Extreme Switches
Extreme Networks switches include ERS (Ethernet Routing Switch), VSP (Virtual Services Platform), and EXOS-based platforms. VSP and ERS switches support SPB-m (Shortest Path Bridging - MAC) fabric deployments for enterprise campus and data center networks.
Supported Models
ERS (Ethernet Routing Switch)
| Model/Series | Notes |
|---|---|
| ERS 4850GTS | Stackable Gigabit switch with SPB-m support |
| ERS 4900 Series | High-performance stackable switches |
| ERS 5900 Series | Aggregation switches |
VSP (Virtual Services Platform)
| Model/Series | Notes |
|---|---|
| VSP 4450 | Compact aggregation switch |
| VSP 4900 | High-density aggregation switch |
| VSP 7200 Series | High-performance aggregation switches |
| VSP 7400 Series | Multi-rate aggregation switches |
| VSP 8200 | High-density campus/data center switch |
| VSP 8400 | Modular data center switch |
EXOS (ExtremeXOS)
| Model/Series | Notes |
|---|---|
| X440-G2 Series | Edge/access switches |
| X450-G2 Series | Mid-tier aggregation switches |
| X460-G2 Series | Enterprise aggregation switches |
| X465 Series | Universal switches with stacking |
| X590 Series | High-performance ToR switches |
| X620 Series | Compact access switches |
| X690 Series | Data center aggregation switches |
| X870 Series | Spine/leaf switches |
Features Supported
| Feature | ERS | VSP | EXOS | Description |
|---|---|---|---|---|
| Config Sync | Yes | Yes | Yes | Automatic configuration synchronization from rXg |
| Auto Bootstrap | Yes | Yes | Yes | Zero-touch onboarding capability |
| SNMP Monitoring | Yes | Yes | Yes | CPU, memory, and port statistics collection |
| LLDP Neighbor Discovery | Yes | Yes | Yes | Automatic detection of connected devices |
| Switch Port Import | Yes | Yes | Yes | Automatic import and management of switch ports |
| 802.1X Authentication | Yes | Yes | Yes | Port-based network access control |
| MAC Authentication Bypass | Yes | Yes | Yes | MAC-based authentication for non-802.1X devices |
| Dynamic VLAN Assignment | Yes | Yes | Yes | RADIUS-assigned VLAN based on authentication |
| DHCP Snooping | Yes | Yes | Yes | Protection against rogue DHCP servers |
| Firmware Management | Yes (TFTP) | Yes (TFTP) | No | Upload and upgrade firmware via rXg |
| SPB-m Fabric | Yes | Yes | No | Shortest Path Bridging - MAC mode |
| I-SID Management | Yes | Yes | No | Service Instance Identifier mappings |
Prerequisites
Firmware Requirements
| Platform | Minimum Version | Notes |
|---|---|---|
| ERS 4850/4900 | 7.x | SPB-m requires firmware with fabric support |
| VSP 4000/7000/8000 | VOSS 8.x | Virtual Services Platform Operating System |
| EXOS | 22.x+ | ExtremeXOS with JSON-RPC API support |
Network Requirements
- Management IP connectivity to rXg
- SSH access (TCP port 22) for ERS and VSP
- HTTP/HTTPS access for EXOS JSON-RPC API
- SNMP access (UDP port 161)
- RADIUS connectivity (UDP ports 1812, 1813)
- TFTP access from switch to rXg (UDP port 69) for config scripts (ERS/VSP)
Onboarding Process
ERS Bootstrap
The ERS bootstrap process configures SPB-m fabric, management IP, SSH, SNMP, and user credentials. Bootstrap scripts are generated from the rXg admin console.
Phase 1 - Enable SPB-m (requires reboot):
enable
config terminal
spbm
y
! Switch will reboot now
Phase 2 - Configure remaining settings (after reboot):
enable
config terminal
terminal length 0
no autosave enable
! Enable SSH
no ssh
ssh timeout 120
ssh
! SNMP configuration
snmp-server community ro
<community_string>
<community_string>
snmp-server name "<system_name>"
snmp-server enable
! User credentials
no password security
username RW password
<password>
<password>
vlan configcontrol flexible
! SPB-m configuration
spbm ethertype 0x8100
router isis
spbm 1
spbm 1 nick-name <nickname>
exit
! Loopback for IS-IS source
interface loopback 1
ip address <loopback_ip> 255.255.255.255
exit
! NTP configuration
ntp server <rxg_ip>
ntp
! Management IP configuration
no ip address
y
no ip netmask
y
no ip default-gateway
y
vlan create <mgmt_vlan> type port
vlan mgmt <mgmt_vlan>
ip address <ip>/<mask> default-gateway <gateway>
! B-VLAN configuration
vlan create <bvlan1> type spbm-bvlan
vlan create <bvlan2> type spbm-bvlan
! IS-IS routing configuration
router isis
ip-source-address <loopback_ip>
spbm 1 b-vid <bvlan1>,<bvlan2> primary <bvlan1>
is-type l1
manual-area <area_id>
exit
router isis enable
router isis
redistribute direct
redistribute direct enable
exit
isis apply redistribute direct
! NNI port configuration (for each NNI port)
vlan members remove 1 <nni_port>
interface ethernet <nni_port>
isis
isis spbm 1
isis enable
no spanning-tree stp 1
no shutdown
exit
! Management I-SID mapping
vlan i-sid <mgmt_vlan> <mgmt_isid>
exit
write mem
VSP Bootstrap
VSP switches use SFTP for configuration script delivery. Bootstrap configuration is generated from the Switch Fabric management interface.
Bootstrap configuration includes: - SSH enable with algorithm support - Password change from factory defaults - SPB-m fabric configuration (B-VLANs, IS-IS, nicknames) - NNI port configuration for fabric interconnects - Management VLAN and I-SID configuration - NTP server configuration - SNMP community setup
enable
configure terminal
! SSH configuration
ssh timeout 120
ssh
! SPB-m configuration
spbm
spbm ethertype 0x8100
router isis
spbm 1
spbm 1 nick-name <nickname>
spbm 1 b-vid <bvlan1>,<bvlan2> primary <bvlan1>
exit
! Loopback for IS-IS
interface loopback 1
ip address <loopback_ip>/32
exit
! IS-IS configuration
router isis
ip-source-address <loopback_ip>
is-type l1
manual-area <area_id>
redistribute direct
redistribute direct enable
exit
router isis enable
! NNI port configuration
interface GigabitEthernet <nni_port>
isis
isis spbm 1
isis enable
no shutdown
exit
save config
EXOS Bootstrap
EXOS switches use JSON-RPC API over HTTP/HTTPS for configuration. Bootstrap generates management configuration.
# Management IP configuration
configure vlan Default ipaddress <ip>/<mask>
configure iproute add default <gateway>
# DNS configuration
configure dns-client add name-server <dns_ip>
configure dns-client default-domain <domain>
# SNMP configuration
configure snmp sysName "<system_name>"
configure snmpv3 add community <community_string> name <community_name> user v1v2c_ro
enable snmp access
# SSH configuration
enable ssh2
# Change admin password
configure account admin password <password>
# NTP configuration
configure ntp server add <ntp_ip>
enable ntp
Configuration
Connection Settings
ERS/VSP (SSH)
The rXg connects via SSH using RubyExpect for CLI automation. Legacy SSH algorithms are enabled for compatibility with older firmware versions.
SSH algorithms enabled:
- Key Exchange: diffie-hellman-group14-sha1
- Host Key: ssh-rsa
CLI prompts recognized:
- Password prompt: password:
- Enabled prompt: #
- Disabled prompt: >
- Config prompt: (config)#
- Interface prompt: (config-if)#
EXOS (JSON-RPC)
The rXg connects via JSON-RPC API over HTTP or HTTPS.
API endpoint: http(s)://<host>:<port>/jsonrpc
Request format:
json
{
"method": "cli",
"id": "10",
"jsonrpc": "2.0",
"params": ["<command>"]
}
RADIUS / AAA Configuration
ERS RADIUS Configuration
802.1X and MAB authentication configuration is managed via config sync:
radius-server host <rxg_ip> key <shared_secret>
radius-server host <rxg_ip> auth-port 1812
radius-server host <rxg_ip> acct-port 1813
aaa authentication dot1x default radius
aaa authentication mac default radius
VSP RADIUS Configuration
radius-server host <rxg_ip> key <shared_secret>
radius server host <rxg_ip> used-by dot1x
radius server host <rxg_ip> used-by non-eap-mac
authentication mode multi-host
EXOS RADIUS/Netlogin Configuration
EXOS uses netlogin with policy-based VLAN authorization:
# Configure RADIUS server
configure radius netlogin primary server <rxg_ip> client-ip <switch_ip> vr VR-Default
configure radius netlogin primary shared-secret <shared_secret>
# Enable netlogin authentication modes
enable netlogin dot1x
enable netlogin mac
# Configure policy for VLAN assignment (created automatically by rXg)
create policy profile <profile_name> port-vlan <vlan_id>
SPB-m Fabric Configuration
For ERS and VSP switches participating in an SPB-m fabric:
B-VLAN Configuration
B-VLANs carry fabric traffic between switches:
# ERS
vlan create <bvlan_id> type spbm-bvlan
# VSP
vlan create <bvlan_id> type spbm-bvlan
I-SID to VLAN Mappings
Service Instance Identifiers map VLANs across the fabric:
# ERS - Flex-UNI mapping
i-sid <isid> vlan <vlan_id> port <port>
# VSP - L2 VSN mapping
i-sid <isid> vlan <vlan_id>
NNI Port Configuration
Network-to-Network Interface ports carry fabric traffic:
# Enable ISIS on NNI ports
interface ethernet <port>
isis
isis spbm 1
isis enable
no shutdown
exit
SNMP Configuration
ERS/VSP
snmp-server community ro
<community_string>
snmp-server enable
EXOS
configure snmpv3 add community <community_string> name <name> user v1v2c_ro
enable snmp access
Monitoring Capabilities
| Metric | ERS | VSP | EXOS | Collection Method |
|---|---|---|---|---|
| CPU Usage | Yes | Yes | Yes | SNMP |
| Memory Usage | Yes | Yes | Yes | SNMP |
| Port Statistics | Yes | Yes | Yes | SNMP |
| Port Status | Yes | Yes | Yes | SNMP |
| LLDP Neighbors | Yes | Yes | Yes | CLI/SNMP |
| I-SID Status | Yes | Yes | N/A | CLI |
| IS-IS Adjacencies | Yes | Yes | N/A | CLI |
Monitored Port Types
- Ethernet ports (physical interfaces)
- LAG interfaces (Link Aggregation Groups)
- NNI ports (fabric backbone)
Troubleshooting
Common Issues
SSH Connection Failures (ERS/VSP)
Symptom: Unable to establish SSH connection Resolution: - Verify SSH is enabled on the switch - Check firewall rules allow TCP port 22 - Verify SSH key algorithms are compatible (legacy algorithms may be required) - Check for IP lockout after failed login attempts (60 second timeout)
JSON-RPC Connection Failures (EXOS)
Symptom: HTTP connection refused or authentication errors
Resolution:
- Verify web server is enabled: enable web http or enable web https
- Check credentials are correct for admin user
- Verify REST API is enabled in EXOS configuration
SPB-m Fabric Not Synchronizing
Symptom: Config sync reports fabric not enabled
Resolution:
1. Verify SPB-m is enabled: show spbm should show "enabled"
2. Verify IS-IS is running: show isis or show isis interface
3. Check NNI ports are up and ISIS-enabled
4. Verify B-VLAN configuration matches fabric settings
I-SID Mappings Not Applied
Symptom: VLAN traffic not forwarding across fabric Resolution: - Verify I-SID is created and mapped to correct VLAN - Check port is member of the VLAN - Verify ISIS adjacency is established on NNI ports
Diagnostic Commands
ERS
show spbm # SPB-m global status
show isis # IS-IS protocol status
show isis interface # IS-IS enabled interfaces
show isis spbm # SPB-m instance details
show i-sid # I-SID to VLAN mappings
show vlan members # VLAN membership
show running-config # Current configuration
show interfaces loopback # Loopback IP configuration
show lldp neighbor-mgmt-addr # LLDP neighbors
VSP
show spbm # SPB-m status
show isis interface # IS-IS interfaces
show isis spbm # SPB-m instance info
show vlan i-sid # I-SID mappings
show vlan members # VLAN membership
show running-config # Current configuration
show lldp neighbor # LLDP neighbors
EXOS
show switch # System information
show vlan # VLAN configuration
show netlogin # Netlogin/authentication status
show radius # RADIUS server configuration
show policy profile all # Policy profiles
show lldp neighbors # LLDP neighbors
Known Limitations
- SPB-m fabric only supported on VSP and ERS platforms (not EXOS)
- EXOS switches use JSON-RPC API (not SSH CLI)
- ERS requires reboot to enable/disable SPB-m mode
- Configuration script execution via TFTP requires rXg TFTP service enabled
- Maximum script execution timeout is 120 seconds for large configurations
Operational Caveats
- ERS SPB-m Mode: Enabling or disabling SPB-m requires a switch reboot. Plan maintenance windows accordingly.
- IS-IS Source IP: The loopback interface IP is used as IS-IS source address. Changing it requires temporary workaround with secondary loopback.
- VLAN Tagging Modes: ERS supports
tagAll,unTagPvidOnly, andfilter-untagged-framemodes per port. - Config Script Delivery: ERS/VSP use TFTP/SFTP for config scripts. Ensure rXg is accessible from switch management network.
- NNI Port Changes: Modifying NNI ports affects fabric topology. IS-IS will reconverge.
