Import Workflows from Extreme Networks github site and can send email reports with some of them.

https://github.com/extremenetworks/ExtremeScripting/blob/master/XMC_XIQ-SE/oneview_workflows/README.md

For example, there is a Workflow which provides a report via email of the Pilot and Navigator licenses for all devices in XIQ-SE.

There is a Workflow which can login to ERS switches and capture the serial number and email a CSV file.

You need to configure an SMTP email server and edit the NSJBoss.properties configuration file with some mail properties and then restart Netsight.

https://extremeportal.force.com/ExtrArticleDetail?an=000092528

https://extremeportal.force.com/ExtrArticleDetail?an=000081485

For TLS or STARTTLS…

mail.smtp.port=587
mail.smtp.auth=true
mail.smtp.starttls.enable=true

I used Google’s SMTP Proxy to email to outside email addresses (smtp.gmail.com). I had to turn on “Allow Less Secure Apps” which is not ideal and might be disabled by Google soon.

Configure SMTP Server and login account under Administration>Options>SMTP Email.

Click to access CLI_X-Ref_Guide_1.0.pdf

Found this video very informative from a real world admin.

If the checkbox Poll Status Only is selected when add a new device to Network>World>Devices this will make it unmanaged and will not be visible in XIQ and it will also not consume a pilot license. The information available for the device will be minimal and not as complete if the device has Poll Type SNMP.

Unmanaged devices cannot be added to Access-Control.

The device would have to be deleted from the database and re-added leaving the checkbox Poll Status Only unchecked.

The device should use an SNMP Profile which matches the switch and once added it will appear under devices and onboard to XIQ via XIQ-SE. The device will consume one pilot license. Device View will show more information such as Port status. The switch can be added to Access-Control because it is now Managed.

XIQ-SE:

Upgrading ExtremeCloud IQ – Site Engine Engine Software
Upgrades to the ExtremeCloud IQ – Site Engine engine software are available on
the ExtremeCloud IQ – Site Engine web page.
Prior to performing an upgrade, you can create a snapshot of the engine that
you can revert to in the event an upgrade fails. Refer to the vSphere client
documentation for instructions on creating a snapshot.
1. On a system with an internet connection, go to the ExtremeCloud IQ – Site Engine
web page: http://extranet.extremenetworks.com/downloads/pages/NMS.aspx.
2. Enter your email address and password.
You will be on the ExtremeCloud IQ – Site Engine page.
3. Click on the Software tab and select a version of ExtremeCloud IQ – Site Engine.
4. Download the ExtremeCloud IQ – Site Engine virtual engine image from the
ExtremeCloud IQ – Site Engine Virtual Appliance (engine) section.
5. Use FTP, SCP, or a shared mount point, to copy the file to the ExtremeCloud IQ – Site
Engine virtual engine.
6. SSH to the engine.
7. Cd to the directory where you downloaded the upgrade file.
8. Change the permissions on the upgrade file by entering the following command:
chmod + x ./ExtremeCloudIQSiteEngine_<version>_64bit_
install.bin
9. Run the install program by entering the following command:
./ExtremeCloudIQSiteEngine_<version>_64bit_install.bin
The upgrade automatically begins.
The ExtremeCloud IQ – Site Engine Server are restarted automatically when the
upgrade is complete. Because your ExtremeCloud IQ – Site Engine engine
settings were migrated, you are not required to perform any configuration on
the engine following the upgrade.

NAC:

https://extremeportal.force.com/ExtrArticleDetail?an=000088097

After upgrade verify that NAC Joins the Active Directory Domain.

cd /var/log

cat tag.log | grep “Joined”

Enforce after upgrading.

Check date and time and if necessary reset with /usr/postinstall/dateconfig command.

Upgrading XIQ-SE took about ten minutes to complete and further five minutes before I could login again.

Upgrading NAC took approximately ten minutes but allow for thirty minutes.

Recommended to take a snapshot of your VMs before upgrading.  Also, backup the XIQ-SE database to be super safe.

Capture traffic on either wifi0 or wifi1 to a TFTP server and open file in Wireshark.

capture save interface wifi0 tftp://192.168.0.6:test.pcap

capture interface wifi0

no capture interface wifi0

Found a useful document which outlines the configuration steps needed to integrate Cloud based APs with external RADIUS server which uses Access-Control.

https://documentation.extremenetworks.com/ExtremeCloudIQ/HowTo/ExtremeControl_for_XIQ-SE_and_XIQ_APs_How-to_Guide.pdf?_ga=2.260601358.2074695416.1646169177-1967010459.1640799212

There is a workflow for Importing XIQ APs available on Extreme Networks github site which can be used to do a bulk import of cloud based APs. Import workflow called Process_New_XIQ_Devices-8.5.0.169v158.xwf.

The workflow needs updating with the API token for accessing your cloud IQ instance. This involves signing up on the developer website and creating an application profile with a client-ID, client secret and redirect URI (XIQ-SE URL). The client-ID can be used in Cloud IQ to create an API token. This information is required to update the script in the first task in the workflow.

The first task will authenticate using the token and login to Cloud IQ instance of your choosing and extract a list of devices.

Ensure the subsequent scripts recognize the AP model you are using and if necessary add another IF statement to the script that matches the AP model. Also, ensure there is an SNMP profile that allows access to the Cloud AP.

The final task will need updating with the Primary RADIUS Server IP address of the Access Control Engine.

Compare differences in a configuration file using the following play-book:

—
– hosts: voss
gather_facts: no
become: yes

tasks:
– name: diff against running config
voss_config:
diff_against: intended
intended_config: “{{ lookup(‘file’, ‘vsp.cfg’) }}”

Sample output where I changed the prompt name on the switch and beforehand captured the running config (terminal more disable) to a file ‘vsp.cfg’.

$ ansible-playbook test-diff.yml -l voss –diff

:

— before
+++ after
@@ -1,7 +1,8 @@
+=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2022.02.20 16:35:12 =~=~=~=~=~=~=~=~=~=~=~=
+show run
config terminal
no boot config flags spbm-config-mode
boot config flags sshd
-prompt “switch-01”
password password-history 3
ssh
ip pim enable
@@ -47,4 +48,5 @@
router ospf
router rip
exit
-end
\ No newline at end of file
+end
+VSP-8284XSQ:1#
\ No newline at end of file

Search a document for highlighted text (any colour) using Find with Advanced option, leave “Find what:” blank and select Highlight in Format list.

So, if you have a config.cfg from an old VOSS switch which you want to re-use on a new switch you can highlight the lines that you need to change and search for them using this method later when you are ready to update it.

The final updated file can be copied to VOSS switches and then loaded using the source command.

If you use source config.cfg debug stop syntax, it will display commands (line-by-line) and if any have invalid syntax, it will stop and the last one will only parse and test but not apply. If you remove “syntax” it will attempt to apply all commands.

Or copy the file and boot with it with the no boot config flags verify-config set. It will keep reading the file even if it hits something it does not like.

Since VOSS release 8.2 a new feature was added for management. The clip or VLAN IP used for management will need to be converted to SMI. Insert the line migrate-to-mgmt under either the “interface loopback x” or “interface vlan x” lines in the config you are using.

Compare original config with running-config and amend where needed.

First, open a new Excel workbook and import the list of VLANs from the “show interface gigabit vlan” command in VOSS. Prepare the data in Notepad ++ by inserting a “=” as a column break between each word to help with the import into columns. You want a single cell with a list of VLANs.

Identify a free cell in the sheet and use the Data tab Text to Column tool to split the list of comma separated VLANs into new columns.

Select all of the VLAN columns and paste into a new cell using Transpose which will create a list of VLANs in a single column.

Always ensure the columns are set as type “Text”.

Insert a new column alongside the previous one and add the interface number alongside each VLAN.

Then we can use the concatenate formula to combine the VLANs and interface at the end of the string “vlan members add”.

For example, the formula would be =CONCATENATE(“vlan members add “,O2,” “,P2) placed in the adjacent cell in a new column alongside the VLAN and Interface columns. We can then select the cell and drag it down the rest of the column to create the list of VLAN commands needed to add a long list of VLANs to an individual port.

Alternatively, use GREP to extract all of the “vlan members” lines from the saved config file and import into Excel (into columns). Add a column alongside “members” which can contain “remove” or “add”. If needed remove the slot and “/” characters from the port numbers if applying on a switch with a different format. Higher speed ports may need changing manually as well. Create a new column which concatenates the cells to build the commands to assign VLANs to ports. This method probably cleaner.