Configuration Guide
Table Of Contents
- Table of Contents
- 1. Overview
- 2. SPB Terminology
- 3. SPB Support Topologies
- 4. UNI Types
- 5. Summary of SPB Features and ProductRelease Matrix
- 6. SPB Feature and License Matrix
- 7. Scaling
- 8. Migration & Upgrades
- 9. Field Introduction & Support Specifications
- 10. VSP 7000 – Fabric Interconnect
- 11. ISIS Metrics - Optional
- 12. ISIS Accept Policy
- 13. ISIS External Metric
- 14. SPB over L2/L3 networks
- 15. Fabric Attach
- 16. SPB SMLT BEB Design Best Practices
- 17. SPB NNI SMLT – migrating existing SMLT network to SPB
- 18. IS-IS TLV
- 19. SPB Best Practices
- 20. SPB Configuration
- 20.1 SPB Configuration
- 20.1.1 ERS 8800 – Converting from CLI to ACLI
- 20.1.2 SPB and IS-IS Core Configuration
- 20.1.3 SPB NNI Interface Configuration
- 20.1.4 CFM Configuration
- 20.1.5 VSP 7000 – Fabric Interconnect Mesh
- 20.1.6 SMLT – Normal IST
- 20.1.7 SMLT - Virtual IST (vIST)
- 20.1.8 L2VSN Configuration
- 20.1.9 SwitchedUNI Configuration
- 20.1.10 Flex UNI Switched Configuration
- 20.1.11 Transparent UNI Configuration
- 20.1.12 Private VLAN (ETREE) Configuration
- 20.1.13 L3VSN Configuration
- 20.1.14 L3VSN – leaking routes between VRF’s
- 20.1.15 IP Shortcuts
- 20.1.16 IP Shortcut– Suppress IST Network
- 20.1.17 IP Shortcuts – leaking routes between GRT and VRF
- 20.1.18 IP Shortcuts – redistribution of ISIS and OSPF
- 20.1.19 Inter-VSN Routing
- 20.1.20 IPv6 Shortcuts
- 20.1.21 SPB Multicast Configuration
- 20.1.22 Multicast 239.255.255/24 – UPnP Filtering
- 20.1.23 Connectivity Fault Management (CFM) Configuration
- 20.1.24 CFM Configuration Example – 7.1.1.x or higher
- 20.1.25 Fabric Extend Configuration
- 20.1.26 ONA: Assigning a Static IP address to the Open Network Adapter
- 20.1.27 Fabric Extend over Routed Infrastructure using VRF to interconnect to routed network
- 20.1.28 Fabric Extend over Routed Infrastructure using GRT to interconnect to routed network
- 20.1.29 Fabric Extend over E-LAN/VPLS (L2) network using Layer 3 over Layer 2 tunneling using VSP 4000
- 20.1.30 Fabric Extend over E-LAN/VPLS (L2) network using Layer 3 over Layer 2 tunneling with VSP8000 orVSP7200
- 20.1.31 Fabric Extend over E-LAN/VPLS (L2) network using VLAN Tunnels
- 20.1.32 Fabric Attach Configuration
- 20.1.33 Identity Engines – Attribute Details
- 20.1.34 Fabric Attach Base Configuration – Adding a FA Proxy and FA Server
- 20.1.34.1 Fabric Attach – Adding a Platform VLAN on FA Server forManagement VLAN
- 20.1.34.2 Fabric Attach – Adding a L2VSN Service
- 20.1.34.3 Fabric Attach – Adding a L3VSN Service
- 20.1.34.4 Fabric Attach - Adding a WLAN 9100 FA Client with EAPDevice authentication via Identity Engines
- 20.1.34.5 Fabric Attach – Changing the FA authentication key
- 20.1.35 Fabric Attach Proxy Standalone
- 20.2 Using EDM
- 20.1 SPB Configuration
- 21. VLAN and ISID Restrictions using TACACS+via Identity Engines
- 22. Configuration Examples
- 22.1 SPB – Core Setup
- 22.1.1 Configuration
- 22.1.1.1 Configuration Mode
- 22.1.1.2 Auto Save
- 22.1.1.3 VSP 7000 – Rear Port Mode
- 22.1.1.4 Option: Change Spanning Tree mode to MSTP
- 22.1.1.5 System Name
- 22.1.1.6 Option – Configure out-of-band management interface
- 22.1.1.7 Enable VLACP Globally
- 22.1.1.8 IST Configuration – SMLT Cluster switch 4001 & 4002, 9001 & 9002 and 8005 & 8006
- 22.1.1.9 IS-IS and SPB Global Configuration
- 22.1.1.10 IS-IS SPB Interface Configuration
- 22.1.1.11 Remove default VLAN from all SPB ports
- 22.1.1.12 Other best practice items – VLACP and discard untagged frames
- 22.1.1.13 IST Configuration – SMLT Cluster switch 7001 & 7002
- 22.1.1.14 ISIS L1-metric – Optional
- 22.1.1.15 Connectivity Fault Management (CFM) Configuration
- 22.1.1.16 QoS
- 22.1.2 Configuration using EDM – Using 8005 as an example
- 22.1.3 Verify Operations
- 22.1.1 Configuration
- 22.2 SMLT Configuration
- 22.3 SPB L2 VSN Configuration
- 22.4 VSP 7000 & ERS 4800 – In-band Management via L2VSN
- 22.5 Multicast over L2VSN
- 22.6 Inter VSN Routing
- 22.7 Inter-ISID Configuration
- 22.7.1 VRF configuration
- 22.7.2 Verification
- 22.8 SPB L3 VSN – SMLT
- 22.9 Extending L3VSN to the VSP 7000 Cluster via L2VSN
- 22.10 Multicast over L3VSN
- 22.11 SPB IP Shortcuts
- 22.12 Multicast over IP Shortcuts
- 22.1 SPB – Core Setup
- 23. Restrictions and Limitations
- 24. Reference Documentation
21.2TACACS+ Configuration – Identity Engines
©2021 Extreme Networks, Inc. All rights reserved
October 2021
225
Assuming we wish to restrict user123 to only allowing the following
VLAN 2000-2399
ISID’s 2002000-2002399
Deny all other VLAN and ISID combinations
Via the New Device Command Set window, enter a name (level5_set1 as used in this example) and click
on Add for each ACLI command set:
For all the normal commands, via the Device Command window, select Simple Command using
Keywords and Arguments and Allow
For the command with ranges, via the Device Command window, select Allow first via the Simple
Command using Keywords and Arguments tab and then click on the Advanced Command
Matching the Regular Expression tab to add the regular expression
IDE - Add a new device command set by going to Configuration -> Site Configuration -> Access
Policies ->TACACS+ -> Device Command Sets and click on New