Extreme Networks – enabling a few things
Some of my most visited posts seem to be on brocade switching config, so I decided to put together our standard list of commands for some Extreme Networks switches we use. These commands can be used on the b5, c5, K series, 7100 series, and S Series Extreme Networks switches. Some commands are self explanatory, but for other’s I added a short description.
This command sets the vlan for the management ip set on the switch.
->set host vlan “vlanid”
->set ip address “ip address” mask “subnet mask” gateway “gateway ip”
We disable cdp on all edge ports without VOIP phones.
->set cdp state disable “port string”
We use the ciscodp command in order to set the tagged voice vlan on Cisco phones.
set ciscodp port vvid “voice vlan” “port string”
We manually configure a small set of vlans for each building, so gvrp isn’t necessary.
->set gvrp disable
->set igmpsnooping adminmode enable
->set igmpsnooping interfacemode “port string” enable
->set maclock enable
->set maclock enable “port string”
We limit the amount of mac’s that can be learned on the port and make it equal to the number of mac authentications we can do per port. Mac auth sessions are limited by switch model type.
->set maclock firstarrival “port string” “number”
->set macauthentication reauthentication enable “port string”
We set the maximum number of mac authentication sessions per port. This is limited based on switch model type.
->set multiauth port numusers 8 “port string”
You can do more than one number of port authentication types. By default we have mac auth, but you can also setup 802.1x auth as well. If you fail 802.1x auth, mac auth will be the next method of authentication.
->set multiauth precedence mac dot1x
->set port broadcast “port string” “pps threshold value”
We clear all the default snmp settings
->clear snmp access ro security-model v1
->clear snmp access ro security-model v2c
->clear snmp access public security-model v1
->clear snmp access public security-model v2c
->clear snmp community
->clear snmp group ro ro security-model v1
->clear snmp group ro ro security-model v2c
->clear snmp group public security-model v1
We setup every device with snmp v3 authentication.
->set snmp access public user “snmpusername” security-model usm
->set snmp user “snmpusername” authentication md5 “auth pass” encryption des privacy “priv pass”
->set snmp viewname All subtree 1
->set spantree spanguard enable
->set spantree adminedge “port string” true
->set ssh enable
->set telnet disable inbound
->set telnet disable outbound
->set webview disable
->set pot alias “port string” “alias”
This command enables POE on an edge port.
->set port inlinepower “port string” admin auto
->set port inlinepower “port string” admin off
Untagged vlan port setup.
->set port vlan “port string” “vlan id”
Tagged vlan port setup.
->set vlan egress “vlan id” “port string”
The one thing that could be better is the implementation of a command to apply the running config to the startup config. All these commands will be automatically applied and saved to the running configuration once entered.