.1.1.1 Response from 8005: Please wait for l2tracemroute to complete or press any key to abort Source : 10.12.100.10 Group : 232.1.1.
23. Restrictions and Limitations 23.1 STP/RSTP/MSTP SPB is not supported in RSTP mode C-VLAN level loop across SPB NNI ports can’t be detected and need to be solved at provisional level. SPB NNI ports are not part of L2VSN C-VLAN and BPDU are not transmitted over the SPB tunnel. SPB can only guarantee loop-free topologies consisting of the NNI ports. SPB uses STG 63/MSTI 62 internally so 62/63 can’t be used by other VLAN/MSTI.
24. Reference Documentation Document Title Publication Number Description Release Notes for VOSS Various Release Notes for VSP Operating System Software. Refer to the Release Notes for the specific software version. © 2021 Extreme Networks, Inc. All Rights Reserved. October 2021 ©2021 Extreme Networks, Inc.
