Extreme Networks – enabling a few things on b5/c5/k series

Extreme Networks Switching Commands

Some of my most visited posts seem to be on brocade switching configuration/commands, so I decided to put together our standard list of commands for some Extreme Networks switches we use. These commands can be used on the B5, C5, K series, 7100 series, and S Series Extreme Networks switches. These switches run the EOS network operating system. Extreme networks product line moving forward will be purely EXOS (ExtremeXOS operating system). Therefore the following commands will become legacy, but are still very useful to know since some of the EOS product line hasn’t reached EOL.  Some commands are self explanatory, but for other’s I added a short description. Continue reading »

Extreme Networks Midwest Roundtable

Around the Table

I recently attended the Extreme Networks Midwest Roundtable event. These types of small events are good to attend as they promote great technical discussions, company vision, and product road-maps. It also gives current customers a chance to speak up about what features we are looking for in new products. It also allows interested potential customers to interact with real world current customers.

Here are some thoughts that I captured from the guest speakers:

How much do we as administrators spend on just maintaining our current infrastructure? – Dan Dulac
How can we use IT to drive business outcomes? – Dan Dulac
Here’s a good one. Netflix sucks when I tried using it on xyz’s network, therefore xyz sucks. Brand perception is highly important. – Dan Dulac

These discussions lead into Mike Lebovitz talking about Extreme Networks “Purview”.
Purview is classified as an application intelligence device that allows you to see analytic data from your network.

purview layer 7 visibility

Extreme Analytics Layer 7 Visibility

Application visibility

In a nutshell, you get layer 7 visibility across your entire network. Granted you will need a specific line of Extreme Network switches to use it, but if you currently use Extreme Network’s gear I can see this as being another really useful tool. I’m still waiting to see if you will be able to enforce bandwidth/traffic shaping policies to edge ports based on L7 traffic. Some environments out there can benefit greatly about knowing what’s being used on their networks which ties into answering some of Dan Dulac’s questions above. We would benefit from the ability to shape our traffic in our current environment. We currently use an Allot Netenforcer which works great. However, this device sits and enforces at the border of our network and will need a periodic hardware refresh from time to time. If we could leverage Extreme Analytics with our existing Extreme Networks equipment and enforce closer to the edge ports that would be great.

Unified Extreme Networks Operating System

A few side notes to add were that Extreme Networks will be moving to a unified OS which will be the current Extreme OS or XOS. For those of you who don’t know, Extreme Networks recently purchased Enterasys. I’m excited to see the product merging that’s currently going on. The Enterasys dynamic policy (L2-L4 dynamic ACL) features will also be migrated to the Extreme line of equipment that can support it. Extreme Networks will also be building upon Enterasys Netsight, which is what we currently use to manage our network gear.

Overall the roundtable was a pretty neat event. It’s typically held in the fall around the downtown Milwaukee area for those who are interested in attending next year.

Extreme Networks EOS 802.3ad link aggregation

Since we saved some cash by purchasing more 2×2 3705i Enterasys Extreme Networks AP’s instead of 3×3 AP’s during our AP upgrades, we were able to purchase a few other items. We picked up three c5g Enterasys Extreme Networks 48 port POE switches, gbics, and a few other parts. The first thing I did after we deployed 96 AP’s in our dorm rooms was setup 802.3ad link aggregation with my extra gbic’s from our current N3 chassis to our g3 series switch. Phase two will be to install another DFE blade in the N3 chassis and spread the link aggregation between two DFE blades.

On with the Enterasys Extreme Networks switch commands:

1.) Egress all the proper vlan’s you want trunked across the additional physical port. We will be setting up a lag.0.x port and at that point, the physical port egress no longer matters, but if the lag breaks down for some reason, then the physical port will have the correct vlan’s trunked. You could also ensure that the single port lag command is set, but again I like to have the extra safety precautions in place.

Example ->set vlan egress ->set vlan egress 20 ge.4.24

2.) Egress all the proper vlan’s on the lag port. Use the “show lacp” command to view the available lags and to make sure that lacp is globally enabled.

Example ->set vlan egress
->set vlan egress 20 lag.0.1

3.) Create a unique lacp admin key to statically set which ports will be joined to the lag

Example ->set lacp aadminkey
->set lacp aadminkey lag.0.1 20

4.) Set the aadminkey to the physical port

->set port lacp port ge.4.24 aadminkey 20

5.) Perform the same commands on the other switch that you will be connecting to. The aadminkey can be different on the other switch, but I like to try and use the same admin key on the opposite end if possible. Make sure you also have lacp enabled on the physical interfaces as well.

-> show port lacp port ge.4.24 status detail

Extreme Networks Wireless AP3705i deployment

I’m working on deploying 96 wireless access points in our student dorm rooms. We originally started with an initial deployment of 40 wireless access points. We installed the original AP’s in the hallways, but had signal issues due to all the HVAC in the vertical walls. Hallway installation wasn’t the greatest idea to begin with, but at the time of the initial installation we had limited funding to run cables to every suite. In our new deployment, we required that contractors pull cables into certain suites. Each suite houses 4 rooms,so I decided to place an AP in every other room and staggered the AP’s from floor to floor. Continue reading »

Losing control

As server administrators continue migrating to virtualization, network admins lose control. I’m not talking about psychological control, but network resource and management control. Server admins probably feel a sense of freedom. They are probably saying, “Now I don’t have to go and bother those pesky network admins to fire up a new server.” This can decrease the provision time, but this can also cause a very adverse side effect. See, I’m a network administrator and I work with networks all day long. From time to time I dabble in ESX and I also manage and maintain a few Linux and windows servers. However, I’m by no means up to the task of daily server administration. I’m sure I can learn how to administer AD, mail, file shares, and print servers, but that’s not what I do on a daily basis. The same holds true for a server admin. I’m not saying they can’t figure out networking or do the basics, they just don’t do networking every day.

What that means, is that from time to time you end up with virtual switches not configured or optimized properly. Firewall rules are bypassed by server admins with ease. QOS settings are not configured properly. You get the point. You thought the BYOD network was bad, well the wild, wild, west has just infiltrated your server network infrastructure as well. You now have BYOS (bring your own server). How secure are those prebuilt OVA’s? Who really knows?

With all these thoughts and ideas in mind, what are the available options? I have currently been researching how we can regain control within these VM environments. Our current vendor Enterasys, now Extreme Networks provides a method to mac auth all devices seen on the switch port or lag that goes through a VM environment. This allows identification of VM’s with their NAC solution. The Enterasys Extreme Networks switch can then apply dynamic policies to each frame coming across the switch port or lag. The default number of polices we can apply at one time is 8 on their S series switch. We would need a license to do 128 per port. Now maybe this is not the best strategy, but it’s one that I know of that can help. You can then create a default policy which blocks whatever you want based on rules up to L4. The server admin would then have to reach out to those good old network admins for correct policy enforcement. Enterasys even has a data center manager esx plugin that can be used to ease management. Now I don’t believe that this is the best solution for all environments, as it has downsides as well. MAC spoofing is one that comes to mind and this setup doesn’t come without cost.

Therefore, the next solution I’m looking into is open vswitch. This would act as a front end add-on piece in ESX as I understand. Other hypervisors already use open vswitch. Using openflow to control traffic qos/policy could be another avenue to maintain network harmony. I will continue my research and will post my findings….

Extreme Networks acquires Enterasys – Comparison

The Acquisition

Its official, Extreme Networks has acquired Enterasys Networks. We have lots of Enterasys gear, so we were highly interested to know the path that would be taken after the acquisition. At first, I couldn’t help think if the acquisition was a play for Enterasys patents. However, that’s just pure speculation. We were informed by product management that all existing products would continue to follow the current end of support and end of life cycle, so that’s good news.

Overall, I think that the acquisition will be pretty positive. The current Extreme Networks profile was missing things that Enterasys offered such as their highly customized L2-L4 policy and NAC integration. Extreme also looks like they OEM Motorola wireless and Enterasys has their own wireless portfolio.

The biggest plus will be the extension of the switching/routing lineup. Enterasys had a small gap in their WAN solution. We discovered this when we were looking for a smaller port density WAN 1-10G BGP/OSPF capable router. Extreme networks fills that gap and I’m sure there are many more compliments that I haven’t mentioned.

Extreme Networks overview

The Summit x460 series would have fit the ticket as a smaller device we were looking for when we were planning to replace our old Juniper M7i tank. However, we ended up purchasing a few brocade icx-6610’s. This was a few months back before we heard of the acquisition.

Here’s the lineup of what the current offering looks like from a few vendors that would have meet our requirements at that time:


Extreme Summit x460

Brocade icx-6610

Enterasys SSA

10/100/100BASE-T Ports

24 or 48

24 or 48


Max 10G

2 or 4 or 6 total (modules)

8 total (lic to unlock)



2(summit stacking module)

4(stacking only)


Form Factor




Stacking Support




Redundant power

yes/hot swap

yes/hot swap

yes/hot swap

Routing – BGP4

yes (lic to unlock)

yes(lic to unlock)

yes(lic to unlock)

Each vendor may have more of a product lineup, for instance Enterasys does have a 1-Slot chassis S-Series that can provide more options. However we were trying to keep costs down and the move up to the 1-slot chassis increases costs. There are other vendors out there such as Juniper, HP, and Dell as well. Each has its ups and downs. The Enterasys SSA is built with custom ASICs and some other vendors typically carry the Broadcom chipset. Switching capacity was left out due to the fact that each vendor spec sheet may not compare equally. You can find more details with the links provided below:




Extreme Networks Oneview/NAC

I have finally made it back for another blog entry. I have been pretty busy at work getting ready for the start of the new semester. A few projects that I have been working on include wireless upgrades, multipath bgp, adding a third core, and spending time on documentation.  We are an Enterasys shop, now Extreme Networks. I know, I know, some of you are thinking who’s Enterasys? Well, we have been running their switching, routing, and wireless gear for quite some time now. I remember having equipment that still had the Cabletron label. Enterasys, now Extreme Networks does some pretty cool stuff, so I would recommend that you check them out. Especially if your into all-in-one tools to help assist you.

I figured I would give you a taste of what Extreme Networks Oneview has to offer. We just upgraded to version 5 and there are a lot of cool wireless features that have been added. Check it out.


The oneview web portal ties in the Extreme Networks EAC (extreme access control) stats piece as well. As soon as we get netflow going, we will be able to tie in user and netflow data together. Just to give you a little background on Extreme Networks NAC, we can basically apply up to L4 dynamic policy on any of our Extreme Networks edge switching and wireless devices. You can use 802.1x, MAC authentication, or even web registration. If you tie back into AD or LDAP, you can assign different policies based on group policies. You can even fire up the Extreme Networks NAC agent on machines and make sure everyone is up to date on windows updates, anti-virus, or any other service you want to check up on. If they are not compliant, you can just inform on that or you can deny traffic all together. It’s up to you.