On the CLI use command EDIT to view or change a policy or script file. For example, type edit script newvlan.xsf with a line in it that adds a new VLAN (create vlan yellow). Then use the command run script newvlan.xsf will apply the command and create the VLAN.
Type Ctrl & D and then “:” will allow you to quit without saving (:q!) or save the modified file (:wq!).
Also, it is possible to save the running config to a script for ease of replaying maybe with a slight alteration using save configuration as-script config.xsf (and view using the EDIT command).
Obviously, use show configuration should be used to view the running configuration. It is possible to compare differences between configuration files by adding the difference parameter and the names of the two configuration files to compare. And to show the factory defaults as well as the new configuration using the detail option.
XMC can connect direct to a device using the CLI Credentials but the web terminal is not easy to use if you want to select text from the terminal.
Until now. I found a way to select all the text from the top to the bottom of the screen.
Open a terminal to a switch and capture the show running config output. This can be done manually but is a real pain to have to scroll down the screen.
Instead, click the mouse at the top of the text, press Ctrl + Shift and select a few lines. Whilst still holding down Ctrl + Shift use the scroll bar and go right to the bottom and click at the bottom of the screen and then click “c”. The text will now be available in the clipboard and can be pasted elsewhere.
Link-Local addressing (subnet 169.254.x.x) allows a host device to automatically and predictably derive a non-routable IP address for IP communication over Ethernet links. By configuring the Ethernet management port “just out of the box” with an IP address, a user can connect a laptop directly to the management Ethernet port. If the laptop is not configured with a fixed IP address, it tries to get an IP address from a DHCP server. If it cannot, it assigns its own Link-Local address putting the switch and the laptop on the same subnet. The laptop can then use Telnet or a web browser to access the switch removing the need for the serial cable. The IPv4 address format is used to make it simple for a user to determine the switch’s IP address. The formula is to use the lower 2 bytes of the MAC address as the last two numbers in the Link-Local IPv4 address.
• MAC address: 00:04:96:97:E9:EE • Link-Local IP address: 169.254.233.238 or 0xa9fee9ee
Web browsers accept a hexadecimal value as an IPv4 address. (Microsoft IE displays the URL with the number dot notation 169.254.233.239.)
The web URL is http://0xa9fee9ee or just 0xa9fee9ee The user documentation directs the customer to access the web browser by typing 0xa9fe followed by the last two number/letter groups in the MAC address found on the switch label. No hexadecimal translation is required. With this information, you can connect the Ethernet port directly from a laptop to this switch using the temporary Link-Local address. You can communicate via web or Telnet to perform the initial switch configuration, if needed, and no longer needs a serial cable to configure a switch.
Maybe time has come to remove Cygwin to free up space or to start over. Cygwin does not support an uninstall program but can be done manually.
Open command prompt with administrator privilages
Type takeown /r /d y /f cygwin64
Type lcacls cygwin64 /t /grant everyone:f
Type rmdir /s /q cygwi64
Regedit and delete HKEY_CURRENT_USER_Software_Cygwin
Regedit and delete HKEY_LOCAL_MACHINE_Software_Cygwin
Delete shortcut on desktop
Download latest setup-x86_64 and run it. Do not install everything! Only start by installing ‘gcc-core’, ‘make’, ‘openssl’ ‘openssh’, ‘vim’ and ‘python3.8’. Also, include the ‘python3.8-crypto’ file which will save you a lot of pain when adding packages with pip3 which rely on cryptography package. It is quite easy to go down a rat hole when a dependency fails and you get disheartened when a lot of red messages appear on screen. There are times you need to use the Cygwin setup program to install specific packages.
Open Cygwin terminal and type python should start python 3.8 shell.
Over time the number of Python packages installed becomes too high to understand their dependencies on each other. I tried to add a package and changed my environment where I lost the list of previously installed packages. Rather than go into detail all I can say is that it was a lesson learnt.
Because it is sometimes difficult to fix an issue and is time consuming I wanted to create a virtual environment in Cygwin so I could develop new applications and not impact my normal day to day setup.
Here are the steps I used to create a virtual environment in Cygwin:
Check which pip to use for the Python version you use.
pip3 install virtualenv
Check new environment folder PythonAppVenv created in PythonApp folder
Activate the virtual environment by typing source PythonAppVenv/bin/activate
(PythonAppVenv) should appear on the left side of the name prompt
Check list of packages is different to normal list with pip3 list
Install a new package and it will only add it to the virtual environment
Check the PythonAppVenv lib/python3.8/site-packages folder or type pip3 list
Once you are finished, you deactivate the virtual environment using the command deactivate
Following GNS3 simulation test to validate security ACL on VOSS. The goal is to only allow a range or specific IPs to communicate with a specific remote IP and to deny other IPs within the same VLAN subnet from communicating with other IPs inside and outside the VLAN.
# Filter Configuration
filter acl 101 type inVlan name “In vlan 101” filter acl set 101 default-action deny filter acl vlan 101 101
Assume you want to segment part of your network into its own isolated piece by using a VRF, how would you do this with VOSS?
ip vrf itstaff vrfid 1
vlan create 999 name “ITStaff” type port-mstprstp 0
vlan members add 999 1/8
interface vlan 999
ip address 192.168.99.2 255.255.255.0
VRF “itstaff” includes VLAN 999 name “ITStaff” and is the only VLAN created so far in the VRF and the VRF has its own routing table.
VSP-1100:1(config)#show ip route vrf itstaff ************************************************************************************ Command Execution Time: Fri Apr 09 09:46:41 2021 UTC ************************************************************************************ ===================================================================================================== IP Route – VRF itstaff ===================================================================================================== NH INTER DST MASK NEXT VRF/ISID COST FACE PROT AGE TYPE PRF —————————————————————————————————– 192.168.99.0 255.255.255.0 192.168.99.2 – 1 999 LOC 0 DB 0
1 out of 1 Total Num of Route Entries, 1 Total Num of Dest Networks displayed. ————————————————————————————————– TYPE Legend: I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route, U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route, S=SPBM Route PROTOCOL Legend: v=Inter-VRF route redistributed VSP-1100:1(config)#
Note: To test connectivity from the CLI with ping or traceroute remember to specify the VRF on the command line otherwise it will use the GRT and results will not be as expected.