Configuration Guide
Table Of Contents
- Table of Contents
- 1. Overview
- 2. SPB Terminology
- 3. SPB Support Topologies
- 4. UNI Types
- 5. Summary of SPB Features and ProductRelease Matrix
- 6. SPB Feature and License Matrix
- 7. Scaling
- 8. Migration & Upgrades
- 9. Field Introduction & Support Specifications
- 10. VSP 7000 – Fabric Interconnect
- 11. ISIS Metrics - Optional
- 12. ISIS Accept Policy
- 13. ISIS External Metric
- 14. SPB over L2/L3 networks
- 15. Fabric Attach
- 16. SPB SMLT BEB Design Best Practices
- 17. SPB NNI SMLT – migrating existing SMLT network to SPB
- 18. IS-IS TLV
- 19. SPB Best Practices
- 20. SPB Configuration
- 20.1 SPB Configuration
- 20.1.1 ERS 8800 – Converting from CLI to ACLI
- 20.1.2 SPB and IS-IS Core Configuration
- 20.1.3 SPB NNI Interface Configuration
- 20.1.4 CFM Configuration
- 20.1.5 VSP 7000 – Fabric Interconnect Mesh
- 20.1.6 SMLT – Normal IST
- 20.1.7 SMLT - Virtual IST (vIST)
- 20.1.8 L2VSN Configuration
- 20.1.9 SwitchedUNI Configuration
- 20.1.10 Flex UNI Switched Configuration
- 20.1.11 Transparent UNI Configuration
- 20.1.12 Private VLAN (ETREE) Configuration
- 20.1.13 L3VSN Configuration
- 20.1.14 L3VSN – leaking routes between VRF’s
- 20.1.15 IP Shortcuts
- 20.1.16 IP Shortcut– Suppress IST Network
- 20.1.17 IP Shortcuts – leaking routes between GRT and VRF
- 20.1.18 IP Shortcuts – redistribution of ISIS and OSPF
- 20.1.19 Inter-VSN Routing
- 20.1.20 IPv6 Shortcuts
- 20.1.21 SPB Multicast Configuration
- 20.1.22 Multicast 239.255.255/24 – UPnP Filtering
- 20.1.23 Connectivity Fault Management (CFM) Configuration
- 20.1.24 CFM Configuration Example – 7.1.1.x or higher
- 20.1.25 Fabric Extend Configuration
- 20.1.26 ONA: Assigning a Static IP address to the Open Network Adapter
- 20.1.27 Fabric Extend over Routed Infrastructure using VRF to interconnect to routed network
- 20.1.28 Fabric Extend over Routed Infrastructure using GRT to interconnect to routed network
- 20.1.29 Fabric Extend over E-LAN/VPLS (L2) network using Layer 3 over Layer 2 tunneling using VSP 4000
- 20.1.30 Fabric Extend over E-LAN/VPLS (L2) network using Layer 3 over Layer 2 tunneling with VSP8000 orVSP7200
- 20.1.31 Fabric Extend over E-LAN/VPLS (L2) network using VLAN Tunnels
- 20.1.32 Fabric Attach Configuration
- 20.1.33 Identity Engines – Attribute Details
- 20.1.34 Fabric Attach Base Configuration – Adding a FA Proxy and FA Server
- 20.1.34.1 Fabric Attach – Adding a Platform VLAN on FA Server forManagement VLAN
- 20.1.34.2 Fabric Attach – Adding a L2VSN Service
- 20.1.34.3 Fabric Attach – Adding a L3VSN Service
- 20.1.34.4 Fabric Attach - Adding a WLAN 9100 FA Client with EAPDevice authentication via Identity Engines
- 20.1.34.5 Fabric Attach – Changing the FA authentication key
- 20.1.35 Fabric Attach Proxy Standalone
- 20.2 Using EDM
- 20.1 SPB Configuration
- 21. VLAN and ISID Restrictions using TACACS+via Identity Engines
- 22. Configuration Examples
- 22.1 SPB – Core Setup
- 22.1.1 Configuration
- 22.1.1.1 Configuration Mode
- 22.1.1.2 Auto Save
- 22.1.1.3 VSP 7000 – Rear Port Mode
- 22.1.1.4 Option: Change Spanning Tree mode to MSTP
- 22.1.1.5 System Name
- 22.1.1.6 Option – Configure out-of-band management interface
- 22.1.1.7 Enable VLACP Globally
- 22.1.1.8 IST Configuration – SMLT Cluster switch 4001 & 4002, 9001 & 9002 and 8005 & 8006
- 22.1.1.9 IS-IS and SPB Global Configuration
- 22.1.1.10 IS-IS SPB Interface Configuration
- 22.1.1.11 Remove default VLAN from all SPB ports
- 22.1.1.12 Other best practice items – VLACP and discard untagged frames
- 22.1.1.13 IST Configuration – SMLT Cluster switch 7001 & 7002
- 22.1.1.14 ISIS L1-metric – Optional
- 22.1.1.15 Connectivity Fault Management (CFM) Configuration
- 22.1.1.16 QoS
- 22.1.2 Configuration using EDM – Using 8005 as an example
- 22.1.3 Verify Operations
- 22.1.1 Configuration
- 22.2 SMLT Configuration
- 22.3 SPB L2 VSN Configuration
- 22.4 VSP 7000 & ERS 4800 – In-band Management via L2VSN
- 22.5 Multicast over L2VSN
- 22.6 Inter VSN Routing
- 22.7 Inter-ISID Configuration
- 22.7.1 VRF configuration
- 22.7.2 Verification
- 22.8 SPB L3 VSN – SMLT
- 22.9 Extending L3VSN to the VSP 7000 Cluster via L2VSN
- 22.10 Multicast over L3VSN
- 22.11 SPB IP Shortcuts
- 22.12 Multicast over IP Shortcuts
- 22.1 SPB – Core Setup
- 23. Restrictions and Limitations
- 24. Reference Documentation
©2021 Extreme Networks, Inc. All rights reserved
October 2021
186
20.1.34.4 Fabric Attach - Adding a WLAN 9100 FA Client with EAP
Device authentication via Identity Engines
Continuing from the base setup above, assuming we wish to add an FA client. For this example, we will
add a FA WLAN 9100 AP client and use Identity Engines to authenticate the AP and push down all the
VLAN and ISID combinations required.
The fa zero-touch-option setting of auto-port-mode-fa-client will automatically enable all the
various EAP MHSA settings and enable EAP on the Fabric Attach (FA) client ports when Fabric
Attached discovers a FA client. Once the FA client is discovered and authenticated against Identify
Engines (IDE), IDE will overwrite the port VLAN port membership.
Once the FA WLAN 9100 AP Client is authenticated using EAP MAC authentication on the ERS
4800 FA Proxy switch, all VLAN information on the port will be lost. Hence, the policy used on
Identity Engines will need to provision the management VLAN PVID in addition to the
management VLAN and ISID combination. This is in addition to enabling FA VLAN create and
adding all the user VLANs and ISID combinations required by the WLAN 9100 AP. Please see
the Outbound Attributes chart in the section titled “Identity Engines – Attribute Details”.
Fabric Attach Proxy Configuration – ERS 4800
configure terminal
fa zero-touch-options auto-port-mode-fa-client
radius server host 10.12.120.220 key acct-enable
Enter key: ******
Confirm key: ******