A VOSS switch with EAPOL enabled will send RADIUS reachability packets every 180 seconds using RADIUS reachability mode use-radius. The Access-Request will contain the User Name Attribute with value reachme. If this username does not exist on the RADIUS server an Access-Reject (3) message is seen every time the Access-Request is sent.

In Extreme Access Control add the username reachme with password reachme in the Local  Password Repository and the Access-Request will return an Access-Accept message.

A new installation of Control will need at least one Authentication Rule setup under the Configuration>AAA>Default>Advanced AAA Configuration which will use the Local Authentication option for the Authentication Method.

I always change the Default setting from Basic to Advanced AAA Configuration to allow multiple Authentication Rules so can search Active Directory as well as Local.

If XIQ-SE is unable to discover a VOSS switch with SNMPv3 it is most likely caused by a mismatch in SNMP credentials. This could be to do with authpriv settings using incorrect authentication or privacy mode or the passwords don’t match.

There is another, not very obvious cause where the two double quotes are pasted as “bb” when adding a new group.

snmp-server group HOMELAB “” auth-priv read-view ALL write-view ALL notify-view ALL

The “” signify that the group belongs in the GRT VRF 0.

The show snmp-server group command will show “bb” under the Prefix column when it should be blank.

The solution here is to remove the group and user and manually type the commands in on the CLI instead of pasting and you will find the show snmp-server group output now excludes “bb” characters and XIQ-SE can discover the switch.

Had to convert some new Universal 5320 switches this week and came across a real time stealer.

The Universal hardware will boot with EXOS by default. During initial start up press space bar on the Boot Menu and scroll down to select Change the switch OS to VOSS and click Enter.

The version of VOSS software will be a pre-GA version and needs to be upgraded.

Problem I came across was as I attempted to add the software the switch would suddenly reboot and keep doing so every time I tried.

It felt like some kind of memory leak or watch dog timer failed and the switch died.

There are two ways I found to workaround this issue.

1) Factory default the switch before attempting the upgrade. This will start the switch in pre 8.2 configuration mode without the clever ZTP+ automation features such as searching for a nick-name server and mgmt DHCP client enabled. I figured this would prevent the CPU from going over 95% utilization which appeared to be related and this worked most of the time.

2) If step 1 fails, it is possible to use the VOSS: Rescue option on boot up. Insert a USB drive and specify the filename of the VOSS software ie 5320.8.8.1.0.voss.

The pre 8.2 default configuration will have ISIS and SPBM disabled.

Recently hit an issue between a Universal 5420 switch running EXOS in a stack connected to VSP 7432 switches. Normal practice to use different slots for the uplinks ie 1:52 and 2:52 in a LAG. I noticed 2:52 was not coming up.

On slot 1, the Master switch, Forward Error Correction was ON and this matched FEC settings on the VSP 7432 interfaces (100G channelized to 4 x 25 with breakout cable).

The default for EXOS should be that FEC is disabled. Disabling FEC on the VSP 7432 side brought the link up on 2:52. Disabled FEC on 1:52 allowed all ports to be active.

Bottom line, FEC must match both ends for the link to come up. I have raised a ticket as to why slot 1 would enable FEC on its ports but not on backup or standby switch ports.

Extend the Factory Default Premier Trial License

#EXOS 30.7 or Older
show memorycard
ls /usr/local/ext
download image memorycard <image>.xos

#EXOS 31.1 or Newer
show switch mounts
ls /usr/local/ext
download url file:///usr/local/ext/<image>.xos

Solution: Downloading image failed with – write error: No space left on device | Extreme Portal (force.com)

#VSP8000-1

snmp-server view ALL 1
snmp-server group HOMELAB “” auth-priv read-view ALL write-view ALL notify-view ALL
snmp-server user snmpuser group HOMELAB md5 authcred des privcred
snmp-server host 192.168.0.250 v3 authpriv snmpuser
snmp-server sender-ip 192.168.0.250 10.0.0.81

Note: Empty string for GlobalRouter VRF.

# Show snmp-server commands

show snmp-server
show snmp-server group
show snmp-server user
show snmp-server view

no snmp-server view ALL 1
no snmp-server group HOMELAB
no snmp-server user snmpuser
no snmp-server host 192.168.0.250 v3 snmpuser

Note: To remove the host address the “authpriv” should not be included.

Take not that the first three ports are blocked by fabric in the 8 x SFP/SFP+ uplink ports.

The uplink ports support 1G by default and a port license is required for 10G support.

https://extremeportal.force.com/ExtrArticleDetail?an=000105807&q=5320%20uplink%20speed

Question:

Does the 5520-VIM-4YE support 1G connections along with 10G and 25G?

Answer:

No. The 5520-VIM-4YE only supports 10G and 25G port speeds. If 1G and 10G is required you can use the 5520-VIM-4XE instead.

Note:

In Fabric Engine, you must use the sys vim-speed command to set the speed to 10G or
25G for 5520-VIM-4YE. The default is 25G. A reboot is not necessary after setting the speed.
In Switch Engine, use the configure ports partition command with 4×25 or 4×10.

Example,  for 5520-48p with 5520-VIM-4YE

configure ports partition 57 4x10G

The show ports partition-template command will confirm configuration in place.