Page 1: Software Version
Ridgeline Concepts and Solutions Guide Software Version 3.0 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com Published: February 2011 Part Number: 100396-00 Rev. 01...
Page 2 Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive logo, the Summit logos, and the Powered by ExtremeXOS logo are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries.
Page 3: Table Of Contents
Device Status Polling ............................22 Telnet Polling ............................22 Edge Port Polling Using the MAC Address Poller..................23 Updating Device Status with the Ridgeline Database................23 Extreme Networks Device Support .........................23 Third-Party Device Support ..........................23 Chapter 2: Getting Started with Ridgeline ..................... 25 Starting Ridgeline ..............................25 Starting the Ridgeline Server ........................26...
Page 4 Creating the Device Inventory ..........................32 Using Discovery ..............................33 Adding Devices Individually ..........................34 Setting Up Default Device Contact Information....................35 Using Network Views..............................36 Device Groups and Port Groups ........................38 Map Views...............................38 Displaying Device Inventory Information ........................39 Viewing Device Properties............................40 Opening a Telnet Session to a Device ........................41 Collecting Device Information for Extreme Support ..................43 Managing Device Configurations and Firmware.....................44 Using the Ridgeline Alarm Manager........................45...
Page 5 Chapter 5: Provisioning Network Resources ..................77 Provisioning Example .............................77 Creating a VLAN .............................77 Modifying a VLAN ............................80 Troubleshooting for Provisioning Tasks .........................83 Viewing Logged Information about Provisioning Tasks..................84 Chapter 6: Managing Ethernet Services....................87 E-Line Service ................................87 E-LAN Service ................................88 Bandwidth Profiles ............................89 Configuring Ethernet Services..........................89 Creating an Ethernet Service ..........................89...
Page 6 Displaying VMAN Details ..........................141 Categorizing VLANs With Network Names ......................141 Creating a Network Name ..........................141 Assigning VLANs to a Network Name......................142 Filtering the VLANs Table Based on Network Name ..................142 Chapter 11: Managing Virtual Machines ....................145 Overview ................................145 Introduction to the XNV Feature........................145 VM Port Configuration..........................145 VM Authentication Process ........................146 Ridgeline Authentication .........................146...
Page 7 Verifying EAPS Information ..........................185 Running EAPS Reports ............................186 EAPS Summary Report ..........................186 EAPS Log Reports ............................187 Chapter 13: Managing Network Security....................189 Security Overview ..............................189 Management Access Security ..........................189 Using RADIUS for Ridgeline User Authentication ..................190 Configuring a RADIUS Server for Ridgeline User Authentication ............190 Example: Setting up a VSA to Return Ridgeline Role Information............191 Example: Setting the Service Type for a Built-in Ridgeline Role ............192 Securing Management Traffic ........................192...
Page 8 Exporting the Collected Data .........................226 The MIB Query Tool ............................226 Reconfiguring Ridgeline Ports ..........................227 Using the Ridgeline Debugging Tools ........................228 Reconfiguring the FreeRadius Server ........................228 Chapter 16: Creating and Running Ridgeline Scripts.................229 About Ridgeline Scripts ............................229 Bundled Ridgeline Scripts ..........................230 The Ridgeline Script Interface ..........................230 Managing Ridgeline Scripts..........................232 Creating a New Ridgeline Script ........................233...
Page 9 Configuring a New Directory Server......................280 Editing LDAP Client Properties ........................283 Deleting a Directory Server ...........................285 Viewing Network User Information ........................286 Network User Dashboard Reports ........................286 Users Table ..............................287 Active Users Tab............................288 Inactive and Active Users Tab .......................289 Displaying Network User Details ..........................290 Displaying Identity Management Reports......................292 Chapter 18: Managing Network Device Configurations and Updates ..........293 Archiving Device Configurations...........................293...
Page 10 Appendix D: Configuring RADIUS for Ridgeline Authentication ............331 Step 1. Create an Active Directory User Group for Ridgeline Users ..............331 Step 2. Associate Users with the Ridgeline Group....................332 Step 3. Enable Ridgeline as a RADIUS Client .....................334 Step 4. Create a Remote Access Policy for Ridgeline Users ................336 Step 5.
Page 11: Preface
Preface This preface provides an overview of this guide, describes guide conventions, and lists other useful publications. Introduction This guide provides the required information to use the Ridgeline software. It is intended for use by network managers who are responsible for monitoring and managing Local Area Networks, and assumes a basic working knowledge of: Local Area Networks (LANs) ●...
Page 12: Conventions
Conventions Conventions Table 1 Table 2 list conventions that are used throughout this guide. Table 1: Notice Icons Icon Notice Type Alerts you to... Note Important features or instructions. Caution Risk of unintended consequences or loss of data. Warning Risk of permanent loss of data. Table 2: Text Conventions Convention Description...
Page 13: Related Publications
Customers with a support contract can access the Technical Support pages at: ● http://www.extremenetworks.com/services/eSupport.asp The technical support pages provide the latest information on Extreme Networks software products, including the latest Release Notes, information on known problems, downloadable updates or patches as appropriate, and other useful information and resources.
Page 14 Related Publications Ridgeline Concepts and Solutions Guide...
Page 15: Chapter 1: Ridgeline Overview
In large corporate networks, network managers need to manage systems “end to end.” Ridgeline is a powerful, flexible and easy-to-use application for centralizing configuration, troubleshooting, and status monitoring of IP-based networks of Extreme Networks switches and selected third-party devices, regardless of the network size.
Page 16 ● monitoring of the network. Ethernet Automatic Protection Switching (EAPS) protocol support within Ridgeline enhances a highly available Extreme Networks switching environment. The Real Time Statistics feature provides a graphical representation of utilization and error statistics for multiple ports on a device, device slot, or within a port group.
Page 17 MIB-2 functionality. Based on Ridgeline’s Third Party Integration Framework, selected appliances from Extreme Networks partners can be integrated into Ridgeline in a robust fashion that allows reporting, alarm management, and monitoring with graphical front and back panel views.
Page 18: Inventory Management
Ridgeline Overview Manage large numbers of devices. Ridgeline server can manage up to 2000 devices with a single ● installation of the Ridgeline software. For even larger networks, you can split the management task among several Ridgeline servers in a distributed server mode that lets you monitor the status of those servers from a single client.
Page 19: Network Views
Network Views Ridgeline’s Network Views provide at-a-glance information about the devices, device groups, and port groups in your network. You can display summary information about the devices or ports, links between devices, VLANs, and EAPS domains, and you can select individual devices in tables or maps to view detailed information about them.
Page 20: The Configuration Manager And The Firmware Manager
The IP/MAC Address Finder lets you search for specific network addresses (MAC or IP addresses) and identify the Extreme Networks switch and port on which the address resides. You can also use the IP/ MAC Finder to find all addresses on a specific port or set of ports. If you have enabled Ridgeline’s periodic MAC Address polling, which does polls for edge port address information, you can perform a fast address search by just searching the Ridgeline database for this information.
Page 21: Ridgeline Reports
Ridgeline Reports Ridgeline Reports are HTML pages that can be accessed separately from the main Ridgeline user interface, without logging on to Ridgeline. Ridgeline reports do not require Java, so reports can be loaded quickly, even over a dial-up connection, and can be viewed on systems that cannot run the Ridgeline client.
Page 22: Eaps Monitoring And Configuration Verification
Ridgeline Overview EAPS Monitoring and Configuration Verification Ethernet Automatic Protection Switching (EAPS) provides “carrier-class” network resiliency and availability for enterprise networks. Ridgeline monitors EAPS rings from Network Views. You can identify and display the status of EAPS rings, including Master and Transit nodes, link status, and a variety of status information.
Page 23: Extreme Networks Switch Management
Ridgeline software. Figure 1: Ridgeline Software Architecture Extreme Networks Switch Management Ridgeline primarily uses the Simple Network Management Protocol (SNMP) to monitor and manage the devices in the network. The Ridgeline server periodically does a status poll of the devices it is managing to determine if the devices are still accessible.
Page 24: The Remote Monitoring (Rmon) Mib
The Alarm System supports SNMP Management Information Base-2 (MIB-2), the Extreme Networks private MIB, Remote Monitoring (RMON) traps, and selected traps from other MIBs. The Ridgeline software uses a mechanism called SmartTraps to identify changes in Extreme device configuration.
Page 25: Edge Port Polling Using The Mac Address Poller
Optionally, you can use SSH2 instead of Telnet to communicate with Extreme Networks devices. This requires that you run a version of ExtremeWare or ExtremeXOS that supports SSH. You can disable Telnet polling if necessary through the Server Properties for Devices in Ridgeline Administration.
Page 26 Ridgeline Overview Ridgeline Concepts and Solutions Guide...
Page 27: Chapter 2: Getting Started With Ridgeline
Getting Started with Ridgeline C H A P T E R This chapter covers how to use some of the basic features of the Ridgeline system: Starting Ridgeline ● How to get help ● Working with Ridgeline windows ● Ridgeline user roles ●...
Page 28: Starting The Ridgeline Server
Getting Started with Ridgeline Starting the Ridgeline Server The Ridgeline Server consists of two components: The Ridgeline Database Server ● The Ridgeline Server ● Both components must be running in order to run the Ridgeline client. In a Windows environment, the Ridgeline server components are installed as services. By default, the two Ridgeline Server components will start automatically when you boot the server.
Page 29 To launch the Ridgeline Client, you need to have the following information: The name or IP address of the Ridgeline Server to which the Client should connect ● The HTTP port that the Client uses to communicate with the server (the default is 8080). This is the ●...
Page 30 Getting Started with Ridgeline 5 Ridgeline checks if your system is running the correct version of the Java plug-in. If you are not running the correct version, you are directed to a page where you can download the correct version. If you are running the correct version of the Java plug-in, the Ridgeline Client software is downloaded from the Ridgeline Server and installed on the local system.
Page 31: Getting Help
Ridgeline also provides the Ridgeline Reference Guide, which also describes how to use the Ridgeline features. This guide can be accessed from the subdirectory under the Ridgeline installation directory. In the Windows environment this is \Program Files\Extreme Networks\Ridgeline . In a Linux or Solaris environment this is 3.0\extreme.war\helptext\docs /opt/ExtremeNetworks/ .
Page 32 Getting Started with Ridgeline Figure 5: Components of the Ridgeline User Interface (Network Views Window) Menu Bar Icon Bar Tabbed Windows Map View Device Details Frame Folders Navigation Frame Navigation Table The main components of the Ridgeline user interface are the following: Menu Bar Options and commands available in Ridgeline.
Page 33: Modifying Table Views
Modifying Table Views Much of the information displayed in Ridgeline is in tabular format. You can sort the rows in a table, modify the table column size, move columns around in a table, and remove columns from a table. Sorting Table Rows You can sort the rows of a columnar display according to the contents of any individual column.
Page 34: Moving Tabbed Windows In Ridgeline
Getting Started with Ridgeline Moving Tabbed Windows in Ridgeline Tabbed windows in Ridgeline are dockable, which means that you can move them to new locations in the main Ridgeline window. To move a window to a new location, do the following: 1 Place the cursor over the tab of the window you want to move.
Page 35: Using Discovery
Using Discovery When you first install Ridgeline, the device inventory is empty. The easiest way to populate the inventory database is to use the Discovery feature (select New > Discover device from the File menu) to automatically detect the devices on your network. With Discovery you can: Search for devices by specific IP addresses or ranges of IP address, including using wildcard search ●...
Page 36: Adding Devices Individually
Getting Started with Ridgeline Figure 8: Results of a discovery To add devices to the database, select the set of devices you want to add and click the Add button. For each device or set of devices you add to the inventory database, Ridgeline first asks you to provide contact information for those devices: The device login name and password ●...
Page 37: Setting Up Default Device Contact Information
Figure 9: Adding Devices to Ridgeline Individually Ridgeline pre-fills the fields in the window with the default communication information—you can change it as appropriate. Setting Up Default Device Contact Information For simplicity in managing multiple devices in large networks, administrators typically use the same logins, passwords, community strings and so on, for multiple devices.
Page 38: Using Network Views
Getting Started with Ridgeline Using Network Views After you add devices to Ridgeline, they appear in Ridgeline Network Views. Network Views provide at- a-glance displays of the devices, device groups, ports, and port groups in your network. You can view summary information about the devices or ports, links between devices, VLANs, and EAPS domains, and you can select individual devices in tables or maps to view detailed information about them.
Page 39 The table has the following tabs: Devices Displays information about the devices in the device group. Clicking on a device in the table displays additional information about the selected device in the details window, and also highlights the device’s icon in the Map View. Links Displays information about all of the links between the devices in the device group, including automatically detected and user-defined links.
Page 40: Device Groups And Port Groups
Getting Started with Ridgeline The status of items in Network Views is displayed graphically, with icons indicating the operational condition of devices or ports, and lines indicating the state and traffic level of links between devices. A bell icon shows the level of the highest alarm level for devices or groups. Device Groups and Port Groups Ridgeline’s grouping feature allows you to assemble your devices and ports into groups and subgroups and view information about them or manage them at a group level.
Page 41: Displaying Device Inventory Information
Figure 13: Network Topology Map View A network topology map is a graphical representation of a device group. In Network Views, you have the option of selecting the Map View of the device group, which causes Ridgeline to generate a network topology map, populated with the devices in the group.
Page 42: Viewing Device Properties
Getting Started with Ridgeline To display the Device Inventory for a device, click on the device’s row in the Devices table, then select Inventory from the Device menu. This display shows additional information that Ridgeline has gathered from the switch agent. Figure 14: Device Inventory Window You can click on the slots and ports in the Panel View to display additional information about the selected item.
Page 43: Opening A Telnet Session To A Device
Telnet interface. You can optionally record the commands and output from a Telnet session and save the results to a file. For Extreme Networks devices, Ridgeline will automatically log into the switch based on the device login name and contact password configured for the device in the Add Device window. For third-party devices, you will need to provide the login and password interactively.
Page 44 Getting Started with Ridgeline Figure 16: Ridgeline Telnet Window The Ridgeline Telnet window is a two-tone window—the bottom of the window is white, the top is gray. The last 25 lines of Telnet commands and responses always appear in the white portion of the window.
Page 45: Collecting Device Information For Extreme Support
The file name is in the format ; for example: <device_ipaddr>-<date>-<time>.txt 10_210_12_4-20090113-120302.txt Collecting Device Information for Extreme Support You can log into a device from the server and run ExtremeXOS commands that collect information about the device, save it to an archive and send it to the server’s TFTP directory. You can then log into the server and get the archive.
Page 46: Managing Device Configurations And Firmware
Getting Started with Ridgeline Figure 17: Configure TFTP Server Use the cursor to scan the entire path to the TFTP directory. If the server uses the default system TFTP server, the path is /opt/ExtremeNetworks/RidgelineServiceAdvisor2.0EPICenter7.1_web/user.war/tftp. Log into the server to retrieve the .tgz files using the protocol that the server requires, Telnet or SSH. Managing Device Configurations and Firmware Ridgeline provides two features that can help you manage the configuration files and the firmware versions on your devices.
Page 47: Using The Ridgeline Alarm Manager
● NOTE When Extreme Networks devices are added to the Ridgeline, they are automatically configured to send traps to the Ridgeline server (unless you are running in non-intrusive Mode). To receive traps from non-Extreme devices, you must manually configure those devices to send traps to the Ridgeline server. See “Configuring Devices...
Page 48: The Alarm Log Browser
Getting Started with Ridgeline for Use With Ridgeline” on page 309 for information on registering Ridgeline as a trap receiver on non-Extreme devices. The Alarm Log Browser You use the Alarm Log Browser to view a summary of the alarms that have occurred among the devices you are managing.
Page 49 reports by logging directly into the Reports feature from a browser, without running the Ridgeline client: just select the Log on to Reports only link from the Ridgeline Welcome page. Figure 19 shows a few of the reports you can view through the Reports feature. Figure 19: Examples of Ridgeline reports Most reports can be sorted in a number of ways, and many reports can be filtered to display only the data of interest, based on the types of information shown in the report.
Page 50 Getting Started with Ridgeline In addition to the Network Summary Report, Ridgeline provides the following reports and tools: Table 3: Ridgeline Reports Report Report Name Description Category Main • Extreme eSupport Export Exports Ridgeline data for use by Extreme technical support. Accessible from the Main reports page.
Page 51 Table 3: Ridgeline Reports (continued) Report Report Name Description Category Client • Network Login List of network login activity by device Reports • Current Clients List of all current wireless clients detected, Wireless Client History Report regardless of client state. •...
Page 52 Getting Started with Ridgeline Ridgeline Concepts and Solutions Guide...
Page 53: Chapter 3: Organizing Devices And Ports Into Groups
Organizing Devices and Ports Into Groups C H A P T E R This chapter describes how you can use the Ridgeline grouping feature to place devices and ports into hierarchical groups. About Ridgeline Groups Ridgeline has a powerful grouping feature that allows you to assemble groups of devices and ports, and view information about them or manage them at a group level.
Page 54 Organizing Devices and Ports Into Groups Figure 20: Displaying a Device Group Network Views Folder “All” Device Group Top-level Group Subgroup Group Alarm Status Port Group View of Group Table View of Group The Network Views folder in the Ridgeline Navigation frame lists the device groups and port groups defined in Ridgeline.
Page 55: Group Membership Guidelines
Group Membership Guidelines Groups can contain only one kind of object: ports cannot be members of device groups, and devices cannot be members of port groups. A given device or port can reside in multiple groups in the Network Views folder, but not within the same top-level group hierarchy.
Page 56: Adding A Device To A Device Group
Organizing Devices and Ports Into Groups Figure 21: New Group Window 2 Enter the name and optional description for the new group 3 Click the appropriate radio button to specify whether this is a device or port group 4 Select the location in the Network Views hierarchy where the new group should be placed. Highlight Network Views to make this a top-level group.
Page 57: Adding Ports To A Port Group
Figure 22: Copy to Device Group Window 4 Select the group in which you want to place the device. Note that a device can be placed in a top- level group hierarchy only once. See “Group Membership Guidelines” on page 53 for more information.
Page 58 Organizing Devices and Ports Into Groups Figure 23: Device Details Window 3 The Device Details window lists all of the ports on the selected device. Select the ports you want to add to the port group. Use Shift-Click to select a group of ports or Ctrl-Click to select individual ports.
Page 59: Adding Ports From Multiple Devices To A Port Group
Adding Ports from Multiple Devices to a Port Group If the port group will contain ports from multiple devices, do the following: 1 From the File menu, select Group > Add Ports to Port Group The Add to Port Group window is displayed, as shown in Figure Figure 25: Add to Port Group Window 2 The Add to Port Group window lists the devices in the Ridgeline inventory.
Page 60: Copying Or Moving Groups
Organizing Devices and Ports Into Groups Figure 26: Port Selection Window 5 The port selection window lists all of the ports on all of the devices you selected in the Add to port group window. Select the ports you want to add to the port group. You can use the Filter and Quick Filter boxes to limit the number of ports displayed in the table.
Page 61: Removing Devices Or Ports From Groups
To copy or move a group to another group, do the following: 1 In the Network Views folder, select the group you want to copy or move. 2 Right-click and select either Copy to group or Move to group from the pop-up menu. A window is displayed listing the groups that have been created in Ridgeline.
Page 62: Displaying Group Details
Organizing Devices and Ports Into Groups Figure 27: Properties Window for a Device Group 3 Add or change information in the Name or Description fields, and click OK to save the changes. Displaying Group Details To display details about a group, click on the group’s row in the Table View. Information about the selected group appears in the details frame.
Page 63: Exporting Group Information
Figure 28: Group Details Window Groups and subgroups within the hierarchy are indicated by a vertical bar (|) character between device group names. For example, “North America | Bay Area” indicates a top-level group “North America” with a subgroup “Bay Area”. In addition, the display lists information the contents of the group, either ports or devices.
Page 64 Organizing Devices and Ports Into Groups Figure 29: Save As Window 3 Select whether to save the only the viewable data (that is, just the filtered data currently shown in the table), or all data for all devices/ports in the group. 4 Click Browse and specify the location and name for the exported file.
Page 65: Chapter 4: Using Map Views
Extreme Discovery Protocol (EDP) or the Link Layer Discovery Protocol (LLDP) enabled, or on third-party devices with LLDP enabled. Links cannot be discovered on non-Extreme Networks devices that do not run LLDP, or on Extreme Networks devices with EDP and LLDP disabled.
Page 66 Using Map Views Figure 30: Map View of a Device Group Network Views Folder Device Group Map View Zoom Bar Device Details Group Alarm Status Device Node Link Submap Node Navigation Table Navigation Box The main components of an Ridgeline Map View are the following: Device Group A set of devices that have been placed in an Ridgeline group hierarchy In Ridgeline, you can create groups of ports and devices, although topology maps are...
Page 67: Map Elements
Alarm Status The highest level alarm currently unacknowledged among the devices in the current map or any of its submaps. Devices and submaps within this map that have alarm propagation disabled do not contribute to this status. If the alarm icon has an “X” through it, this means alarm propagation has been disabled for this map, and will not contribute to the alarm status of the next higher-level map.
Page 68: Subgroup Nodes
A link represents connectivity between nodes in the map. Links are automatically detected on Links. Extreme Networks devices when EDP or LLDP is enabled on either device. Links can also be detected on third-party devices that support LLDP. Links can also be user-created.
Page 69 NOTE For devices with EDP and/or LLDP disabled or not supported, you can manually add user-defined links to the map to represent connectivity between devices. They are not updated when the map topology changes. The behavior of the system-discovered links described in the following paragraphs does not apply to user-defined links. When a discovered link connects two devices on the same map, the link will be annotated with the port number, or slot and port number for each of the endpoints.
Page 70: Navigating Maps
Using Map Views NOTE Ridgeline does not support load sharing on devices running ExtremeXOS. Navigating Maps To move around in the map, you can do the following: Use the Zoom bar to zoom in or out of an area of the map ●...
Page 71: Creating Maps
Figure 31: Navigation Box in a Map View Drag the smaller box to move around the map Arrow Icon Navigation Use the smaller box within the Navigation Box to move around a large map. Click the arrow icon to display or hide the Navigation Box in the Map View. Creating Maps This section describes how to perform the following tasks: Creating a topology map for a device group...
Page 72: Creating A Map For A Device Group
Ridgeline to generate the map. When generating the map, Ridgeline creates an icon for each device, and automatically detects links between Extreme Networks devices when EDP or LLDP is enabled on either device. Links can also be detected on third-party devices that support LLDP.
Page 73: Laying Out The Map
“real” link cannot be detected by Ridgeline. This may be the case if EDP and LLDP are disabled on an Extreme Networks device, if a non-Extreme Networks device does not support LLDP, or if neither EDP or LLDP are supported by the version of software running on the device.
Page 74: Removing Inactive Links From The Map
Using Map Views To create a user-defined link, do the following: 1 Display the map for the device group by clicking on the Map tab at the bottom of the Ridgeline window. 2 From the File or the Map menu, select New > Link, or select two devices and right-click in the map view and select New >...
Page 75: Adding Graphic Elements To The Map
To remove the inactive links for all the devices in all device groups: From the Map menu, select Clear inactive links from > All devices. ● Adding Graphic Elements to the Map In addition to devices, links, and background images, you can add other graphic elements to the map to represent objects not managed by Ridgeline.
Page 76: Adding A Device Annotation
Using Map Views Adding a Device Annotation A device annotation is a single line of text that can be placed with a device icon enhance its description. The device annotation, if configured, appears only with the device icon on the map; it does not appear in any other view.
Page 77: Deleting Maps
Deleting Maps To delete the maps for a device group, do the following: 1 In the Ridgeline Administration folder, click Optimization. Ridgeline displays a table of the top-level device groups that have topology maps defined, as shown in Figure Figure 37: Selecting Maps to Delete from the Optimization Folder The table displays the name of each top-level group, the description (if one is configured), and the number of maps in the group and subgroups.
Page 78 Using Map Views Ridgeline Concepts and Solutions Guide...
Page 79: Chapter 5: Provisioning Network Resources
Provisioning Network Resources C H A P T E R Ridgeline’s network resource provisioning feature simplifies network configuration tasks by allowing you to specify devices, ports, and parameters using options in lists in dialog boxes. Ridgeline automatically validates the options you’ve selected prior to deploying the configuration to managed devices, ensuring that the configuration is correct before it goes into production.
Page 80 Provisioning Network Resources 1 Under Network Views, select the folder containing the devices you want to configure. 2 In the Navigation Table, or the Map View (if displayed), click on the devices to select them. For a VLAN, you can select one or more switches, links, or ports. Figure 38: Selecting Devices to Provision Ridgeline Concepts and Solutions Guide...
Page 81 3 From the Services menu, select New > VLAN, or right-click in the Navigation Table and select VLAN from the pop-up menu. The VLAN Provisioning window is displayed, as shown in Figure Figure 39: VLAN Provisioning Window In the VLAN provisioning window, the selected devices automatically appear in the Available devices table.
Page 82: Modifying A Vlan
Provisioning Network Resources Figure 40: Progress and Results Window for VLAN Provisioning Tasks Validating command syntax and checking software compatibility Verifying connectivity to the selected devices Deploying the commands on the devices Updating the device information in the database The validation rules or commands entered on the device for the selected task 8 Ridgeline validates the options you selected against a set of predefined configuration rules, and...
Page 83 3 Right-click in the Navigation Table and select the setting you want to modify from the pop-up menu. For a VLAN, you can edit the list of ports or links in the VLAN, as well as the name and network name of the VLAN.
Page 84 Provisioning Network Resources Figure 42: VLAN Properties Window 5 Click the setting you want to modify to bring up the provisioning window for that setting. For example, Figure 43 shows the provisioning window for a VLAN port list. Figure 43: Provisioning Window for a VLAN Port List 6 Make any necessary changes to the VLAN configuration.
Page 85: Troubleshooting For Provisioning Tasks
Troubleshooting for Provisioning Tasks Ridgeline’s provisioning interface makes it easy to identify errors in network configuration and correct them. You can click on any of the tasks in the Progress and Results window and display additional information about the validation rules or CLI commands executed for the selected task. If a validation task is unsuccessful, Ridgeline flags the task in the Progress and Results window.
Page 86: Viewing Logged Information About Provisioning Tasks
Provisioning Network Resources NOTE Only one provisioning request can be processed on the Ridgeline server at a time. If you attempt to make multiple provisioning requests at the same time, such as simultaneously from two different Ridgeline clients, an error message is displayed. Viewing Logged Information about Provisioning Tasks Ridgeline logs information about the provisioning tasks it has performed on managed devices.
Page 87 You can double-click a row in the table to display the progress and results details in a separate window. Figure 46: Audit Log Details Window for a Provisioning Task See the Ridgeline Reference Guide for more information about the features of the Audit Log. Ridgeline Concepts and Solutions Guide...
Page 88 Provisioning Network Resources Ridgeline Concepts and Solutions Guide...
Page 89: Chapter 6: Managing Ethernet Services
Managing Ethernet Services C H A P T E R An Ethernet service is a method for provisioning Ethernet connectivity over a wide-area or Metro Ethernet network. Ethernet services can provide customers point-to-point or multipoint-to-multipoint Ethernet connectivity across a service provider’s network. Service providers set up Ethernet services for their customers at User Network Interface (UNI) ports connecting customer equipment to their network.
Page 90: E-Lan Service
Managing Ethernet Services Figure 47: E-Line Service E-Line Service (Point-to-Point) UNI Port UNI Port Customer Customer Equipment Equipment Transport Method Can be VLAN / VMAN / BVLAN Service Provider Network When Ridgeline provisions an E-Line service, it also adds the VLAN, VMAN, or PBB BVLAN to an EAPS domain on the devices where the VLAN/VMAN/BVLAN is configured.
Page 91: Bandwidth Profiles
Bandwidth Profiles By default, an E-Line or E-LAN service provides best-effort service for customer traffic on the UNI ports. In some cases, such as when the UNI ports in an Ethernet service have different line rates, you can specify bandwidth profiles and apply them to the UNI ports. A bandwidth profile can specify values for Committed Information Rate (CIR), Committed Burst Size (CBS), Excess Information Rate (EIR), Excess Burst Size (EBS), and single/dual-rate profile settings.
Page 92 Managing Ethernet Services Figure 49: E-Line Service Provisioning Window 2 Enter a name for the new E-Line or E-LAN service. 3 Optionally, enter a description for the service. 4 Select the customer who will be using this service. See “Creating a Customer Profile” on page 95 information about adding a customer to this list.
Page 93 Figure 50: Traffic Mapping Options for an Ethernet service (VLAN or VMAN Transport Type) Ridgeline Concepts and Solutions Guide...
Page 94 Managing Ethernet Services Figure 51: Traffic Mapping Options for an Ethernet service (PBB BVLAN Transport Type) 8 In the Traffic Mapping box, select the VLAN, VMAN, or BVLAN that will be used as the transport method for the service. Ridgeline automatically populates the list box with the available VLANs, VMANs, or BVLANs.
Page 95 Figure 52: Validation Window for an Ethernet Service 13 If the validation is successful, click Create Ethernet Service to deploy the service to the target devices. Otherwise, click Back to go back to the previous screen and modify the settings. Ridgeline Concepts and Solutions Guide...
Page 96: Modifying An Ethernet Service
Managing Ethernet Services Figure 53: Provisioning Window for an Ethernet Service 14 After Ridgeline successfully validates the selected options, it verifies network connectivity to the target switches. If a connection can be established to all of the target switches, Ridgeline deploys the configuration commands, then saves the configuration file on each switch.
Page 97: Creating A Customer Profile
3 If you select Properties from the pop-up menu, the Properties window for the Ethernet service is displayed, which provides a list of settings you can modify. Figure 54: Ethernet Service Properties Window 4 Click the setting you want to modify to bring up the provisioning box for that setting. For example, Figure 55 shows the provisioning box for the Ethernet service name and description.
Page 98: Creating A Bandwidth Profile
Managing Ethernet Services Figure 56: Customer Profile Configuration Window 2 Click New to create a new customer profile, or select an existing profile and click Edit. Figure 57: Customer Settings Window 3 In the Customer Settings window, enter a name for the customer, and optionally specify a description, address, contact, and fax number.
Page 99 Figure 58: Bandwidth Profile Configuration Window 2 Click New to create a new bandwidth profile, or select an existing profile and click Edit. Figure 59: Bandwidth Profile Settings Window 3 In the Bandwidth Profile Settings window, enter a name for the bandwidth profile, and specify settings for the following parameters: Quality Profile (QP) Single/Dual Rate...
Page 100: Viewing Ethernet Services Information
Managing Ethernet Services 4 When you are done, click Add (for a new bandwidth profile) or Modify (for an existing bandwidth profile). 5 After you create a bandwidth profile, you can apply it to the UNI ports in Ethernet services. See “Modifying an Ethernet Service”...
Page 101: Using The Services View
Figure 61: E-LAN Service Selected in a Map View Information about the selected Ethernet service appears in the Details panel. You can double-click on the row in the Services table to display the information in a separate window. See “Displaying Ethernet Service Details”...
Page 102: Displaying Ethernet Service Details
Managing Ethernet Services Figure 62: Services View Services Table Map Panel Details Panel Displaying Ethernet Service Details To display details about an E-Line or E-LAN service, click on a row in the Services table. Information about the selected Ethernet service appears in the details window. If you double-click on the row, the Ethernet service details are displayed in a separate window, as shown in Figure Ridgeline Concepts and Solutions Guide...
Page 103 Figure 63: E-Line Service Details Window Ridgeline Concepts and Solutions Guide...
Page 104 Managing Ethernet Services Ridgeline Concepts and Solutions Guide...
Page 105: Chapter 7: Importing Services
Importing Services C H A P T E R This chapter describes using Ridgeline service reconciliation to import the following services: Import E-Line Services ● Import E-LAN Services ● Importing E-Line and E-L AN Services NOTE It is best not to perform provisioning related operations on Ridgeline when you are importing services. To import an E-line or ELAN service, do the following: 1 On the menu bar, go to Services>Import>E-Line.
Page 106 Importing Services Figure 64: E-Line Wizard Information Input Screen 2 Enter a name for the new E-Line or E-LAN service. See Figure 3 Enter a description for the service. This is optional. 4 Select the customer who is using the service. Refer to “Creating a Customer Profile”...
Page 107 Figure 65: E-Line/E-LAN Wizard Dialog Box - Enter Name of New Service 5 Choose the Transport type you want to use in this service from the drop down list: 802.1Q (VLAN) ● 802.1ah (PB/VMAN) ● 802.1ad(PBB) ● 6 Click Next. If you select VLAN as the transport type, the dialog opens and asks: What is the VLAN used in the service? See Figure 66.
Page 108 Importing Services Figure 66: UNI Port Selection Dialog (Transport Type - VLAN) 9 Click Validate if you chose VLANs as the transport type; then go to step 14. 10 If you select PBB as the transport type, the dialog opens asking: What are the BVLANs, ISIDs, and SVLANs/CVLANs used in the service? See Figure Ridgeline shows a list of Available BVLANs in the 802.1ah(PBB) drop down list in the Traffic...
Page 109 Figure 67: UNI Port Selection Dialog Box (Transport Type - PB/VMAN) Figure 68: UNI Port Selection Dialog Box (Transport Type - PBB 13 When you finish adding UNI ports, click Validate to start the validation process. You have two validation options: The default (that is, the check box is not selected), Ridgeline validates the settings you select for ●...
Page 110 Importing Services 14 If the validation is successful, click Import E-Line or E-LAN Service to import the service to the database. Otherwise, click Back to go back to the previous screens and modify the settings. See Figure 15 After Ridgeline successfully validates the selected options, it imports the service into its database. To view the newly created services, Refer to “Viewing Ethernet Services Information”...
Page 111 Figure 70: Successful Results Dialog After Clicking Import E-Line or ELAN Service 17 Click Close. The Services list shows the new entry and the map shows the newly imported service. Figure Ridgeline Concepts and Solutions Guide...
Page 112 Importing Services Figure 71: Services List and Map with Newly Imported Service 18 To validate and import services at the same time, click the check box: If validation has no errors, continue automatically to creating the new E-Line service. If the validation is successful, you save a step in this procedure.
Page 113 Figure 72: Importing E-Line Service Dialog with Validation Errors Ridgeline Concepts and Solutions Guide...
Page 114 Importing Services Ridgeline Concepts and Solutions Guide...
Page 115: Chapter 8: Managing Pbb Networks
Managing PBB Networks C H A P T E R Virtual metropolitan area networks (VMANs) allow metropolitan area network (MAN) service providers to carry VLAN traffic from multiple customers across a common Ethernet network, known as a provider bridge network. The provider bridge network uses Provider Bridges (PBs) to create a Layer 2 network that supports VMAN traffic.
Page 116: Svlans, Bvlans, Cvlans And Isids
VMAN frame in an 802.1ah frame. Ridgeline can do the following to manage and monitor PBB networks: Configure BVLANs on managed Extreme Networks devices ● Discover information about a PBB network, including which devices are part of BVLANs and ●...
Page 117: Creating A Bvlan
Creating a BVLAN To create a BVLAN, do the following: 1 From the Services menu, select New > BVLAN. The BVLAN Provisioning window is displayed, as shown in Figure Figure 74: BVLAN Provisioning Window In the BVLAN provisioning window, the selected devices automatically appear in the Available devices table.
Page 118: Modifying A Bvlan
Managing PBB Networks Figure 75: Progress and Results Window for VMAN Provisioning Tasks Validating command syntax and checking software compatibility Verifying connectivity to the selected devices Deploying the commands on the devices The validation rules or commands entered on the device for the selected task 6 Ridgeline validates the options you selected against a set of predefined configuration rules, and ensures that the target switches are running a version of software that supports the features you are...
Page 119 3 Right-click, and select Properties from the pop-up menu. The Properties window for the BVLAN is displayed, which provides a list of settings you can modify. For a BVLAN, you can edit the list of ports or links in the BVLAN, as well as the name and network name of the BVLAN (although not the tag value).
Page 120: Viewing Pbb Information
Managing PBB Networks Figure 77: Provisioning Window for a BVLAN Port List 5 Make any necessary changes to the BVLAN configuration. 6 When you have finished modifying the BVLAN, click the Save changes button to validate and deploy the changes to the BVLAN. Viewing PBB Information To view information about PBB networks known to Ridgeline, click a device group or the All map or All table group under the Network Views folder, then click the PBB tab.
Page 121 Figure 78: PBB Table in Network Views If you also have enabled the map view of a device group, you can select a row in the table and display an overlay view highlighting all of the devices and links in the map where the selected BVLAN, CVLAN, or SVLAN is configured, as shown in Figure Ridgeline Concepts and Solutions Guide...
Page 122: Displaying Pbb Details
Figure 79: Displaying PBB Components in a Map View NOTE To view PBB information from an Extreme Networks switch, enable HTTP on the switch. Displaying PBB Details To display details about a BVLAN, CVLAN, SVLAN, or ISID, click on a row in the PBB table.
Page 123: Bvlan, Cvlan, And Svlan Details
BVLAN, CVLAN, and SVLAN Details For BVLANs, CVLANs, and SVLANs, the following window is displayed: Figure 80: PBB VLAN Details Window Ridgeline Concepts and Solutions Guide...
Page 124: Isid Details
Managing PBB Networks ISID Details For ISIDs, the following window is displayed: Figure 81: ISID Details Window Ridgeline Concepts and Solutions Guide...
Page 125: Chapter 9: Managing And Monitoring Vpls Domains
Managing and Monitoring VPLS Domains C H A P T E R A Virtual Private LAN Service (VPLS) domain is a Layer 2 multipoint VPN that allows multiple sites to be connected in a single bridged domain over a provider-managed IP/MPLS network. VPLS enables service providers to offer Ethernet private line services that use a simple Layer 2 interface at the customer edge, and benefit from the resilience and scalability of an MPLS/IP core.
Page 126: Hierarchical Vpls (H-Vpls)
Managing and Monitoring VPLS Domains Hierarchical VPLS (H-VPLS) When MPLS is used at the edge of the network, a fully meshed VPLS domain becomes less practical, due to the number of PWs that must be configured between a large number of peers. A hierarchical VPLS (H-VPLS) network can improve network scalability by reducing the number of PWs that need to be configured between peers.
Page 127: Vpls Support In Ridgeline
This results in a significant reduction in the number of pseudo wires that need to be established and maintained. For example, a 10 core PE network with 50 MTU devices per core PE requires almost 260,000 pseudo wires using a fully meshed VPLS design. A hierarchical VPLS design requires only 590 pseudo wires.
Page 128 Managing and Monitoring VPLS Domains Figure 84: VPLS Table in Network Views From the All map view, or if you also have enabled the map view of the device group, you can select a VPLS domain and display an overlay view highlighting all of the devices and links in the map where the selected VPLS domain is configured, as shown in Figure Figure 85: VPLS domain in a Map View...
Page 129: Displaying Vpls Details
When you select a VPLS domain from the table, all of the peer devices for the selected VPLS domain are highlighted in the map view. In the Details panel, Ridgeline displays information about the pseudo wires in the VPLS domain. For a selected VPLS domain, you can display information about the pseudo wires.
Page 130: Configuring Vpls
Managing and Monitoring VPLS Domains Figure 87: Pseudowire Details Window Configuring VPLS Using Ridgeline, you can configure fully meshed and hierarchical (hub-and-spoke) networks. VPLS configuration tasks are performed using Ridgeline’s scripting feature. Running VPLS Configuration Scripts Using Ridgeline scripts, you can perform the following tasks: Create a VPLS domain ●...
Page 131 Figure 88: Configuration Screen for the Create VPLS Script For information on how to use Ridgeline scripts, see “Creating and Running Ridgeline Scripts” on page 229. Ridgeline Concepts and Solutions Guide...
Page 132 Managing and Monitoring VPLS Domains Ridgeline Concepts and Solutions Guide...
Page 133: Chapter 10: Managing Vlans
VLAN configuration, which speeds the process of implementing VLAN changes across multiple devices. Note that Ridgeline creates and manages VLANs for Extreme Networks devices only. It does not handle other third-party devices, even though third-party devices can be managed through Ridgeline.
Page 134: Configuring Vlans
Managing VLANs Configuring VLANs With Ridgeline, you can perform common VLAN configuration tasks, including creating, modifying, and deleting VLANs, as well as configuring VLAN protocol settings. There are two methods you can use for configuring VLANs in Ridgeline: Using Ridgeline’s network resource provisioning feature ●...
Page 135 Figure 89: Selecting Devices to Provision 3 From the Services menu, select New > VLAN, or right-click in the Navigation Table and select VLAN from the pop-up menu. The VLAN Provisioning window is displayed, as shown in Figure Ridgeline Concepts and Solutions Guide...
Page 136 Managing VLANs Figure 90: VLAN Provisioning Window for Selected Devices In the VLAN provisioning window, the selected devices automatically appear in the Available devices table. If the switch software running on a device does not support the feature you are configuring, it is greyed-out in the Available devices table.
Page 137 4 Click one of the devices to view the Available ports table for the device. 5 For each port or link you want to add to the VLAN, select the port and click the Add tagged or Add untagged button. When the VLAN is created, the port is removed from the default VLAN and added to the new VLAN.
Page 138: Modifying A Vlan
Managing VLANs Modifying a VLAN For existing VLANs, you can edit settings and deploy the changes to the devices where the VLAN is configured. To modify a VLAN, do the following: 1 Under Network Views, select the folder containing the devices you want to configure. 2 In the Navigation Table, click the VLAN tab, and select the VLAN you want to modify.
Page 139 Figure 94: VLAN Properties Window 5 Click the setting you want to modify to bring up the provisioning window for that setting. For example, Figure 95 shows the provisioning window for a VLAN port list. Figure 95: Provisioning Window for a VLAN Port List 6 Make any necessary changes to the VLAN configuration.
Page 140: Running Vlan Configuration Scripts
Managing VLANs Running VLAN Configuration Scripts Ridgeline includes a number of bundled scripts that allow you to specify VLAN configuration settings and deploy them on managed Extreme devices. Using Ridgeline scripts, you can perform the following tasks: Create and configure a new VLAN ●...
Page 141: Viewing Vlan Information
Viewing VLAN Information To view information about VLANs in Ridgeline, click a device group or the All group under the Network Views folder, then click the VLANs tab. A table listing the VLANs in the group is displayed. If you also have enabled the map view of the device group, you can select a VLAN and display an overlay view highlighting all of the devices and links in the map where the selected VLAN is configured, as shown in Figure...
Page 142: Displaying Vlan Details
Managing VLANs Displaying VLAN Details To display details about a VLAN, click on the VLAN’s row in the VLAN table. Information about the VLAN appears in the details window. If you double-click on the row, the VLAN details are displayed in a separate window, as shown in Figure Figure 98: VLAN Details Window...
Page 143: Displaying Vlan Details For An Individual Device
See the Ridgeline Reference Guide or the online help for information about the VLAN service details displayed by Ridgeline. Displaying VLAN Details for an Individual Device To display details about the VLANs configured on a specific device, click on the device’s row in the Devices table in Network Views.
Page 144: Assigning Vlans To A Network Name
Managing VLANs Figure 99: Modify Network Name Window 3 Click New to open the New network name window. 4 Enter the network name and click create. Assigning VLANs to a Network Name To assign VLANs to a network name: 1 Under the Network Views folder, select the device group that contains the VLANs you want to categorize, or select the All group.
Page 145 Figure 100: Filtering the VLAN Table Using the Network Name Quick Filter Network Name Quick Filter Ridgeline Concepts and Solutions Guide...
Page 146 Managing VLANs Ridgeline Concepts and Solutions Guide...
Page 147: Chapter 11: Managing Virtual Machines
Managing Virtual Machines C H A P T E R This chapter describes Ridgeline’s Extreme Network Virtualization (XNV). Overview Typical data centers support multiple Virtual Machines (VMs) on a single server. These VMs usually require network connectivity to provide their services to network users and to other VMs. The following sections introduce ExtremeXOS software features that support VM network connectivity: Introduction to the XNV Feature The Extreme Network Virtualization (XNV) feature, which is also known as Virtual Machine (VM)
Page 148: Vm Authentication Process
Managing Virtual Machines Local virtual port profiles (LVPPs), which override network policies, must be configured on each switch. LVPPs are a good choice for simple network topologies, but NVPPs offer easier network management for more complex network topologies. VM Authentication Process The XNV feature supports three methods of authentication: Ridgeline authentication.
Page 149: Network Management And Inventory
Through file synchronization, the VM configuration and policy files are periodically downloaded to the XNV-enabled switches, which allows these switches to continue to support VM connections when the Ridgeline server or the repository server is unavailable. You can also initiate a file synchronization from the XNV-enabled switch.
Page 150: Managing The Xnv Feature, Vm Tracking
Managing Virtual Machines Figure 101: Topology of XNV Configuration Client 1 Client 2 Network Ridgeline repository Ridgeline server server Data Center core switch 1:23 1:22 11.1.1.50/24 Vlan V1 Vlan V1 11.1.1.1/24 11.1.1.2/24 Top of rack Top of rack Switch1 Switch2 VM Movement VMWare server...
Page 151: Identifying Vmms And Vms
VM counters are cleared when a VM moves between ports on the same switch (because the ACLs ● are deleted and recreated). Identifying VMMs and VMs The Virtual Machine Manager lists all virtual machine managers added to and used by Ridgeline. These include: VMware - vCenter Server Virtualization Management ●...
Page 152: Adding And Importing Vms
Managing Virtual Machines Figure 102: VM Manager Table Adding and Importing VMs When you want to add a VM to your network, Ridgeline identifies a VMM and any associated VMs and imports them. After you add a VM, Ridgeline automatically tracks its movement and configuration information.
Page 153: Editing Vm Manager Settings
1 With the Virtualization management tab open, go to File>New>VM manager. The Import VMs Wizard launches. See Figure 103. Figure 103: Import VMs Wizard 2 Click Next. Ridgeline discovers VMs or resource pools and shows the information in the next dialog box.
Page 154: Deleting A Vm Manager
Managing Virtual Machines Password ● To edit these VM manager settings, do the following: 1 On the Virtualization management tab, click the VM managers tab. 2 Right click on the VM manager you want to edit. 3 On the menu that opens, select Properties. The Edit VM Manager setting dialog box opens. See Figure 105.
Page 155 To use the wizard, do the following: 1 On the menu bar, open Edit and choose Edit List of VM Devices. The Edit List of Devices dialog box opens. See Figure 106. Figure 106: Select Device or Device Group 2 Select Devices or Device groups. If you select Devices, a window opens and asks “Monitor VMs on which devices?”...
Page 156 Managing Virtual Machines Figure 107: Select Devices to Monitor Figure 108: Select Device Group to Monitor 3 Click Next. The Select the ports window shown in Figure 109 opens. Ridgeline Concepts and Solutions Guide...
Page 157 4 Select the ports you want monitored from the Available Ports column in the dialog box. A port is grayed out if it is an up link port or if it has Netlogin enabled. Figure 109: Select Ports 5 Click Next. The Configuring devices for virtual machines monitoring dialog box shown in Figure 110 opens to show the progress of the operation.
Page 158: Editing List Of Devices And Ports
Managing Virtual Machines Figure 110: Progress Window 6 To view VM tracking on a device go to the Virtualization tab>Device Ports tab. See Figure 111. Figure 111: Tracking On a Device Editing List of Devices and Ports A wizard lets you edit the list of devices and ports on the VM Monitoring Table. To use the wizard, do the following: 1 On the menu bar, open Edit and choose Edit List of VM Devices.
Page 159 Figure 112: Edit List of Devices 2 Choose Device or Device groups. 3 Click Next. The dialog that opens asks “Monitor VMs on which devices?” See Figure 113. If a device is grayed out it, means that the device does not support VM monitoring or the device has Identity Management enabled.
Page 160 Managing Virtual Machines Figure 114: Select the Ports 8 To choose a device, click the device row in the left window. The center window shows the number assigned to the device by Ridgeline. The window on the right shows the port number. Port descriptions and numbers are grayed out if an up link port will be disabled, or if a Netlogin port is enabled.
Page 161: Policy Match Condition Combinations
Policy Match Condition Combinations Table 4 lists the ingress and policy match condition combinations for Extreme Network Virtualization. The following items provide additional information about the match conditions: EXOS dynamically inserts the Source MAC in the ingress policy. It does not allow you to add a ●...
Page 162 Managing Virtual Machines 1 Select XNV: Virtual-port profiles on the Folder List then go to File>New>Virtual-port profile. The New Virtual-Port Profile dialog box opens. See Figure 117. Figure 116: Create a New VPP Menu 2 Enter the name of the new VPP. 3 Choose ingress or egress policy, both ingress and egress, or none.
Page 163: Attaching Policies, Vpps, And Vms
5 Click Create profile. The new VPP shows on the Virtual-port profile list. See Figure 118. Figure 118: Virtual-Port Profile list Attaching Policies, VPPs, and VMs The following diagram shows the flow for attaching policies, VPPs, and VMs. You can achieve attachment results by creating and performing (Figure 119) any of the following:...
Page 164: Attaching A Vpp To A Vm
Managing Virtual Machines Attaching a VPP to a VM To attach a VPP to a VM, do the following: 1 On the menu bar, go to File>Edit>Attach, or right click on the VPP in the list to which you want to attach a policy.
Page 165 Figure 121: Attach Virtual-Port Profile to VMs Dialog Box 3 Choose a VM from the Available Virtual machines list, then add it to the Selected virtual machines list. 4 Click Attach. If the VPP is already attached to another VM, the results show in the dialog box. See Figure 122.
Page 166 Managing Virtual Machines Figure 122: Attach Virtual-Port Profile to VMs Results 5 The Virtual-port profile list that shows the VPP attached. See Figure 123. Figure 123: Attached VPP to VM Ridgeline Concepts and Solutions Guide...
Page 167: Attaching A Policy To A Vpp
Attaching a Policy to a VPP To attach a policy to a VPP, do the following: 1 On the menu bar go to File>Attach>Policies to virtual port profiles. You can also access the menu by right clicking on the profile The virtual port profile dialog box opens.
Page 168 Managing Virtual Machines Figure 125: Attach a Policy to a VPP 2 Choose a policy from the list and click Attach. If the policy is already attached to a VPP, click Save changes. The dialog box opens and shows the results of the operation.
Page 169: Detaching Vpps
Detaching VPPs To begin the detach VPP operation, do the following: 1 On the menu bar, go to File>Edit>Detach, or right click on the VPP in the list to which you want to Detach from a VPP. The menu opens. Figure 127: Detach a VPP Detaching a VPP from a VM To detach a VPP from a VM, do the following:...
Page 170: Detaching A Vpp From A Policy
Managing Virtual Machines Figure 128: Detach Virtual-Port Profiles from VMs 4 Select the VM you want to detach from the Available virtual-port profile list. 5 Click Add to move it to the Selected virtual machines list. 6 Click Detach. The dialog box opens and shows the successful results of the operation. 7 Click Close to return to the list of VPPs.
Page 171: Viewing Information On The Vms Tab
Figure 129: Detach a VPP from a Policy 4 Deselect the policies you want to detach from the VPP. 5 Click Save changes. The dialog box opens and shows the successful results of the operation. 6 Click Close to return to the list of VPPs. Viewing Information on the VMs Tab After successfully discovering VMs and enabling VM Tracking on the switches, Ridgeline shows the mapping between the VMs and the devices they access.
Page 172 Managing Virtual Machines Power Status Current power status of the VM. One of the following values: • poweredOn • poweredOff • Unknown Host IP Address IP Address of the Physical Host to which the VM belongs Host Name Physical Host Name Host DNS Physical host DNS name Device IP Address...
Page 173: Device Group/Subgroup Views
In Map view, when you select a VM, Ridgeline highlights the device and shows the number of VMs currently accessing the switch. See Figure 131. Figure 131: All Map View Server Switch Device Group/Subgroup Views On the VM tab>Device Group/Sub Group Table and Map View, only the VMs that access the device and are part of the selected group are shown.
Page 174: Vm Details View
Managing Virtual Machines VM Details View The VMs tab, Table view shows he VM Details on the right side of the Ridgeline window. See Figure 133. It includes VM properties view ● NIC tab ● History tab ● VM Properties view VM name ●...
Page 175: Nic Tab
Figure 133: VM Properties View and NIC Tab NIC Tab The NIC tab (Figure 133) lists all the network interface cards (NIC) associated to a VM and includes the following details: VM MAC address ● Device name ● NIC port number ●...
Page 176: Device Details With Vm Monitoring
Managing Virtual Machines Egress Policy result State Figure 134: History Tab Device Details with VM Monitoring The Devices tab on Table view shows VM Monitoring is enabled. See Figure 135. The Device Details window on the right shows the VM tab and contains the same information as the VM details view.
Page 177: Vm Monitoring Audit Log
Figure 135: VM Monitoring Device Details VM Monitoring Audit Log Information in the Audit Log for VM monitoring is listed under VM Monitoring tab>Audit Log node. Figure 136. Ridgeline creates an Audit Log entry for the following reasons: Ridgeline creates an Audit Log entry for the following reasons: 1 A virtual port profile has been modified (for example, an update of an ingress or egress policy.
Page 178 Managing Virtual Machines The Actions window lets you filter the log information by hour or date and search for log items or details. It includes all the information listed in the Table view Audit Log and includes the following: Virtual Machine Name of the virtual machine Virtual Port Profile Name of the virtual port profile...
Page 179: Chapter 12: Managing Your Eaps Configuration
Managing Your EAPS Configuration C H A P T E R This chapter describes how use Ridgeline to configure and monitor an Ethernet Automatic Protection Switching (EAPS) configuration in your network. Topics include: Configuring EAPS using Ridgeline’s network resource provisioning feature ●...
Page 180: Creating An Eaps Domain
Managing Your EAPS Configuration Creating an EAPS Domain To create an EAPS domain, do the following: 1 Under Network Views, from the Protocol menu, select New > EAPS domain. The New EAPS Domain window is displayed, as shown in Figure 137.
Page 181: Modifying An Eaps Domain
Modifying an EAPS Domain For existing EAPS domains, you can edit settings and deploy the changes to the devices where the EAPS domain is configured. To modify an EAPS domain, do the following: 1 Under Network Views, select the folder containing the EAPS domain you want to configure. 2 In the Navigation Table, click the EAPS tab, and select the EAPS domain you want to modify.
Page 182: Creating A Shared Link
Managing Your EAPS Configuration Creating a Shared Link An EAPS shared link is a physical link that carries overlapping VLANs that are protected by more than one EAPS domain. To create an EAPS shared link, do the following: 1 Under Network Views, from the Protocol menu, select New > Shared link. The New Shared Link window is displayed, as shown in Figure 137.
Page 183: Viewing Eaps Information
3 From the File menu, select Delete. Ridgeline prompts you to confirm your action. 4 Click Yes to delete the EAPS domain. Note that the Control VLAN is deleted along with the EAPS domain. Viewing EAPS Information To view information about your EAPS domains, select a device group or the All table or All Map in the Network Views folder, then click the EAPS tab.
Page 184: The Eaps Map View
Managing Your EAPS Configuration The EAPS Map View The EAPS map view shows the devices in a device group with respect to their EAPS implementation, including the EAPS-related links between devices and a summary status for each device and for each EAPS ring.
Page 185: Link Status
For a Transit node: A Green T means both ring ports are up and forwarding ● A Yellow T means a ring port is up but blocked ● A Red T means that one or both ring ports are down. ●...
Page 186: Displaying Eaps Domain Details
Managing Your EAPS Configuration A grey line indicates that the link status is unknown. ● A blue line indicates the link is user-created rather than automatically discovered by Ridgeline ● When the map is zoomed in sufficiently, the port endpoints are automatically displayed for each link. Displaying EAPS Domain Details To display details about an EAPS domain, click on the domain’s row in the EAPS table.
Page 187: Verifying Eaps Information
Verifying EAPS Information Ridgeline lets you verify the EAPS configurations in your network, and provides a report that shows where configuration errors are found. To run the verification procedure on your EAPS domains, select Verify EAPS domains from the Protocol menu. Depending on the size of your network and your EAPS configurations, this can take as long as 15 minutes.
Page 188: Running Eaps Reports
Managing Your EAPS Configuration Table 5: EAPS Verification Error Types (continued) • Incomplete VLAN Protection • Shared Port Not Created • Inconsistent Control VLAN • Shared Port Not Configured Naming Running EAPS Reports You can run the following reports to produce information about the EAPS domains known to Ridgeline: EAPS Summary Report, which provides a brief overview of the status of the EAPS domains ●...
Page 189: Eaps Log Reports
EAPS Log Reports The EAPS log report shows the EAPS traps and EAPS-related syslog entries that have occurred for the selected device. This report can be very helpful in troubleshooting your EAPS device configurations. Once you run the report, you can filter it further based on the following: The IP address (must be exact, wildcards are not supported).
Page 190 Managing Your EAPS Configuration Ridgeline Concepts and Solutions Guide...
Page 191: Chapter 13: Managing Network Security
Network administrators must protect their networks from unauthorized external access as well as from internal access to sensitive company information. Extreme Networks products incorporate multiple security features, such as IP access control lists (ACLs) and virtual LANs (VLANs), to protect enterprise networks from unauthorized access.
Page 192: Using Radius For Ridgeline User Authentication
Ridgeline should be configured as a RADIUS client. Configuring a RADIUS Server for Ridgeline User Authentication Ridgeline uses administrator roles to determine who can access and control your Extreme Networks network equipment through Ridgeline. A user’s role determines what actions the administrative user is allowed to perform, through Ridgeline or directly on the switch.
Page 193: Example: Setting Up A Vsa To Return Ridgeline Role Information
If you have created your own custom roles, you can set a Vendor-Specific Attribute (VSA) to send the appropriate role information along with the authentication status of the user. There are a number of steps required to set up your RADIUS server to provide authentication and authorization for Ridgeline users.
Page 194: Example: Setting The Service Type For A Built-In Ridgeline Role
Managing Network Security Attribute format: String Attribute value: AlarmsOnly Once this has been set up, for all users logging into Ridgeline who match the conditions defined in the remote access policy, a VSA with value “AlarmsOnly” will be passed to Ridgeline. Ridgeline then will apply the user role “AlarmsOnly”...
Page 195: Using Sshv2 To Access Network Devices
SNMPv1 for any reason, you can do so with minimal effort. Using SSHv2 to Access Network Devices. Extreme Networks products support the secure shell 2 (SSHv2) protocol to encrypt traffic between the switch management port and the network management application (Ridgeline). This protects sensitive data from being intercepted or altered by unauthorized access.
Page 196: Securing Ridgeline Client-Server Traffic
Ridgeline will now use SSH instead of regular Telnet for direct communications with the device, including Netlogin and polling for the FDB from the Extreme Networks switches. It will also use SFTP for file transfers such as uploading or downloading configuration files to the device.
Page 197: Monitoring Switch Configuration Changes
recommended) on the same system as the Ridgeline client, and installing and running an SSH server (OpenSSH is recommended) on the same system where the Ridgeline server resides. Tunneled communication is accomplished through port forwarding. To configure SSH tunneling between the Ridgeline server and client, you must to do the following: 1 Install PuTTY on the Ridgeline client system 2 Configure the PuTTY client with an Ridgeline session connecting to the Ridgeline server host 3 Install an SSH server on the system with the Ridgeline server (if it is not already installed)
Page 198: Using The Mac Address Finder
In its simplest form, a DoS attack is indistinguishable from normal heavy traffic. Extreme Networks switches are not vulnerable to this simple attack because they are designed to process packets in hardware at wire speed. However, there are some operations in any switch or router that are more costly than others, and although normal traffic is not a problem, exception traffic must be handled by the switch’s CPU in software.
Page 199: Device Syslog History
See the Ridgeline Reference Guide for more information about creating alarms such as these. Device Syslog History Syslog messages report important information about events in your network. Each Extreme Networks products acts as a syslog client, sending syslog messages to configured syslog servers. These messages include information that reveals the security status of your network.
Page 200: Network Access Security With Vlans
LAN, but each is tagged with a different VLAN ID. Marketing traffic going through the same physical LAN switches will not reach Finance hosts because they exist on a separate VLAN. Extreme Networks switches can support a maximum of 4095 VLANs. VLANs on Extreme Networks switches can be created according to the following criteria: Physical port ●...
Page 201 Chapter “Managing VLANs” on page 131 for more information about how Ridgeline can help you manage the VLANs on your network. Ridgeline Concepts and Solutions Guide...
Page 202 Managing Network Security Ridgeline Concepts and Solutions Guide...
Page 203: Chapter 14: Policies
Policies C H A P T E R Overview The policy manager is responsible for maintaining a set of policy statements in a policy database and communicating these policy statements to the applications that request them. Policies are used by the routing protocol applications to control the advertisement, reception, and use of routing information by the switch.
Page 204: Viewing Policies For Devices
Policies Figure 151: Policy Details Viewing Policies for Devices To view a policy for a device, do the following: 1 On the Folder List, go to Network Views>All table then click the VM tab. 2 Select a device. 3 Scroll to the right. You see the Host IP address, Host name, and Ingress and Egress policies. Figure 152: All Table View VMs Tab Showing Policies for Device Ridgeline Concepts and Solutions Guide...
Page 205: Creating A New Policy
Creating a New Policy To create a new policy, do the following: 1 On the Folder List go to Network Administration>Policies. The Policies tab opens. 2 On the menu bar, go to File>New>Policy. See Figure 153. The New Policy dialog opens. Figure 153: Create New Policy on Menu 3 Enter the name of the device on which you want to create a policy, the policy type, the policy direction, Ingress or Egress.
Page 206 Policies Figure 154: New Policy Dialog 4 Click New. The New Policy Rule dialog opens and asks: What is the name, description, and match condition for your new rule? See Figure 155. It describes the criteria for the entries: You can specify multiple, single, or zero match conditions.
Page 207 Figure 155: New Policy Rule Dialog - Match Conditions 5 Enter the Rule Name, Rule description, Rule category. 6 Click on the available conditions to view a description of each condition at the bottom of the dialog box. 7 You can select a condition from the list of Available match conditions, then move each condition to the Selected match conditions list on the right.
Page 208 Policies Figure 156: New Policy Rule Dialog - Inputs for Match Conditions 9 Enter and then select the match conditions information needed for the conditions you chose on the previous dialog. 10 Click Next. The dialog opens and asks: What is the action and action modifiers for your rule? See Figure 157.
Page 209 Figure 157: New Policy Rule - Action and Action Modifiers 11 If you do not select Also include these action modifiers, click Create Rule. The New Policy dialog opens showing the newly created policy. See Figure 159. 12 If you want to include action modifiers, select Also include these action modifiers, then click Create Rule.
Page 210 Policies Figure 158: New Policy Rule - Inputs for Action Modifiers 17 Click Create Rule. The New Policy dialog opens showing the newly created rule on the Rules list. Figure 157. 18 Click Create Policy. Ridgeline Concepts and Solutions Guide...
Page 211: Copying A Policy To Create A New Policy
Figure 159: New Policy Dialog Copying a Policy to Create a New Policy To copy an existing policy to create a new policy, do the following: 1 Click Network Administration>Policies in the Folder List. The Policies tab opens. 2 Select a policy on the list. 3 Go to File on the menu bar and choose Save as.
Page 212: Editing A Policy
Policies Figure 160: Save Policy As Dialog Box 4 Choose the policy you want to copy from the Policies list. 5 Choose from the following: Save in Ridgeline - Saves the policy to the server where Ridgeline is installed. ● Export to - Changes the policy file format that enables you to take the policy from a Ridgeline ●...
Page 213: Deleting A Policy
Figure 161: Edit Policy Dialog 4 Click Edit. A Policy Rule dialog opens and asks: What is the name, description and match condition for your new rule? See Figure 154 on page 204. 5 Make changes as you would when you create a new policy. Start at step on page 204.
Page 214: Detaching A Policy
Policies Figure 162: Policy Attached Dialog Box Detaching a Policy For information about detaching a policy refer to “Detaching VPPs” on page 210. Attaching a Policy 1 On the Policies tab, select the policy you want to attach. 2 On the menu bar, go to Edit>Attach> Policies to virtual port profiles. Or, right click on the policy you select and choose Attach policy to virtual port profile from the menu.
Page 215: Categorizing Policies
Categorizing Policies You can categorize policies to make it easier for you to find policies. This a user tool; switches do not use it, nor does it affect a policy’s function. To categorize policies, do the following: 1 Click Network Administration>Policies in the Folder List. The Policies tab opens. 2 On the Policies list, right click on the policy you want to categorize.
Page 216: Categorizing Policy Rules
Policies 5 Click Create. Categorizing Policy Rules To categorize policy rules, do the following: 1 On the Folder list, go to Network Administration>Policies. The Policies tab opens. 2 Double click on the policy information you selected or select a policy on the list of policies and right click to open a menu.
Page 217: Chapter 15: Tuning And Debugging Ridgeline
Tuning and Debugging Ridgeline C H A P T E R This chapter describes how to tune Ridgeline performance and features to more effectively manage your network. It also describes some advanced features that are available to an Ridgeline administrator (a user with an Administrator role) to help analyze Ridgeline or Extreme device operation.
Page 218: Polling Types And Frequencies
Tuning and Debugging Ridgeline To disable Ridgeline management for a device, select the device in a Network Views window, and ● select Managing > Disable from the Device menu. Note that this does not physically change the device; it just sets Ridgeline to ignore the device as if it were offline. To re-enable Ridgeline management for the device when it is again reachable, select it, and select ●...
Page 219: Telnet Polling
Through the MAC Polling Server Properties, you set the amount of load, which determines the amount of elapsed time between sets of FDB polling requests. A complete MAC address polling cycle consists of multiple groups of requests, until all devices with MAC address polling enabled have been polled. A setting of Light (recommended) means the elapsed time between groups of MAC address polling requests will be calculated to place a lighter load on the Ridgeline server.
Page 220: Disabling Unnecessary Alarms
Tuning and Debugging Ridgeline and scoped on all devices. Therefore, tuning the alarm system can have a significant impact on the overall performance of the Ridgeline server. The steps you can take to help tune your Ridgeline server’s alarm system involve the following types of actions: Disabling alarms you don’t care about ●...
Page 221: Limiting The Scope Of Alarms
To disable an alarm you must modify its alarm definition: 1 Open Alarm Manager, and click the Alarm Definition tab. 2 Click the Modify button to open the Modify Alarm Definition window with the selected alarm definition displayed. 3 Uncheck the Enabled checkbox to disable the alarm, then click OK. Note that disabling alarms that are not likely to occur will not have much performance impact.
Page 222 Tuning and Debugging Ridgeline Figure 167: Defining the scope of an alarm You can scope an alarm to Device Groups and Port Groups as well as individual devices and ports. To change the alarm scope for an existing alarm: 1 Open Alarm Manager, and click the Alarm Definition tab. 2 Select the alarm you want to scope, and click Modify.
Page 223: Using Device Groups And Port Groups For Alarm Scopes
Using Device Groups and Port Groups for Alarm Scopes Special-purpose Device Groups and Port Groups are very useful for purposes of alarm scoping. Since Ridgeline allows you to put the same devices or ports into multiple top-level groups, you can create special purpose groups that simplify the configuration of alarm scopes.
Page 224: Defining A Mib Collection
Tuning and Debugging Ridgeline The OIDs and devices to be polled, the poll interval, number of polling cycles and the amount of polled data to be stored is all defined in the Administrator-created file. collections.xml The MIB Query tool allows an Administrator to create a one-time MIB query request to retrieve the ●...
Page 225: The Mib Poller Summary
The collection properties must be defined in the collection statement at the beginning of each collection definition: Table 7: Control properties for a MIB collection specification name A name for the collection, between 1 – 255 characters. pollingIntervalInSecs The interval at which Ridgeline should poll for the variables defined in this collection, between 1 –...
Page 226: Loading, Starting And Stopping A Collection
Tuning and Debugging Ridgeline From this page, any user can view the details of the collection, view information about the devices on which data is being collected, view the xml file that defines the collections, and export the current results of the collection. An Ridgeline Administrator can start or stop polling for any or all of the collections, and can reload the file.
Page 227: The Mib Poller Detail Report
The top area of the MIB Collection Detail Report shows the properties of the collection, as defined in the file: collections.xml Collection Name The name of the collection Polling Interval The polling interval, in seconds Save Polled Data Whether the polled data is being saved in the database (Yes or No) Scope The devices on which polling for this data is being conducted Status...
Page 228: Viewing The Xml Collection Definition
Tuning and Debugging Ridgeline Viewing the XML Collection Definition To view the collection definitions, click the Show XML button in the MIB Collection Poller Summary. This displays the XML that defines the currently loaded collections. Figure 171 show an example of the XML for a collection definition.
Page 229: Reconfiguring Ridgeline Ports
Figure 172: A MIB Query example To perform a MIB query, you enter the required data into the appropriate fields: Enter into the first field the IP addresses of the devices from which you want to get data. ● Enter any scalar MIB OIDs you want to retrieve into the second field. ●...
Page 230: Using The Ridgeline Debugging Tools
When you edit this file, take care not to add any extra spaces. If editing this file does not solve your problems, you should call your Extreme Networks Technical Support representative for help. Using the Ridgeline Debugging Tools The Ridgeline debugging tools are available through the Reports modules for users with an administrator role.
Page 231: Chapter 16: Creating And Running Ridgeline Scripts
Creating and Running Ridgeline Scripts C H A P T E R This chapter describes how you can use to create and edit Ridgeline scripts, then run them on managed devices. Topics include: An overview of Ridgeline scripts ● Information about the Ridgeline script interface ●...
Page 232: Bundled Ridgeline Scripts
Creating and Running Ridgeline Scripts http://www.tcl.tk for a list of Tcl commands supported in Ridgeline scripts. Some Tcl commands are not supported in Ridgeline scripts. See “Tcl Support in Ridgeline Scripts” in the Ridgeline Reference Guide for a list of blocked Tcl commands. Syntax and constructs from these sources work seamlessly within Ridgeline scripts.
Page 233 Figure 174: Ridgeline Scripts View The Scripts table lists all of the scripts configured in Ridgeline. To the right of the Scripts table is a view of the selected script. You can double click a script to open it in the Script Editor window, which is shown in Figure 175.
Page 234: Managing Ridgeline Scripts
Creating and Running Ridgeline Scripts Figure 175: Ridgeline Script Editor Window The Ridgeline Script Editor is where you can add content to a script, set values for parameters, specify runtime settings, and indicate which Ridgeline users can run the script. Managing Ridgeline Scripts This section explains how to do the following tasks: Create an Ridgeline script...
Page 235: Creating A New Ridgeline Script
Creating a New Ridgeline Script To create a new Ridgeline script, select New > Script from the Ridgeline File menu. A Script Editor window appears, displaying a script with default content. Figure 176: Ridgeline Script Editor Window By default, a new script created in Ridgeline contains a metadata section where you can enter a script description and define script sections and metadata that appears on the Overview tab.
Page 236 Creating and Running Ridgeline Scripts Tags” and “Ridgeline-Specific System Variables” in the Ridgeline Reference Guide for more information. For example: Figure 177: Specifying a script description A detailed script description can be placed between the metadata tags #@DetailDescriptionStart . This appears on the Description tab. #@DetailDescriptionEnd You can place variable definition statements in the metadata section, so that variables can be defined by entering values in the Overview tab.
Page 237 Figure 178: Defining variables in the metadata section of a script When you do this, the variables appear on the Overview tab as script parameters, as shown in Figure 179. Figure 179: Overview tab with a variable definition field You can enter ExtremeXOS 12.1 CLI scripting commands and Tcl commands and constructs after the metadata section of the script.
Page 238: Specifying Run-Time Settings For A Script
Creating and Running Ridgeline Scripts To save the script, select Save As... from the File menu. Ridgeline prompts you for the name of the script and for an optional script comment. You can save the script on the Ridgeline server, or you can click Export to and specify a directory on your local system.
Page 239: Specifying Permissions And Launch Points For A Script
Whether to create an entry in the Ridgeline Audit Log when this script is run. ● The first two settings apply to all users; the third is available to Ridgeline users with read/write access. Specifying Permissions and Launch Points for a Script You can specify which Ridgeline user roles have permission to run the script, and whether an option to run the script should appear in the Network Views menu or in a shortcut menu.
Page 240: Running A Script
Creating and Running Ridgeline Scripts Running a Script To run a script, do one of the following: Select a device, port, or group in a Network Views folder, and select Run script from the Device ● menu, or right-click the item and select Run script. If the script has been configured to be shown in the shortcut menu for the selected item, then the script is listed in the Run Script window, as shown Figure 183.
Page 241 Figure 184: Selecting the Order for Executing a Script After the sequence for script execution has been selected, you can make device-specific changes to the parameters in the script. Figure 185: Changing Parameters in a Script Ridgeline Concepts and Solutions Guide...
Page 242 Creating and Running Ridgeline Scripts To modify the script parameters for a device, select the device in the table, then click on the parameter you want to modify, and change it in the text box. The modified parameter applies only when the script is run on the selected device.
Page 243 Click Next to display a window where you can view the runtime information for the script and run it on the specified devices. Figure 187: Script Verification Window Click Run Script to execute the script on the selected devices. A window appears indicating the progress and results of the script execution.
Page 244: Importing Scripts Into Ridgeline
Creating and Running Ridgeline Scripts Figure 188: Progress and Results of Script Execution You can display the script execution results (and any errors) for each device where the script was executed. The results can be saved to a file. You can also elect to run the script again, or save the script as a script task.
Page 245: Categorizing Scripts
Figure 189: Import Script Window 3 In the From field, specify the location on your local system where the script file resides. 4 In the Script name field, enter the name of the script file to import. 5 Click Import to import the script into Ridgeline. NOTE Exported Ridgeline 6.0 Telnet macros cannot be imported as XML scripts.
Page 246: Specifying An Ridgeline Script As An Alarm Action
Creating and Running Ridgeline Scripts Figure 190: Categorize Script Window 4 To create a new category, click New, and specify a category name. 5 To assign the script to a category, click the button next to the category and click Save. After a script has been assigned to a category, you can filter the scripts table using the category name.
Page 247 Figure 192: Script Tasks Table From the Script Tasks table, you can configure parameters for a script task as well as specify a schedule for running it. To configure a script task, double-click it in the table, or highlight it and select Open from the File menu.
Page 248: Using The Audit Log To Troubleshoot Ridgeline Scripts
Creating and Running Ridgeline Scripts Using the Audit Log to Troubleshoot Ridgeline Scripts The Ridgeline Audit Log is a means for viewing information about the UPM profiles and Ridgeline scripts that have been deployed in your network. You can use the Audit Log as a troubleshooting aid to reveal errors when an Ridgeline script is run unsuccessfully.
Page 249: Filtering The Audit Log View
Within each tab are filters that allow you to limit the information in the display based on the time period deployed, log table contents, or details table contents. The log table contains information about each deployed profile or script. The details table contains information about the deployment results of a selected profile or script on each device where it was run.
Page 250: Rerunning A Script
About ExtremeXOS Scripts ExtremeXOS scripts files contain CLI commands and scripting structures that can be executed on Extreme Networks devices. Any ExtremeXOS CLI command can be used in an ExtremeXOS script. ExtremeXOS scripts are supported on devices running ExtremeXOS 11.4 or later.
Page 251: Chapter 17: Using Identity Management
Using Identity Management C H A P T E R This chapter describes how to use Ridgeline to monitor the logon and network usage of LLDP devices and users connected to managed switches in your network. This information is obtained using the ExtremeXOS Identity Management feature.
Page 252: Role-Based Access Control
Using Identity Management Figure 197: User Matched to a Defined Role “rrodgers” “sharpster” Active directory user login: sharpster rrodgers Company = “EXTR” Match State = “CA” criteria Department = “NMS” “rrodgers” Role = “US Engineer” EX_idm_0004 Role-Based Access Control You enable role-based access control on the switches and ports where user login data is identified. Then you define user roles that include conditions to match the user who has logged into the network.
Page 253: Policies
Figure 198: Roles and Policies Roles Policies Employee Can access Company = “Extreme” intranet Priority 3 Engineer Company = “Extreme” Engineers will inherit Can access Department = “Eng” “Can access intranet” and development subnet will be able to also access Priority 2 the development subnet.
Page 254 Using Identity Management Figure 199: Hierarchical Role Management Example Policy 1: Allow common ﬁle shares Employees Policy 2: Allow access to time-sheet application (Company == XYZCORP) Policy 3: Allow CRM applications Sales Policy 4: Deny Engineering resources (Company == XYZCORP AND Department == Sales) Policy 5: Allow access to Finance applications Managers Policy 6: Allow access to HR tools...
Page 255: Role Inheritance
Figure 200: Role Hierarchy Parent role Children roles Supports five levels EX_roles_01 Role Inheritance Child roles inherit the policies of the parent role in the hierarchy. When an identity is assigned to a role, the policies and rules defined by that role and all higher roles in the hierarchy are applied. When the parent role is deleted or when the parent-child relationship is deleted, the child role no longer inherits the parent role's policies and the policies are immediately removed from all identities mapped to the child role.
Page 256: Ldap Attributes And Server Selection
Using Identity Management LDAP Attributes and Server Selection Active Directory provides lightweight directory access protocol (LDAP) service to Ridgeline. The following lists LDAP role match criteria you can assign to the switch: Employee ID ● Title ● Email Address ● Department ●...
Page 257 Figure 202: Enable Monitoring —Choose Devices 3 Choose Devices or a Device group. 4 Choose a device or devices on the list. Click Select all to include all the available switches or Clear all to deselect all the devices. 5 Click Next. If you choose Devices, the dialog box opens and asks: Enable monitoring on which devices? See Figure 203.
Page 258 Using Identity Management Figure 203: Enable Monitoring—Device Selection 6 If you have chosen Device groups to monitor, the next dialog opens and asks: Monitor Identities on which device groups? The dialog box shows the device groups you can monitor. You can expand each device to view the devices in the group.
Page 259 Figure 204: Enable Monitoring—Device Groups Figure 205: Enable Monitoring—Port Selection 8 Choose the device whose ports you want monitored on the Selected devices list. See Figure 205. The Available ports list shows the available ports for the device. You must choose a minimum of 1 port on each device.
Page 260 Using Identity Management 11 The Result dialog opens and shows a summary of the ports. See Figure 206. You can edit the virtual router (VR) names in this dialog. Figure 206: Enable Monitoring Wizard—Results 12 Click Finish. This begins the port configuration process. When this process completes, the dialog box opens and shows the results.
Page 261: Editing Monitored Device Ports
Figure 207: Enable Monitoring Wizard—Successful Results 13 To view the details of the script run, choose an item on the list. The details show in the field below. If Ridgeline cannot enable monitoring on a device, the list indicates: Unsuccessful. Select the item with an error.
Page 262: Disabling Monitoring
Using Identity Management Figure 208: Edit Ports of Network Users devices 6 Click Save changes to modify the ports being monitored. Or, click Edit Notification to change additional port information such as: Host IP address ● XML target ● Connection type ●...
Page 263: Enabling Role-Based Access Control On New Devices
Figure 209: Choosing Disable Monitoring 3 A dialog asks you to confirm your selection. See Figure 210. Figure 210: Disable Monitoring Confirmation 4 Click Yes to disable monitoring. Click No to continue monitoring on the switch. A dialog box confirms that monitoring is disabled on the devices you chose. See Figure 211.
Page 264 Using Identity Management Figure 212: Enabling Role Based Access Control Choice on the File Menu Ridgeline Concepts and Solutions Guide...
Page 265 Figure 213: Choose Devices to Enable Role-based Access Control 2 Choose the devices you want. 3 Click Next. The dialog box opens with the device highlighted and asks: Any specific client configuration? See Figure 214. Ridgeline Concepts and Solutions Guide...
Page 266 Using Identity Management Figure 214: Client Configuration Dialog Box 4 Choose a VLAN from the drop down list in the Directory server client attributes area. 5 Click Finish. The device shows on the Role-based access devices tab. See Figure 215. Figure 215: Role-based-Access-Control Devices Tab Ridgeline Concepts and Solutions Guide...
Page 267: Disabling Role-Based Access Control
Disabling Role-based Access Control To disable role-based access control, do the following: 1 On the menu bar, go to Edit>Disable role-based access control. Or, right click on the device on the Devices enabled for role-based access control list. A menu opens. See Figure 216.
Page 268: Defining A New Role
Using Identity Management A role can: Be independent of a parent or a child ● Have children (8 maximum) ● Have only one parent (maximum) ● Defining a New Role You can define network wide roles and specify the match criteria for placing a device under the role, as well as, set role priority.
Page 269 Can have a maximum of 32 characters. ● Can contain only alphabetic characters, numerals, hyphens, and underscores. All other special ● characters are invalid. Cannot have spaces. ● Cannot begin with a numeral. ● Cannot be assigned an existing name. ●...
Page 270: Creating A Child Role With Conditions Inherited From Its Parent
Using Identity Management 4 Type the values for the match criteria in the entry field on the right and choose the operators in the middle column: Equal to == ● Not equal to != ● Contains ● 5 After entering the first condition, click New condition to add multiple conditions. A New condition field shows.
Page 271 Figure 221: Child Role Match Criteria Conditions 3 Enter the role name. You can also enter a description and set priority. If you do not change the default priority, 255, the most recently created role receives the highest priority. See Figure 222.
Page 272 Using Identity Management Figure 222: Create Child Role—Inherit Parent Match Criteria 5 Add more match conditions if you want to further distinguish the user. 6 Click OK when you are satisfied with the match criteria. The criteria is copied from the parent, but the switch does not inherit parent criteria. The inherited criteria adds to the total maximum conditions of 16 allowed in the parent role.
Page 273: Creating A Child Role With Conditions Inherited From A Different Role
Figure 223: Create Child Role—Match Criteria Tree View shows the new child role in the hierarchy. Table View lists roles by name and function. Refer to “Viewing Roles” on page 272. Creating a Child Role with Conditions Inherited from a Different Role A child role does not need to inherit match conditions from its parent.
Page 274: Viewing Roles
Using Identity Management Figure 224: Inherit a Role from a Different Parent—Drop Down list 3 Choose the parent with the match conditions you want for the child role criteria. The conditions fill the match criteria fields when you do this. The criteria is copied from the parent, but the switch does not inherit parent criteria.
Page 275: Viewing Role Details
Figure 226: Configured Roles Table View Viewing Role Details Details about the role show on the right of the window, including role name, description, priority, the name or the role. children names. The Match criteria tab below shows the conditions for the role. The Policies tab shows the attached policies in the order in which they apply.
Page 276: Editing Roles
Using Identity Management Figure 228: Role Details Definition and Policies Tab Editing Roles You can edit role parameters for parent child relationships and the priority. Editing a role automatically attaches to the corresponding updated roles to all the switches that are enabled with Identity Management.
Page 277: Deleting Roles
Figure 229: Edit Roles Dialog 3 Click OK. Deleting Roles When you delete a role definition, the changes are attached on all switches enabled with Identity Management. To delete a role, do the following: 1 Select a role on Tree View or Table View. 2 On the menu bar, go to Edit>Delete.
Page 278: Policy Match Condition Combinations
Using Identity Management Policy Match Condition Combinations Table 8 lists the ingress policy match condition combinations for Identity Management. The following items provide additional information about the match conditions: EXOS dynamically inserts the source IP. It does not allow you to add a source IP in the ingress ●...
Page 279 Figure 232: Attach Policies to Roles Dialog Box 2 Choose a role from the Roles list. See Figure 232. 3 Choose a policy from the Available Policies column and move it to the Selected Policies column by clicking the arrow buttons. 4 Click Save Changes.
Page 280: Deleting A Policy Attached To A Role
Using Identity Management Figure 233: Attach Roles and Policies Summary Page 5 Click Finish. The Roles list shows the role is attached to a policy. See Figure 234. Figure 234: Role Attached to Policy Shows on Roles List Deleting a Policy Attached to a Role When you choose to delete a policy from the existing role’s attachment to that policy, you must detach the policy from the role before deleting the policy.
Page 281: Error And Results Handling
After you have detached a policy from a role, you can delete the policy that was attached with the role. Do the following: 1 Go to Policies to view the list of created policies. 2 Select the policy you want to delete. 3 Go to Edit on the menu bar and choose delete.
Page 282: Viewing The Server Directory
Using Identity Management If the connection succeeds, the second server is marked Active and all further LDAP requests are ● sent to the second server and so on. Configuring LDAP server settings internally, deploys the settings to all Identity Management enabled switches.
Page 283 Figure 237: Manage Servers Menu Figure 238: LDAP Server Configuration and Edit Dialog Box 3 Click New at the bottom of the dialog box. The New directory server wizard opens. 4 Enter the server name, IP address/DNS Name. The port number and default security Mechanism are shown in the dialog box.
Page 284 Using Identity Management Figure 239: New Directory Server Dialog Box 5 Click Next. The dialog box that opens asks: The Any Specific client configuration? See Figure 240. 6 Select an Identity Management enabled device from the list. NOTE To change the client IP address and VR-Name, you must select a VLAN. Ridgeline Concepts and Solutions Guide...
Page 285: Editing Ldap Client Properties
Figure 240: Client IP Configuration Window 7 Change Directory Server Client Attributes. You can also reset to IP Management. 8 Click Finish. Reset to IP management resets the client attributes to use the VLAN and VR though which Ridgeline manages the device. Editing LDAP Client Properties To edit LDAP client properties, do the following: 1 With the Directory servers tab open, go to File>Manage Servers.
Page 286 Using Identity Management Figure 241: Edit a Directory Server Configuration 2 Select the server you want then click Edit client configuration at the bottom of the dialog box. The dialog box opens that shows the name of the server in the title. The server information is grayed out. 3 Click Next.
Page 287: Deleting A Directory Server
Figure 242: Edit a Specific Client Configuration 4 Edit the client properties you want to modify. 5 Click Save changes to table then click Finish to return to the LDAP Server Configuration dialog 6 Click Save changes. 7 Click Finish. The new configuration deploys to the switch. Deleting a Directory Server To delete a directory Server, do the following: 1 Open the LDAP Server Configuration dialog box by double clicking the server name on the Servers...
Page 288: Viewing Network User Information
Using Identity Management Figure 243: Delete Directory Server Dialog Viewing Network User Information After Identity Management is enabled on the switches you want to monitor, and you have configured Ridgeline to monitor them, you can view user and device information in Ridgeline dashboards, the Users table, and in Ridgeline reports.
Page 289: Users Table
Figure 244: Network User Dashboard Reports on the Ridgeline Home Page To place a dashboard on the Ridgeline home page, click the Home folder and select Show Dashboard Palette from the View menu. Drag the dashboard reports you want to view from the palette to the viewing area.
Page 290: Active Users Tab
Using Identity Management Active Users Tab Figure 245 shows the Active Users tab of the Users table. Figure 245: Users Table – Active Users Tab The Active Users tab of the Users table has the following columns. You can filter the contents of the table by expanding the Filter box, and entering text and search criteria, or by expanding the Quick Filter box and selecting an available quick filter.
Page 291: Inactive And Active Users Tab
Type The user type, either Human or Device. Port name The name of the port where the user connected to the network. Member of The device groups the user belongs to, if any. Last updated Date and time when information about the user was last received by Ridgeline. Last attempt to update The last time Ridgeline polled for information about the user, whether successful or not.
Page 292: Displaying Network User Details
Using Identity Management Log on time Date and time the user logged on to the network. If the switch is running ExtremeXOS 12.3 or earlier, this is shown as Unavailable. Port number The port number on the switch where the user connected to the network. User's MAC address The MAC address of the user.
Page 293 Figure 247: Network User Details Window The Network User details window has the following fields: User name The login name of the human user, or “None” if it is a device user, along with an icon indicating the status of the user. The status icon can be one of the following: The user is active.
Page 294: Displaying Identity Management Reports
Using Identity Management Device IP address The IP address of the switch where the user connected to the network. Port number The port number on the switch where the user connected to the network. Port name The name of the port where the user connected to the network. Last updated Date and time when information about the user was last received by Ridgeline.
Page 295: Chapter 18: Managing Network Device Configurations And Updates
Managing Network Device Configurations and Updates C H A P T E R This chapter describes how to use Ridgeline to manage your Extreme device configurations. Topics include: Archiving device configuration files ● Creating and using Baseline configurations ● Monitoring configuration changes with baselines and the Diff function ●...
Page 296: Baseline Configurations
Managing Network Device Configurations and Updates Figure 249: Scheduling archival configuration file uploads You can schedule daily or weekly uploads, and specify the time of day (and day of the week) at which they should be done. This lets you schedule uploads at times when it will have the least impact on your network load.
Page 297: Identifying Changes In Configuration Files
When you view information about the configuration files that have been uploaded for a device in the main Configuration Manager window, the display indicates whether a baseline file exists for the device. The Configuration Manager enables you to create baseline configurations in several ways: You can upload a configuration file from a device using the Upload feature, but specify that it ●...
Page 298: Device Configuration Management Log
Managing Network Device Configurations and Updates Figure 250: Configuration change report for changes detected in an archived configuration Ridgeline will combine into one report any differences detected in archive operations that occur within a 10 hour time frame, to avoid generating many small reports. If you have a large number of devices that you are archiving, you may want to schedule them in groups with a time lapse in between that is sufficient for Ridgeline to save and email a completed report.
Page 299: Managing Firmware Upgrades
Managing Firmware Upgrades Managing the versions of firmware on your devices can be a significant task, since there are a number of different versions for different device types and modules, and versions of the software and the bootROM images must be compatible as well. Ridgeline can help you manage this is several ways: Ridgeline’s Firmware Manager can query the Extreme web site to determine whether new versions ●...
Page 300 Managing Network Device Configurations and Updates Figure 251: Firmware Manager Window Ridgeline Concepts and Solutions Guide...
Page 301: Appendix A: Troubleshooting
You can email this file to Extreme Networks technical support to provide them with detailed information on the state of the Ridgeline server.
Page 302: Enabling The Java Console
Port Configuration utility to determine the port on which the Ridgeline server is running. To run the Port Configuration utility, go to the Windows Start menu, and select Programs, then Extreme Networks, followed by Ridgeline 3.0, then Port Configuration. For more information on the Port Configuration utility, see “Port Configuration Utility”...
Page 303: Ridgeline Database
Files\Extreme Networks\Ridgeline 3.0 different location, substitute the correct installation directory in the commands below. 2 Go to the Ridgeline install directory: cd c:\Program Files\Extreme Networks\Ridgeline 3.0\database\bin 3 Add the Ridgeline database directory to your path: set path=c:\Program Files\Extreme Networks\Ridgeline 3.0\database\bin;%path% 4 Execute the following commands: database\bin\dbeng9.exe -f ..\database\data\basecamp.db...
Page 304: Ridgeline Server Issues
Book Title To recover the database in Solaris, do the following: 1 Open a shell window (csh is used for the following example). The following commands assume you have accepted the default installation location, . If you have installed Ridgeline in a different location, /opt/ExtremeNetworks/Ridgeline3.0 substitute the correct installation directory in the commands below.
Page 305 See “Administering Ridgeline” in the Ridgeline Reference Guide for information on Ridgeline Administration. Problem: Telnet polling messages can fill up a device’s syslog file. The Ridgeline server uses Telnet polling to retrieve certain switch information such as Netlogins, FDB data (if FDB polling is enabled) and power supply information. By default, Ridgeline does status polls every five minutes and detailed polls once every 90 minutes.
Page 306 Book Title configure log filter DefaultFilter add exclude events All match string “<EPIC_ip_addr> <EPIC_account>: disable clipaging session” For example, to set up the filter for an Ridgeline server with IP address 10.255.48.40, and using account name “admin” to login to the switch, you would enter the following: configure log filter DefaultFilter add exclude events All match string “10.255.48.40 admin: disable clipaging session”...
Page 307: Vlan Management
4 Select the connection you want Ridgeline to use, use the up and down arrow buttons at the right to move it to the top of the list, then click OK. 5 Restart the Ridgeline server. VLAN Management Problem: Multiple VLANs have the same name. A VLAN is defined by the name, its tag value, and its protocol filter definition.
Page 308 Book Title Problem: An RMON rule is defined to monitor a counter variable, and to cause an alarm when the counter exceeds a certain value. The counter has exceeded the threshold value but no alarm has occurred. There are several things to check: Make sure the RMON rule and the alarm definition are set up correctly ●...
Page 309: Ridgeline Inventory
Ridgeline Inventory Problem: Multiple switches have the same name. This is because the sysName of those switches is the same. Typically, Extreme Networks switches are shipped with the sysName set to the type of the switch “Summit48,” “Summit1i,” “Alpine3808,” and so on, depending on the type of switch.
Page 310: Reports
Book Title Reports Problem: After viewing reports, added a user-defined report, but it doesn’t appear in the list of reports on the main reports page. The Reports page updates the list of reports when the page is loaded. To update the list, Refresh the page.
Page 311: Appendix B: Configuring Devices For Use With Ridgeline
Configuring Devices for Use With Ridgeline A P P E N D I X This appendix describes how to configure certain features on Extreme and third-party devices to enable Ridgeline features relative to those devices. It also includes information about configuring an external RADIUS server for use with Ridgeline.
Page 312: Setting Ridgeline As A Trap Receiver
Book Title Setting Ridgeline as a Trap Receiver When Extreme devices are added to the Ridgeline inventory, they are automatically configured to send traps to the Ridgeline server. However, third-party devices are not automatically configured to do so. If you want alarms to function for third-party devices, you must manually configure the devices to send traps to the Ridgeline server.
Page 313: Ridgeline Inventory Integration
The device integration process may require editing of certain Ridgeline files that can affect the functionality of the Ridgeline server. In some cases, editing these files incorrectly may prevent the Ridgeline server from running. It is strongly recommended that device integration be undertaken only under the supervision of Extreme Networks support personnel.
Page 314 XML files for third-party devices extend and further specify properties unique to each device type and device. Extreme Networks devices are also recognized through this same ATL mechanism. When Ridgeline discovers a device, it searches this hierarchy for a match to the device or device type that will provide the properties for the device.
Page 315 Table 9: Attributes Used in an ATL File (continued) Attribute Value SysobjectID The OID value of the device, or the enterprise OID (if a device type) Protocol Use SNMP as the default value Attributes This contains the properties that define the features and capabilities of the third-party device, such as enabling Telnet.
Page 316: The Oid Folder
Book Title The OID folder Device images used for display in inventory and on topology maps, are kept in the extreme.war/gifs directory, under directories named by the OID of the device. There are typically three files in these subdirectories: , the image (front panel or front and back panel) displayed in the Inventory ●...
Page 317: Telnet Integration
For example, the dpsimages.zip file included the file , which matches the name specified 3comicons.gif in the file: 3Com.xml <imageIconsFileName>3comicons.gif</imageIconsFileName> If individual devices do not require unique icons, this can be specified in the parent XML file (for the device type) and can be left out of the XML files for individual devices of that type. Telnet Integration Ridgeline’s third-party integration framework can be used to provide auto-login when a user (with the appropriate role/permissions) connects to the device from the Ridgeline Telnet window.
Page 318: Alarm Integration
Book Title </deviceType> Note that in the case of 3COM, the Telnet integration is handled at the device type level, since it is the same for all the 3COM devices. Therefore, it is not duplicated in each device ATL XML file, but handled one at the device type (enterprise) level.
Page 319: Adding The Mib(S) To Ridgeline
Table 11: Components of the an Events.xml event entry (continued) Attribute Value(s) Comments SubTypeName The name of the specific event, Together with the Type name, it forms the event e.g. “link down” name e.g. “SNMP trap link down” The following is a sample entry for an SNMP V1 trap: <Event Type="6"...
Page 320 Book Title Once this integration has been accomplished, you can launch the third-party application from Ridgeline by selecting Third party applications from the Tools menu. Ridgeline Concepts and Solutions Guide...
Page 321: Appendix C: Using Ssh For Secure Communication
Using SSH for Secure Communication A P P E N D I X This appendix describes in detail how to set up secure tunneling between the Ridgeline server and Ridgeline clients. By default, communication between the Ridgeline server and its clients is unencrypted. This means the traffic between client and server could easily be captured, including passwords, statistics, and device configurations.
Page 322: Step 1: Install Putty On The Ridgeline Client
Book Title Step 1: Install PuTTY on the Ridgeline Client PuTTY is a free SSH application that can be downloaded from the following URL: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Download the file putty.exe. This program is not compressed (zipped) and does not require installation. You must download this application to each Ridgeline client for which you want to secure your client-server communication.
Page 323 Click on SSH in the left column tree, then select 2 for Preferred SSH protocol version, as shown in Figure 254. Figure 254: The Basic SSH Settings 3 Under SSH, click on X11 to display the dialog shown in Figure 255.
Page 324 Book Title Figure 256: SSH Tunneling Settings 5 Click the Local radio button. 6 For the Source port type the HTTP port number you configured when you installed Ridgeline (by default, this is port 8080). 7 For the Destination type where is the HTTP port you configured at localhost:<port>...
Page 325: Step 3: Installing Openssh Server
Figure 257: Saving the Session Profile Click Save. Step 3: Installing OpenSSH Server The following section demonstrates the installation of the OpenSSH server on the Ridgeline server. If there is an SSH server already running on the Ridgeline server, skip this step. 1 Create a folder c:\cygwin 2 Next, download the file...
Page 326 Book Title Figure 258: Choose Installation Type 4 Click the Install from Internet radio button, then click Next. The Choose Installation Directory dialog appears. Figure 259: Choose Installation Directory 5 In the Root Directory field type , which is where the OpenSSH will be installed. C:\cygwin Select the All Users radio button so all users will have access the SSH server.
Page 327 Figure 260: Select Local Package Directory 6 In the Local Package Directory field type , then click Next. C:\cygwin 7 When the Select Packages window appears (see Figure 261), click the View button for a full view. Figure 261: Select Packages 8 Locate the line , click on the word skip so that an X appears in Column B.
Page 328 Book Title 9 Find the line , click on the word skip so that an X appears in Column B. cygrunsrv 10 Click Next to begin the installation. 11 Next, right-click My Computer and click Properties. 12 Select the Advanced tab and click Environment Variables. This displays the Environment Variables window, as shown in Figure 262: Adding a System Variable for Cygwin 13 In the bottom section of the window under System variables, click the New button to add a new...
Page 329 Figure 263: System Variable for Cygwin Successfully Added 14 From the Environment Variables window, scroll the System variables list, select the Path variable, and click the Edit button. Figure 264: Path Variable 15 Append “ ” to the end of the existing variable string. ;c:\cygwin\bin Ridgeline Concepts and Solutions Guide...
Page 330: Step 4: Configure Microsoft Firewall To Allow Ssh Connects
Book Title Figure 265: Modifying the Path Click OK. 16 Next, open a cygwin window (by double clicking the Cygwin icon ). A black window appears. Figure 266: Configuring the SSH Server Through Cygwin 17 At the prompt, enter ssh-host-config When the script asks about privilege separation be used, answer ●...
Page 331 To configure the Windows Firewall to allow SSH connects, do the following: 1 Open the Windows Control Panel and double click the Windows Firewall icon. The Windows Firewall window opens. Figure 267: Configuring the Windows Firewall to Allow Port 22 Connections 2 Click on the Exceptions tab and click on Add Port….
Page 332: Step 5: Initiate Ridgeline Server/Client Communication
Book Title 3 In the Name field, type SSH, and type and 22 for the Port number. Click the TCP radio button, then click OK. The Windows firewall is now configured to allow SSH connections. Step 5: Initiate Ridgeline Server/Client Communication To establish an encrypted tunnel between the Ridgeline server and client, do the following: 1 Run the Putty application (...
Page 333: Appendix D: Configuring Radius For Ridgeline Authentication
Configuring RADIUS for Ridgeline Authentication A P P E N D I X This appendix describes in detail how to set up an external RADIUS server to provide authentication services for Ridgeline users, when Ridgeline is configured to act as a RADIUS client. The following example is a step-by-step walk-through example using Microsoft Active Directory and Internet Authentication Service.
Page 334: Step 2. Associate Users With The Ridgeline Group
Book Title 1 To add a group, select the appropriate domain under Active Directory Users and Computers, then click Users, then New> Group Figure 270: Adding a Group 2 Type the same group name in each of the two group name fields. Scope should be Global, type should be Security.
Page 335 1 In the Users list right-click on a user name and display the Properties dialog. Figure 271: The Properties dialog for a user name 2 Click the Member Of tab, then click Add... Figure 272: The Member Of tab 3 In the Enter the object names to select field, type the name of the Ridgeline-related group this user should be associated with (see Figure 273).
Page 336: Step 3. Enable Ridgeline As A Radius Client
Book Title Figure 273: Adding a group for the user 4 Click the Dial-in tab and select the Allow access and the No Callback radio buttons (see Figure 274). Click OK to continue. Figure 274: The Dial-in tab configuration Step 3. Enable Ridgeline as a RADIUS Client Within the Internet Authentication Service, enable Ridgeline as a RADIUS client.
Page 337 Figure 275: Adding a RADIUS Client to IAS 3 Select RADIUS Standard from the Client-Vendor drop-down menu, and type the shared secret twice. You must use this same shared secret when you configure Ridgeline as a RADIUS client. Figure 276: Setting the shared secret for a RADIUS client 4 Click Finish.
Page 338: Step 4. Create A Remote Access Policy For Ridgeline Users
Book Title Figure 277: Verify the RADIUS client in IAS Step 4. Create a Remote Access Policy for Ridgeline Users Create a Microsoft Internet Authentication Remote Access Policy for each type of Ridgeline role that you plan to use within Ridgeline. For each different role (predefined roles such as Admin or Manager, or user-defined roles) a Remote Access Policy is needed, configured with the role information that must be transmitted to Ridgeline along with the user’s authentication status.
Page 339 Figure 278: Configuring a Remote Access Policy using the wizard 3 To configure the Access Method (Figure 279), click the Ethernet radio button, then click Next to continue. Figure 279: Selecting the Access Method for network access 4 The User or Group Access window appears. This is where you associate a group with this policy. Ridgeline Concepts and Solutions Guide...
Page 340 Book Title Figure 280: The User or Group Access selection 5 Select the Group radio button, then click Add..The Select Group pop-up window appears, as shown in Figure 281. Figure 281: The Select Groups window 6 Click on Locations..The Locations pop-up appears, as shown in Figure 282.) Ridgeline Concepts and Solutions Guide...
Page 341 Figure 282: The Locations window 7 Select the appropriate domain (the ebcdemo.com domain in this example) where your Ridgeline groups were created. Click OK to continue. This returns you to the Select Groups window, with the selected domain displayed (see Figure 283).
Page 342 Book Title Figure 284: The User or Group Access window after selecting the domain and group 9 Next, select the Authentication Method to be used. From the EAPS Type drop-down menu, select MD5-Challenge, then click Next. Figure 285: Setting the Authentication Method for the policy 10 Click Finish in the final window to complete your configuration of the remote access policy.
Page 343: Step 5. Edit The Remote Access Policy To Add A Vsa
Step 5. Edit the Remote Access Policy to add a VSA Edit each new Remote Access Policy to add a Vendor Specific Attribute (VSA) or to set the Service Type attribute value. If you are using just the standard Ridgeline built-in roles (Admin, Manager, Monitor) you can simply set the service type attribute.
Page 344 Book Title Figure 287: The Properties window for a remote access policy 2 Remove the NAS-Port-Type matches Ethernet policy: select NAS-Port-Type matches Ethernet and click Remove. 3 Next, select the Windows-Group matches “EBCDEMO\Ridgeline” policy and click Edit Profile. The Edit Dial-in Profile window appears. Ridgeline Concepts and Solutions Guide...
Page 345 Figure 288: The Edit Profile window, Authentication Tab 4 Select the Authentication tab, and check Unencrypted authentication (PAP,SPAP). Then click the EAPS Methods button. The Select EAPS Providers pop-up window appears (Figure 289). Figure 289: The Select EAPS Providers window 5 Remove the MD-5 Challenge method: select MD5-Challenge and click Remove.
Page 346 Book Title Figure 290: The Edit Profile window, Advanced Tab 7 Select Vendor-Specific and click Add. The Multivalued Attribute Information window appears. Figure 291: The Multivalued Attribute Information window 8 Click Add again. The Vendor-Specific Attribute Information window appears. This is where you add the Ridgeline VSA settings.
Page 347 Figure 292: The Vendor-Specific Attribute Information window 9 Select the Enter Vendor Code radio button, and type 1916 as the vendor code. Select the Yes. It conforms radio button. Click Configure Attribute... The Configure VSA pop-up appears. Figure 293: Configuring the VSA Ridgeline Concepts and Solutions Guide...
Page 348 Book Title 10 In the next window, provide the following: Enter 210 for the Vendor-assigned attribute number. Select String from the Attribute format drop-down menu. Type an Attribute value that matches one of the Ridgeline role names; either a predefines role name, such as Administrator or Monitor, or a user-defined role name.
Page 349: Step 6. Configure Ridgeline As A Radius Client
Step 6. Configure Ridgeline as a RADIUS Client Once Ridgeline is configured in IAS as a RADIUS client, you must configure it as a RADIUS client through Ridgeline Administration. 1 In Ridgeline Administration, select the RADIUS tab, as shown in Figure 295.
Page 350 Book Title Ridgeline Concepts and Solutions Guide...
Page 351: Appendix E: Ridgeline Utilities
(on page 349), that collects the various log files and other system ● information into an archive file (zip-format file) that can be sent to Extreme Networks technical support organization to help troubleshoot problems with Ridgeline. The Port Configuration utility...
Page 352: Port Configuration Utility
If you open the zip file, you will see that it contains copies of the existing log, property and debug files for the Ridgeline server as well as information the server keeps about any connected clients. This information can help Extreme Networks’ technical support staff debug problems you may be experiencing with your Ridgeline server.
Page 353: The Devcli Utility
Figure 296: Ridgeline Port Configuration Utility There are two tabs, one for the Web (HTTP) port, and one for the Database Port. Each shows the current port number, the default port number, and provides a field where you can enter a new number.
Page 354: Using The Devcli Commands
The utility is located in the subdirectory under the Ridgeline install directory, by default client\bin in a Windows environment, or \Program Files\Extreme Networks\Ridgeline 3.0\client\bin in a Linux or Solaris environment. /opt/ExtremeNetworks/Ridgeline3.0/client/bin The DevCLI utility supports the following four commands: to add a device.
Page 355: Devcli Examples
Most options default to the values equivalent to those used by default on Extreme Networks devices or in the Ridgeline software. You can specify only one Ridgeline server (database) in a command. If you want to add the same devices to multiple Ridgeline databases, you must use a separate command for each server.
Page 356: Inventory Export Scripts
<options> information from the Ridgeline database. To export device information to file under Windows, enter the command: devinfo.csv cd “\Program Files\Extreme Networks\Ridgeline 3.0\user.war\scripts\bin” inv.bat -o devinfo.csv Under Linux or Solaris, enter the command: cd /opt/ExtremeNetworks/Ridgeline3.0/user.war/scripts/bin inv.sh -o devinfo.csv Ridgeline Concepts and Solutions Guide...
Page 357 To run the command as user “user1,” and export slot information to file under slotinfo.csv Windows, enter the command: cd “\Program Files\Extreme Networks\Ridgeline 3.0\user.war\scripts\bin” slots.bat -u user1 -o slotinfo.csv Under Linux or Solaris, enter the command: cd /opt/ExtremeNetworks/Ridgeline3.0/user.war/scripts/bin slots.sh -u user1 -o slotinfo.csv...
Page 358: Inventory Export Examples
Book Title NOTE The inv.bat, inv.sh, slot.bat, and slot.sh scripts retrieve information only from an Ridgeline server that runs on the same machine as the scripts. Inventory Export Examples The following examples illustrate the usage of these commands. To export slot information to the file from the Ridgeline database whose login is ●...
Page 359: Using The Snmpcli Utility
<options> For example, to get the value of the object (the variable in the extremePrimaryPowerOperational Extreme Networks MIB) whose OID is . on the device at 10.205.0.99, 1.3.6.1.4.1.1916.1.1.1.10.0 enter the following command: snmpcli snmpget -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.10.0 returns the value of the next OID (subsequent to the OID you ●...
Page 360: Snmpcli Examples
To retrieve the values of the ● extremePrimaryPowerOperational variables for the Extreme Networks device with IP address 10.205.0 extremeRedundantPowerStatus 99, with read community string “purple” and a timeout of 1000 ms, enter the following command: snmpcli snmpget -a 10.205.0.99 -r purple -t 1000 -o .1.3.6.1.4.1.1916.1.1.1.10.0 -o .1.3.6.1.4.1.1916.1.1.1.11.0...
Page 361 The Ridgeline user name is required. All other parameters are optional. The basic command displays information about the last 300 alarms in the Ridgeline database. By using filtering options, you can display information about selected alarms. You can specify a time period of interest as well as characteristics of the alarms you want to include.
Page 362: Alarmmgr Output
Book Title Table 15: AlarmMgr command options (continued) Option Value Default -help Displays syntax for this command None You can specify only one Ridgeline server (database) in a command. If you want to display alarms ● from multiple Ridgeline databases, you must use a separate command for each server. The options for specifying the relevant time period ( , and ) are mutually exclusive and...
Page 363: The Findaddr Utility
<Ridgeline_install_dir>/client/bin By default this is in Windows, or \Program Files\Extreme Networks\Ridgeline 3.0\client\bin in a UNIX environment. /opt/ExtremeNetworks/Ridgeline3.0/client/bin This command includes options for specifying Ridgeline server access information, the address to be located, and a search domain (an individual device and ports, or a device or port group).
Page 364 Book Title Table 16: FindAddr command options (continued) Option Value Default -port <port> Ridgeline server port number. Do not specify this after the -dip option or it will be taken as a search domain specification. -f <file specification> Name of file to receive output. If you do not specify a path, the file is Comman placed in the current directory.
Page 365: Findaddr Output
You can specify each search domain option multiple times. ● Wildcards are not supported for device IP addresses. To include multiple devices in the search domain, you can specify a device group that contains the devices, or specify multiple -dip options.
Page 366: Using The Transfermgr Command
<Ridgeline_install_dir>/client/bin By default this is in Windows, or \Program Files\Extreme Networks\Ridgeline 3.0\client\bin in a UNIX environment. /opt/ExtremeNetworks/Ridgeline3.0/client/bin This command includes options for specifying Ridgeline server access information, the transfer function to be performed (upload, download, incremental download, or ExtremeWare image download), the device on which to perform the operation on, and the file location on the server.
Page 367 . You can change the location of the <Ridgeline_install_dir>\user.war\tftp TFTP root directory by using the Server function of the Ridgeline Configuration Manager. Standard ExtremeWare software images as shipped by Extreme Networks are provided in the ● directory directory (by default <Ridgeline_install_dir>\user.war\tftp\images...
Page 368: Transfermgr Examples
10_20_30_40.txt configs directory under the TFTP root directory (by default \Program Files\Extreme Networks\Ridgeline 3.0\user.war\tftp\configs To upload and archive configuration information from device 10.20.30.40 managed by the Ridgeline ● server running on host on port 81, with Ridgeline login “master” and password “king,” enter...
Page 369: Importing From A File
This command includes options for specifying Ridgeline server access information, the operation to be performed (create, modify or delete), the name of the VLAN, and the devices in the VLAN with their configuration options. Importing from a File. To import data from a text file, you define the resources you want to import in a tab-delimited text file.
Page 370: Importresources Examples
Book Title Table 18: ImportResources command options (continued) Option Value Default -ldap Specifies that the information to be imported is from an None LDAP directory. Requires a specification file named LDAPConfig.txt, that resides in the Ridgeline user.war/import directory. See “Importing from an LDAP Directory” in the Ridgeline Reference Guide for details.
Page 371 To use the configFreeRadius command, do the following: 1 Open a command line console (Figure 297) and enter: Ridgeline installed location > cd < Figure 297: Command Line 2 At the next prompt, enter the following commands as described in Table Table 19: ConfigFreeRadius Command Options Command...
Page 372 Book Title Ridgeline Concepts and Solutions Guide...
Page 373 Index Numerics configuring server as trap receiver, 310 conventions 802.1Q tag, 131, 198 notice icons, About This Guide, 10 text, About This Guide, 10 Creating Roles, 265 About Ridgeline window, 299 access levels. See user roles Active users tab Debug Ridgeline, 49 decorative node, 66 active users, 288 Defining a New Role, 266...
Page 374 E-Line, ELAN, importing services, 103 map elements (Topology), 65 enable composite link, 67 Identity Management, 249 decorative node, 66 Enabling VM device node, 65 tracking, 152 hyper node, 66 Error and results handling, 279 link, 66 eSupport Export report, 48 submap node, 66 Event Log history, 221 text node, 66...
Page 375 Server State Summary, 49 Solaris, starting the server, 26 Slot Inventory report, 48 SSH, 193 Syslog, 48 starting the server Unused Port, 48 under Solaris, 26 Ridgeline, 310 status poll, 21 architecture, 21 submap node, 66 components, 20 Syslog Ridgeline client configuring Ridgeline as Syslog receiver, 309 description, 26 Syslog report, 48...
Page 376 Virtual machine Manager table, 149 VLAN Services, 140 VLANs 802.1Q tag, 131, 198 for security, 198 protocol filters, 131, 198 troubleshooting, 305 Attaching Policy, 159 Details view, 172 Manager table, 149 monitoring device details, 174 VM tracking on a switch, 152 VMs tab, viewing information, 169 VSA, 191 configuring, 191...

This manual is also suitable for:

Ridgeline 3.0

Extreme Networks Ridgeline Guide Manual

Preface

Chapter 1: Ridgeline Overview

Chapter 2: Getting Started with Ridgeline

Chapter 3: Organizing Devices and Ports into Groups

Chapter 4: Using Map Views

Chapter 5: Provisioning Network Resources

Chapter 6: Managing Ethernet Services

Chapter 7: Importing Services

Chapter 8: Managing PBB Networks

Chapter 9: Managing and Monitoring VPLS Domains

Chapter 10: Managing Vlans

Chapter 11: Managing Virtual Machines

Chapter 12: Managing Your EAPS Configuration

Chapter 13: Managing Network Security

Chapter 14: Policies

Chapter 15: Tuning and Debugging Ridgeline

Chapter 16: Creating and Running Ridgeline Scripts

Chapter 17: Using Identity Management

Quick Links

Software Version 3.0

Troubleshooting

Related Manuals for Extreme Networks Ridgeline Guide

Summary of Contents for Extreme Networks Ridgeline Guide