Diferencias

Muestra las diferencias entre dos versiones de la página.

--- redes:switches:extreme_networks [2016/06/22 18:23] – creado cayu
+++ redes:switches:extreme_networks [2017/09/13 15:16] (actual) – [Administración] cayu
@@ Línea 1: / Línea 1: @@
 ====== Extreme Networks ======
+http://www.extremenetworks.com
 ===== Configuración Minicom =====
 <code ini>
@@ Línea 9: / Línea 10: @@
 pu xonxoff          Yes
 </code>
+===== Administración =====
+=== Setup summary ===
+  - You must use the console serial connection to set up the switch. Use PuTTY, HyperTermial or other terminal emulation software. Use a null-modem cable and 9600,n,8,1 line settings with XON/XOFF flow control.
+  - The switch will ask for login and password. Default login is admin. Default password is <blank>.
+  - If the switch has been previously configured, it can be restored to factory defaults with unconfigure switch all. The switch will ask for confirmation then reboot.
+  - After login, an unconfigured switch ask half a dozen questions. Default answers (No) for all question is an acceptable configuration starting point.
+  - (optional) Assign an IP address for management with configure vlan default ipaddress <ip address> <net mask>
+  - (optional) Enable web interface with enable web http
+  - (optional) You may now connect to the switch through any of the front-panel Ethernet jacks and establish a telnet connection to continue configuration.
+  - Q-Sys uses DSCP. Enable DSCP examination of incoming frames with enable diffserv examination port all command. The switch may respond with a Warning: Enabling diffserv examination will cause dot1p replacement of 802.1q tagged packets. message. This is normal and expected.
+  - 802.1p based QoS is enabled by default and generally should be disabled with disable dot1p examination ports all command. The switch may respond with a WARNING: The intended usage of this command is when another QoS traffic grouping (e.g. diffserv examination, port QoS, vlan QoS, ACL QoS) is configured. Disabling all QoS traffic groupings will still result in 802.1p QoS selection. This is normal and expected.
+  - Assign clock traffic as highest priority QP8 configure diffserv examination code-point 46 qosprofile qp8
+  - Q-Sys audio is assigned to QP5. Use create qosprofile qp5 to create the QoS profile then configure diffserv examination code-point 34 qosprofile qp5 to assign audio traffic to it.
+  - Use the save command to make these settings permanent. Confirm overwrite of current settings.
+  - Test Managment port.
+=== Reset config ===
+Remove the power cable of the switch or power off the switch for 60 seconds.After that switch on and we can see the switch is booting via the terminal window.It will show “Press and hold spacebar to enter BootStrap mode“,we don’t want to enter this mode.Skip this and it will again show “Press and hold the spacebar to enter BootRom mode“.Just hold the spacebar and it will get you to BootRom prompt.Then give the commands as follows
+<code>
+BootRom>config none
+BootRom>boot
+</code>
+Then we can see the booting process and it will reach at a point where username and password is asked.Enter username as “admin” and there is no password set for this account by default.So don’t provide any password and just hit enter.
+After logging in successfully the prompt will ask you for enabling/disabling telnet,snmp,failsafe account etc.Configure your required options accordingly.After setting up all these it will take you to the basic command line.There we can set the password for the accounts.By default there are two accounts available in an extreme switch.One is “admin” which is the privileged account and other account is the “user” with only basic options.Following is the command to set password for admin account.
+=== Basic Config ===
+== Config ==
+  * configure vlan mgmt ipaddress 192.168.1.50/25
+  * configure iproute add default 192.168.1.1 vr vr-mgmt
+  * configure vlan default ipaddress 192.168.2.5/24
+  * configure vlan default add ports 1
+  * download image 192.168.1.201 summitX-15.3.5.2.xos vr "VR-Default" secondary
+  * use image secondary
+  * reboot
+  * run update
+  * download image 192.168.1.201 summitX-15.3.5.2-ssh.xmod vr "VR-Default" primary
+  * run update
+  * start process exsshd
+  * enable ssh2
+== Install the SSH module: ==
+  - Download the module image to your TFTP server.
+  - Determine the active partition for your switch by typing: "show switch"
+  - The display shows the current selected and booted image partition.
+  - Download and install the module image to the active partition by typing the following command (specify the virtual router you are using to connect to the TFTP server): "download image XXX-ssh.xmod vr vr-mgmt (primary or secondary)"
+  - The system displays the following message: "Do you want to install image after downloading" (y - yes, n - no,  - cancel)
+  - Type y, for yes, so that the image will be installed after downloading.
+  - Type "run update"
+  - To verify that the SSH module is running, issue the following command: "show process"
+  - You will see a process named “exsshd” listed. You can then configure and "enable ssh" on the switch.
+  - To verify that the SSH module is installed, issue the following command: "show management"
+  - The system displays the following message: SSH access : Disabled (Key invalid, tcp port 22 vr all)
+  - If the SSH module is not installed, the system displays a message similar to: SSH Access : ssh module not loaded.
+== Config Syslog ==
+  * configure syslog add 192.168.54.12:514 vr VR-Default local7
+  * enable log target syslog 192.168.54.12:514 vr VR-Default local7
+  * configure log target syslog 192.168.54.12:514 vr VR-Default local7 filter DefaultFilter severity Debug-Data
+  * configure log target syslog 192.168.54.12:514 vr VR-Default local7 match Any
+  * configure log target syslog 192.168.54.12:514 vr VR-Default local7 format timestamp seconds date Mmm-dd event-name none priority tag-name
+== Config NTP ==
+  * configure sntp-client primary $sntpserver
+  * configure timezone $tzAR $dst_-180
+  * enable sntp-client
+== Config SNMP ==
+  * summit # enable snmp access
+  * summit # configure snmp delete community readonly public
+  * summit # configure snmp add trapreceiver <IP> community <communaute>
+  * summit # sh management
+== Config Banner ==
+  * configure banner ?
+<file>
+line1....<SPACE><Enter>
+#blank line <SPACE> <Enter>
+line2 <SPACE> <Enter>
+end script with two enters
+</file>
+=== Direcciones IP ===
+**Por DHCP**
+<code>
+enable dhcp vlan  all
+</code>
+**Estatica**
+<code>
+disable dhcp vlan all
+configure vlan Default ipaddress 192.168.1.159 255.255.254.0
+configure iproute add default 192.168.1.1
+</code>
+=== Usuarios ===
+<code>
+create account admin cayu
+</code>
+=== vlans ===
+<code>
+summit# create vlan vlan_200
+summit# configure vlan_200 tag 200
+summit# configure vlan_200 ipaddress 192.168.200.254 /24
+summit# create vlan vlan_10
+summit# configure vlan_10 tag 10
+summit# configure vlan_10 ipaddress 192.168.10.254 /24
+summit# enable ipforwarding vlan_200
+summit# enable ipforwarding vlan_10
+summit# configure iproute add default <next_hop_ip>
+</code>
+===== TIPs =====
+==== SSH ====
+Si tenemos un mensaje como este :
+<code>
+Unable to negotiate with 10.54.90.4 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
+</code>
+Podemos probar con estas opciones de SSH
+<code>
+ssh -o HostKeyAlgorithms=+ssh-dss -oKexAlgorithms=+diffie-hellman-group1-sha1 admin_sw@10.54.90.4
+</code>
+===== Referencias =====
+  * https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-console-into-Extreme-and-Enterasys-switches