Basic Tasks on ExtremeXOS Part 1
Berikut konfigurasi dasar untuk switch Extreme dengan OS ExtremeXOS, semoga berguna.
Mengganti hostname switch
|
1 |
configure snmp sysname <sysName> |
Contoh:
|
1 |
configure snmp sysName "packets" |
Membuat account dengan level priviledge dan password tertentu
|
1 |
create account [admin | user] <account-name> {encrypted <password>} |
Contoh:
|
1 |
create account admin packetnotes packetnotespassword |
password ditulis tanpa keyword encrypted, karena jika ditulis, maka saat di show config, justru akan kelihatan passwordnya
Download image XOS terbaru dari TFTP server ke switch
|
1 |
download image [[<hostname> | <ipaddress>] <filename> {{vr} <vrname>} | memorycard <filename>] {<partition>} {msm <slotid>} |
Contoh:
|
1 |
Download image packets summitX-15.2.1.5.xos vr “VR-Default” secondary |
Menggunakan software TFTP server seperti 3Cdaemon dan kabel UTP straight dari salah satu port ethernet switch ke port ethernet laptop, baru command tersebut diatas dieksekusi.
Membuat VLAN interface dan mengonfigurasikan IP Address
|
1 2 |
Create vlan packets tag 1000 Configure vlan “packets” ipaddress 10.10.10.1/29 |
Download SSH Module
Langkah-langkahnya mirip seperti download image diatas, hanya saja file image yang berekstensi *.xos diganti *.xmod
- Download image di switch bdX-15.2.1.5-ssh.xmod vr “VR-Default” secondary
- Ketik show management untuk memastikan sudah ada ssh module yang di load di switch
- enable ssh2
|
1 |
download image [[<hostname> | <ipaddress>] <filename> {{vr} <vrname>} | memorycard <filename>] {<partition>} {msm <slotid>} |
Enable Telnet
|
1 |
Enable telnet |
Konfigurasi Port Description
|
1 |
configure ports <port_list> display-string <string> |
Contoh:
|
1 |
Configure ports 2,3,10 display-string to_Tujuan |
- Port dapat dikonfigurasi satu persatu atau sekaligus
- Karakter maksimum 15 karakter
- Jangan memakai nomor port sebagai deskripsi port
- Jangan gunakan spasi jika membuat deskripsi lebih dari 1 kata, karena akan error
- Untuk mengecek hasilnya, bisa gunakan perintah show ports no-refresh
Membuat port channel/port sharing
|
1 2 |
enable sharing <port> grouping <port_list> {algorithm [port-based | address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check} disable sharing <port> |
Contoh:
Misalkan menggabungkan port 2 dan port 3 dengan port 2 sebagai masternya.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
* packetnotes.20 # enable sharing 2 grouping 2,3 lacp * packetnotes.21 # show ports sharing Load Sharing Monitor Config Current Agg Ld Share Ld Share Agg Link Link Up Master Master Control Algorithm Group Mbr State Transitions ============================================================================== 2 2 Static L2 2 Y A 3 L2 3 - R 0 ============================================================================== Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback Load Sharing Algorithm: (L2) Layer 2 address based, (L3) Layer 3 address based (L3_L4) Layer 3 address and Layer 4 port based (custom) User-selected address-based configuration Custom Algorithm Configuration: ipv4 L3-and-L4, xor Number of load sharing trunks: 1 |
Konfigurasi Radius
Sebelum mulai konfig, perhatikan:
- Harus ada vlan dulu untuk menampung portnya. Realnya adalah vlan untuk management dari switch dengan tag 1000. Dalam contoh ini nama vlan-nya packetnotes
- Harus ada ip address switch sebagai client-ip nya
Vlan packetnotes dikasih ip address, misalnya 10.10.10.2/29
|
1 2 |
* packetnotes.19 # configure vlan "packetnotes" ipaddress 10.10.10.2/29 IP interface for VLAN manage has been created. |
- Port yang ke router di tag ke vlan packetnotes, misalnya port yang ke router adalah port 49, maka dia harus di tag (tag=trunk)
|
1 |
Configure vlan manage add port 49 tagged Configure ports 49 display-string to_router |
- Cek vlan packetnotes dengan perintah show vlan <nama vlan>
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
* packetnotes.32 # sh vlan "packetnotes" VLAN Interface with name packetnotes created by user Admin State: Enabled Tagging: 802.1Q Tag 1000 Description: None Virtual router: VR-Default IPv4 Forwarding: Disabled Primary IP : 10.10.10.2/29 ip switch aka client ip IPv6 Forwarding: Disabled IPv6: None STPD: None Protocol: Match all unfiltered protocols Loopback: Disabled NetLogin: Disabled QosProfile: None configured Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: None configured Ports: 2. (Number of active ports=1) Tag: 10, *2g Flags: (*) Active, (!) Disabled, (g) Load Sharing port (b) Port blocked on the vlan, (m) Mac-Based port (a) Egress traffic allowed for NetLogin (u) Egress traffic unallowed for NetLogin (t) Translate VLAN tag for Private-VLAN (s) Private-VLAN System Port, (L) Loopback port (x) VMAN Tag Translated port (G) Multi-switch LAG Group port (H) Dynamically added by MVRP |
Baru dikonfigurasi radius dengan syntax:
|
1 |
configure radius {mgmt-access | netlogin} [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>} client-ip [<ipaddress>] {vr <vr_name>} |
Client IP adalah ip switch, dan server IP adalah ip server radius. IP kita kasih saja misalnya:
|
1 2 |
configure radius mgmt-access primary server 10.23.40.191 1812 client-ip 10.10.10.2 vr "VR-Default" configure radius mgmt-access primary shared-secret packetnotesradius |
Baris pertama adalah untuk membuat konfigurasi IP client dan server, sedangkan baris kedua untuk membuat key/passwordnya.
Konfigurasi SNMP Community
|
1 2 |
configure snmpv3 add community [[hex <hex_community_index>] | <community_index>] [encrypted name <community_name> | name [[hex <hex_community_name>] | <community_name>] {store-encrypted} ] user [[hex <hex_user_name>] | <user_name>] {tag [[hex <transport_tag>] | <transport_tag>]} {volatile} |
| hex_community_index | Specifies the row index in the snmpCommunity table as a hex value supplied as a colon separated string of hex octets. |
| community_index | Specifies the row index in the snmpCommunity Table as an ASCII value. |
| hex_community_name | Specifies the community name as a hex value supplied as a colon separated string of hex octets |
| community_name | Specifies the community name as an ASCII value. |
| hex_user_name | Specifies the USM user name as a hex value supplied as a colon separated string of hex octets. |
| user_name | Specifies the USM user name as an ASCII value. |
| tag | Specifies the tag used to locate transport endpoints in SnmpTargetAddrTable. When this community entry is used to authenticate v1/v2c messages, this tag is used to verify the authenticity of the remote entity. • hex_transport_tag—Specifies a hex value supplied as a colon separated string of hex octets • transport_tag—Specifies an ASCII value |
| volatile | Specifies volatile storage. |
Contoh:
|
1 |
configure snmpv3 add community packetnotes name Packetinfo user packetadmin |
Cukup segitu dulu, kalau ada update akan ditambahkan. Semoga berguna dan CMIIW