Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
v
Cumulus Linux Conversion Guides
Cumulus Networks
May 24, 2016
Evolution of the CLI
§Where did things move?
cumulusnetworks.com 2
interfaces {
ge-0/1/1 {
unit 0 {
family bridge {
interf...
Defining a Switch Port
cumulusnetworks.com 3
cumulus@switch:~$ sudo vi /etc/network/interfaces
auto swp1
iface swp1
auto b...
Adding an IP Address
cumulusnetworks.com 4
cumulus@switch:~$ sudo vi /etc/network/interfaces
auto swp1
iface swp1
address ...
Setting Speed, Duplex, MTU, and Auto-negotiation for an Interface
cumulusnetworks.com 5
cumulus@switch:~$ sudo vi /etc/net...
Configuring Trunks
cumulusnetworks.com 6
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports glob swp1-2
bridge-vi...
Pruning a Trunk
cumulusnetworks.com 7
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports glob swp1-2
bridge-vids ...
Configuring Access Ports
cumulusnetworks.com 8
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports glob swp1-2
bri...
Changing the Native (Untagged) VLAN for a Single Trunk
cumulusnetworks.com 9
auto bridge
iface bridge
bridge-vlan-aware ye...
EtherChannels/Bonds
cumulusnetworks.com 10
vlan 10
!
interface GigabitEthernet0/19
switchport trunk encapsulation dot1q
sw...
EtherChannels/Bonds
cumulusnetworks.com 11
interface Ethernet37
switchport mode trunk
channel-group 2 mode active
interfac...
EtherChannels/Bonds
cumulusnetworks.com 12
feature interface-vlan
feature lacp
vlan 14
interface Ethernet1/39
switchport m...
Spanning Tree Configuration
cumulusnetworks.com 13
auto swp1
iface swp1
mstpctl-portadminedge yes
interface Gigabit0/0
spa...
Spanning Tree Configuration
cumulusnetworks.com 14
auto swp1
iface swp1
mstpctl-bpduguard yes
!
spanning-tree portfast bpd...
Spanning Tree Configuration
cumulusnetworks.com 15
auto swp1
iface swp1
mstpctl-portbpdufilter yes
!
spanning-tree portfas...
Spanning Tree Configuration
cumulusnetworks.com 16
auto swp1
iface swp1
mstpctl-treeportprio 128
interface Gigabit0/0
span...
Spanning Tree Configuration
cumulusnetworks.com 17
auto vlan1
iface vlan1
mstpctl-treeprio 32768
bridge-ports swp1
spannin...
More Spanning Tree Info (Conversion Guide)
cumulusnetworks.com 18
https://support.cumulusnetworks.com/hc/en-us/articles/20...
Access Lists
cumulusnetworks.com 19
iptables -A {FORWARD | INPUT | OUTPUT} -j {ACCEPT | DROP | POLICE | SPAN | ERSPAN} | -...
Block ICMP Echo Requests on the Specified Switch Port
cumulusnetworks.com 20
iptables -A FORWARD -j DROP -i swp1 -p icmp -...
Block SSH Trafficfrom the Specified Subnet (5.5.5.0/24)
cumulusnetworks.com 21
iptables -A INPUT -j DROP -p tcp -s 5.5.5.0...
Allow NTP Traffic to Transitthe Switch (UDP Port 123)
cumulusnetworks.com 22
iptables -A FORWARD -j ACCEPT -p udp -s 192.1...
Policing a Physical Interface
cumulusnetworks.com 23
-A FORWARD --in-interface swp1 -j POLICE --set-mode KB --set-rate 125...
Policing DSCP Values
cumulusnetworks.com 24
-A FORWARD --in-interface swp2 -m dscp --dscp 10 -j POLICE --set-mode KB --set...
Policing by Source Traffic
cumulusnetworks.com 25
-A FORWARD --in-interface swp3 -j POLICE --set-mode KB --set-rate 12500 ...
Time Zone Configuration
cumulusnetworks.com 26
switch# configure terminal
switch(config)# clock timezone PST -8 0
switch(c...
NTP
cumulusnetworks.com 27
switch# clock protocol ntp vdc 1
Cumulus Linux
Cisco
Set NTP (e.g. to VDC 1)
cumulus@switch:~$ ...
Show Management Interface Current Configuration
cumulusnetworks.com 28
switch# show interface mgmt 0
Cumulus Linux
Cisco
c...
DHCP Relay
cumulusnetworks.com 29
cumulus@switch:~$ sudo vi /etc/default/isc-dhcp-relay
SERVERS="192.168.123.4"
INTERFACES...
CLI Basics
cumulusnetworks.com 30
Show command history
cumulus@switch:~$ history switch# show cli history
Cumulus Linux Ci...
CLI Basics
cumulusnetworks.com 31
Show SPROM information
cumulus@switch:~$ decode-syseeprom switch# show sprom
Cumulus Lin...
CLI Basics
cumulusnetworks.com 32
Show CPU processes and utilization
cumulus@switch:~$ ps aux switch# show processes
Cumul...
CLI Basics
cumulusnetworks.com 33
Show interface neighbors
cumulus@switch:~$ lldpctl switch# show lldp neigbhors
Cumulus L...
Show ARP Table
cumulusnetworks.com 34
root@leaf01:~# arp –n
Address HWtype HWaddress Flags Mask Iface
10.2.0.254 ether 44:...
Configure SNMP (Net-SNMP)
cumulusnetworks.com 35
cumulus@switch:~$ sudo vi /etc/snmp/snmpd.conf
cumulus@switch:~$ sudo vi ...
© 2016 Cumulus Networks. CUMULUS, the Cumulus Logo, CUMULUS NETWORKS, and the Rocket Turtle Logo (the “Marks”) are tradema...
Upcoming SlideShare
Loading in …5
×

Cumulus networks conversion guide

4,860 views

Published on

This presentation gives an overview of Cumulus Linux Conversion Guide.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cumulus networks conversion guide

  1. 1. v Cumulus Linux Conversion Guides Cumulus Networks May 24, 2016
  2. 2. Evolution of the CLI §Where did things move? cumulusnetworks.com 2 interfaces { ge-0/1/1 { unit 0 { family bridge { interface-mode access; vlan-id 100; } } } ge-0/1/2 { unit 0 { family bridge { interface-mode access; vlan-id 200; } } } auto bridge iface bridge bridge-vlan-aware yes bridge-ports swp1 swp2 bridge-vids 100 200 auto swp1 iface swp1 bridge-access 100 auto swp2 iface swp2 bridge-access 200 ▪ Cisco ▪ Juniper ▪ Cumulus Linux /etc/network/interfaces: vlan 100,200 interface ethernet 1/1 switchport mode access switchport access vlan 100 interface ethernet 1/2 switchport mode access switchport access vlan 200
  3. 3. Defining a Switch Port cumulusnetworks.com 3 cumulus@switch:~$ sudo vi /etc/network/interfaces auto swp1 iface swp1 auto bridge iface bridge bridge-ports swp1 Cumulus Linux Cisco switch# configure terminal switch(config)# interface ethernet 1/1 switch(config-if)# switchport
  4. 4. Adding an IP Address cumulusnetworks.com 4 cumulus@switch:~$ sudo vi /etc/network/interfaces auto swp1 iface swp1 address [ipv4-address/subnet-mask] address [ipv6-address/subnet-mask] Cumulus Linux Cisco switch# configure terminal switch(config)# interface ethernet 1/1 switch(config-if)# no switchport switch(config-if)# ip address [ipv4-address/subnet-mask] switch(config-if)# ipv6 address [ipv6-address/subnet-mask]
  5. 5. Setting Speed, Duplex, MTU, and Auto-negotiation for an Interface cumulusnetworks.com 5 cumulus@switch:~$ sudo vi /etc/network/interfaces auto swp1 iface swp1 link-speed [speed] link-duplex [full|half] mtu [1500 - 9216] link-autoneg [on|off] Cumulus Linux Cisco switch# configure terminal switch(config)# interface ethernet 1/1 switch(config-if)# speed [speed] switch(config-if)# duplex [full|half] switch(config-if)# mtu [1500 - 9216] switch(config-if)# [no] negotiate auto
  6. 6. Configuring Trunks cumulusnetworks.com 6 auto bridge iface bridge bridge-vlan-aware yes bridge-ports glob swp1-2 bridge-vids 100 200 ▪ Cumulus Linux /etc/network/interfaces: vlan 100,200 interface ethernet 1/1 switchport mode trunk interface ethernet 1/2 switchport mode trunk Cisco
  7. 7. Pruning a Trunk cumulusnetworks.com 7 auto bridge iface bridge bridge-vlan-aware yes bridge-ports glob swp1-2 bridge-vids 100 200 auto swp1 iface swp1 bridge-vids 200 ▪ Cumulus Linux /etc/network/interfaces: vlan 100,200 interface ethernet 1/1 switchport mode trunk switchport trunk allowed vlan 200 interface ethernet 1/2 switchport mode trunk Cisco
  8. 8. Configuring Access Ports cumulusnetworks.com 8 auto bridge iface bridge bridge-vlan-aware yes bridge-ports glob swp1-2 bridge-vids 100 200 auto swp1 iface swp1 bridge-access 100 auto swp2 iface swp2 bridge-access 200 ▪ Cumulus Linux /etc/network/interfaces: vlan 100,200 interface ethernet 1/1 switchport mode access switchport access vlan 100 interface ethernet 1/2 switchport mode access switchport access vlan 200 Cisco
  9. 9. Changing the Native (Untagged) VLAN for a Single Trunk cumulusnetworks.com 9 auto bridge iface bridge bridge-vlan-aware yes bridge-ports glob swp1-2 bridge-vids 1-200 auto swp1 iface swp1 bridge-pvid 100 auto swp2 iface swp2 bridge-pvid 200 ▪ Cumulus Linux /etc/network/interfaces: vlan 1-200 interface ethernet 1/1-2 switchport mode trunk switchport trunk allowed vlan 1-200 interface ethernet 1/1 switchport trunk native vlan 100 interface ethernet 1/2 switchport trunk native vlan 200 Cisco
  10. 10. EtherChannels/Bonds cumulusnetworks.com 10 vlan 10 ! interface GigabitEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active interface GigabitEthernet0/20 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active interface Port-channel1 switchport trunk encapsulation dot1q switchport mode trunk interface Vlan10 ip address 10.10.10.10 255.255.255.0 Cisco WS-C3560X-24 12.2(55)SE5 auto bond1 iface bond1 bond-slaves glob swp19-20 bond-miimon 100 bond-min-links 1 bond-mode 802.3ad bond-xmit-hash-policy layer3+4 bond-lacp-rate 1 auto vlan10 iface vlan10 bridge-ports bond1.10 address 10.10.10.11/24 bridge-stp on ▪ Cumulus Linux /etc/network/interfaces: Cisco
  11. 11. EtherChannels/Bonds cumulusnetworks.com 11 interface Ethernet37 switchport mode trunk channel-group 2 mode active interface Ethernet38 switchport mode trunk channel-group 2 mode active interface Port-Channel2 switchport trunk allowed vlan 12 switchport mode trunk interface Vlan12 ip address 12.12.12.12/24 Arista DCS-7148S-R 4.13.5F auto bond2 iface bond2 bond-slaves glob swp37-38 bond-miimon 100 bond-min-links 1 bond-mode 802.3ad bond-xmit-hash-policy layer3+4 bond-lacp-rate 1 auto vlan12 iface vlan12 bridge-ports bond2.12 address 12.12.12.11/24 bridge-stp on ▪ Cumulus Linux /etc/network/interfaces: Arista
  12. 12. EtherChannels/Bonds cumulusnetworks.com 12 feature interface-vlan feature lacp vlan 14 interface Ethernet1/39 switchport mode trunk channel-group 3 mode active interface Ethernet1/40 switchport mode trunk channel-group 3 mode active interface port-channel3 switchport mode trunk interface Vlan14 no shutdown ip address 14.14.14.14/24 Cisco Nexus3064 5.0(3)U2(2c) auto bond3 iface bond3 bond-slaves glob swp39-40 bond-miimon 100 bond-min-links 1 bond-mode 802.3ad bond-xmit-hash-policy layer3+4 bond-lacp-rate 1 auto vlan14 iface vlan14 bridge-ports bond3.14 address 14.14.14.11/24 bridge-stp on ▪ Cumulus Linux /etc/network/interfaces: Cisco
  13. 13. Spanning Tree Configuration cumulusnetworks.com 13 auto swp1 iface swp1 mstpctl-portadminedge yes interface Gigabit0/0 spanning-tree portfast Immediately bring an interface configured as an access or trunk port to the forwarding state. ▪ Cumulus Linux Cisco
  14. 14. Spanning Tree Configuration cumulusnetworks.com 14 auto swp1 iface swp1 mstpctl-bpduguard yes ! spanning-tree portfast bpduguard default ! interface Gigabit0/0 spanning-tree portfast Enabling/disabling the BPDU guard configuration. ▪ Cumulus Linux Cisco
  15. 15. Spanning Tree Configuration cumulusnetworks.com 15 auto swp1 iface swp1 mstpctl-portbpdufilter yes ! spanning-tree portfast bpdufilter default ! interface Gigabit0/0 spanning-tree portfast Enables BPDU filter on a switch port, which filters BPDUs in both directions. ▪ Cumulus Linux Cisco
  16. 16. Spanning Tree Configuration cumulusnetworks.com 16 auto swp1 iface swp1 mstpctl-treeportprio 128 interface Gigabit0/0 spanning-tree port-priority 128 Configure the port priority for an interface. The default for both operating systems is 128. ▪ Cumulus Linux Cisco
  17. 17. Spanning Tree Configuration cumulusnetworks.com 17 auto vlan1 iface vlan1 mstpctl-treeprio 32768 bridge-ports swp1 spanning-tree vlan 1 priority 32768 Configure the switch's priority for a bridge/VLAN. The default for both operating systems is 32768. ▪ Cumulus Linux Cisco
  18. 18. More Spanning Tree Info (Conversion Guide) cumulusnetworks.com 18 https://support.cumulusnetworks.com/hc/en-us/articles/206908397 Spanning Tree Industry-standard Loop Prevention for L2
  19. 19. Access Lists cumulusnetworks.com 19 iptables -A {FORWARD | INPUT | OUTPUT} -j {ACCEPT | DROP | POLICE | SPAN | ERSPAN} | -p <protocol> -s <source> --sport [<ports>] -d destination> --dport [<ports>] [<options>] iptables -A FORWARD -j ACCEPT -p tcp -s 10.10.10.0/24 -d 3.3.3.3/24 --dport 80 iptables/netfilter (including Cumulus Linux) access-list <number> {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>] IOS Standard Syntax ip access-list extended {<number> | <name>} [<sequence>] {permit | deny} <protocol> <source> [<ports>]<destination> [<ports>] [<options>] IOS Extended Syntax (including NX-OS) ip access-list extended allow_http 10 permit tcp 10.10.10.0/24 3.3.3.3/24 eq www access-list 10 permit tcp 10.10.10.0/24 3.3.3.3/24 eq www (Example permit http port 80 traffic to 10.10.10.0/24 subnet)
  20. 20. Block ICMP Echo Requests on the Specified Switch Port cumulusnetworks.com 20 iptables -A FORWARD -j DROP -i swp1 -p icmp --icmp-type echo-request ip access-list extended block_icmp deny icmp any any echo interface g0/0 ip access-group block_icmp in Cumulus Linux Cisco
  21. 21. Block SSH Trafficfrom the Specified Subnet (5.5.5.0/24) cumulusnetworks.com 21 iptables -A INPUT -j DROP -p tcp -s 5.5.5.0/24 --dport 22 ip access-list extended block_ssh deny tcp 5.5.5.0 0.0.0.255 192.50.50.0 0.0.0.255 eq 22 interface g0/0 ip access-group block_ssh in Cumulus Linux Cisco
  22. 22. Allow NTP Traffic to Transitthe Switch (UDP Port 123) cumulusnetworks.com 22 iptables -A FORWARD -j ACCEPT -p udp -s 192.168.1.0/24 --dport 123 ip access-list extended allow_ntp permit udp 192.168.1.0 0.0.0.255 any eq ntp interface g0/0 ip access-group allow_ntp in Cumulus Linux Cisco
  23. 23. Policing a Physical Interface cumulusnetworks.com 23 -A FORWARD --in-interface swp1 -j POLICE --set-mode KB --set-rate 125000 --set-burst 2000 Cumulus Linux cumulus@leaf1$ sudo cl-acltool -L ip | grep swp1 pkts bytes target prot opt in out source destination 0 0 POLICE all -- swp1 any anywhere anywhere POLICE mode:KB rate:125000 burst:2000 Output policy-map sean class class-default police cir 1000000000 interface TenGigabitEthernet1/13 service-policy input sean Cisco
  24. 24. Policing DSCP Values cumulusnetworks.com 24 -A FORWARD --in-interface swp2 -m dscp --dscp 10 -j POLICE --set-mode KB --set-rate 31250 --set-burst 2000 cumulus@leaf1$ sudo cl-acltool -L ip | grep swp2 pkts bytes target prot opt in out source destination 0 0 POLICE all -- swp2 any anywhere anywhere DSCP match 0x0a POLICE mode:KB rate:31250 burst:2000 Cumulus Linux Output class-map match-all dscp10 match dscp af11 ! policy-map sean2 class dscp10 police cir 250000000 ! interface TenGigabitEthernet1/14 service-policy input sean2 Cisco
  25. 25. Policing by Source Traffic cumulusnetworks.com 25 -A FORWARD --in-interface swp3 -j POLICE --set-mode KB --set-rate 12500 --set-burst 2000 -s 3.3.3.0/24 cumulus@leaf1$ sudo cl-acltool -L ip | grep swp3 pkts bytes target prot opt in out source destination 0 0 POLICE all -- swp3 any 3.3.3.0/24 anywhere POLICE mode:KB rate:12500 burst:2000 Cumulus Linux access-list 100 permit ip 3.3.3.0 0.0.0.255 any ! class-map match-all heller match access-group 100 ! policy-map heller class heller police cir 100000000 ! interface TenGigabitEthernet1/15 service-policy input heller Cisco Output
  26. 26. Time Zone Configuration cumulusnetworks.com 26 switch# configure terminal switch(config)# clock timezone PST -8 0 switch(config)# exit switch# show clock switch# copy running-config startup-config Cumulus Linux Cisco cumulus@switch:~$ sudo tzconfg cumulus@switch:~$ sudo hwclock
  27. 27. NTP cumulusnetworks.com 27 switch# clock protocol ntp vdc 1 Cumulus Linux Cisco Set NTP (e.g. to VDC 1) cumulus@switch:~$ sudo vi /etc/ntp.conf cumulus@switch:~$ ntpd –q
  28. 28. Show Management Interface Current Configuration cumulusnetworks.com 28 switch# show interface mgmt 0 Cumulus Linux Cisco cumulus@switch:~$ ifquery eth0
  29. 29. DHCP Relay cumulusnetworks.com 29 cumulus@switch:~$ sudo vi /etc/default/isc-dhcp-relay SERVERS="192.168.123.4" INTERFACES="bridge swp4 swp5" cumulus@switch:~$ sudo /etc/init.d/isc-dhcp-relay restart Cumulus Linux Cisco switch# configure terminal switch(config)# ip dhcp relay switch# configure terminal switch(config)# interface ethernet 1/1 switch(config-if)# ip dhcp relay address 192.168.123.4
  30. 30. CLI Basics cumulusnetworks.com 30 Show command history cumulus@switch:~$ history switch# show cli history Cumulus Linux Cisco Send message to all logged on users cumulus@switch:~$ echo message | sudo wall switch# send message Send message to specific user cumulus@switch:~$ sudo write user-id switch# show users switch# send session line message
  31. 31. CLI Basics cumulusnetworks.com 31 Show SPROM information cumulus@switch:~$ decode-syseeprom switch# show sprom Cumulus Linux Cisco Show hardware states (temperature, fan, power) cumulus@switch:~$ sudo smonctl switch# show environment Show memory allocation cumulus@switch:~$ vmstat switch# show processes memory Show real-time memory usage cumulus@switch:~$ vmstat 1 Alternative command cumulus@switch:~$ free cumulus@switch:~$ sudo sensors
  32. 32. CLI Basics cumulusnetworks.com 32 Show CPU processes and utilization cumulus@switch:~$ ps aux switch# show processes Cumulus Linux Cisco Show hardware information cumulus@switch:~$ dmidecode switch# show inventory Show high level port state cumulus@switch:~$ netshow interface switch# show ip int br cumulus@switch:~$ top switch# show processes cpu cumulus@switch:~$ netshow system
  33. 33. CLI Basics cumulusnetworks.com 33 Show interface neighbors cumulus@switch:~$ lldpctl switch# show lldp neigbhors Cumulus Linux Cisco Show interface connector information cumulus@switch:~$ sudo ethtool –m swp1 switch# show interface ethernet 1/1 transceiver Reboot switch cumulus@switch:~$ sudo reboot switch# reload cumulus@switch:~$ netshow lldp
  34. 34. Show ARP Table cumulusnetworks.com 34 root@leaf01:~# arp –n Address HWtype HWaddress Flags Mask Iface 10.2.0.254 ether 44:38:39:00:00:29 C eth0 169.254.1.2 ether 44:38:39:00:00:30 C peerlink.4094 169.254.0.1 ether 44:38:39:00:00:08 CM swp49 169.254.0.1 ether 44:38:39:00:00:14 CM swp50 Cumulus Linux Cisco switch# show ip arp IP ARP Table for context default Total number of entries: 1 Address Age MAC Address Interface 90.10.10.2 00:03:11 000d.ece7.df7c Vlan900
  35. 35. Configure SNMP (Net-SNMP) cumulusnetworks.com 35 cumulus@switch:~$ sudo vi /etc/snmp/snmpd.conf cumulus@switch:~$ sudo vi /etc/snmp/snmptrapd.conf switch# configure terminal switch(config)# snmp-server host ip-address traps version 2c public Cumulus Linux Cisco https://docs.cumulusnetworks.com/display/DOCS/Monitoring+System+Hardware Detailed Info
  36. 36. © 2016 Cumulus Networks. CUMULUS, the Cumulus Logo, CUMULUS NETWORKS, and the Rocket Turtle Logo (the “Marks”) are trademarks and service marks of Cumulus Networks, Inc. in the U.S. and other countries. You are not permitted touse the Marks without theprior written consent of Cumulus Networks. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis. All other marks are used under fair use or license from their respective owners. §Thank You! cumulusnetworks.com 36 Bringing the Linux Revolution to Networking

×