Version 3.1 SP2 Reference Guide - Extreme Networks
Version 3.1 SP2 Reference Guide - Extreme Networks
Version 3.1 SP2 Reference Guide - Extreme Networks
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Ridgeline <strong>Reference</strong> <strong>Guide</strong>Software <strong>Version</strong> <strong>3.1</strong> Service Pack 2<strong>Extreme</strong> <strong>Networks</strong>, Inc.3585 Monroe StreetSanta Clara, California 95051(888) 257-3000(408) 579-2800http://www.extremenetworks.comPublished: April 2012Part Number: 120780-00 Rev. 2.0
AccessAdapt, Alpine, Altitude, BlackDiamond, EPICenter, Essentials, Ethernet Everywhere, <strong>Extreme</strong> Enabled,<strong>Extreme</strong> Ethernet Everywhere, <strong>Extreme</strong> <strong>Networks</strong>, <strong>Extreme</strong> Standby Router Protocol, <strong>Extreme</strong> Turbodrive, <strong>Extreme</strong>Velocity, <strong>Extreme</strong>Ware, <strong>Extreme</strong>Works, <strong>Extreme</strong>XOS, Go Purple <strong>Extreme</strong> Solution, Ridgeline, ScreenPlay, Sentriant,ServiceWatch, Summit, SummitStack, Triumph, Unified Access Architecture, Unified Access RF Manager, UniStack,the <strong>Extreme</strong> <strong>Networks</strong> logo, the Alpine logo, the BlackDiamond logo, the <strong>Extreme</strong> Turbodrive logo, the Summitlogos, and the Powered by <strong>Extreme</strong>XOS logo are trademarks or registered trademarks of <strong>Extreme</strong> <strong>Networks</strong>, Inc. orits subsidiaries in the United States and/or other countries.Active Directory is a registered trademark of Microsoft.sFlow is a registered trademark of InMon Corporation.XenServer is a trademark of Citrix.vCenter is trademark of VMware.Specifications are subject to change without notice.All other registered trademarks, trademarks, and service marks are property of their respective owners.© 2012 <strong>Extreme</strong> <strong>Networks</strong>, Inc. All Rights Reserved.2Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Table of ContentsPreface.......................................................................................................................................................19Introduction.............................................................................................................................................................19Terminology ....................................................................................................................................................19Conventions ...........................................................................................................................................................20Related Publications...............................................................................................................................................20Chapter 1: Overview.................................................................................................................................23Introduction.............................................................................................................................................................23In This <strong>Guide</strong> ..........................................................................................................................................................23Chapter 2: Getting Started with Ridgeline .............................................................................................27Modifying the Contents of the Ridgeline Home Page......................................................................................28Ridgeline Windows.................................................................................................................................................29Modifying Table Views ....................................................................................................................................31Sorting Table Rows..................................................................................................................................31Resizing Table Columns ..........................................................................................................................31Moving Table Columns ............................................................................................................................31Removing Columns From a Table ...........................................................................................................32Moving Windows in Ridgeline .........................................................................................................................32Docking Tabbed Windows .......................................................................................................................32Collapsing Detail Windows into the Main Window ...................................................................................32Collapsing Network Administrator Windows into the Main Window.........................................................33Online Help.............................................................................................................................................................33Chapter 3: Managing Your Network Inventory .....................................................................................35Overview of Ridgeline Device Inventory Management...........................................................................................35Device Groups ................................................................................................................................................36Displaying the Network Device Inventory...............................................................................................................36Alarm Propagation to the Device Group ...........................................................................................37Displaying Device Details.......................................................................................................................................40General Tab ....................................................................................................................................................41Links Tab.........................................................................................................................................................42PBB Tab..........................................................................................................................................................43VLANs Tab......................................................................................................................................................43EAPS Domains Tab ........................................................................................................................................44Domains Tab............................................................................................................................................44Details of Device in Domain Tab ......................................................................................................45Protected VLANs Tab .......................................................................................................................45Shared Ports Tab.....................................................................................................................................45Domain Ports Tab ....................................................................................................................................46Device Settings Tab.................................................................................................................................46VPLS Tab........................................................................................................................................................47Displaying Link Details ...........................................................................................................................................47Devices/Ports Tab...........................................................................................................................................48EAPS Shared Ports Tab .................................................................................................................................49Displaying Port Details ...........................................................................................................................................49Device Inventory.....................................................................................................................................................50Ridgeline <strong>Reference</strong> <strong>Guide</strong>3
Device Properties ...................................................................................................................................................51The Device Tab........................................................................................................................................52The Network Clients Tab .........................................................................................................................53The Syslog Messages Tab ......................................................................................................................53Port Properties .......................................................................................................................................................53The Port Tab ............................................................................................................................................54The Operational FDB Tab........................................................................................................................55The Network Clients Tab .........................................................................................................................55Discovering Network Devices.................................................................................................................................55Discovery Results ...........................................................................................................................................58Adding Devices to Ridgeline ..................................................................................................................................62Modifying Communications Settings ......................................................................................................................64Deleting Devices ....................................................................................................................................................67Updating Device Information ..................................................................................................................................67Configuring Default Access Parameters.................................................................................................................68Opening a Telnet Session to a Device ...................................................................................................................70Using the Show Tech Command to Upload Device Information for <strong>Extreme</strong> Support....................................72Collecting Device Information for <strong>Extreme</strong> Support ........................................................................................72Chapter 4: Organizing Devices and Ports Into Groups ........................................................................75Overview of Device Groups and Port Groups ........................................................................................................75Displaying Groups in the Network Views Folder .............................................................................................75Group Membership <strong>Guide</strong>lines .......................................................................................................................77Managing Device Groups and Port Groups............................................................................................................77Creating a Group.............................................................................................................................................78Adding a Device to a Device Group ................................................................................................................78Adding Ports to a Port Group ..........................................................................................................................79Adding Ports from a Single Device to a Port Group.................................................................................79Adding Ports from Multiple Devices to a Port Group................................................................................81Copying or Moving Groups .............................................................................................................................82Removing Devices or Ports from Groups........................................................................................................83Modifying the Properties of a Group ...............................................................................................................83Displaying Group Details.................................................................................................................................84Exporting Group Information ...........................................................................................................................86Chapter 5: Using Map Views ...................................................................................................................87Overview of Ridgeline Map Views..........................................................................................................................87Displaying a Map View ...........................................................................................................................................88Map Elements .................................................................................................................................................89Device Nodes ...................................................................................................................................89Submap Nodes .................................................................................................................................90Hyper Nodes.....................................................................................................................................90Decorative Nodes .............................................................................................................................91Text Nodes .......................................................................................................................................91Clouds...............................................................................................................................................91Links .................................................................................................................................................91Viewing Information in Topology Maps ...........................................................................................................92Navigating Maps .............................................................................................................................................94Zooming In and Out on a Map .................................................................................................................95Using the Navigation Box.........................................................................................................................954Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Creating a Virtual-Port Profile...............................................................................................................................226Attaching and Detaching Policies, VPPs, and VMs..............................................................................................228Attaching a VPP to a VM...............................................................................................................................229Attaching a Policy to a VPP ..........................................................................................................................232Detaching VPPs ...................................................................................................................................................234Detaching a VPP from a VM .........................................................................................................................234Detaching a VPP from a Policy .....................................................................................................................235Attaching a VM or Multiple VMs to a VPP.....................................................................................................236Detaching a VM or Multiple VMs from a VPP................................................................................................239Viewing Information on the VMs Tab....................................................................................................................241All Table Views..............................................................................................................................................241Device Group/Subgroup Views .....................................................................................................................244VM Details View ............................................................................................................................................245Device Details with VM Monitoring................................................................................................................246VM Monitoring Audit Log...............................................................................................................................247Chapter 13: Managing and Monitoring EAPS Domains ......................................................................249EAPS Overview....................................................................................................................................................249Configuring EAPS ................................................................................................................................................250Creating an EAPS Domain............................................................................................................................250Modifying an EAPS Domain..........................................................................................................................252Creating a Shared Link ..........................................................................................................................253Creating Protected VLANs, VMANs, and BVLANs .......................................................................................254Modifying Protected VLANs, VMANs, and BVLANs......................................................................................255Deleting an EAPS Domain ............................................................................................................................257Viewing EAPS Information ...................................................................................................................................257The EAPS Map View.....................................................................................................................................258EAPS Node Icons ..................................................................................................................................259Link Status .............................................................................................................................................260Displaying EAPS Domain Details.........................................................................................................................261Devices Tab ..................................................................................................................................................262Domain Related Details .........................................................................................................................263Device-specific Protected VLANs ..........................................................................................................263Ports Tab.......................................................................................................................................................263Sharing domains table ...........................................................................................................................264Links Tab.......................................................................................................................................................264Sharing domains table ...........................................................................................................................265Protected VLANs Tab ...................................................................................................................................265Displaying EAPS Details for a Selected Device............................................................................................265Verifying EAPS Information..................................................................................................................................266Running EAPS Reports........................................................................................................................................267EAPS Summary Report ................................................................................................................................267EAPS Log Reports ........................................................................................................................................2688Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 14: Managing PBB <strong>Networks</strong> with Ridgeline.........................................................................269PBB Overview ......................................................................................................................................................269SVLANs, BVLANs, CVLANs and ISIDs.........................................................................................................270Configuring BVLANs ............................................................................................................................................271Creating a BVLAN.........................................................................................................................................271Creating a BVLAN on a Specific Device .......................................................................................................273Modifying a BVLAN .......................................................................................................................................275Modifying BVLAN Settings on One Device ...................................................................................................276Deleting a BVLAN .........................................................................................................................................278Deleting a BVLAN from a Specific Device.....................................................................................................278Viewing PBB Information......................................................................................................................................279Displaying PBB Details.........................................................................................................................................281BVLAN, CVLAN, and SVLAN Details............................................................................................................281Device Tab.............................................................................................................................................283Port Tab .................................................................................................................................................283VLANs and ISIDs Tab............................................................................................................................283Links Tab ...............................................................................................................................................284ISID Details ...................................................................................................................................................285Device Table ..........................................................................................................................................286VLANs Table..........................................................................................................................................286Displaying PBB Details for a Selected Device ..............................................................................................286Chapter 15: Managing and Monitoring VPLS Domains ......................................................................287Overview of VPLS ................................................................................................................................................287Hierarchical VPLS (H-VPLS).........................................................................................................................288VPLS Support in Ridgeline............................................................................................................................289Viewing VPLS Information....................................................................................................................................290Displaying VPLS Details.......................................................................................................................................291Nodes Tab.....................................................................................................................................................292Pseudowires Tab ..........................................................................................................................................293Displaying Pseudowire Details......................................................................................................................293General Tab ...........................................................................................................................................294Configured LSP Tab ..............................................................................................................................295Path in Use Tab .....................................................................................................................................295Displaying VPLS Details for a Selected Device ............................................................................................296Configuring VPLS.................................................................................................................................................296Running VPLS Configuration Scripts ............................................................................................................296Chapter 16: The Ridgeline Alarm Manager ..........................................................................................299Overview of the Ridgeline Alarm Manager...........................................................................................................299Predefined Alarms.........................................................................................................................................300The Alarm Log Browser Summary ................................................................................................................301Saving the Default Filter.........................................................................................................................302Acknowledging an Alarm...............................................................................................................................302Deleting Alarm Log Entries ...........................................................................................................................303Deleting Groups of Log Entries .....................................................................................................................303Viewing Alarm Details ...................................................................................................................................303Creating an Alarm Display Filter....................................................................................................................303Deleting Saved Alarm Log Filters..................................................................................................................304Pausing All Alarms ........................................................................................................................................304The Alarm Log Detailed View...............................................................................................................................304Defining an Alarm Log Display Filter ....................................................................................................................306Deleting Alarm Records with Specified Conditions ..............................................................................................308Ridgeline <strong>Reference</strong> <strong>Guide</strong>9
Defining Alarms ....................................................................................................................................................310Creating a New Alarm Definition ...................................................................................................................311Modifying an Alarm Definition .......................................................................................................................311Deleting an Alarm Definition..........................................................................................................................312The Alarm Definition Window ...............................................................................................................................312Defining the Basic Alarm Properties..............................................................................................................313Event Types ...........................................................................................................................................314Defining the Alarm Scope .............................................................................................................................315Defining Alarm Actions..................................................................................................................................318Running a Program as an Alarm Action Under Windows ......................................................................320Using Trap Varbinds in a Command String............................................................................................320Setting Up E-mail for the Alarm Manager ..............................................................................................321Configuring the Trap Forwarding Settings .............................................................................................322Configuring Forwarding for Ridgeline Events.........................................................................................323Defining Messages........................................................................................................................................323Alarm Categories .................................................................................................................................................326Creating a New Alarm Category....................................................................................................................326Modifying an Alarm Category........................................................................................................................326Deleting an Alarm Category ..........................................................................................................................327Threshold Configuration .......................................................................................................................................327RMON Rule Display ......................................................................................................................................328CPU Utilization Rule Display.........................................................................................................................329Creating an Event Rule .................................................................................................................................330Modifying a Rule ...........................................................................................................................................330Deleting a Rule..............................................................................................................................................330Synchronizing with Device RMON Rules ......................................................................................................330Configuring a New Rule or Modifying a Rule........................................................................................................331Configuring an RMON Rule ..........................................................................................................................332Configuring CPU Utilization Rules.................................................................................................................333Configuring Rules for the Predefined RMON Event Types ...........................................................................335Configuring the Rule Target ..........................................................................................................................336Synchronizing Ridgeline with Device RMON Rules .............................................................................................337Chapter 17: Configuration Manager .....................................................................................................339Overview of the Configuration Manager...............................................................................................................339The Config Menu...........................................................................................................................................340The Scripts Menu ..........................................................................................................................................341Configuration File Locations..........................................................................................................................341<strong>Extreme</strong>XOS Script File Locations................................................................................................................342Device Configuration Summary Status.................................................................................................................342Uploading Configurations from Devices ...............................................................................................................345Changing the Configuration Filename Format ..............................................................................................348Scheduling Device Archive Uploads .............................................................................................................349Scheduling Global Archive Uploads..............................................................................................................350Setting Archive Limits....................................................................................................................................351Archive/Baseline Differences Report.............................................................................................................353Configuring E-Mail Notification of Archive/Baseline Differences...................................................................354Downloading Configuration Information to a Device ............................................................................................354Downloading an Incremental Configuration to Devices........................................................................................356Creating a Baseline Configuration File.................................................................................................................358Removing a Baseline Configuration File .......................................................................................................359Scheduling a Baseline Upload .............................................................................................................................359Restoring a Baseline Configuration to a Device...................................................................................................361Viewing a Configuration File.................................................................................................................................362Comparing Two Configuration Files—The Diff Command ...................................................................................363Configuring a Viewer ............................................................................................................................................36410Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Configuring the TFTP Server................................................................................................................................365Configuring and Deploying <strong>Extreme</strong>XOS Scripts .................................................................................................366Using the <strong>Extreme</strong>XOS Script Editor.............................................................................................................367The Script Editor Window ......................................................................................................................368Creating a New <strong>Extreme</strong>XOS Script .............................................................................................................371Editing an Existing <strong>Extreme</strong>XOS Script.........................................................................................................375Viewing the Differences Between Two <strong>Extreme</strong>XOS Scripts........................................................................375Deleting an <strong>Extreme</strong>XOS Script....................................................................................................................376Deploying <strong>Extreme</strong>XOS Scripts ....................................................................................................................376Device Selection Screen of the Deploy Script Wizard ...........................................................................377Script Customization Screen of the Deploy Script Wizard .....................................................................378Deployment Results Screen ..................................................................................................................379Script Deployment Results Log File.......................................................................................................380Chapter 18: The Firmware Manager......................................................................................................381Overview of the Firmware Manager .....................................................................................................................381Firmware Manager Function Buttons ............................................................................................................382The Firmware Menu ......................................................................................................................................382Software and BootROM Image Locations.....................................................................................................382The Firmware Manager Main Window ..........................................................................................................383Stacking Device Support........................................................................................................................384Obtaining Updated Software Images ...................................................................................................................385Obtaining New Software Images...................................................................................................................386Acknowledging the <strong>Version</strong> Changes ...........................................................................................................388Checking for <strong>Version</strong> Availability...................................................................................................................388Upgrading the Software or BootROM on Your Switches......................................................................................388Upgrading a Stacking Device.................................................................................................................389Upgrading Your Switches Using the Upgrade Wizard...................................................................................389Image Selection ............................................................................................................................................389Hardware Selection.......................................................................................................................................391The Supported Hardware Selection page..............................................................................................391The Hardware Selection Page ...............................................................................................................392Operation Selection.......................................................................................................................................394Upgrade Preview...........................................................................................................................................395Specifying the Current Software <strong>Version</strong>s............................................................................................................395Chapter 19: Creating and Executing Ridgeline Scripts ......................................................................399Ridgeline Script Overview ....................................................................................................................................399Bundled Ridgeline Scripts .............................................................................................................................400The Ridgeline Script Interface ..............................................................................................................................400Managing Ridgeline Scripts..................................................................................................................................402Creating a New Ridgeline Script ...................................................................................................................403Saving the Script ...........................................................................................................................................406Specifying Run-Time Settings for a Script.....................................................................................................406Specifying Permissions and Launch Points for a Script................................................................................407Running a Script............................................................................................................................................408Importing Scripts into Ridgeline ....................................................................................................................414Exporting a Script..........................................................................................................................................414Deleting a Script............................................................................................................................................415Categorizing Scripts ......................................................................................................................................415Specifying a Ridgeline Script as an Alarm Action .........................................................................................416Configuring Script Tasks ...............................................................................................................................416Ridgeline <strong>Reference</strong> <strong>Guide</strong>11
Ridgeline Script <strong>Reference</strong>...................................................................................................................................418Metadata Tags ..............................................................................................................................................418#@MetaDataStart and #@MetaDataEnd......................................................................................................418#@ScriptDescription.................................................................................................................................419#@DetailDescriptionStart and #@DetailDescriptionEnd...............................................................................419#@SectionStart and #@SectionEnd ...........................................................................................................419#@VariableFieldLabel............................................................................................................................419Ridgeline-Specific Scripting Constructs ........................................................................................................420Specifying the Wait Time Between Commands.....................................................................................420Printing System Variables......................................................................................................................420Configuring a Carriage Return Prompt Response .................................................................................421Synchronizing the Device with Ridgeline ...............................................................................................421Saving the Configuration on the Device Automatically ..........................................................................421Sending Events to Ridgeline..................................................................................................................421Printing a String to a File........................................................................................................................423Tcl Support in Ridgeline Scripts ....................................................................................................................423Entering Special Characters .........................................................................................................................423Line Continuation Character .........................................................................................................................424Case Sensitivity in Ridgeline Scripts.............................................................................................................424Reserved Words in Ridgeline Scripts............................................................................................................424<strong>Extreme</strong>XOS CLI Scripting Commands Supported in Ridgeline Scripts.......................................................424$VAREXISTS.........................................................................................................................................424$TCL ......................................................................................................................................................425$UPPERCASE.......................................................................................................................................425show var.................................................................................................................................................426delete var ...............................................................................................................................................426configure cli mode scripting abort-on-error ............................................................................................426Ridgeline-Specific System Variables.............................................................................................................427Chapter 20: Using the Ridgeline Audit Log .........................................................................................429Audit Log Overview ..............................................................................................................................................429Filtering the Audit Log View ..........................................................................................................................430Displaying Audit Log Details.................................................................................................................................431Chapter 21: Using the IP/MAC Address Finder ...................................................................................435Overview of the IP/MAC Address Finder..............................................................................................................435<strong>Extreme</strong>Ware Software Requirements..........................................................................................................436Displaying the IP/MAC Address Finder.........................................................................................................436Tasks List Summary Window ...............................................................................................................................437Creating a Search Task........................................................................................................................................438Detailed Task View...............................................................................................................................................441Exporting Task Results to a Text File............................................................................................................443Chapter 22: Real-Time Statistics...........................................................................................................445Overview of Real-Time Statistics..........................................................................................................................445Real-Time Statistics Function Buttons ..........................................................................................................447Displaying Multi-Port Statistics .............................................................................................................................448Displaying Statistics for a Single Port...................................................................................................................450Changing the Display Mode .................................................................................................................................451Setting Graph Preferences...................................................................................................................................452Taking Graph Snapshots......................................................................................................................................45412Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23: Administering Ridgeline ...................................................................................................457Overview of User Administration ..........................................................................................................................457Administration Functions ......................................................................................................................................458Ridgeline Access Roles ................................................................................................................................458Access to <strong>Extreme</strong> Switches..................................................................................................................459Ridgeline and RADIUS Authentication..........................................................................................................459Setting Ridgeline Server Properties ..............................................................................................................460User Administration ..............................................................................................................................................461Adding or Modifying User Accounts ..............................................................................................................462Deleting a User .............................................................................................................................................463Changing Your Password.....................................................................................................................................463Role Administration ..............................................................................................................................................464Adding or Modifying a Role ...........................................................................................................................466Deleting a Role..............................................................................................................................................467RADIUS Administration ........................................................................................................................................467RADIUS Client Configuration ........................................................................................................................468Disabling RADIUS for Ridgeline....................................................................................................................469Server Properties Administration..........................................................................................................................469Devices Properties ........................................................................................................................................471Features Properties.......................................................................................................................................472Scalability Properties.....................................................................................................................................474SNMP Properties ..........................................................................................................................................476External Connections Properties...................................................................................................................477MAC Polling Properties .................................................................................................................................478Other Properties............................................................................................................................................480Distributed Server Administration.........................................................................................................................482Configuring a Server Group Member ............................................................................................................483Configuring a Server Group Manager ...........................................................................................................484Chapter 24: Using the Universal Port Manager ...................................................................................485Overview of the Universal Port Manager..............................................................................................................485<strong>Extreme</strong>XOS Software Requirements...........................................................................................................486UPM Functions..............................................................................................................................................486Understanding UPM Terminology .................................................................................................................487Network Profiles View...........................................................................................................................................488Filters and Quick Filters ................................................................................................................................490Viewing Details of a Profile ...........................................................................................................................493Viewing Differences Between Profiles...........................................................................................................494Saving a Profile from the Network to Ridgeline.............................................................................................495Exporting a Profile from the Network.............................................................................................................496Running a Profile on a Device Manually .......................................................................................................496Updating UPM Information From the Network ..............................................................................................499Using the Edit Profile Configuration Wizard ..................................................................................................499Managed Profiles View.........................................................................................................................................502Managed Profiles Function Buttons ..............................................................................................................503The Managed Profiles View ..........................................................................................................................504Renaming Profiles or Saving Profiles as a New <strong>Version</strong>...............................................................................505Importing a Profile from a Local Drive Into Ridgeline....................................................................................507Exporting a Ridgeline Profile to a Local Drive...............................................................................................508Ridgeline <strong>Reference</strong> <strong>Guide</strong>13
Creating and Editing UPM Profiles.......................................................................................................................508Creating UPM Profiles...................................................................................................................................509Modifying or Editing Profiles..........................................................................................................................512Ridgeline UPM Metadata ..............................................................................................................................513Profile Templates ..........................................................................................................................................513Profile Testing Wizard ...................................................................................................................................514Using the Profile Deployment Wizard............................................................................................................514Profile Trigger Events...........................................................................................................................................522Universal Port Event Variables.............................................................................................................................522Common Variables........................................................................................................................................523User Profile Variables ...................................................................................................................................523Device Profile Variables ................................................................................................................................523Chapter 25: Using Identity Management ..............................................................................................525Identity Management Software License ...............................................................................................................526Overview ..............................................................................................................................................................526Role-Based Access Control..................................................................................................................................526Roles, Policies, and Rules ............................................................................................................................526Roles......................................................................................................................................................526Policies...................................................................................................................................................527Role Hierarchy ..............................................................................................................................................528Role Inheritance ............................................................................................................................................529LDAP Attributes and Server Selection ..........................................................................................................530Enabling Monitoring on Switches and Ports.........................................................................................................530Editing Monitored Device Ports ............................................................................................................................535Disabling Monitoring......................................................................................................................................537Enabling Role-based Access Control on New Devices........................................................................................538Disabling Role-based Access Control...........................................................................................................541Creating Roles......................................................................................................................................................541Creating a New Role .....................................................................................................................................542Creating a Child Role with Conditions Inherited from Its Parent............................................................545Creating a Child Role with Conditions Inherited from a Different Role ..................................................547Creating LLDP Roles .............................................................................................................................548Creating User-Defined Roles .................................................................................................................550Refreshing Users and Roles .........................................................................................................................551Configuring White List and Black List Entries................................................................................................555Viewing Roles ...............................................................................................................................................558Viewing Role Details ..............................................................................................................................559Editing Roles .................................................................................................................................................560Deleting Roles...............................................................................................................................................561Attaching Policies to Roles...................................................................................................................................562Detaching a Role from a Policy.....................................................................................................................564Deleting a Policy Attached to a Role.............................................................................................................564Error and Results Handling ..................................................................................................................................564Configuring Directory Servers .......................................................................................................................565Viewing the Server Directory.........................................................................................................................565Adding an Existing or Configuring a New Directory Server...........................................................................565Editing LDAP Client Properties .....................................................................................................................568Deleting a Directory Server ...........................................................................................................................570Managing Global Settings ....................................................................................................................................571Changing Directory Server Settings..............................................................................................................571Changing ACL-Source-Address Type...........................................................................................................573Changing Kerberos-Age-Out-Time Settings..................................................................................................57414Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Viewing Network User Information .......................................................................................................................575Network User Dashboard Reports ................................................................................................................575Users Table...................................................................................................................................................576Active Users and Threats Tab ...............................................................................................................576Inactive and Active Users Tab ...............................................................................................................577Displaying Network User Details ..........................................................................................................................579Displaying Identity Management Reports.............................................................................................................580Chapter 26: Managing Network Security..............................................................................................583Security Overview ................................................................................................................................................583Management Access Security..............................................................................................................................583Using the Network Security Manager............................................................................................................584Network Security Manager Requirements .............................................................................................584Threat Types and Corresponding Pre-defined Alarms...........................................................................584Predefined Alarms in Ridgeline..............................................................................................................585Enabling and Disabling Threat Traps.....................................................................................................585Ridgeline Protective Actions ..................................................................................................................585Recognizing Network Security Threats..................................................................................................585Triggering the Undo Protection Action ...................................................................................................587Clearing a Threat ...................................................................................................................................588Viewing Threat Information on the Dashboard ......................................................................................588Using RADIUS for Ridgeline User Authentication.........................................................................................589Configuring an External RADIUS Server for Ridgeline User Authentication..........................................590Example: Setting up a VSA to Return Ridgeline Role Information.........................................................591Example: Setting the Service Type for a Built-in Ridgeline Role ...........................................................591Securing Management Traffic .......................................................................................................................592Using SNMPv3 for Secure Management ...............................................................................................592Using SSHv2 to Access Network Devices .............................................................................................593Securing Ridgeline Client-Server Traffic .......................................................................................................594Monitoring Switch Configuration Changes ...........................................................................................................595Using the MAC Address Finder............................................................................................................................595Using Alarms to Monitor Potential Security Issues...............................................................................................596Device Syslog History...........................................................................................................................................597Network Access Security with VLANs .................................................................................................................598Chapter 27: Ridgeline Reports ..............................................................................................................599Reports Overview.................................................................................................................................................599Reports Available in Ridgeline ......................................................................................................................600Selecting Predefined Ridgeline Reports to View...........................................................................................602The <strong>Extreme</strong> <strong>Networks</strong> eSupport Export Report...........................................................................................603Using Report Filtering ...................................................................................................................................604Sorting Reports .............................................................................................................................................605Exiting Reports..............................................................................................................................................605Ridgeline Report Structure............................................................................................................................605Network Status Summary Report.........................................................................................................................606The Distributed Server Summary..................................................................................................................606Device Reports.....................................................................................................................................................607Device Inventory Report................................................................................................................................607Devices by Group Table ........................................................................................................................608Devices by Type Table ..........................................................................................................................609Device Details Report ............................................................................................................................609Power over Ethernet Report ..................................................................................................................611Power Over Ethernet Details Report......................................................................................................612ReachNXT Devices.......................................................................................................................................614Device Status Report ....................................................................................................................................614Alarm Details Report..............................................................................................................................616Ridgeline <strong>Reference</strong> <strong>Guide</strong>15
Slots, Stacks and Ports Reports...........................................................................................................................617Slot Inventory ................................................................................................................................................617Card Summary Report ...........................................................................................................................618Empty Slots Report ................................................................................................................................619Stack Inventory Reports................................................................................................................................620Stack Summary Report..........................................................................................................................621Stack Details Report ..............................................................................................................................622Interface Report ............................................................................................................................................623Unused Ports Report.....................................................................................................................................624EAPS Reports ......................................................................................................................................................626EAPS Summary ............................................................................................................................................626EAPS Log Report..........................................................................................................................................627Log Reports..........................................................................................................................................................628Alarm Log Report ..........................................................................................................................................628Event Log ......................................................................................................................................................629Syslog (System Log) .....................................................................................................................................632The Configuration Management Activity Log ................................................................................................633Network Login Report...........................................................................................................................................634MIB Poller Tools ...................................................................................................................................................635Ridgeline Server Reports .....................................................................................................................................635Server State Summary Report ......................................................................................................................636Debug Ridgeline............................................................................................................................................638Adding a User-Defined Report to the Reports Menu............................................................................................638Printing and Exporting Ridgeline Reports.............................................................................................................638Printing Reports ............................................................................................................................................638Exporting Reports .........................................................................................................................................638Chapter 28: Enhancing Ridgeline Performance ..................................................................................641Monitoring and Tuning Ridgeline Performance ....................................................................................................641Disabling Ridgeline Management for a Device ......................................................................................642Polling Types and Frequencies.....................................................................................................................642SNMP Polling.........................................................................................................................................642MAC Address Polling .............................................................................................................................643Telnet Polling .........................................................................................................................................643Performance of the Ridgeline Server ............................................................................................................643Tuning the Alarm System .....................................................................................................................................644Disabling Unnecessary Alarms .....................................................................................................................644Limiting the Scope of Alarms ........................................................................................................................645Using Device Groups and Port Groups for Alarm Scopes .....................................................................646The Alarm and Event Log Archives...............................................................................................................646Using the MIB Poller Tools...................................................................................................................................647Defining a MIB Collection..............................................................................................................................647The MIB Poller Summary ..............................................................................................................................648Loading, Starting and Stopping a Collection..........................................................................................649The MIB Collection Detail Report...........................................................................................................649The MIB Poller Detail Report .................................................................................................................651Viewing the XML Collection Definition ...................................................................................................651Exporting the Collected Data .................................................................................................................652The MIB Query Tool......................................................................................................................................652Reconfiguring Ridgeline Ports..............................................................................................................................654Example ........................................................................................................................................................655Using the Ridgeline Debugging Tools ..................................................................................................................65516Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 29: Managing Network Device Configurations and Updates ...............................................657Archiving Device Configurations...........................................................................................................................657Baseline Configurations .......................................................................................................................................659Identifying Changes in Configuration Files....................................................................................................659Automatic Differences Detection...................................................................................................................659Device Configuration Management Log ...............................................................................................................660Managing Firmware Upgrades .............................................................................................................................661Automated Retrieval of Firmware Updates from <strong>Extreme</strong>.............................................................................661Detection of Firmware Obsolescence for Network Components...................................................................661Appendix A: Configuring Devices for Use With Ridgeline .................................................................663Configuring Ridgeline as a Syslog Receiver ........................................................................................................663Setting Ridgeline as a Trap Receiver...................................................................................................................664The Ridgeline Third-party Device Integration Framework....................................................................................664Ridgeline Inventory Integration .....................................................................................................................665The Abstract Type Library XML file........................................................................................................665The OID folder .......................................................................................................................................668The dpsimages.zip File ..........................................................................................................................668Telnet Integration ..........................................................................................................................................669Alarm Integration...........................................................................................................................................670Editing the Events.xml file......................................................................................................................670Adding the MIB(s) to Ridgeline ..............................................................................................................671Launching Third Party Applications...............................................................................................................671Appendix B: Using SSH for Secure Communication ..........................................................................673Tunneling Setup Example ....................................................................................................................................673Step 1: Install PuTTY on the Ridgeline Client ...............................................................................................674Step 2: Configure the PuTTY Client..............................................................................................................674Step 3: Installing OpenSSH Server...............................................................................................................678Step 4: Configure Microsoft Firewall to Allow SSH Connects .......................................................................683Step 5: Initiate Ridgeline Server/Client Communication................................................................................685Appendix C: Event Types for Alarms ...................................................................................................687SNMP Trap Events...............................................................................................................................................687Configuring SNMP Trap Events ....................................................................................................................695RMON Rising and Falling Trap Events.................................................................................................................696Ridgeline Events ..................................................................................................................................................696Appendix D: Ridgeline Backup .............................................................................................................699Ridgeline Log Backups.........................................................................................................................................699Database Utilities .................................................................................................................................................700Validation Utility....................................................................................................................................................700Backup Utility........................................................................................................................................................701The Password Utility.............................................................................................................................................701Installing a Backup Database...............................................................................................................................702Ridgeline <strong>Reference</strong> <strong>Guide</strong>17
Appendix E: Ridgeline Utilities .............................................................................................................703Package Debug Info Utility ...................................................................................................................................703The DevCLI Utility ................................................................................................................................................704Using the DevCLI Commands.......................................................................................................................704DevCLI Examples .........................................................................................................................................706Inventory Export Scripts .......................................................................................................................................707Using the Inventory Export Scripts................................................................................................................707Inventory Export Examples ...........................................................................................................................708The AlarmMgr Utility.............................................................................................................................................709Using the AlarmMgr Command.....................................................................................................................709AlarmMgr Output...........................................................................................................................................711AlarmMgr Examples......................................................................................................................................711The FindAddr Utility..............................................................................................................................................712Using the FindAddr Command......................................................................................................................712FindAddr Output............................................................................................................................................714FindAddr Examples.......................................................................................................................................714The TransferMgr Utility.........................................................................................................................................714Using the TransferMgr Command.................................................................................................................714TransferMgr Examples..................................................................................................................................717The ImportResources Utility .................................................................................................................................717Using the ImportResources Command .........................................................................................................717Importing from a File.......................................................................................................................717Importing from an LDAP Directory..................................................................................................718Importing from an Windows Domain Controller or NIS Server .......................................................718ImportResources Examples ..........................................................................................................................719Appendix F: Configuring RADIUS for Ridgeline Authentication .......................................................721External RADIUS Server Setup............................................................................................................................721Step 1. Create an Active Directory User Group for Ridgeline Users.............................................................721Step 2. Associate Users with the Ridgeline Group........................................................................................722Step 3. Enable Ridgeline as a RADIUS Client ..............................................................................................725Step 4. Create a Remote Access Policy for Ridgeline Users........................................................................726Step 5. Edit the Remote Access Policy to add a VSA...................................................................................731Step 6. Configure Ridgeline as a RADIUS Client..........................................................................................736Appendix G: Troubleshooting...............................................................................................................739Troubleshooting Aids............................................................................................................................................739About Ridgeline Window ...............................................................................................................................740Enabling the Java Console ...........................................................................................................................740Ridgeline Client Issues.........................................................................................................................................740Ridgeline Database ..............................................................................................................................................741Ridgeline Server Issues .......................................................................................................................................742VLAN Management ..............................................................................................................................................745Alarm System .......................................................................................................................................................745Ridgeline Inventory...............................................................................................................................................747Printing .................................................................................................................................................................748Reports.................................................................................................................................................................748Configuration Manager.........................................................................................................................................748Index ........................................................................................................................................................74918Ridgeline <strong>Reference</strong> <strong>Guide</strong>
PrefaceThis preface provides an overview of this guide, describes guide conventions, and lists other usefulpublications.IntroductionThis guide provides the required information to use the Ridgeline software. It is intended for use bynetwork managers who are responsible for monitoring and managing Local Area <strong>Networks</strong> andassumes a basic working knowledge of:● Local Area <strong>Networks</strong> (LANs)● Ethernet concepts● Ethernet switching and bridging concepts● Routing concepts● The Simple Network Management Protocol (SNMP)NOTEIf the information in the Release Notes shipped with your software differs from the information in this guide,follow the Release Notes.TerminologyWhen features, functionality, or operation is specific to the Summit, Alpine, or BlackDiamond switchfamily, the family name is used. Explanations about features and operations that are the same across all<strong>Extreme</strong> switch product families simply refer to the product as the “<strong>Extreme</strong> <strong>Networks</strong> device” or“<strong>Extreme</strong> <strong>Networks</strong> switch.” Explanations about features that are the same for all devices managed byRidgeline (both <strong>Extreme</strong> devices and others) are simply referred to “devices.”NOTERidgeline does not provide multi-language support.Ridgeline <strong>Reference</strong> <strong>Guide</strong>19
ConventionsConventionsTable 1 and Table 2 list conventions that are used throughout this guide.Table 1: Notice IconsIcon Notice Type Alerts you to...NoteImportant features or instructions.CautionRisk of unintended consequences or recoverable loss of data.WarningRisk of permanent loss of data.Table 2: Text ConventionsConventionScreen displaysScreen displaysboldThe words “enter”and “type”[Key] namesWords in bold typeWords in italic typeDescriptionThis typeface represents information as it appears on the screen.This typeface indicates how you would type a particular command.When you see the word “enter” in this guide, you must type something, and thenpress the Return or Enter key. Do not press the Return or Enter key when aninstruction simply says “type.”Key names appear in text in one of two ways. They may be• referred to by their labels, such as “the Return key” or “the Escape key.”• written with brackets, such as [Return] or [Esc].If you must press two or more keys simultaneously, the key names are linked witha plus sign (+). For example:Press [Ctrl]+[Alt]+[Del].Bold text indicates a button or field name.Italics emphasize a point or denote new terms at the place where they are definedin the text.Related PublicationsThe Ridgeline documentation set includes the following:●●●●●Ridgeline <strong>Reference</strong> <strong>Guide</strong> (this guide)Ridgeline Concepts and Solutions <strong>Guide</strong>Ridgeline Installation and Upgrade <strong>Guide</strong>Ridgeline Release NotesRidgeline License AgreementBoth the Ridgeline <strong>Reference</strong> <strong>Guide</strong> and the Ridgeline Concepts and Solutions <strong>Guide</strong> can be foundonline in Adobe Acrobat PDF format in the docs subdirectory of the Ridgeline installation directory.They are also available in a Microsoft Windows environment from the Ridgeline Start menu.20Ridgeline <strong>Reference</strong> <strong>Guide</strong>
You must have Adobe Acrobat Reader version 5.0 or later (available from http://www.adobe.com free ofcharge) to view these manuals.The Ridgeline software also includes context-sensitive online Help, available from the Help menu inRidgeline windows.Other manuals that you will find useful are:●●●●<strong>Extreme</strong>Ware Software User <strong>Guide</strong><strong>Extreme</strong>Ware Command <strong>Reference</strong> <strong>Guide</strong><strong>Extreme</strong>XOS Concepts <strong>Guide</strong><strong>Extreme</strong>XOS Command <strong>Reference</strong> <strong>Guide</strong>For documentation on <strong>Extreme</strong> <strong>Networks</strong> products, and for general information about <strong>Extreme</strong><strong>Networks</strong>, see the <strong>Extreme</strong> <strong>Networks</strong> home page:● http://www.extremenetworks.comCustomers with a support contract can access the Technical Support pages at:●http://www.extremenetworks.com/services/eSupport.aspThe technical support pages provide the latest information on <strong>Extreme</strong> <strong>Networks</strong> software products,including the latest Release Notes, information on known problems, downloadable updates orpatches as appropriate, and other useful information and resources.Customers without contracts can access manuals at:●http://www.extremenetworks.com/services/documentation/Ridgeline <strong>Reference</strong> <strong>Guide</strong>21
Related Publications22Ridgeline <strong>Reference</strong> <strong>Guide</strong>
1 OverviewCHAPTERThis overview provides information about the chapters in this guide that describe the Ridgelinesoftware features.Introduction<strong>Extreme</strong> <strong>Networks</strong>’ Ridgeline (Ridgeline) is a powerful yet easy-to-use application suite that facilitatesthe management of a network of Summit , BlackDiamond , and Alpine switches, as well as selectedthird-party switches. Ridgeline makes it easy to perform configuration and status monitoring, createvirtual LANs (VLANs), in enterprise LANs with <strong>Extreme</strong> <strong>Networks</strong> switches. Ridgeline offers acomprehensive set of network management tools that are easy to use from a client workstationconfigured with a web browser and the Java plug-in.Ridgeline leverages the three-tier client/server architecture framework represented by Java applets. TheRidgeline application and database support three of the most popular operating environments in themarketplace, Microsoft Windows, Red Hat Enterprise Linux, and Sun Microsystems’ Solaris.In This <strong>Guide</strong>Chapter 1, “Overview” describes the content of this manual and information about device support.Chapter 2, “Getting Started with Ridgeline” describes the user interface basics, such as the mainwindows and how to manipulate windows.Chapter 3, “Managing Your Network Inventory” explains the details in Ridgeline windows and liststhat provide information about devices. It also describes how manage device information in Ridgeline.Chapter 4, “Organizing Devices and Ports Into Groups” has information about assembling groups ofdevices and ports, managing them, and viewing information about them.Chapter 5, “Using Map Views” explains the maps that Ridgeline uses to display visual representationsof your network and how to create maps.Chapter 6, “Provisioning Network Resources” describes Ridgeline’s network resource provisioningfeature used to simplify network configuration tasks for VLANs, VMANs, Backbone VLANs (BVLANs)for Provider Backbone Bridge (PBB) networks, E-Line and E-LAN services, and EAPS domainsRidgeline <strong>Reference</strong> <strong>Guide</strong>23
OverviewChapter 7, “Configuring and Monitoring Ethernet Services” describes how to use Ridgeline to configureE-Line and E-LAN services, view details and information about Ethernet services.Chapter 8, “Policies” provides information about creating policies and related operations.Chapter 9, “Managing and Monitoring VLANs” describes how to configure VLANs using networkresource provisioning, configure VLANs using scripts, categorize VLANs, view VLAN details aboutservices configured on VLANs.Chapter 10, “Managing and Monitoring VMANs (PBNs)” describes how to configure VMANs usingnetwork resource provisioning and view information about VMANs configured on devices.Chapter 11, “Managing Multi-Switch Link Aggregation Groups” describes the management of multiswitchlink aggregation groups (MLAGs), providing failover support for devices.Chapter 12, “Managing Virtual Machines” describes how to configure Ridgeline VMs.Chapter 13, “Managing and Monitoring EAPS Domains” describes how to configure EAPS domainsusing network resource provisioning and run reports about the EAPS domains in your networkChapter 14, “Managing PBB <strong>Networks</strong> with Ridgeline” explains how to configure and monitor providerbackbone bridge (PBB) networks to transport traffic from multiple customer VMANs over a singlebackbone network.Chapter 15, “Managing and Monitoring VPLS Domains” describes how to view information about VPLSnetwork domains and how to configure VPLS domains using scripts.Chapter 16, “The Ridgeline Alarm Manager” explains how to use the Alarm Manager to view alarmsthat have occurred, define new alarms, modify current alarm definitions, and configure threshold-basedalarms.Chapter 17, “Configuration Manager” describes how to upload and archive configuration settings,create baseline configurations, download configuration settings, and download an incrementalconfiguration to one or more devices, specify and configure the TFTP server to upload and download,configuration settings, and software images.Chapter 18, “The Firmware Manager” explains how to download a new software image to <strong>Extreme</strong><strong>Networks</strong> devices, a BootROM image, a new slot software image to one or more modules on an<strong>Extreme</strong> <strong>Networks</strong> device, specify a software image as the “recommended” image,Chapter 19, “Creating and Executing Ridgeline Scripts” describes Ridgeline scripting and how to createscripts then execute them on managed devices.Chapter 20, “Using the Ridgeline Audit Log” describes how to use the Audit Log to display informationabout UPM profiles, Ridgeline scripts, network provisioning tasks, and correct and redeploy UPMprofiles and scripts.Chapter 21, “Using the IP/MAC Address Finder” explains how to use the IP/MAC Address Finder tocreate search requests to locate and identify specific MAC or IP addresses, and determine the locationsspecific devices and ports.Chapter 22, “Real-Time Statistics” explains how to use the Real-Time Statistics applet to view current orhistorical percentage utilization or total errors data for multiple ports, a switch slot, or a port group inan <strong>Extreme</strong> <strong>Networks</strong> switch.24Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 1Chapter 23, “Administering Ridgeline” describes how to change a user password for users with orwithout Administration access, add and delete users, set and modify user permissions, configure theRidgeline server as a RADIUS client for user authentication, enable or disable Syslog receiverfunctionality, modify server properties, and execute a distributed server configurationChapter 24, “Using the Universal Port Manager” explains the Universal Port Manager (UPM) tools tomanage and create <strong>Extreme</strong>XOS profiles, and deploy them on the network.Chapter 25, “Using Identity Management” explains how to set up the authentication system thatauthorizes network access to users for specific network services and information, monitor usersconnected to ports on a switch, and use tools that define users’ roles, policies, and rules.Chapter 26, “Managing Network Security” describes how use Ridgeline features to help you ensure thesecurity of your network.Chapter 27, “Ridgeline Reports” describes how to access reports, interpret the Network SummaryReport, export data to <strong>Extreme</strong> <strong>Networks</strong> Technical Assistance Center, view predefined status reportsfrom a browser.Chapter 28, “Enhancing Ridgeline Performance” describes how to tune performance and features tomore effectively manage a network, use advanced features available to a user with an Administratorrole to help analyze device operation.Chapter 29, “Managing Network Device Configurations and Updates” describes how to manage<strong>Extreme</strong> device configurations to archive device configuration files, create and use Baselineconfigurations, monitor configuration changes, manage firmware upgrades, perform per-device changelog audit of device configuration eventsAppendix A, “Configuring Devices for Use With Ridgeline” describes how to configure certain featureson <strong>Extreme</strong> and third-party devices, configure Ridgeline as a Syslog receiver, set a Trap Receiver. Itprovides information about configuring an external RADIUS server. the Ridgeline third-party DeviceIntegration Framework.Appendix B, “Using SSH for Secure Communication” explains how to set up secure tunneling betweenthe server and the client.Appendix C, “Event Types for Alarms” describes the events that can be detected through the AlarmSystem, SNMP Trap Events, how to configure SNMP trap events and RMON rising and falling trapevents.Appendix D, “Ridgeline Backup” describes the Alarm Log and Event Log backup files, the DBVALIDcommand-line database validation utility and the DBBACKUP command-line database backup utility.Appendix E, “Ridgeline Utilities” describes utilities and scripts, and software commands installed onthe server.Appendix F, “Configuring RADIUS for Ridgeline Authentication” describes how to set up an externalRADIUS server to provide authentication services to users, when Ridgeline is configured to act as aRADIUS client.Appendix G, “Troubleshooting” describes how to resolve problems you might encounter with Ridgeline.Ridgeline <strong>Reference</strong> <strong>Guide</strong>25
Overview26Ridgeline <strong>Reference</strong> <strong>Guide</strong>
2GettingCHAPTERStarted with RidgelineThis manual assumes you have successfully installed or upgraded to the current Ridgeline softwareversion—version <strong>3.1</strong> or later. If you have not yet installed version <strong>3.1</strong>, see the Ridgeline Installation andUpgrade <strong>Guide</strong> for instructions. This chapter contains the following sections:● “Ridgeline Windows” on page 29● “Online Help” on page 33The Ridgeline Home PageWhen you first log into Ridgeline, the Ridgeline home page is displayed, as shown in Figure 1.The Ridgeline Home page displays the version of the software you are running, and includes a link thatallows you to see the latest software and BootROM images available. A number of dashboard reports arecompiled when you log on, including a Network Status Summary Report, and a Device StatusSummary report. You can select which reports and graphs populate the Ridgeline Home page, allowingyou to display a convenient, at-a-glance view of data relevant to your network.Information shown in the dashboard reports displayed on the Ridgeline Home page can also beaccessed from the Reports application. See “Ridgeline Reports” on page 599.Ridgeline <strong>Reference</strong> <strong>Guide</strong>27
Getting Started with RidgelineFigure 1: Ridgeline Home PageModifying the Contents of the Ridgeline Home PageTo modify the contents of the home page, complete the following steps:You can add or remove dashboard reports on the Ridgeline Home page, as well as move them aroundin the display.To add a dashboard report, complete the following steps:28Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 21 From the View menu, check Customize home page. The Dashboard Palette is displayed at thebottom of the Ridgeline Home page, as shown in Figure 2.Figure 2: Dashboard Palette on the Ridgeline Home Page2 In the Dashboard Palette, select the dashboard report you want to add, and drag it to the displayarea of the Ridgeline Home page.3 When you have finished adding dashboard reports to the Ridgeline Home page, go to the Viewmenu and uncheck Customize home page to hide the Dashboard Palette.To remove a dashboard report from the Ridgeline Home page, complete the following steps:1 Click the X in the upper right corner of the dashboard report you want to remove. The dashboardreport is removed from the display.If you subsequently want to restore the dashboard report you removed, add it using the DashboardPalette, as described above.To move a dashboard report around in the display, simply drag the title bar of the dashboard report tothe location in the display where you want it. The dashboard report stays in this location for subsequentRidgeline sessions.Ridgeline WindowsWindows in the Ridgeline user interface are made up of a number of frames. Figure 3 shows thecomponents that comprise a typical window in Ridgeline.Ridgeline <strong>Reference</strong> <strong>Guide</strong>29
Getting Started with RidgelineFigure 3: Components of the Ridgeline User Interface (Network Views Window)Menu BarIcon BarTabbed WindowsMap ViewDevice Details FrameFoldersNavigationFrameNavigation TableThe main components of the Ridgeline user interface are the following:Menu BarIcon BarNavigation FrameTabbed WindowsNavigation TableOptions and commands available in Ridgeline. The items shown in the menu bar varybased on the folder that is selected in the Navigation Frame.Icons for functions available in Ridgeline, based on the selected item. You can moveyour mouse over an icon to view text describing what the icon does.Tree view of the of folders and subfolders in Ridgeline. You can click on items in theNavigation Frame to show items lower in the hierarchy.Ridgeline has four main folders: Home, Network Views, Network Administration, andAdministering Ridgeline. Clicking on a main folder reveals the subfolders below it. Thesubfolders contain links to device groups and Ridgeline applications.When you click one of the main folders or a device group folder, it opens a tabbedwindow for that folder above the Navigation Table. Tabbed windows are dockable,meaning that they can be moved around in the main Ridgeline window. See “MovingWindows in Ridgeline” on page 32 for more information.Table of information about the objects displayed in the selected folder. Selecting adevice in the Navigation Table displays detailed information about the selected devicein the Device Details Frame.30Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 2Device Details FrameMap ViewDetailed information about the object selected in the Navigation Table.For a selected device group, the graphical representation of the devices and links inthe group. Selecting a device in the Map View causes the corresponding row in theNavigation Table to be selected.Modifying Table ViewsMuch of the information displayed in Ridgeline is in tabular format. You can sort the rows in a table,modify the table column size, move columns around in a table, and remove columns from a table.Sorting Table RowsYou can sort the rows of a columnar display according to the contents of any individual column. To sortthe rows, click on the column heading you want to use as the sort criteria. Click once to sort inascending order; click a second time to reverse the sort order.The column that is currently being used as the sort criteria is indicated with a small triangle in thecolumn heading cell. The direction of the triangle (facing up or facing down) indicates whether the sortis ascending or descending.Resizing Table ColumnsYou can resize the widths of each column. To do this, follow these steps:1 Place the cursor over the line separating the column you want to resize from the column to its right.2 Click and hold the left mouse button to “grab” the column separator.3 Drag the separator until the column is are the desired width.Moving Table ColumnsTo move a column in a table, click and hold the left mouse button to “grab” the column heading, thendrag the column to where you want it to be in the table.Ridgeline <strong>Reference</strong> <strong>Guide</strong>31
Getting Started with RidgelineRemoving Columns From a TableTo remove one or more columns from a table, follow these steps:1 Click on the icon in the upper right corner of the table you want to modify. A window such asthe following appears:Figure 4: Selecting Columns to Display in a Table2 Uncheck the columns you want to remove from the table and click OK. Columns that cannot beremoved from the table are greyed out.Moving Windows in RidgelineRidgeline allows you to rearrange windows to make the best use of room on the screen.Docking Tabbed WindowsTabbed windows in Ridgeline are dockable, which means that you can move them to new locations in themain Ridgeline window.To move a window to a new location, complete the following steps:1 Place the cursor over the tab of the window you want to move.2 Click and hold the left mouse button to “grab” the window.3 Drag the window to a new location. The hourglass icon changes to a page icon.4 Release the left mouse button.5 At the prompt, indicate whether you want the window to be displayed horizontally or vertically.The main window is reorganized to display the tabbed window in the orientation that you selected.Collapsing Detail Windows into the Main WindowDouble-clicking an entry in an All Table View tab or a Navigation Window tab opens a floating windowthat shows the details for that entry. These floating windows can be collapsed into the main windowdisplay, and additional floating windows can be collapsed into the main display as well so that you cantoggle among them.32Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 2To open a detail window and collapse it into the main window, complete the following steps:1 Double-click an entry in an All Table View tab or a Navigation Window tab, such as a link entry or adevice entry. The details window for that entry appears in front of the main window.2 Click the toggle floating button in the upper-right corner of the window. The floating window iscollapsed into the main window and displayed in the right end of the window.3 To display additional detail windows in this way, double-click each entry in the main window andclick the toggle floating button. The new windows are added to the same area of the main window,and tabs are displayed below the frame borders so that you can choose which detail display youwant to view.4 To redisplay these details in a floating window, click the toggle floating button again.5 To remove the window from the display, click the close button in the window title bar.Collapsing Network Administrator Windows into the Main WindowThe Alarm Manager, Configuration manager, Firmware manager and Profile Manager windows aredisplayed as a floating windows when you click them in the Folder List. You can collapse thesewindows into the main window and toggle among them when it becomes more convenient to viewthem in that manner.To open a manager window and collapse it into the main window, complete the following steps:1 Click a manager branch under Network Administration. The window for that manager appears infront of the main window.2 Click the toggle floating button in the upper-right corner of the window. The floating window iscollapsed into the main window and displayed in the right end of the window.3 To display additional detail windows in this way, double-click each entry in the main window andclick the toggle floating button. The new windows are added to the same area of the main window,and tabs are displayed below the frame borders so that you can choose which detail display youwant to view.4 To redisplay these details in a floating window, click the toggle floating button again.5 To remove the window from the display, click the close button in the window title bar.Online HelpThis guide provides an overview of the Ridgeline software features with the goal of showing how youcan use Ridgeline to simplify your network management tasks and help you solve problems with yournetwork or its devices. It does not provide a detailed explanation of how to use the features of thesoftware.In addition to this guide, Ridgeline provides context-sensitive online Help, accessible through the Helpmenu located in the Ridgeline menu bar. From the Help menu, you can view HTML-based help on thefeature you are using, presented in a browser window.In the Reports feature, there is a Help link in the introductory paragraph on the Main reports page.From the Help menu, the Ridgeline Help selection displays the table of contents for the complete Helpsystem.Ridgeline <strong>Reference</strong> <strong>Guide</strong>33
Getting Started with RidgelineRidgeline also provides the Ridgeline <strong>Reference</strong> <strong>Guide</strong>, which also describes how to use the Ridgelinefeatures. This guide can be accessed from the doc subdirectory under the Ridgeline installationdirectory. In the Windows environment this is \Program Files\<strong>Extreme</strong><strong>Networks</strong>\Ridgeline3.0\deploy\extreme.war\helptext\docs. In a Linux or Solaris environment thisis /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/deploy/extreme.war/helptext/docs. It can also bedownloaded from the <strong>Extreme</strong> web site at http://extremenetworks.com, under the Support area.You must have a version of Adobe Acrobat Reader installed (version 4 or later) to view the PDF file.(Acrobat Reader is available for download from Adobe Systems at http://www.adobe.com.34Ridgeline <strong>Reference</strong> <strong>Guide</strong>
3ManagingCHAPTERYour NetworkInventoryThis chapter describes how to use the Ridgeline device inventory manager. It contains the followingsections:● “Overview of Ridgeline Device Inventory Management” on page 35● “Displaying the Network Device Inventory” on page 36● “Displaying Device Details” on page 40● “Displaying Link Details” on page 47● “Displaying Port Details” on page 49● “Device Inventory” on page 50● “Device Properties” on page 51“Port Properties” on page 53● “Discovering Network Devices” on page 55● “Adding Devices to Ridgeline” on page 62● “Modifying Communications Settings” on page 64● “Deleting Devices” on page 67● “Updating Device Information” on page 67● “Configuring Default Access Parameters” on page 68● “Opening a Telnet Session to a Device” on page 70Overview of Ridgeline Device Inventory ManagementRidgeline keeps a database of all its managed network devices. Ridgeline can discover any devicesrunning MIB-2 compatible agents. It can manage <strong>Extreme</strong> <strong>Networks</strong> switches, and can provideinformation about third-party devices with compatible agents.The Ridgeline software also provides an automatic discovery function. This feature can discover<strong>Extreme</strong> and MIB-2 compatible devices by specific IP address or within a range of IP addresses.You can also add network devices to the Ridgeline database manually. Once a network device is knownto the Ridgeline database, you can assign it to one or more device groups, and configure it usingRidgeline. You can receive alarms about faults on the device, and you can view a hierarchical topologylayout of the devices known to Ridgeline.Ridgeline <strong>Reference</strong> <strong>Guide</strong>35
Managing Your Network InventoryAny Ridgeline user with read-only access to this feature can view status information about the networkdevices currently known to Ridgeline. Users with Administrator or Manager roles, or other roles withwrite access to this feature, can run Discovery and add devices to or delete devices from the list ofmanaged devices in the database. These users can also explicitly refresh the information in the databaserelated to the devices that the Ridgeline inventory manager is managing.Device GroupsDevices in the Ridgeline are organized into one or more device groups. A device group is a set ofnetwork devices that have something in common, and that can be managed as a group. For example,devices might be grouped by physical location (Building 1, Building 2, first floor, second floor) or byfunctional grouping (engineering, marketing, finance) or by any other criteria that make sense withinthe managed network environment.An individual device can belong to multiple device groups. For example, a device could simultaneouslybe a member of Building 1, Marketing, and Edge Switches. Using device groups, you can monitor andmaintain devices by group membership, instead of individually. All devices become members of adevice group when they are added to the Ridgeline database, either through Add Devices or as a partof the Discovery process. By default, devices are added to the All device group, if you do not specifyotherwise. A device may then be copied or moved to another device group, as appropriate.See “Organizing Devices and Ports Into Groups” on page 75 for more information on device groups.Displaying the Network Device InventoryTo display the device inventory, expand the list of items in the Network Views folder, click the All tableor All map. The device inventory, as shown in Figure 5. is displayed.Figure 5: Network Device Inventory36Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3NOTEYou must add network devices to the database using Discovery or the Add Devices function in order tomake them “known” to Ridgeline. Until this is done, no devices are displayed in Ridgeline.The first time you run Ridgeline, there is only one device group, All. You cannot delete or change thename of the All device group.Click on a Device Group name to display the list of switches that are members of that group.●●●A red slash through a device indicates that the device is not reachable through SNMP.A device shown in grey indicates the device has is no longer being managed. Ridgeline does notattempt to communicate with a device in the unmanaged state, nor does it accept traps or syslogmessages for the device.If unacknowledged alarms exist for the device, the alarm status is indicated by a small colored alarmon the device icon in the table. You can investigate these through the Alarm Manager.Alarm Propagation to the Device Group. If alarm propagation is enabled, the highest severityunacknowledged alarm status among the devices in the Device Group is indicated by a small alarm bellto the left of the Device Group name under the Network Views folder. When a Device Group has beencontracted so that its list of devices is hidden, the Device Group alarm icon indicates whether alarmshave occurred on any of the devices within the group, and how serious those alarms are.●●Disabling alarm propagation for a device means that device’s alarm status will not be factored intothe alarm status for the Device Group. This lets you base alarm propagation at the device grouplevel on a subset of critical devices while ignoring less critical devices.Devices with alarm propagation disabled show an “X” through the alarm icon. However, the color ofthe alarm icon still indicates the correct alarm status for the alarm.You can also disable alarm propagation for the Device Group, which results in an “X” over the alarmicon. However, there is no higher level for alarm status propagation, so this has no real meaning.The color of the alarm icon will still reflect the worst alarm status of those devices within the DeviceGroup that have alarm propagation enabled.Viewing Device Status InformationWhen you select a device group under the Network Views folder, the panel on the right displays asummary status of the devices in the selected device group (see Figure 6).Ridgeline <strong>Reference</strong> <strong>Guide</strong>37
Managing Your Network InventoryFigure 6: Device Group Table ViewThe columns show the following information:NameIP addressMAC addressSoftware versionSNMP versionLog on usernameSSHForwarding-databasepollingDevice managerprotocolMember ofReachNXT devicesLast updatedStatusTypeWorst alarmAlarm PropagationThe name of the device.The IP address of the device.The device MAC address, if applicable.The firmware version running on the device.The SNMP version (version 1 or version 3) used on the device.The device login name.The setting for SSH2. Enabled or Disabled.The setting for FDB Polling. Enabled or Disabled.The protocol used to get access to a non-Ridgeline device manager on the device(HTTP or HTTPS).To use the browser-based management interface provided by the selected device,select Manager (HTML) from the Ridgeline Device menu.The groups and subgroups that the device is a member of.The number of <strong>Extreme</strong> ReachNXT 100-8t switches connected to the device.When the device information was last updated from the switch.The operational status of the device, SNMP Reachable, SNMP Unreachable, orUnmanagedWhether the object is a device or device group.The priority of the highest unacknowledged alarm currently on the device.Whether alarm propagation is on or off for the device.38Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3Viewing Link InformationClicking on the Links tab displays information about the links between devices in the device group (seeFigure 7).Figure 7: Links Summary StatusThe columns show the following information:StatusA deviceA IP addressA port nameA port numberAn icon indicating the status of the link. The link status icon can be one of thefollowing colors:• A green line indicates that the link is up.• A red line indicates that the link is down.• A yellow line for a bundled link indicates that some links are down and some areup.• A grey line indicates that the link status is unknown.• A blue line indicates the link is user-created rather than automatically discoveredby Ridgeline.An icon showing a circle and two lines indicates a shared link:• Green indicates the link is up.• Greyed-out green indicates the last-known status of the link was up.• Red line indicates the link is down.• Greyed-out red indicates the last known state was down.• Yellow indicates that some ports on this link are up and that some are down.The name of the device on one end (the A side) of the link, along with an iconindicating the device status.The IP address of the device on the A side of the link.The name of the port on the A side of the link, along with an icon indicating the portstatus.The number of the port on the A side of the link.Ridgeline <strong>Reference</strong> <strong>Guide</strong>39
Managing Your Network InventoryB deviceB IP addressB port nameB port numberDiscovery protocolStateTypeA device statusA device worst alarmA port statusA link stateA port typeA port share detailsB device statusB device worst alarmB port statusB link stateB port typeB port share detailsThe name of the device on the other end (the B side) of the link, along with an iconindicating the device status.The IP address of the device on the B side of the link.The name of the port on the B side of the link, along with an icon indicating the portstatus.The number of the port on the B side of the link.The protocol used to discover the link, either EDP or LLDP.The current state of the link.The link type; for example, user-created.The current status of the device on the A side of the link.The status of the highest alarm on the device on the A side of the link.Whether the port on the A side of the link is enabled or disabled.Whether the A side of the link is ready to exchange traffic with the B side of the link.The type of port on the A side of the link.Information about the port sharing configuration on the A side of the link, ifconfigured.The current status of the device on the B side of the link.The status of the highest alarm on the device on the B side of the link.Whether the port on the B side of the link is enabled or disabled.Whether the B side of the link is ready to exchange traffic with the A side of the link.The type of port on the B side of the link.Information about the port sharing configuration on the B side of the link, ifconfigured.Displaying Device DetailsTo display details about a device, click on the device’s row in the Devices table. Information about theselected device appears in the details window. If you double-click on the row, the device details aredisplayed in a separate window, as shown in Figure 8.40Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3Figure 8: Device Details WindowThe Device Details window has the following tabs:●●●●●●General tabLinks tabPBB tabVLANs tabEAPS domains tabVPLS tabGeneral TabThe General tab lists information about the ports on the device.When you click the General tab, the following fields are displayed:NameSNMP StatusIP addressThe name of the device.Whether the device is reachable using SNMP.The IP address of the device.The table has the following columns:NumberNameActual speedActual duplexPort number. If the device is a chassis device, then the port number is displayed inslot:port format.Name of the port, if configured.Speed of the port; Auto if the speed is auto-negotiated.Duplex of the port, either full or half.Type Port type; for example, Gigabit, Management, 10/100.Ridgeline <strong>Reference</strong> <strong>Guide</strong>41
Managing Your Network InventoryPort statusLink stateWhether the port is enabled or disabled.Whether the port is ready to exchange traffic with the port on the other side of the link.Links TabThe Links tab displays information about links the selected device has to other devices.StatusA deviceA IP addressA port nameA port numberB deviceB IP addressB port nameB port numberDiscovery protocolStateTypeA device statusA device worst alarmA port statusA link stateA port typeA port share detailsB device statusB device worst alarmAn icon indicating the status of the link. The link status icon can be one of thefollowing colors:A green line indicates that the link is up.A red line indicates that the link is down.A yellow line for a bundled link indicates that some links are down and some are up.A grey line indicates that the link status is unknown.A blue line indicates the link is user-created rather than automatically discovered byRidgeline.An icon showing a circle and two lines indicates a shared link.Green indicates the link is up.Greyed-out green indicates the last-known status of the link was up.Red line indicates the link is down.Greyed-out red indicates the last known state was down.Yellow indicates that some ports on this link are up and that some are down.The name of the device on one end (the A side) of the link, along with an iconindicating the device status.The IP address of the device on the A side of the link.The name of the port on the A side of the link, along with an icon indicating the portstatus.The number of the port on the A side of the link.The name of the device on the other end (the B side) of the link, along with an iconindicating the device status.The IP address of the device on the B side of the link.The name of the port on the B side of the link, along with an icon indicating the portstatus.The number of the port on the B side of the link.The protocol used to discover the link, either EDP or LLDP.The current state of the link.The link type; for example, User-created, Physical link, or Shared physical link.The current status of the device on the A side of the link.The status of the highest alarm on the device on the A side of the link.Whether the port on the A side of the link is enabled or disabled.Whether the A side of the link is ready to exchange traffic with the B side of the link.The type of port on the A side of the link.Information about the port sharing configuration on the A side of the link, ifconfigured.The current status of the device on the B side of the link.The status of the highest alarm on the device on the B side of the link.42Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3B port statusB link stateB port typeB port share detailsNameWhether the port on the B side of the link is enabled or disabled.Whether the B side of the link is ready to exchange traffic with the A side of the link.The type of port on the B side of the link.Information about the port sharing configuration on the B side of the link, ifconfigured.A description of the link in this format: p – p PBB TabThe PBB tab displays information about PBB components (ISIDs, BVLANs, SVLANs, and CVLANs) thatare configured on the device.TypeVlan tagISIDVLAN nameBVLAN networkThe type of component in the PBB network, along with an icon indicating the PBBcomponent type. In the Map View, the icons indicate the component is configured onthe highlighted device. The icon can be one of the following:Extended Service ID (ISID)Backbone VLAN (BVLAN)Protected BVLAN; that is, a BVLAN protected by an EAPS ringCustomer VLAN (CVLAN)Subscriber VLAN (SVLAN)The configured tag value for the BVLAN/CVLAN/SVLAN; N/A for ISIDs.The tag value of the ISID that the PBB is associated with or bound to.The name of the BVLAN/CVLAN/SVLAN or ISID.The network name category (if any) that this BVLAN/CVLAN/SVLAN belongs to.You can assign a network name to a BVLAN. When a network name is assigned to aBVLAN, the SVLANs and CVLANs associated with the BVLAN are automaticallyassigned the same network name.See “Categorizing VLANs With Network Names” on page 168 for more information.VLANs TabThe VLANs tab contains information about the VLANs configured on the device.Vlan tagVLAN nameNetwork nameProtocol nameQOS profile nameThe VLAN tag value (if any) or “Untagged”, along with an icon indicating whether this isa VLAN or VMAN.Indicates this is a VLANIndicates this is an EAPS-protected VLANIndicates this is a VMANIndicates this is an EAPS-protected VMANThe VLAN name. For VLANs with identical values for Tag and Protocol, but differentvalues for Name, this refers to the same VLAN. In such cases, the multiple Names aredisplayed, separated by a comma.The network name category (if any) that this VLAN belongs to. See “CategorizingVLANs With Network Names” on page 168 for more information.The protocol filter(s) configured for the VLAN.QoS profile name configured for the VLAN on the device, if any.Ridgeline <strong>Reference</strong> <strong>Guide</strong>43
Managing Your Network InventoryIP forwarding enabledVLAN IP addressVLAN IP maskVirtual routerTypeVlan servicesAdmin StatusWhether IP forwarding is enabled for the VLAN.The IP address of the VLAN.The subnet mask of the VLAN.The virtual router to which the VLAN is associated on the device. This information isavailable if the device has HTTP enabled, and runs <strong>Extreme</strong>XOS software version 12.1or later.The VLAN type, either VLAN or VMAN.VLAN service type. Possible values are Translation, Translation-Member, VMAN,Translation VMAN, Translation-Member VMAN, Private-Network, Isolated-Subscriber,Non-Isolated Subscriber, Super VLAN, and Sub VLAN.See “Viewing VLAN Services Information” on page 175 for more information.The administrative state of the VLAN, either Enabled or Disabled. This information isavailable if the device has HTTP enabled, and runs <strong>Extreme</strong>XOS software version 12.1or later.Selecting a VLAN in the table causes information about the ports in the VLAN to be displayed in thePorts table in the lower part of the window. The Ports table contains the following information:NumberPort number. If the device is a chassis device, then the port number is displayed inslot:port format.NameThe name of the port, if assigned.TaggedWhether the port is tagged.MediaThe port media, if applicable.Type Port type; for example, Gigabit, Management, 10/100.Actual speedActual duplexConfigured speedConfigured duplexStateSpeed of the port; Auto if the speed is auto-negotiated.The configured speed of the port.Duplex of the port, either full or half.The configured duplex setting of the port.Whether the port is enabled or disabled.EAPS Domains TabThe EAPS Domains tab displays EAPS information for an individual device. It contains the followingsub-tabs:● Domains● Shared ports● Domain ports● Device settingsDomains TabThe upper part of the Domains tab shows information about the device in relation to each of the EAPSdomains of which it is a member. The lower part shows information about a selected domain node.Select a node to display domain node details and protected VLAN information.44Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3The upper part of the Domains tab window contains the following columns:NameDomain-node nameDomain statusDevice modePrimary portSecondary portThe name of the EAPS domain where this device is a member (node), and an iconindicating the domain statusA green ring indicates that all domains in which this device participates are fullyoperational.A yellow ring indicates that one or more of the domains is not fully operational, butis in a transitional state or an unknown state (as when the device is SNMPunreachable).A red ring indicates that one or more of the domains is not operational—if thedevice has a master in a failed state or a Transit node in a “links down” state.A grey ring indicates that the EAPS domain is disabled.The name of the node given to the device as a member of the domain.Status of the node in the domain. This can be Idle, Complete, Failed, Links Up,Links Down, Preforwarding, Init, Precomplete, PreInit, or Unknown.Whether the node acts as a Master or Transit node for this domain.The primary port number.The secondary port number.The lower part of the Domains tab window has two additional tabs: Details of device in domain andProtected VLANs.Details of Device in Domain Tab. When you click the Details of device in domain tab, the followingcolumns are displayed:Domain Node NameEnabledControl VLAN NameControl VLAN TagHello TimerFailed TimerFailed Timer ActionPrimary Port StatusSecondary Port StatusThe name of the node given to the device as a member of a domain.Whether this specific node is enabled as an EAPS node.Name of the control VLANVLAN tag (ID) of the EAPS control VLANThe interval at which the EAPS master polls to check the status of its EAPSmember nodesThe interval after a failure is detected before the Failed Timer expiresAction to be taken when Failed Timer expiresStatus of the primary port: Up, Down, Blocked, or UnknownStatus of the secondary port: Up, Down, Blocked, or UnknownProtected VLANs Tab. When you click the Protected VLANs tab, the following columns aredisplayed:VLAN nameTagThe name of the protected VLANThe ID of the protected VLANShared Ports TabThe upper part of the Shared Ports tab shows information about the shared port(s) on this device. Thelower part shows information about each of the domains that share the port. Select a shared port todisplay the sharing information for that port.Ridgeline <strong>Reference</strong> <strong>Guide</strong>45
Managing Your Network InventoryThe upper part of the Shared Ports tab window contains the following columns:NumberShared-port statusShared-port modeShared-port link idNeighbor-port statusRoot-blocker statusShared-port expiry actionThe port number of the shared port.Status of the shared port: Idle, Ready, Blocking, Preforwarding.Whether the node acts as a Controller or a Partner node for this shared link.An integer configured on the switch for the shared portStatus of the neighboring node: Down, Up, ErrorThe port’s status as a root blocker (None or Active)Action to be taken when the Shared Port fail timer expires.The lower part of the Shared Ports tab window contains the following columns:NameDomain statusOther ports in domainName of the EAPS domain that includes the shared port.Current status of the EAPS domain.The other port (besides the shared port) configured in the pair for this EAPSdomain.Domain Ports TabThe upper part of the Domain Ports tab shows information about the ports on this device in relation tothe EAPS domains to which the device belongs. The lower part shows information about the domainsrelated to a selected port. Select a port to display the domain nodes that are configured on the selectedport.The upper part of the Domain Ports tab window contains the following columns:NumberShared-port link idShared-port modeThe number of a port configured for one of the domains sharing a link.An integer ID configured on the switch for the shared port only.Whether the node acts as a Controller or a Partner node or is unconfigured for theshared port.The lower part of the Domain Ports tab window contains the following columns:Status of port in domainDomain nameDomain statusDevice modePrimary portSecondary portStatus of the domain port in the EAPS domain. This can be Up, Down, Blocked, orUnknown.The domain node name given to the device as a member of an EAPS domain.Status of the node: Idle, Complete, Failed, Links Up, Links Down, Preforwarding,Init, Precomplete, PreInit, or Unknown.Whether the node acts as a Master or Transit node for this domain.Primary port number.Secondary port number.Device Settings TabThe Device Settings tab lists information about the EAPS configuration on the device. It contains thefollowing columns:EAPS Protocol EnabledFast Convergence EnabledWhether the EAPS protocol is enabled on this device (true or false).Whether fast convergence is enabled for this device (true or false).46Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3Last Configuration UpdatedLast Status UpdatedThe date of the last configuration update.The date of the last status update.VPLS TabThe VPLS tab displays information about the VPLS domains the device belongs to.StatusNode addressVPLS nameService nameNumber of peersVPLS operational statusVPLS admin statusDot1q tag optionMTUCurrent operational status of the VPLS node. This can be Up, Down, or Other.IP address of the VPLS node.The name of the VPLS domain.The name of the service configured for the VPLS domain. If there is more than oneservice name configured, then the word Various will be displayed in this column.The number of devices with a direct connection via a pseudo wire. They do not haveto be configured in the VPLS domain.Once VPLS is enabled, the status of the VPLS domain. This can be Up, Down, orOther.The administrative status of the VPLS domain. This can be Up, Down, or Testing.Testing means packets cannot be sent over the VPLS domain.Whether the dot1q tag option is included or excluded in this VPLS domain.Maximum Transmission Unit over the VPLS domain.Displaying Link DetailsTo display details about a link, click on the link’s row in the Links table. Information about the selectedlink appears in the details window. If you double-click on the row, the link details are displayed in aseparate window, as shown in Figure 9.Ridgeline <strong>Reference</strong> <strong>Guide</strong>47
Managing Your Network InventoryFigure 9: Link Details WindowThe contents of the Link Details window are described in the following sections.Devices/Ports TabThe Devices/Ports tab has the following fields.NameStateTypeLink StatusDiscovery ProtocolThe devices and ports on either side of the link.Current connection state of the linkWhether the link is user-created or a discovered physical linkCurrent link statusThe protocol used to discover the link, either EDP or LLDP.For each side of the link, the following fields are displayed:DeviceIP addressOfflineDevice worst alarmPortNumberNameThe name of the deviceThe IP address of the deviceWhether the device is offlineThe highest priority alarm on the deviceThe port numberThe port number, if configured48Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3Type Port type; for example, Gigabit, Management, 10/100.StatusLink StateShare detailsThe status of the port, enabled or disabledStatus of the port: Idle, Ready, Blocking, PreforwardingInformation about the port sharing configuration for the port, if applicableIf you enable the Show VLANs box, the VLANs configured for the ports that make up the link aredisplayed in the table. See “VLANs Tab” on page 43 for a description of the columns that appear in thetable.EAPS Shared Ports TabIf the link consists of EAPS shared ports, the EAPS Shared Ports tab appears in the Link Detailswindow. This tab contains the following information:Segment TimeoutSegment Health IntervalThe time out value for the segment.The interval for health check messages on the segment.For the ports on each side of the link, the following fields are displayed:PortDeviceIP addressNumber/AnnotationNameEAPS shared port informationLink IDModePort StatusExpiry actionNeighbor-port statusRoot blocker statusRoot Blocker IDThe name of the deviceThe IP address of the deviceThe port numberThe port name, if configuredAn integer configured on the switch for the shared portWhether the node acts as a Controller or a Partner node for this shared link.Whether the port is enabled or disabled.Action to be taken when the fail timer expires. This applies only to master nodes.• Send-alert – Sends a critical message to the syslog when the failtimer expires.• Open-secondary-port – Opens the secondary port when the failtimer expires.Status of the neighboring node: Down, Up, ErrorThe port’s status as a root blocker (None or Active)The ID of the root blocker. If the value is none, there are not two or more commonlinkfailures.Displaying Port DetailsIf a port is a member of a port group, you can display details about the port by clicking the port’s rowin the Table view of the port group. Information about the selected port appears in the details window.If you double-click on the row, the device details are displayed in a separate window, as shown inFigure 8.Ridgeline <strong>Reference</strong> <strong>Guide</strong>49
Managing Your Network InventoryFigure 10: Port Details WindowThe Port Details window has the following fields:NumberNameDevice NameIP addressActual speedActual duplexPort number. If the device is a chassis device, then the port number is displayed inslot:port format.Port name, if configuredName of the device where the port residesIP address of the deviceSpeed of the port; Auto if the speed is auto-negotiated.Duplex of the port, either full or halfType Port type; for example, Gigabit, Management, 10/100.Link StatePort StatusDevice Last UpdatedStatusDevice TypeWorst AlarmWhether the port is ready to exchange traffic with the port on the other side of the link.Whether the port is enabled or disabled.When information was last retrieved from the deviceWhether the device is reachable through SNMPThe model of the device,The priority of the highest unacknowledged alarm currently on the device.Device InventoryThe Device Inventory shows an active graphical display of the switch front panel, as well as a panel ofstatus information. For some devices, a back panel view may also be provided.To display the Device Inventory for a device, click on the device’s row in the Devices table, then selectInventory from the Device menu. This display shows additional information that Ridgeline hasgathered from the switch agent.50Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3Figure 11: Device InventoryYou can click on the slots and ports in the Panel View to display additional information about theselected item.Device PropertiesYou can view the properties of a device in the Ridgeline database. This section describes the informationdisplayed in the various properties windows.Most of the information in the various Properties displays is shown in columnar form. The columns canbe resized by “grabbing” the separator between two column headings, and the display can be sorted byclicking on a column heading. The column heading shown in green indicates the column used to sortthe display.The Device Properties window shows several tabs of information about the selected device (seeFigure 12). To display this window, select a device, then select Properties from the File menu, or fromthe right-click pop-up menu.Ridgeline <strong>Reference</strong> <strong>Guide</strong>51
Managing Your Network InventoryFigure 12: Device Properties WindowThe Device Properties window displays a set of tabs at the top of the window, depending on the typeand configuration of the device. The following tabs may appear:●●●DeviceNetwork ClientsSyslog MessagesEach tab displays the name of the device and a status “light” which shows the status of the device asdetected by the Ridgeline software.The Device TabThe Device tab displays a variety of configuration and status information about the device. At the topof the window it shows the basic identification information:DeviceIP AddressType/<strong>Version</strong>MAC AddressBoot TimeThe name of the device and the status indicator “light”The IP address of the deviceThe type of device, and the version of the software currently running on the deviceThe MAC address of the deviceThe date and time of the last device rebootThe main section of the window presents the values of attributes about the device. These varydepending on the type of device and the features it supports.52Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3The Network Clients TabThe Network Clients tab lists information about the users connected through the device.PortKerb erosIP AddressLogin TypeMAC AddressVLANThe port on the device on which the user is logged in.The login name of the user.The IP address of the user’s host.The login type, either network login or 802.1x.The MAC address of the user’s host.The VLAN to which the port belongs.The Syslog Messages TabThe Syslog Messages tab lists information about the last 500 Syslog Message received from the device.TimeSeverityFacilityMessageThe time that the message was received.The severity level of the message. Severity levels include the following:• 0—Emergency• 1—Alert• 2—Critical• 3—Error• 4—Warning• 5—Notice• 6—Information• 7—DebugThe Syslog facility reporting the message.The text of the message.Syslog messages are stored along with traps in the event log. The Ridgeline server keeps a minimum of10 days of event history. The event log can be a maximum of 30 MB per file and uses two rotatingarchive files. If you want to retain historical even log records, you should back up the event logperiodically.Port PropertiesThe Port Properties window shows several tabs of information about the selected port (see Figure 12).To display this window, select a port, then select Properties from the File menu, or from the right-clickpop-up menu.Ridgeline <strong>Reference</strong> <strong>Guide</strong>53
Managing Your Network InventoryFigure 13: Port Properties WindowThe Device Port Properties window may have up to three tabs:●●●PortOperational FDBNetwork ClientsThe Port TabThe Port tab displays the following information:Port NumberMediaConfigured TypeLink StatePort EnabledActual SpeedActual DuplexLoad SharingFDB Polling StatusThe number of the portThe media for a redundant port (Primary or Redundant)The type of portThe link status of the port (Uplink or Edge port)Whether the port is enabled (yes) or not enabled (no)The speed of the portThe duplex setting of the port (Half, Full, or None)The load sharing state of the port (On or Off)Whether the port is being polled: Actively Polled (Edge Port) or Not Polled (InactivePort)54Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3The Operational FDB TabThe top part of the Operational FDB tab display shows the following information for the entries in theFDB:PortMAC AddressIP Address(es)DynamicStaticPermanentForwarding TypeDiscoveredThe port where the MAC address was discoveredThe MAC address that defines the entryIP addresses detected for the MAC addressShows a green check if the entry is dynamic; shows a red X if it is not.Shows a green check if there is a static entry for the MAC in the permanent FDB; shows ared X if there is not.Shows a green check if the entry is permanent; shows a red X if it is not.The forwarding type: MAC, IP, IPX, MAC/IP, MAC/IPX, or unknown.The date and time at which the MAC address was learned by Ridgeline.Select an entry in the table to display further information about the FDB entry at the bottom of thewindow:PortMAC AddressLocked DownSecureBlackhole TypeMirroredQuestionableRemappedTranslatedThe port on which the MAC address was learnedThe MAC address that defines the entryWhether the MAC is locked to this port due to a learning limit (Yes/No)Whether the MAC is locked to this port due to a permanent secure entry (Yes/No)Blackhole type (None, Ingress, Egress, both)Whether the MAC is mirrored (Yes/No)Whether the MAC is questionable (Yes/No)Whether the MAC has been remapped (Yes/No)Whether the MAC has been translated (Yes/No)The Network Clients TabThe Network Clients tab displays the following information:PortUser NameIP AddressLogin TypeMAC AddressVLANThe port on the device on which the user is logged in.The login name of the user.The IP address of the user’s host.The login type, either network login or 802.1x.The MAC address of the user’s host.The VLAN to which the port belongs.Discovering Network DevicesWhen you first install Ridgeline, the device inventory is empty. The easiest way to populate theinventory database is to use the Ridgeline automatic Discovery feature to automatically detect thedevices on your network.Ridgeline <strong>Reference</strong> <strong>Guide</strong>55
Managing Your Network InventoryTo create discovery criteria, complete the following steps:1 Select Discover device from the File > New menu to display the Discover Devices window, asshown in Figure 14.Figure 14: Inventory Manager Discover Devices Set Up Window2 Enter your settings (Vendor Filters selection, IP address range, subnet mask, etc.) in the top portionof the window.The fields and buttons in this window are defined as follows:<strong>Extreme</strong> onlyAll MIB-2 devicesSelect this button to discover <strong>Extreme</strong> devices only.Select this button to discover all MIB-2 compatible devices.IP Address with Wild Cards Specify the device address range using wild cards, such as 10.20<strong>3.1</strong>0.* or10.203.?.??Valid wildcard characters are *, ?, and - (dash):* acts as a wildcard for the entire octet (0-255).? is a wildcard for a single digit (0-9).- lets you specify a range for any octet. You can use this in more than oneoctet. Note that you cannot combine the dash with another wildcard in thesame octet.You can also use the IP Address with Wild Cards field to specify a single IPaddress.IP Address Range Specify the device address range, such as 10.20<strong>3.1</strong>0.20 to 10.20<strong>3.1</strong>0.45.IP Address/Net Mask(CIDR)SNMP Read CommunitySpecify the device address range, in Classless InterDomain Routing (CIDR)format. The value in the Subnet Mask field is the number of bits to be masked,starting from the high-order (left-hand) octet.Specify (or verify) the SNMP Read Community string so that Ridgeline canretrieve information from any SNMP version 1 devices it discovers.56Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3Enable SNMP V3 DiscoverySNMP TimeoutSelect Enable SNMP V3 Discovery if devices on your network use SNMP version3.Specify the length of time to wait for an SNMP request to complete whenattempting to contact the devices within the discovery range. Value can bebetween 100 and 300000 milliseconds, with 100 being the default. This settingaffects only the current discovery criteria entry; you can set this valueindependently for each criteria setting in the Discovery Criteria list.Note that there are certain IP addresses that are reserved. You should not include these addresses inyour discovery.● Class A networks: 0 and 127 are reserved.● Class D networks: 224 - 239 are reserved for multicasting.● All addresses above 239 are reserved.● 255 is reserved for broadcast datagrams for either the host or network portion of the IP address.In addition, certain host addresses may be interpreted as broadcast addresses, depending on thesubnetting of your network.IP addresses are processed prior to starting the discovery, and IP addresses that contain 255’s in thehost portion are eliminated. This is based on the IP address as well as the subnet mask.The following examples show how the various wild-card specifications can be used to specifyvarious IP address ranges:IP Address Specification Addresses Generated10.203.0.* polls 10.203.0.0 through 10.203.0.25510.203.?.?? polls 10.203.0.0 through 10.203.9.9910.203.0.1? or 10.203.0.10-19 both specify the same range: 10.203.0.10 through 10.203.0.1910.203.0-2.10-30 polls10.203.0.10 through 10.203.0.3010.20<strong>3.1</strong>.10 through 10.20<strong>3.1</strong>.3010.203.2.10 through 10.203.2.303 Click the New button to add the range into the Device Discovery Criteria list.4 Repeat steps 3 through 6 to specify any additional device addresses or ranges for the discovery.5 When you have finished entering your discovery criteria, click the Discover button at the bottom ofthe window to initiate the discovery.The buttons in the middle and at the bottom of the page have the following functions:NewRemoveResetCloseDiscoverAdds the current Device Discovery Options specified in the top part of the dialog box to the DeviceCriteria ListRemoves a selected row from the Device Discovery Criteria List.Clears the Device Discovery Criteria List.Closes the Discover Devices Dialog box.Initiates the discovery based on the specifications in the Device Discovery Criteria List.Ridgeline <strong>Reference</strong> <strong>Guide</strong>57
Managing Your Network InventoryNOTEYou must provide the SNMP read community string to enable Ridgeline to get information from the devicesit finds. If your devices do not all use the same read community string, you will need to add each set of devices asa separate specification, as shown in the example.Discovery ResultsA Discovery Results window is displayed as soon as the discovery process begins, shown in Figure 15.The panel at the bottom of the window shows the progress of the discovery and displays statusmessages for each device it finds as it works through the set of IP addresses you have specified. Thedevices Ridgeline finds within the parameters you provide are shown at the top panel of the DiscoveryResults window.Figure 15: Results of a discovery, with details visibleNOTEIt does not automatically add these devices to the Ridgeline inventory; you must select and add thedevices either individually or in groups.To add devices to the Ridgeline database:1 Select individual devices or a range of devices in the Results list.2 Click the Add button at the bottom of the device list to add these devices to the Ridgeline Inventorydatabase.Ridgeline pops up a dialog box where you can provide information for each device or set of devicesyou add to the inventory database. It pre-fills the fields with a default set of communicationinformation you can change, as appropriate, to the specific devices you are adding. Ridgelinerequires the following information:58Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3●●●The device login name and passwordThe SNMP write community string (for SNMP v1 devices)The protocol used for communicating with the device (HTTP or HTTPS)● The User Name, Privacy and Authentication protocols and passwords for SNMP V3 devicesThis information is used for all the devices in the set you have selected to add. Therefore, if you havedevices that use different passwords, protocols, or community strings, you must add them to thedatabase in separate Add operations.The buttons below the list of devices have the following functions:AddCloseHide DetailsView DetailsResetAttempts to add selected devices to the Ridgeline Inventory database.Closes the Discovery Results window. If you close the Discovery Results window withoutadding devices, the results for devices not already in the Ridgeline database are lost.Hides the Discovery status details that are displayed during the Discovery process.Re-displays the Discovery status details (appears only after Discovery details have beenhidden)Clears your selections from the discovered devices list.NOTEIf you select multiple devices, make sure the devices you select have identical contact information. As partof the Add process, you will be asked for a single password that applies to all the selected devices. If the passwordis specified incorrectly for any of these devices, the add will fail for those devices.When you click Add, a dialog box appears where you must set additional device options such as awrite community string, a default device login, password, and if SSH is used (see Figure 16).NOTEMake sure the device passwords are correct for the selected devices. If you are adding multiple devices inone operation, make sure the passwords you specify are correct for each device. A device cannot be added if thepassword is not correct.Figure 16: Setting default device options for discovered devices3 Enter or make changes to any of the Basic fields. These options apply to the entire set of devices youare adding.Ridgeline <strong>Reference</strong> <strong>Guide</strong>59
Managing Your Network InventoryDevice LoginDevice Contact PasswordSSHDevice Manager ProtocolAdditional Info:The default Device Login Ridgeline should use to access the discovered switches.The default Device Contact Password Ridgeline should use to access thediscovered switches.Select SSH Enabled in the Use SSH field if Ridgeline should use SSH2 by defaultfor secure Telnet sessions. SSH2 must be configured on the discovered devices inorder for an SSH2 session to be established between Ridgeline and a device.The protocol used to communicate with this device when using the device-basedelement manager (<strong>Extreme</strong>Ware Vista): HTTP or HTTPS. SSH must be enabled onthe device.Any information you want to be included, by default, for all the devices added to theRidgeline inventory in this operation. Maximum of 255 characters.4 Click the SNMP tab to configure SNMP settings (see Figure 17), and enter or make changes to any ofthese fields. These options apply to the entire set of devices you are adding.Figure 17: Setting SNMP default device options for SNMP V3 discovered devicesThe options that appear in this dialog box depend on whether you have discovered devices that useSNMP V3.SNMP Write CommunityStringSpecify (or verify) the SNMP Write Community string so that Ridgeline can retrieveinformation from any SNMP version 1 devices it discovers. The default (for<strong>Extreme</strong> <strong>Networks</strong> devices) is privateThe following options appear only if you have discovered SNMP v3 devices.SNMP V3 User NameSNMP V3 Privacy ProtocolSNMP V3 Privacy PasswordSNMP V3 AuthenticationProtocolSNMP V3 AuthenticationPasswordSpecify the principal name used for SNMP V3 authentication and security. Thedefault is initialmd5.Specify the SNMP V3 privacy protocol. Select either No Privacy or CBC DESPrivacy. The default is No Privacy.If the devices use CBC DES Privacy, enter the privacy password. The default isand empty password (no password).Specify the SNMP V3 authentication protocol. Select No Authentication, MD5Authentication, or SHA Authentication. The default is MD5 Authentication.If the devices use SNMP V3 Authentication, enter the authentication password. Thedefault password is initialmd5.5 Click OK when you have made the necessary changes.60Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3A Progress and Results window (shown in Figure 18) appears to show you the progress of the Addcommand.Figure 18: Progress and Results WindowThe symbols that may appear in this window are the following:Purple rotating clock iconGreen check in the checkboxRed X in the checkboxPlus and minus signsUp and down arrowsErrors only boxCollapse All buttonThe add function is in progress.The device has been successfully added.The device cannot be added; the device name is displayed in red.Click the plus sign at the left of the device name to display server messagesrelated to adding the device.Click the minus sign at the left of the device to hide the server messages.Move up and down the device tree, displaying the server messagesassociated with each device.If checked, the up and down arrow buttons expand only devices that haderrors.Collapses all the device nodes, hiding all the server messages.The indicators just below the tree area of the window show the number of devices currently in eachstate.To see the messages related to an Add function (either successful or unsuccessful), select a device in thelist. The messages related to the device are displayed as lines under the device node.CAUTIONIf you close the Discovery Results window without adding devices, the results for devices not already in theRidgeline database are lost. You must perform a discovery again to regenerate information on those devices.After the Add has finished, the Discovery Results window remains open. You can select more devices,specify a different set of Inventory Device Options, and add those devices to Ridgeline.Ridgeline <strong>Reference</strong> <strong>Guide</strong>61
Managing Your Network InventoryAdding Devices to RidgelineTo add devices to the Ridgeline database without doing a discovery:1 From the File menu, select New > Device.2 Select the appropriate tab to display the Basic information in the Add Device window, as shown inFigure 19.Figure 19: Add Device WindowThe fields under the Basic tab are as follows:Device IP AddressDevice LoginSSHDevice Manager ProtocolDevice Poll Interval (minutes)Device Contact PasswordAdditional InfoThe Device IP Address that Ridgeline uses to access the switch.You may also enter a DNS-resolvable host name in place of the Switch IPaddress.The Device Login that Ridgeline should use to access the switch.If Ridgeline is going to use SSH2 for secure Telnet sessions, select SSHEnabled. SSH2 must be configured on the device in order for an SSH2 sessionto be established between Ridgeline and the device.If SSH is not available (SSH enabling key not installed) this field is notselectable.The protocol used to communicate with this device when using the devicebasedelement manager (<strong>Extreme</strong>Ware Vista): HTTP or HTTPS. SSH must beenabled on the device.The Device Poll Interval that controls how frequently Ridgeline polls the devicefor detail status information. (Basic device status information is polled morefrequently, and that interval is set as a server property in RidgelineAdministration.)The default setting for the device poll interval is 30 minutes for an <strong>Extreme</strong>modular chassis and 90 minutes for an <strong>Extreme</strong> stackable chassis.The Device Contact Password that Ridgeline should use to access the switch.Any additional information you want to be included with this device. Maximum of255 characters.3 To configure SNMP information for the device, click the SNMP tab, as shown in Figure 20, and enteror change the information as necessary.62Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3Figure 20: SNMP tab for Add Device WindowThe fields under this tab are as follows:SNMP <strong>Version</strong>SNMP Read Community StringSNMP Write Community StringSNMP V3 User NameSNMP V3 Privacy ProtocolSNMP V3 Privacy PasswordSNMP V3 AuthenticationProtocolSNMP V3 AuthenticationPasswordSelect the SNMP version from the SNMP <strong>Version</strong> pull-down menu.If the device is using SNMP version 1, enter the SNMP Read Community stringfor the device. The default (for <strong>Extreme</strong> <strong>Networks</strong> devices) is public.If the device is using SNMP version 1, enter the SNMP Write Community stringfor the device. The default is private.If the device is using SNMP version 3, enter the principal name used for SNMPV3 authentication and security. The default is initialmd5.If the device is using SNMP version 3, select SNMP V3 Privacy Protocol.Select either No Privacy or CBC DES Privacy. The default is No Privacy.If the device is using SNMP version 3, select SNMP V3 Privacy Password. Ifthe device is using CBC DES Privacy, enter the privacy password. The defaultis no password (an empty string).The SNMP V3 authentication protocol. Select No Authentication, MD5Authentication, or SHA Authentication. The default is MD5 Authentication.If the device is using SNMP V3 Authentication, enter the authenticationpassword. The default password is initialmd5.4 To place the new device in the list of devices to be added to the Ridgeline Inventory database, clickthe New button at the center of the page. The device specifications are added to the list.To remove a device specification from the list, select the entry for the device and click the Removebutton.5 Click Add to initiate the Add process.A message window appears showing the progress of the add request. Ridgeline makes a set ofSNMP requests to retrieve data from the device that is needed by various Ridgeline applications. Ifthe device is an <strong>Extreme</strong> switch, it also creates a set of SmartTraps rules that tell the switch whatstatus and configuration changes are of interest to Ridgeline.If the device cannot be added, the window shows an error status. When the add request is complete,click OK to continue.Ridgeline <strong>Reference</strong> <strong>Guide</strong>63
Managing Your Network InventoryNOTEAfter a device is added to Ridgeline, it may take between 1 and 5 minutes for information about the VLANsconfigured on the device to appear in Ridgeline displays. For devices with a large number of VLANs configured(more than 4,000), it may take longer for information about the VLANs to appear in Ridgeline displays.Modifying Communications SettingsYou can modify the access parameters for an individual device, or to add and delete members of adevice group. You must have read-write access to modify device contact information and device groups.If you have read access only, you cannot use this function.To modify the communications settings information for one or more managed devices in the database,complete the following steps:1 Select one or more devices whose communications settings information you want to modify. You canmodify multiple devices in the same operation if they all use the same settings.2 From the Device menu, select Modify communication settings. The following window is displayed.Figure 21: Devices tab of the Modify Communications Settings WindowThe fields on the Device tab, when the Basic tab is showing, are as follows:Filter by Device GroupDevice IP AddressDevice LoginTo select a device from a specific device group, select the device group from thepull-down list in the Filter by Device Group field. Select All Devices to view the listof all devices from all device groups.The IP address of the selected device.The login needed to Telnet to the device or to use <strong>Extreme</strong>Ware Vista.64Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3SSHDevice Manager ProtocolDevice Poll IntervalDevice Contact PasswordOfflineAdditional InfoSelects whether Ridgeline should use SSH2 for secure Telnet sessions. SSH2must be configured on the device in order for an SSH2 session to be establishedbetween Ridgeline and the device. If SSH is not available (SSH enabling key notinstalled) this field is not selectable.Note: If you disable SSH on the device, you will no longer be able to change thissetting in Ridgeline. Be sure to disable SSH in Ridgeline before you disable it onthe device.The protocol used to communicate with this device when using the device-basedelement manager (<strong>Extreme</strong>Ware Vista): HTTP or HTTPS. SSH must be enabledon the device.Specifies how frequently the Ridgeline server should poll the for detailed deviceinformation, such as software version, BootROM version, and so on. This alsoincludes EDP and ESRP information for non-”i” series devices. To avoid apotentially large amount of polling traffic, this detailed polling is only done every30 minutes for core (chassis) devices and 90 minutes for edge devices. Thedefault is 90 minutes for both the core and edge devices. You can change thisdetailed polling interval by entering a different value in this field.The password needed to Telnet to the device or to use <strong>Extreme</strong>Ware Vista.Sets the device to the offline state in the Ridgeline database. The device statecan either be offline or online.Any additional information you want to be included with this device. Maximum of255 characters.NOTEThe Device Poll Interval set here is different from the global Poll Interval you can set in RidgelineAdministration. The global poll interval controls the basic status polling needed to ensure SNMP reachability,and is typically done much more frequently than detailed device polling.NOTETo configure SSH2 on a device, the device must be running a version of the <strong>Extreme</strong>Ware software thatsupports SSH2. For more information on configuring a device to use SSH2, see the <strong>Extreme</strong>Ware SoftwareUsers <strong>Guide</strong>.3 Enter the changed information in the appropriate fields of the SNMP tab, as shown in Figure 22.Ridgeline <strong>Reference</strong> <strong>Guide</strong>65
Managing Your Network InventoryFigure 22: SNMP tab under the Modify Communications Settings WindowThe fields under the SNMP tab are as follows:SNMP <strong>Version</strong>SNMP Read Community StringSNMP Write Community StringSNMP V3 User NameSNMP V3 Privacy ProtocolSNMP V3 Privacy PasswordSNMP V3 Authentication ProtocolSNMP V3 Authentication PasswordThe version of SNMP (version 1 or version 3) that Ridgeline uses toaccess the device.Can be modified if the device is using SNMP version 1. Default is public.Can be modified if the device is using SNMP version 1. Default is private.The principal name used for SNMP V3 authentication and security. Thedefault (for <strong>Extreme</strong> <strong>Networks</strong> devices) is initialmd5.Specifies the SNMP V3 privacy protocol. Select either No Privacy or CBCDES Privacy. The default is No Privacy.If the device is using CBC DES Privacy, enter the privacy password. Thedefault is and empty password (no password).Specifies the SNMP V3 authentication protocol. Select No Authentication,MD5 Authentication, or SHA Authentication. The default is MD5Authentication.If the devices is using SNMP V3 Authentication, enter the authenticationpassword. The default password is initialmd5.4 To implement the settings changes, click Modify.If you have modified the Device Contact Password (under the Basic tab) or either of the SNMPCommunity strings, on <strong>Extreme</strong> <strong>Networks</strong> devices, Ridgeline asks if you want to change thosevalues on the switch as well as in the Ridgeline database. This dialog box appears only if you havechanged one of these three values, and lists only those that you have changed. If you change anyother values, such as the SNMPv3 settings, Ridgeline does not warn you and does not make changeson the device.This dialog box does not appear if you have changed only third-party devices.● To change the values in the Ridgeline database and on the device itself, click Device andDatabase● To change the values only in the Ridgeline database, click Database only.If you have already changed these values on the device, you should select Database only, asRidgeline will not be able to communicate with the device until after these settings have beenchanged in the database.66Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3If you change the community string in the database for a device, and do not elect to change it on thedevice itself, Ridgeline may no longer be able to communicate with the device.For settings other than the device contact password and community strings, Ridgeline does notmake any changes on the device. In order to continue to communicate with the device, you mustTelnet to the device to make changes. If you change the device contact password in both thedatabase and the device, Ridgeline will still be able to contact the device via Telnet to open a Telnetsession on the device.If you have modified both <strong>Extreme</strong> <strong>Networks</strong> and third-party devices, and you select the Device andDatabase setting, the device configuration will occur only on the <strong>Extreme</strong> <strong>Networks</strong> devices.5 The window stays open after you perform a Modify operation. When you have finished all yourchanges, click Close. If you have made changes to any of the fields but not modified them, Ridgelinewill ask you to confirm that you want to exit without making the changes.Deleting DevicesYou must have read-write access to delete devices from the Ridgeline database or from device groups. Ifyou have read-only access, you cannot use this function.To delete a device in Ridgeline:1 Select one or more devices you want to delete.2 From the Edit menu, select Delete.Ridgeline prompts you to confirm the deletion. If you are deleting the device from a device group, youare prompted whether you want to delete the device from only the currently selected group or from allgroups.Deleting an online device removes the information about the device from the Ridgeline database; thedevice can no longer be monitored and managed from the Ridgeline application. If the device is an<strong>Extreme</strong> switch, deleting it removes any SmartTraps rules, both from the database and the switchchange table. It also removes all information about VLANs, QoS Policy, and Virtual Chassis connectionsassociated with this switch from the Ridgeline database.If the device is unmanaged, the device is removed from Ridgeline, but the Smart Trap entries on thedevice are not removed.NOTEDeleting a device from Ridgeline has no effect on the configuration of the device itself, other than alteringthe trap receiver table.Updating Device InformationOccasionally, you may want to update the configuration and status information for one or more devicesin the Ridgeline database. The Refresh operation is a manual update you can use if you believe that thedevice configuration is not correctly represented in Ridgeline. It updates all information for a selectedset of devices, except for the contact information.Ridgeline <strong>Reference</strong> <strong>Guide</strong>67
Managing Your Network InventoryTo refresh the configuration and status information, follow these steps:1 Select one or more devices.2 From the View menu, select Update Device.Ridgeline uses SNMP to retrieve configuration and status information from each selected switch, andupdates the Ridgeline database with that information.NOTEOffline devices display a warning and are not synchronized.Configuring Default Access ParametersFor simplicity in managing multiple devices in large networks, administrators typically use the samelogins, passwords, community strings and so on, for multiple devices. Therefore, to save time whenadding new devices, Ridgeline provides default values for these communication parameters.To save time when you add your own network devices to the Ridgeline inventory, you can configurethe default values to those used in your own network.Ridgeline uses the <strong>Extreme</strong> default values for its switches as the defaults in Ridgeline:●●●●●●●Login as admin with no passwordSSH2 disabledFor Cisco devices only, the default Cisco enable password (none)Default SNMP v1 community strings public (for read) and private (for write)SNMP V3 user initialmd5SNMP V3 privacy set to No Privacy, with no passwordSNMP V3 authentication set to MD5 Authentication, with password initialmd5The Default Device Communication Settings window allows you to configure a set of default accessparameters for network devices you have not yet discovered. After you configure the default accessparameters, the network devices you discover and add to the Ridgeline database have these defaultparameters.You can change any of these as appropriate for your network installation. You can also override thedefaults for any individual device or set of devices when you initially add the devices to Ridgeline, orby selecting the device in Network Views and selecting Modify communications settings from theDevice menu.To configure default access parameters, complete the following steps:1 From the Tools menu, select Default communications settings.The Configure Defaults window, shown in Figure 23, is displayed.68Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3Figure 23: Default Device Communication Settings Window, Basic tabThe fields on the Basic tab are:Device LoginDevice Contact PasswordUse SSHDevice Manager ProtocolAdditional Info:The device login required for Telnet or to use <strong>Extreme</strong>Ware Vista. The default isadmin.The device password. The default is an empty password (no password).Whether SSH2 should be used for secure Telnet sessions. Select SSH Enabledif Ridgeline should use SSH2s. SSH2 must be configured on the device in orderfor an SSH2 session to be established between Ridgeline and the device. Thedefault is SSH Disabled.The protocol used to communicate with this device when using the devicebasedelement manager (<strong>Extreme</strong>Ware Vista): HTTP or HTTPS. SSH must beenabled on the device. The default is HTTP.Any information you want to be included, by default, for all devices added to theRidgeline inventory. Maximum of 255 characters.2 Click the SNMP tab to enter or make changes to any of the SNMP fields, as shown in Figure 24.These options apply to future network devices that you add to the Ridgeline database.Figure 24: Default Device Communication Settings Window, SNMP tabThe fields on the SNMP tab are:SNMP Read Community StringSNMP Write Community StringSNMP V3 User NameThe SNMP community string for devices using SNMP version 1. The default ispublic.The SNMP community string for devices using SNMP version 1. The default isprivate.The principal name used for SNMP V3 authentication and security. The defaultis initialmd5.Ridgeline <strong>Reference</strong> <strong>Guide</strong>69
Managing Your Network InventorySNMP V3 Privacy ProtocolSNMP V3 Privacy PasswordSNMP V3 AuthenticationProtocolSNMP V3 AuthenticationPasswordSpecifies the SNMP V3 privacy protocol. Select either No Privacy or CBC DESPrivacy. The default is No Privacy.If the device is using CBC DES Privacy, enter the privacy password. The defaultis no password (an empty string).Specifies the SNMP V3 authentication protocol. Select No Authentication, MD5Authentication, or SHA Authentication. The default is MD5 Authentication.If the devices is using SNMP V3 Authentication, enter the authenticationpassword. The default password is initialmd5.Reset clears the contents of the fields and reset them to their default values.3 Click Save to save your changes to the Ridgeline database.A message window appears showing you the progress of the Save command.4 Click OK to return to the Configure Defaults window.5 Click Close to exit the Configure Defaults window.Opening a Telnet Session to a DeviceYou can open a Telnet session on an individual device, and execute commands just as you would from astandard Telnet interface. You can optionally record the commands and output from a Telnet sessionand save the results to a file.For <strong>Extreme</strong> <strong>Networks</strong> devices, Ridgeline automatically logs into the switch based on the device loginname and contact password configured for the device in the Add Device window. For third-partydevices, you will need to provide the login and password interactively.To open a Telnet session to a device:1 click on the device’s row in the Devices table (or select it in the Map View, if available),2 Select Telnet into from the Device menu. A Ridgeline Telnet window is opened, and a Telnet sessionto the device is started, as shown in Figure 25.70Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3Figure 25: Ridgeline Telnet WindowThe Ridgeline Telnet window is a two-tone window—the bottom of the window is white, the top isgray. The last 25 lines of Telnet commands and responses always appear in the white portion of thewindow. As output grows, the older lines scroll up into the gray portion of the screen. This makes iteasy to tell whether you are viewing the most recent Telnet output.To copy text in an Ridgeline Telnet window:1 Select the text, then right-click and select Copy from the pop-up menu.To paste text from the clipboard to the command prompt in the Ridgeline Telnet window:1 Right-click and select Paste from the pop-up menu.To record the commands and output from a Telnet session:1 Select Start Recording from the Tools menu in the Ridgeline Telnet window.You can also start recording by clicking the icon, or by right-clicking and selecting Start Recordfrom the pop-up menu.To stop the recording:1 Select Stop Recording from the Tools menu in the Ridgeline Telnet window.You can also stop recording by clicking the icon, or by right-clicking and selecting Stop Recordfrom the pop-up menu. The recorded commands and output from the Telnet session are saved to afile on your local system.On Windows systems, the file saved in the following directory:Ridgeline <strong>Reference</strong> <strong>Guide</strong>71
Managing Your Network InventoryC:\Documents andSettings\\.epicenter.ridgeline\<strong>3.1</strong>\\data\admin\telnetOn Solaris/Linux systems, the file saved in the following directory:~/.epicenter.ridgeline/<strong>3.1</strong>//data/admin/telnetThe file name is in the format --.txt; for example:10_210_12_4-20090113-120302.txtUsing the Show Tech Command to Upload Device Informationfor <strong>Extreme</strong> SupportDuring a telnet recording session, you can use the show tech command to record device informationthat includes troubleshooting information for the device. After you finish a recording you can zip theinformation and upload it to <strong>Extreme</strong> Support.To record the show tech command and output from a Telnet session:1 Select Start Recording from the Tools menu in the Ridgeline Telnet window.You can also start recording by clicking the icon, or by right-clicking and selecting Start Recordfrom the pop-up menu.2 Enter the command at the telnet prompt:# show techThis command has the following options:● show tech brief Provides a short description of the device information● show tech detailed Provides specific device information3 Stop the recording when the command process ends. Select Stop Recording from the Tools menu inthe Ridgeline Telnet window.You can also stop recording by clicking the icon, or by right-clicking and selecting Stop Recordfrom the pop-up menu.The recorded commands and output from the Telnet session are saved to a file on your local system.On Windows systems, the file is saved in the following directory:C:\Documents and Settings\\.epicenter.ridgeline\<strong>3.1</strong>\\data\admin\telnetOn Solaris/Linux systems, the file saved in the following directory:~/.epicenter.ridgeline/<strong>3.1</strong>//data/admin/telnetThe file name is in the format --.txt; for example:10_210_12_4-20090113-120302.txt4 When the recording stops, go to the directory on your local system and zip the file.5 Upload the zipped file to <strong>Extreme</strong> Support.Collecting Device Information for <strong>Extreme</strong> SupportYou can log into a device from the server and run <strong>Extreme</strong>XOS commands that collect informationabout the device, save it to an archive and send it to the server’s TFTP directory. You can then log intothe server and get the archive.72Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 3To collect information about a device and copy it to the server TFTP directory, complete the followingsteps:1 From the Devices tab, select the device from which you want to collect data.2 From the Device menu, select Telnet into. This option is also available from the right-click contextmenu. A Telnet window into the device opens (Figure 25).3 In the Telnet window, enter the show tech all logto file command. The following example shows thecommand and the command messages:BD-12804.1 # show tech all logto fileshow tech command output is logging into internal-memory...................................................show tech command output file show_tech.log.gz is saved into internal-memoryBD-12804.2 #4 Enter the command upload debug where is the address of the server.When prompted to run the show tech logto file command, enter N. The following example showsthe command and command messages.BD-12804.2 # upload debug 10.210.16.74Do you want to run show tech logto file first? (y/N) No..........................The following files on the MASTER have been uploaded:Tarball Name: BD-12804_AI_09081505.tgz./show_tech.log.gz./trace.devmgr.27844./trace.nodemgr.27845Tarball Name: BD-12804_AC_09081505.tgz./epicenter.cfg./mullai_torino.cfg./primary.cfg./secondary.cfg./snapshot.cfg./torino-0404.cfgBD-12804.3 #In this example, two .tgz archives are created: BD-12804_AI_09081505.tgz and BD-12804_AC_09081505.tgz5 On the server, verify the location of the TFTP folder by clicking Tools > TFTP server configuration.The Configure TFTP Server dialog box (Figure 26) displays the path to the TFTP folder in the SetTFTP Root field.Ridgeline <strong>Reference</strong> <strong>Guide</strong>73
Managing Your Network InventoryFigure 26: Configure TFTP ServerUse the cursor to scan the entire path to the TFTP directory. If the server uses the default systemTFTP server, the path is/opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline<strong>3.1</strong>_web/deploy/user.war/tftp.6 Log into the server to retrieve the .tgz files using the protocol that the server requires, Telnet or SSH.74Ridgeline <strong>Reference</strong> <strong>Guide</strong>
4OrganizingCHAPTERDevices and PortsInto GroupsThis chapter describes how you can use the Ridgeline grouping feature to place devices and ports intological, hierarchical groups and contains the following sections:● “Overview of Device Groups and Port Groups” on page 75● “Managing Device Groups and Port Groups” on page 77Overview of Device Groups and Port GroupsRidgeline has a powerful grouping feature that allows you to assemble groups of devices and ports, andview information about them or manage them at a group level.The Ridgeline grouping feature allows you to complete the following steps:●●●Organize your devices and ports in a logical group structureFor example, you can create a device group, “Main Campus”, consisting of devices in that location.Within the “Main Campus” device group, you can create subgroups such as “Building 1”, “Building2”, and so on, and administer and view status of devices within the individual groups.You can create a port group consisting of the voice-over-IP (VoIP) ports on all switches in yournetwork, and monitor status of the ports in the group.Establish the scope for performing operations in RidgelineDevice and port groups are used in conjunction with other Ridgeline features, such as the FirmwareManager and Profile Manager, to limit the display to just those devices in a specific group. Forexample, if you want to use the Firmware Manager to upgrade the software images for just thedevices in the “Building 1” device group, you can display the contents of the Building 1 devicegroup in the Firmware Manager window, and select only the devices in the group for upgrade.View graphical representations of device groupsThe Ridgeline network map feature allows you to create diagrams of device groups in your networkand display information about them graphically.See “Using Map Views” on page 75 for more information.Displaying Groups in the Network Views FolderTo display the device groups and port groups in Ridgeline, expand the list of items in the NetworkViews folder. Figure 27 shows the display for a device group.Ridgeline <strong>Reference</strong> <strong>Guide</strong>75
Organizing Devices and Ports Into GroupsFigure 27: Displaying a Device GroupNetwork Views Folder“All” Device GroupTop-level GroupSubgroupGroupAlarmStatusPortGroupMapView ofGroupTableView ofGroupThe Network Views folder in the Ridgeline Navigation Pane lists the device groups and port groupsdefined in Ridgeline. By default, a single device group, All, contains all of the devices known toRidgeline.Within the Network Views folder, you can create groups and subgroups and populate them withdevices from the All group. A top-level group can have multiple subgroups below it. The alarm statusfor the group is indicated on the folder icon next to the group name.Clicking a group in the Network Views folder shows information about the devices in the table view. Inthe table view are tabs for displaying information about links between the devices, VLANs, and EAPSconfiguration. In the table view are tabs for displaying information about links between the devices,VLANs, EAPS configuration, and services. When an advanced license is installed, there are also tabs forVPLS and PBB. Information in the table view can be exported to a Microsoft Excel spreadsheet.The map view allows you to view a graphical representation of the devices in a top-level device groupand its subgroups, as well as the status of links between the devices. See “Using Map Views” onpage 87 for information about creating and using maps.76Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 4Group Membership <strong>Guide</strong>linesGroups can contain only one kind of object: ports cannot be members of device groups, and devicescannot be members of port groups.A given device or port can reside in multiple groups in the Network Views folder, but not within thesame top-level group hierarchy.For example, you can create a top-level device group called “North America,” with a subgroup “BayArea” that has a subgroup “Santa Clara Campus”. If you place a given switch in the “Santa ClaraCampus” subgroup, you cannot also place the same switch in either of the “North America” or “BayArea” groups.However, if you create a second top-level group called “EXOS Switches”, which is not a subgroup of the“North America” group, you can place the switch in the “EXOS Switches” group, even though theswitch also resides in the “Santa Clara Campus” subgroup of the “North America” group.Managing Device Groups and Port GroupsThis section describes how to perform the following tasks:●●●●●●●●Create a groupAdd a device to a device groupAdd a port to a port groupCopy or move groupsRemove devices or ports from groupsModify the properties of a groupDisplay detailed group informationExport group information to a Microsoft Excel spreadsheetRidgeline <strong>Reference</strong> <strong>Guide</strong>77
Organizing Devices and Ports Into GroupsCreating a GroupTo create a group, complete the following steps:1 From the Ridgeline File menu, select New > Group. The New Group window is displayed, asshown in Figure 28.Figure 28: New Group Window2 Enter the name and optional description for the new group3 Click the appropriate radio button to specify whether this is a device or port group4 Select the location in the Network Views hierarchy where the new group should be placed.Highlight Network Views to make this a top-level group. If other top-level groups exist, highlightone of them to make the new group a subgroup of the highlighted group. To make the new group asubgroup of an existing subgroup, expand the list of groups and select a subgroup from the list.5 Click OK to create the new group.Adding a Device to a Device GroupTo add a device to a device group, complete the following steps:1 Display the device in a table of devices.One way to do this is to select the All table view, then click the Devices tab to show all devices. Youcan also display the contents of the Devices tab from the All map view.2 Click the device to select it in the table.3 From the File menu, select Group > Copy to Group.The Copy to group window is displayed, as shown in Figure 29. This window lists the devicegroups that have been created in Ridgeline. By default, just the top-level groups are displayed. Todisplay the subgroups within a top-level group, click the plus sign next to the group name.78Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 4Figure 29: Copy to Device Group Window4 Select the group in which you want to place the device. Note that a device can be placed in a toplevelgroup hierarchy only once. See “Group Membership <strong>Guide</strong>lines” on page 77 for moreinformation.5 Click OK to place the device in the selected group.Adding Ports to a Port GroupThe ports that make up a port group can be either from a single device or from multiple devices.Adding Ports from a Single Device to a Port GroupIf the port group will contain ports from a single device, complete the following steps:1 Display the device in a table of devices.One way to do this is to select the All table view, then click All devices to show all devices.2 Right-click the device and select Open from the pop-up menu to display the device details windowfor the selected device, as shown in Figure 30.Ridgeline <strong>Reference</strong> <strong>Guide</strong>79
Organizing Devices and Ports Into GroupsFigure 30: Device Details Window3 The Device Details window lists all of the ports on the selected device. Select the ports you want toadd to the port group. Use Shift-Click to select a group of ports or Ctrl-Click to select individualports.4 After selecting the ports, right-click and select Copy to group from the pop-up menu.The Copy to group window is displayed, as shown in Figure 31. This window lists the port groupsthat have been created in Ridgeline. By default, just the top-level groups are displayed. To displaythe subgroups within a top-level group, click the plus sign next to the group name.Figure 31: Copy to Port Group Window5 Select the group in which you want to place the port(s). Note that a port can be placed in a top-levelgroup hierarchy only once. See “Group Membership <strong>Guide</strong>lines” on page 77 for more information.6 Click OK to place the port(s) in the selected group.80Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 4Adding Ports from Multiple Devices to a Port GroupIf the port group will contain ports from multiple devices, complete the following steps:1 From the File menu, select Group > Add Ports to Port GroupThe Add to Port Group window is displayed, as shown in Figure 32.Figure 32: Add to Port Group Window2 The Add to Port Group window lists the devices in the Ridgeline inventory. Click the All Devicesbutton to display all of the devices in inventory, or click the Device group button and specify one ormore device groups from the drop-down list.3 Devices in the selected group (either all devices, or one or more device groups) are displayed in theleft column of the window. From the left column, select the devices that contain the ports that youwant to add to the port group, then double-click the device, or click the Right Arrow button, tomove the device to the right column4 When all of the devices with ports you want to add to the port group are in the right column, clickthe Next button to display the port selection window, as shown in Figure 33.Ridgeline <strong>Reference</strong> <strong>Guide</strong>81
Organizing Devices and Ports Into GroupsFigure 33: Port Selection Window5 The port selection window lists all of the ports on all of the devices you selected in the Add to portgroup window. Select the ports you want to add to the port group. You can use the Filter and QuickFilter boxes to limit the number of ports displayed in the table. Use Shift-Click to select a group ofports or Ctrl-Click to select individual ports.6 After selecting the ports, click the Add Selected Port(s) to Group button.The Copy to group window is displayed. This window lists the port groups that have been createdin Ridgeline. By default, just the top-level groups are displayed. To display the subgroups within atop-level group, click the plus sign next to the group name.7 Select the group in which you want to place the port(s). Note that a port can be placed in a top-levelgroup hierarchy only once. See “Group Membership <strong>Guide</strong>lines” on page 77 for more information.8 Click OK to place the port(s) in the selected group.Copying or Moving GroupsYou can copy or move a device group into another device group, and copy or move a port group intoanother port group. Note that device groups cannot be moved or copied into port groups and portgroups cannot be moved or copied into device groups. Groups cannot be copied or moved to the root(Network Views) group.To copy or move a group to another group, complete the following steps:1 In the Network Views folder, select the group you want to copy or move.2 Right-click and select either Copy to group or Move to group from the pop-up menu.82Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 4A window is displayed listing the groups that have been created in Ridgeline. By default, just thetop-level groups are displayed. To display the subgroups within a top-level group, click the plus signnext to the group name.3 Highlight the destination group in which you want to copy or move the selected group, then clickthe OK button.The selected group is moved or copied to the destination group. If the copy or move operationwould result in a device or port being placed in a top-level group hierarchy more than once,Ridgeline displays an error message, and the operation is cancelled.Removing Devices or Ports from GroupsTo remove a device or port from a group, complete the following steps:1 In the Network Views folder, select the group that contains the device or port you want to remove.2 Select the device or port in the table.3 From the Edit menu, select Delete.Ridgeline prompts you for confirmation to delete the selected devices or ports. For a device, you canelect to delete it from just the selected group or from all groups. If you delete a device from allgroups, it is removed from the Ridgeline inventory database.Modifying the Properties of a GroupYou can change the properties for a device group or port group, including the group name ordescription.To change the properties for a group, complete the following steps:1 In the Network Views folder, select the group whose properties you want to modify.2 From the File menu, select Group > Properties to display the Properties window for the group, asshown in Figure 34.Ridgeline <strong>Reference</strong> <strong>Guide</strong>83
Organizing Devices and Ports Into GroupsFigure 34: Properties Window for a Device GroupTable 3: Fields in the Group Properties WindowNameDescriptionTypeLocationLast ModifiedContainsView Port InventoryThe configured name of the groupThe configured description for the groupWhether this is a device group or a port groupThe location within the Network Views hierarchy where the group resides.Groups and subgroups within the hierarchy are indicated by a vertical bar (|) characterbetween device group names. For example, “North America | Bay Area” indicates atop-level group “North America” with a subgroup “Bay Area”.The date and time the group was last modified.The number of devices or ports and subgroups contained within the group.For device groups, provides a link to the Port Inventory window, listing informationabout the number of active ports for each device in the group.3 Add or change information in the Name or Description fields, and click OK to save the changes.Displaying Group DetailsTo display details about a group, click the group’s row in the Table View. Information about the selectedgroup shows in the details pane. Double click on the row to open a separate window with the devicedetails. Group details are displayed in a separate window, as shown in Figure 35.84Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 4Figure 35: Group Details WindowTable 4: Fields in the Group Details WindowNameDescriptionTypeLocationLast ModifiedContainsView Port InventoryThe configured name of the groupThe configured description for the groupWhether this is a device group or a port groupThe location within the Network Views hierarchy where the group resides.Groups and subgroups within the hierarchy are indicated by a vertical bar (|) characterbetween device group names. For example, “North America | Bay Area” indicates atop-level group “North America” with a subgroup “Bay Area”.The date and time the group was last modified.The number of devices or ports and subgroups contained within the group.For device groups, provides a link to the Port Inventory window, listing informationabout the number of active ports for each device in the group.In addition, the display lists information the contents of the group, either ports or devices. You can usethe Filter and Quick Filter boxes to limit the contents of the table.Ridgeline <strong>Reference</strong> <strong>Guide</strong>85
Organizing Devices and Ports Into GroupsExporting Group InformationYou can export a Microsoft Excel spreadsheet containing information about the contents of a devicegroup or port group.complete the following steps:1 In the Network Views folder, select the group you want to export.If necessary, use the Filter box to filter the list of devices or ports in the table.2 Select Save as from the File menu.Figure 36: Save As Window3 Select whether to save the only the viewable data (that is, just the filtered data currently shown inthe table), or all data for all devices/ports in the group.4 Click Browse and specify the location and name for the exported file.5 Click Save to export the group information to the specified location.86Ridgeline <strong>Reference</strong> <strong>Guide</strong>
5UsingCHAPTERMap ViewsThis chapter describes Ridgeline’s network topology map feature and how you can use it to creategraphical representations of device groups in your network. It contains the following sections:● “Overview of Ridgeline Map Views” on page 87● “Displaying a Map View” on page 88● “Creating Topology Maps” on page 96Overview of Ridgeline Map ViewsRidgeline’s network topology map feature allows you to view your network (Ridgeline-manageddevices and the links between devices) graphically, as a set of maps. These maps can be organized intosets of submaps that allow you to represent your network as a hierarchical system of campuses,buildings, floors, closets, or whatever logical groupings you want. You can also create additional mapviews (sets of maps) for different purposes.Ridgeline’s Map View is a graphical representation of a specific device group or the All group. Whenyou create a device group, you have the option of selecting the Map view of the group, which causesRidgeline to generate a network topology map, populated with the devices in the group. Ridgeline alsoadds any links that exist between the device nodes, and organizes them into submaps as appropriate.You can customize the resulting maps by moving elements, adding new elements, such as links,“decorative” (non-managed) nodes, and text, and customizing the device nodes themselves.NOTELinks can only be discovered and auto-populated between <strong>Extreme</strong> <strong>Networks</strong> devices that have the<strong>Extreme</strong> Discovery Protocol (EDP) or the Link Layer Discovery Protocol (LLDP) enabled, or on third-party deviceswith LLDP enabled. Links cannot be discovered on non-<strong>Extreme</strong> <strong>Networks</strong> devices that do not run LLDP, or on<strong>Extreme</strong> <strong>Networks</strong> devices with EDP and LLDP disabled.In addition, from a managed device node on a map, you can invoke other Ridgeline functions such asthe alarm browser, Telnet, real-time statistics, or view the device details window.You can customize the layouts of your maps into hierarchical views using copy and paste, or bydeleting devices from one map and then adding them to a different map. You can also add and removeuser-defined links between devices, as well as decorative nodes (nodes that aren’t discovered ormanaged by Ridgeline).Ridgeline <strong>Reference</strong> <strong>Guide</strong>87
Using Map ViewsDisplaying a Map ViewTo display the map for a device group, select the device group in the Network Views folder and clickthe Map tab. (Map views are not available for port groups.) If a topology map exists for the group, thenit appears in the Map view, as shown in Figure 37.Figure 37: Map View of a Device GroupNetwork Views FolderDevice GroupMap ViewZoom BarDevice DetailsGroupAlarmStatusDeviceNodeLinkSubmapNodeNavigationTableNavigation Box88Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 5The main components of a Ridgeline Map View are the following:Device GroupMap ViewNavigation TableAlarm StatusDevice NodeSubmap NodeLinksNavigation BoxZoom BarDevice DetailsA set of devices that have been placed in a Ridgeline group hierarchyIn Ridgeline, you can create groups of ports and devices, although topology maps aresupported for device groups only. See “Organizing Devices and Ports Into Groups” onpage 75 for information about creating device groups.A device group hierarchy has one top-level group and can have multiple levels ofsubgroups below it. When a map is created, Ridgeline creates separate maps for thetop-level group, as well as for any subgroups.The graphical representation of the devices and links in the currently selected devicegroup or subgroup. Selecting a device in the Map View causes the corresponding rowin the Navigation Table to be selected.Table of information about the objects displayed in the Map View. Selecting a device inthe Navigation Table causes the corresponding icon in the Map View to be selected,and detailed information about the selected device to be displayed in the device detailswindow.You can click on the tabs in the Navigation Table to display information about thedevices, links, VLANs, and EAPS rings in the device group.The highest level alarm currently unacknowledged among the devices in the currentmap or any of its submaps. Devices and submaps within this map that have alarmpropagation disabled do not contribute to this status.If the alarm icon has an “X” through it, this means alarm propagation has beendisabled for this map, and will not contribute to the alarm status of the next higher-levelmap.Within the map view, an icon that represents a managed device in the device group.Within the map view, an icon that represents a subgroup of the currently displayedgroup.Colored lines that represent connectivity between nodes in the map.A box in the lower corner of the Map View that provides a thumbnail view of thetopology map. Use the smaller box within the Navigation Box to move around a largemap. Click the arrow icon to display or hide the Navigation Box in the Map View.Specifies the magnification level for the map. You can move the slider to zoom to oneof six magnification levels.Detailed information about the selected object.You can click on the tabs to display information about the ports, operational status,links, VLANs, and EAPS rings for the selected device.Map ElementsThe following elements can appear on a map:Device Nodes. Device nodes represent the managed devices found in the device group.A device node shows the following information:●●●●The name of the device as it is kept in the Inventory database.An optional, user-supplied annotation for the node.A small icon representing the specific device or device product line. If the device is of an “unknown”type, an unknown device icon (a circle with a question mark) is displayed.The device’s IP address.Ridgeline <strong>Reference</strong> <strong>Guide</strong>89
Using Map Views●●The device alarm status, indicated by the presence of an alarm icon (small bell). The alarm statusshows the highest level alarm currently unacknowledged for the device. The color of the bellindicates the severity of the alarm.If no icon appears, then either there are no unacknowledged alarms for the device, or the alarmstatus is below the alarm status threshold for the view. The alarm status threshold is set in theproperties window for the map, and specifies the lowest severity level at which an alarm status iconshould be displayed for a device node on the map.If the alarm icon has an “X” through it, this means alarm propagation has been disabled for thisdevice; the alarm status of this device does not influence the aggregate alarm status displayed for themap in which this node is located.The device status, indicated by the icon.- A red slash through the icon indicates that the device is down.- A gray icon indicates that the device is offline.- An icon without a red slash or gray color indicates that the device is up.Submap Nodes. A submap node represents a child map of the current map. It resembles a folder icon.The submap node icon shows the following information:● The name of the node (submap), which can be edited.● The submap alarm status, indicated by the presence of an alarm icon (small bell). The alarm statusshows the highest level alarm currently unacknowledged for any device within the submap. Ifmultiple devices within the submap have unacknowledged alarms, the icon indicates the mostsevere alarm among all those devices. The color of the bell indicates the severity of the alarm.If the alarm icon has an “X” through it, this means alarm propagation has been disabled for thissubmap; the alarm status of this submap does not influence the aggregate alarm status displayed forhigher level maps.A submap node does not provide any additional status information.Hyper Nodes. A hyper node represents a link termination where the terminating node is present in ahigher-level map or device group. A hyper node shows the same information as the device group itrepresents. A hyper node can have links only between itself and other devices on the displayed map. Ahyper node does not link to other hyper nodes.You can double-click on a hyper node icon to navigate directly to the map and the device grouprepresented by the hyper node.A hyper node icon shows the following information:● The name of the device group that this hyper node represents.● An optional, user-supplied annotation for a the hyper node.●The device alarm status, indicated by the presence of an alarm icon (small bell). The alarm statusshows the highest level alarm currently unacknowledged for the devices in the group. The color ofthe bell indicates the severity of the alarm.If no icon appears, then either there are no unacknowledged alarms for the device group, or thealarm status is below the alarm status threshold for the view.90Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 5NOTEYou cannot add, cut, or delete hyper nodes; they are placed and removed automatically by Ridgeline asrequired by device connectivity.Decorative Nodes. A decorative map node can be created by the user to represent any other type ofnode that is not discovered or managed by Ridgeline, such as a server or workstation. A decorativenode shows the name, description, and optional annotation of the node, which can be edited.Text Nodes. A text map node is a single-line text field that can be placed anywhere in a network map.It can be used to create a title for the map, additional annotations for other map elements, comments,and so on.Clouds. A cloud can be added to a map to represent a network. As with decorative nodes, you canadd name, description, and optional annotation to a cloud.Links. A link represents connectivity between nodes in the map. Links are automatically detected on<strong>Extreme</strong> <strong>Networks</strong> devices when EDP or LLDP is enabled on either device. Links can also be detectedon third-party devices that support LLDP. Links can also be user-created.NOTEFor devices with EDP and/or LLDP disabled or not supported, you can manually add user-defined links tothe map to represent connectivity between devices. They are not updated when the map topology changes. Thebehavior of the system-discovered links described in the following paragraphs does not apply to user-defined links.When a discovered link connects two devices on the same map, the link will be annotated with the portnumber, or slot and port number for each of the endpoints.When one of the endpoints is within a higher-level device group, a hyper node is used to represent thehigher-level device group that contains the endpoint.If there are multiple links running between two devices, each link is shown individually as long as thereare 24 links or fewer. If 25 or more links connect two devices, they are represented as a composite link.For a composite link, the link annotation provides the total number of links in the composite and thenumber of links in each applicable status category (up, down, partially up, or unknown).The appearance of a link shows a variety of information about the link.The width of the link line indicates the link type:●●●●●A thin line indicates a 10/100 link.A medium line indicates a gigabit link.A thick line indicates a 10 gigabit link.A very thick line indicates a composite link.A link shown with a double line indicates a load-shared link.The color of the link line indicates the link status:● A green line indicates that the link is up (both device ports are up).Ridgeline <strong>Reference</strong> <strong>Guide</strong>91
Using Map Views●●●●A red line indicates that the link is down (both device ports are down). If the link is a compositelink, red means that one of the links in it is down.A yellow line may be displayed for composite or load-shared links:- For a composite link, yellow indicates that some of the links in a load shared link included in thecomposite link are up, and some are down.- For links that are members of a load shared group, yellow indicates that one or more load-sharedlinks are down. All links in the group will be displayed as yellow if one or more of the links inthe group is down.A blue line indicates a user-created link.A broken line indicates a down link.Two lines with a circle indicates a shared link:● Green indicates the link is up.● Greyed-out green indicates the last-known status of the link was up.●●●Red line indicates the link is down.Greyed-out red indicates the last known state was down.Yellow indicates that some ports on this link are up and that some are down.The format of the link annotation indicates whether the link was created (discovered) automatically byRidgeline, or is a user-created link:● If the endpoints in the link annotation are separated by a dash (p1:2 - p24) the link was createdautomatically.● If the endpoints in the annotation are separated by an “x” (p1:2 x p24) the link is a user-createdlink. A user-created link may also have a “?” as the port, indicating an unknown port.● If the ports on a device are load-shared, the endpoint is followed by an “s” (p17s - p24s) in theannotation.● The annotation for composite links indicates the number of links that are up (26 up).●The management port is indicated by an “m” (p17 - p2m).Four of these link types are shown in Figure 38. Figure 38 is a composite illustration. The linksconfigured between two devices might not contain all the link types shown.Figure 38: Four Link TypesAutomatically-created linkUser-created linkLoad-shared linkComposite linkViewing Information in Topology MapsThe navigation table in the Map view lists information about all of the objects in the device group. Itincludes separate tabs with information about the devices, links, VLANs, and EAPS domains in the92Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 5device group. Clicking on any of the tabs in the navigation table displays a table of all the objects of thattype that exist in the device group.Selecting one or more objects within the navigation table displays additional information about theselected object(s) in the device details window, and also causes the applicable devices to be selected inthe map.Figure 39: Displaying Information in a Map ViewClick a row in the Navigation TableInformation about the selected objectappears in the Details windowThe devices where the object isconfigured are highlighted on the mapRidgeline <strong>Reference</strong> <strong>Guide</strong>93
Using Map ViewsThe Navigation table has the following tabs:DevicesLinksVLANsEAPSServicesPBBVPLSDisplays information about the devices in the device group, as well as any decorativenodes or clouds. Clicking on a device in the table displays additional information aboutthe selected device in the details window, and also highlights the device’s icon in themap.See “Displaying Device Details” on page 40 for information about the tabs that appearin the details window when a device is selected.Displays information about all of the links between the devices in the device group,including automatically detected and user-defined links. Clicking on a link highlights thelink in the map. You can display information about the selected link by selectingProperties from the File menu.Displays information about the VLANs configured on the devices in the device group.Clicking on a VLAN in the table displays additional information about the selectedVLAN in the details window, and also displays an overlay view highlighting all of thedevices and links in the map where the selected VLAN is configured.Depending on the type of VLAN selected, additional information may be displayed onthe map and in the details window for the VLAN. See “Displaying VLAN Details” onpage 40 for information about the tabs that appear in the details window when a VLANis selected.Enable the “Show Full Path” checkbox to display the path a packet would take acrossthe various VLANs in the network, taking into consideration VLAN services configuredon the managed devices, such as subscriber VLANs, Private VLANs, and VMANs.Displays information about all of the EAPS domains configured on the devices in thedevice group. Clicking on a row in the table displays additional information about theselected EAPS domain in the details window, and also provides an overlay view of thestatus of the devices and links in the EAPS domain.See “Displaying EAPS Domain Details” on page 261 for information about the tabs thatappear in the details window when an EAPS domain is selected.Displays information about the E-Line and E-LAN services configured in your network.Clicking on a row in the table displays additional information about the Ethernet servicein the details window.See “Displaying Ethernet Service Details” on page 137 for information about the tabsthat appear in the details window when an E-Line or E-LAN service is selected.Displays information about the ISIDs, BVLANs, SVLANs, and CVLANs known toRidgeline. Clicking on a row in the table displays additional information about the PBBcomponent in the details window.See “Displaying PBB Details” on page 281 for information about the tabs that appear inthe details window when a PBB ISID, BVLAN, SVLAN, or CVLAN is selected.Displays information about the VPLS domains known to Ridgeline. Clicking on a row inthe table displays additional information about the VPLS domain in the details window.See “Displaying VPLS Details” on page 291 for information about the tabs that appearin the details window when a VPLS domain is selected.Navigating MapsTo move around in the map, you can complete the following steps:●●●Use the Zoom bar to zoom in or out of an area of the mapUse the Navigation box to move to a section of a mapClick in the Map view and drag so that the section appears in the display94Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 5Zooming In and Out on a MapTo zoom in the current map, do one of the following:●●●Select Zoom in from the Map menu.Click the icon at the top of the zoom bar.Move the slider on the zoom bar upward.To zoom out the current map, do one of the following:●●●Select Zoom out from the Map menu.Click the icon at the bottom of the zoom bar.Move the slider on the zoom bar downward.Using the Navigation BoxThe navigation box is in the lower corner of the Map View, and provides a thumbnail view of the entiremap.Figure 40: Navigation Box in a Map ViewDrag the smallerbox to move aroundthe mapArrow IconNavigationBoxUse the smaller box within the Navigation Box to move around a large map. Click the arrow icon todisplay or hide the Navigation Box in the Map View.Ridgeline <strong>Reference</strong> <strong>Guide</strong>95
Using Map ViewsCreating Topology MapsBecause a topology map is a graphical representation of a device group, the first step in creating atopology map is to create a device group. See “Organizing Devices and Ports Into Groups” on page 75for information about creating device groups.To create a topology map for a device group, complete the following steps:1 In the Network Views folder, select a device group. (Topology maps are not available for portgroups)2 Click the Map tab below the Table View of the device group. Ridgeline displays a blank map with aprompt asking whether to create a map for the group.3 Click Yes to create the map. Depending on the number of devices and links in the device group, itmay take a few minutes for Ridgeline to generate the map.When generating the map, Ridgeline creates an icon for each device, and automatically detects linksbetween <strong>Extreme</strong> <strong>Networks</strong> devices when EDP or LLDP is enabled on either device. Links can alsobe detected on third-party devices that support LLDP.Specifying Map PropertiesMap properties include the alarm status that is displayed on the map, background image, the content ofthe labels describing links, and the sizing of objects on the map.●●To specify properties for the currently displayed map, select Properties from the Map menu.To specify global properties for all maps, select Options from the Tools menu.The window in Figure 41 is displayed.96Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 5Figure 41: Map Properties WindowIn the Information section of the window, you can specify the lowest severity level at which an alarmstatus icon is displayed for a device node. In the map, the device’s alarm status is represented by analarm icon (small bell). The alarm status shows the highest level alarm currently unacknowledged forthe device. The color of the bell indicates the severity of the alarm.You can also specify how information is displayed for the devices on the map. Each kind of deviceinformation (alarm status, device name, IP address, device annotation) can be shown with the deviceicon at all zoom levels, not at all, or at relevant zoom levels. Showing the information at relevant zoomlevels (the default) means that each type of device information is shown at some zoom levels of themap, and not at others. For example, by default a device’s IP address or alarm status is shown at zoomlevel 4 and below; a device’s name and annotation is shown at zoom level 3 or below.In the Background Image section, you can specify the filename of a graphic to be used as a backgroundimage on the map. Ridgeline includes a number of sample background images, and you can add yourown. To add an image to the list of available background images, place it in the/deploy/extreme.war/gifs/topologyBackgroundImages directory.In the Link Label section, you can indicate the text caption that appears on links. This can be either theport numbers (for example, p1-p2), or the port number with the port name in parentheses.In the Appearance section, you can specify the size of the text used in the captions for the map title,objects, and links, as well as the background color of the map.After specifying properties for the map, click Save changes to apply the new properties and close thewindow. Click Restore global map settings to reset the map properties to the globally set values.Ridgeline <strong>Reference</strong> <strong>Guide</strong>97
Using Map ViewsLaying Out the MapYou can drag map nodes around on the map yourself, or you can have Ridgeline lay out the map nodesfor you. To have Ridgeline do the map layout, select Auto layout from the Map menu.The Auto layout function calculates a default map layout, optimizing for node and link placement tominimize overlap. If necessary, Ridgeline may create a layout that is larger than the visible windowarea. In this case, scroll bars allow you to view different parts of the map.Creating User-Defined LinksLinks represent connectivity between nodes in the map. When a map is created, links are automaticallydetected on <strong>Extreme</strong> <strong>Networks</strong> devices when EDP or LLDP is enabled on either device. Links can alsobe detected on third-party devices that support LLDP.In addition to the automatically detected links, you can manually define your own links. This can beuseful in situations where you want to represent a link between devices when a “real” link cannot bedetected by Ridgeline. This may be the case if EDP and LLDP are disabled on an <strong>Extreme</strong> <strong>Networks</strong>device, if a non-<strong>Extreme</strong> <strong>Networks</strong> device does not support LLDP, or if neither EDP or LLDP aresupported by the version of software running on the device.On the map display, the endpoints of a user-defined link are separated by an “x” rather than by a dash“-”. For example, the link annotation “p1:1 - p24“indicates an automatically detected link; theannotation “p1:1 x p24” indicates a user-defined link.To create a user-defined link, complete the following steps:1 Display the map for the device group by clicking on the Map tab at the bottom of the Ridgelinewindow.2 From the File or the Map menu, select New > Link, or select two devices and right-click in the mapview and select New > Link from the pop-up menu. The New Link window is displayed, as shownin Figure 42.Figure 42: New Link Window3 The New Link window is divided into two sections, Side A and Side B, representing a device oneither end of the link. For each side of the link, complete the following steps:98Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 5abFrom the Name list, select the device for this side of the link. The Name list contains the nameand IP address of each object in the device group.Optionally, from the Port number list, select a port on the device for the endpoint of the link. Ifyou enable the Show VLANs box, the VLANs that the selected port is a member of are displayed.c As an alternative to selecting a port, you can specify a text annotation to describe this side of thelink on the map. To do this, click the Annotation button, and enter the text in the box.4 When you have finished specifying both ends of the link, click OK to create the link on the map.Removing Inactive Links from the MapOn a topology map, the color of the link line indicates the link status. A red line indicates that the linkis inactive (at least one of the ports that make up the link is down). You can remove the inactive linksfrom the map.To remove the inactive links between two devices:1 Select the two devices in the map view.2 From the Map menu, select Clear inactive links from > Selected two devices.Removing inactive links clears links that exist between the selected two devices in the currentlydisplayed map, as well as in any other device maps with inactive links between the two devices.To remove the inactive links in the top-level group and subgroups of a device group:1 Display the map view of the device group.2 From the Map menu, select Clear inactive links from > Selected primary group and its subgroups.To remove the inactive links for all the devices in all device groups:●From the Map menu, select Clear inactive links from > All devices.Adding Graphic Elements to the MapIn addition to devices, links, and background images, you can add other graphic elements to the map torepresent objects not managed by Ridgeline. These elements include:●Decorative Nodes. Decorative nodes represent any type of node that is not discovered or managedby Ridgeline, such as a server or workstation.To add a decorative node to your map, select New > Node from the File or the Map menu. Thefollowing window is displayed:Figure 43: New Node WindowRidgeline <strong>Reference</strong> <strong>Guide</strong>99
Using Map Views●●In the New Node window, enter the name and optional description and annotation for the node, andclick Create node.Text Boxes. Text boxes can be used to create a title for the map, additional annotations for other mapelements, comments, and so on.To add a text box to your map, select New > Text box from the File or the Map menu. A new textbox with the words “Type here” is placed on the map. Double-click the text box and replace the“Type here” text with your own text.Clouds. Clouds can be added to a map to represent a network.To add a cloud to your map, select New > Cloud from the File or the Map menu. The followingwindow is displayed:Figure 44: New Cloud WindowIn the New Cloud window, enter the name and optional description and annotation for the cloud,and click Create cloud.To delete any of these graphic elements, select the object you want to delete, then select Delete from theEdit menu, or right-click in the map view and select Delete from the pop-up menu.Adding a Device AnnotationA device annotation is a single line of text that can be placed with a device icon enhance its description.The device annotation, if configured, appears only with the device icon on the map; it does not appearin any other view.To add a device annotation, complete the following steps:1 Select the device in the map view.2 From the Map menu, select Device annotation, or right-click the device in the map view and selectDevice annotation from the pop-up menu. The Device annotation window is displayed, as shown inFigure 42.Figure 45: Device Annotation Window3 In the text box, enter the annotation for the device.4 Click Save changes to apply the annotation to the device and close the window.100Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 5Saving the MapTo save the map on the Ridgeline server, select Save from the File menu, or click the Save icon on theRidgeline icon bar.If you make changes to the map for a device group, then close the device group’s tab, Ridgelineprompts you to save changes to the map. For example:Figure 46: Save changes to map promptClick Yes to save the changes, or No to close the device group’s tab without saving the changes to themap.Exporting MapsYou can export a Map view to a Scalable Vector Graphics (SVG) file that can be opened in a browser orother application that supports the SVG format. Note that Microsoft Internet Explorer requiresinstallation of a plug-in to display SVG files.To export a map to SVG format, complete the following steps:1 Display the map view that you want to export.2 On the Ridgeline icon bar, click the Save as icon, or select Save As from the File menu.3 In the Save map as window, specify a name and location for the SVG file, then click Save.NOTEIf you have launched the Ridgeline client using a Remote Desktop Client (RDC) connection, make sure thedisplay on the client system is set to use 15-bit color.Ridgeline <strong>Reference</strong> <strong>Guide</strong>101
Using Map ViewsDeleting MapsTo delete the topology maps for a device group, complete the following steps:1 In the Ridgeline Administration folder, click Optimization. Ridgeline displays a table of the top-leveldevice groups that have topology maps defined, as shown in Figure 47.Figure 47: Selecting Maps to Delete from the Optimization FolderThe table displays the name of each top-level group, the description (if one is configured), and thenumber of maps in the group and subgroups.2 Select a top-level group from the list and select Delete from the Edit menu.Ridgeline prompts you for confirmation to delete the map.3 Click Yes to delete the map. When you do this, all of the maps for the selected top-level groups andsubgroups are deleted.102Ridgeline <strong>Reference</strong> <strong>Guide</strong>
6ProvisioningCHAPTERNetworkResourcesThis chapter describes how to use Ridgeline’s network resource provisioning feature and contains thefollowing sections:● “Network Resource Provisioning Overview” on page 103● “Provisioning Example” on page 104● “Troubleshooting for Provisioning Tasks” on page 110● “Viewing Logged Information about Provisioning Tasks” on page 111Network Resource Provisioning OverviewRidgeline’s network resource provisioning feature simplifies network configuration tasks by allowingyou to specify devices, ports, and parameters using options in lists in dialog boxes. Ridgelineautomatically validates the options you’ve selected prior to deploying the configuration to manageddevices, ensuring that the configuration is correct before it goes into production.Using Ridgeline provisioning windows, you can create a VLAN simply by selecting the devices, ports,and tagging options you want, then validate and deploy the VLAN configuration by clicking a button.You can provision the following kinds of network resources in Ridgeline:●VLANs and VMANs. Using Ridgeline provisioning windows, you can create a VLAN or vMANsimply by selecting the devices, ports, and tagging options you want, then validate and deploy theVLAN or VMAN configuration by clicking a button.See “Configuring VLANs” on page 156 for information about provisioning VLANs. See “ConfiguringVMANs” for information about provisioning VMANs.● Backbone VLANs (BVLANs) for Provider Backbone Bridge (PBB) networks. Ridgeline’sprovisioning interface helps you configure a PBB network by facilitating the creation of BVLANs onselected devices, ports, or links.See “Configuring BVLANs” on page 271 for information about provisioning a BVLAN for a PBBnetwork.● E-Line and E-LAN services. Using the service provisioning wizard, you can create and modify E-Line (point-to-point) and E-LAN (multipoint-to-multipoint) services. You can select the devices andports that make up the service, specify traffic mapping options, create and apply bandwidth profiles,then validate the configuration and deploy it on your network.Ridgeline <strong>Reference</strong> <strong>Guide</strong>103
Provisioning Network Resources●See “Configuring Ethernet Services” on page 117 for information about provisioning E-Line and E-LAN services.EAPS domains. You can use the EAPS provisioning feature to configure EAPS domains, includingspecifying member links, the EAPS master node, primary and secondary ports, control VLAN, hellotimer, and fail timer parameters. Your configuration is validated by the software before it is deployedto managed devices.See “Configuring EAPS” on page 250 for information about provisioning an EAPS domain.Provisioning ExampleThe following section illustrates how to use network resource provisioning to create a VLAN on devicesmanaged by Ridgeline. The procedure is generally similar for the other kinds of resources that Ridgelinecan provision. See the links above for specific information about provisioning each type of resource.Creating a VLANTo create a VLAN, complete the following steps:1 Under Network Views, select the folder containing the devices you want to configure.2 In the Navigation Table, or the Map View (if displayed), click on the devices to select them. For aVLAN, you can select one or more switches, links, or ports.104Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 6Figure 48: Selecting Devices to Provision3 From the Services menu, select New > VLAN, or right-click in the Navigation Table and selectVLAN from the pop-up menu. The VLAN Provisioning window is displayed, as shown in Figure 49.Ridgeline <strong>Reference</strong> <strong>Guide</strong>105
Provisioning Network ResourcesFigure 49: VLAN Provisioning WindowIn the VLAN provisioning window, the selected devices automatically appear in the Availabledevices table. If the switch software running on a device does not support the feature you areconfiguring, it is greyed-out in the Available devices table.4 Click one of the devices to view the Available ports table for the device.5 For each port you want to add to the VLAN, select the port and click the Add tagged or Adduntagged button.6 Edit the values in the Tag and Name fields for the new VLAN.7 When you have finished configuring the VLAN, click the Create VLAN button to start the validationand deployment process. The Progress and Results window is displayed, as shown in Figure 50.106Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 6Figure 50: Progress and Results Window for VLAN Provisioning TasksValidating command syntax andchecking software compatibilityVerifying connectivity to theselected devicesDeploying the commands onthe devicesUpdating the device informationin the databaseThe validation rules or commandsentered on the device for theselected task8 Ridgeline validates the options you selected against a set of predefined configuration rules, andensures that the target switches are running a version of software that supports the features you areprovisioning.If Ridgeline successfully validates the selected options, it verifies network connectivity to the targetswitches. If a connection can be established to all of the target switches, Ridgeline deploys theconfiguration commands, then saves the configuration file on each switch. Finally, Ridgeline updatesits own database with information about the configuration changes on the switches.Modifying a VLANFor existing VLANs, you can edit settings and deploy the changes to the devices where the VLAN isconfigured.To modify a VLAN, complete the following steps:1 Under Network Views, select the folder containing the devices you want to configure.2 In the Navigation Table, click the VLAN tab, and select the VLAN you want to modify.3 Right-click in the Navigation Table and select the setting you want to modify from the pop-up menu.Ridgeline <strong>Reference</strong> <strong>Guide</strong>107
Provisioning Network ResourcesFor a VLAN, you can edit the list of ports or links in the VLAN, as well as the name and networkname of the VLAN. You can also delete the VLAN from the devices where it is configured.Figure 51: Selecting a VLAN to Modify4 If you select Properties from the pop-up menu, the Properties window for the VLAN is displayed,which provides a list of settings you can modify.108Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 6Figure 52: VLAN Properties Window5 Click the setting you want to modify to bring up the provisioning window for that setting. Forexample, Figure 53 shows the provisioning window for a VLAN port list.Figure 53: Provisioning Window for a VLAN Port List6 Make any necessary changes to the VLAN configuration.Ridgeline <strong>Reference</strong> <strong>Guide</strong>109
Provisioning Network Resources7 When you have finished modifying the VLAN, click the Save changes button to validate and deploythe changes to the VLAN.Troubleshooting for Provisioning TasksRidgeline’s provisioning interface makes it easy to identify errors in network configuration and correctthem. You can click on any of the tasks in the Progress and Results window and display additionalinformation about the validation rules or CLI commands executed for the selected task.If a validation task is unsuccessful, Ridgeline flags the task in the Progress and Results window. You canclick on the task to display additional information about why it was unsuccessful, as shown inFigure 54. Click the Back button to return to the provisioning window and make any necessarycorrections, then re-deploy the configuration.Figure 54: Unsuccessful Input ValidationRidgeline handles errors encountered during the provisioning process in the following ways:●●●If Ridgeline is not able to establish connectivity to one of the target switches, then it does notproceed with the provisioning tasks on any of them.If commands that were validated by Ridgeline turn out not to be valid when actually deployed onthe switch, such as if the switch responds to a command with an error message, then Ridgeline rollsback the commands that it had entered prior to the error, and halts the provisioning process.Any commands entered on the other target switches are automatically rolled back to what was in theprevious configuration.110Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 6●●While the commands are being rolled back, if the switch goes offline (that is, becomes no longermanaged by Ridgeline), the commands continue to be rolled back until they have all been removed.If the device becomes unreachable, or it is not possible to log into the device to roll back thecommands, then the rollback process for the device fails, and Ridgeline displays an error message.NOTEOnly one provisioning request can be processed on the Ridgeline server at a time. If you attempt to makemultiple provisioning requests at the same time, such as simultaneously from two different Ridgeline clients, anerror message is displayed.Viewing Logged Information about ProvisioningTasksRidgeline logs information about the provisioning tasks it has performed on managed devices. You canview this information in the Ridgeline Audit Log.To display the Audit Log, click on Audit Log under the Network Administration folder. The Audit Logview is displayed, as shown in Figure 55. Click the Provisioning tab to view a table of the provisioningtasks that have been run on the Ridgeline server.In the Filters box, you can limit the display to the provisioning tasks that were run over a specified timeperiod, or that contain specified text in the table or the progress and results details window. Click a rowin the table to display the progress and results details for the selected provisioning task.Ridgeline <strong>Reference</strong> <strong>Guide</strong>111
Provisioning Network ResourcesFigure 55: Ridgeline Audit Log for Provisioning TasksYou can double-click a row in the table to display the progress and results details in a separate window.112Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 6Figure 56: Audit Log Details Window for a Provisioning TaskSee “Using the Ridgeline Audit Log” on page 429 for more information about the Audit Log features.Ridgeline <strong>Reference</strong> <strong>Guide</strong>113
Provisioning Network Resources114Ridgeline <strong>Reference</strong> <strong>Guide</strong>
7ConfiguringCHAPTERand MonitoringEthernet ServicesThis chapter describes how to use Ridgeline for:●●●Configuring E-Line and E-LAN services using Ridgeline’s network resource provisioning featureViewing Ethernet service information in Network Views windows and in the Services viewViewing details about Ethernet services known to RidgelineIt contains the following sections:● “Ethernet Service Overview” on page 115● “Configuring Ethernet Services” on page 117● “Importing E-Line and E-LAN Services” on page 126● “Viewing Ethernet Services Information” on page 133● “Displaying Ethernet Service Details” on page 137Ethernet Service OverviewAn Ethernet service is a method for provisioning Ethernet connectivity over a wide-area or MetroEthernet network. Ethernet services can provide customers point-to-point or multipoint-to-multipointEthernet connectivity across a service provider’s network.Service providers set up Ethernet services for their customers at User Network Interface (UNI) portsconnecting customer equipment to their network. The actual means of transporting the customer trafficacross the service provider’s network is at the discretion of the service provider. A service provider canconfigure an Ethernet service to use a specified VLAN, VMAN, or PBB BVLAN as the transport methodbetween the UNI ports to the customer network.Using Ridgeline, you can create E-Line (point-to-point) and E-LAN (multipoint-to-multipoint) Ethernetservices. You can select the devices and ports that make up the service, specify traffic mapping options,create and apply bandwidth profiles, then validate the configuration and deploy it on your network.For Ethernet services using VLAN or VMAN transport methods, Ridgeline adds the UNI ports to thetransport VLAN/VMAN on the devices where it is configured. For Ethernet services using a PBBBVLAN as the transport method, Ridgeline creates the SVLANs or CVLANs, maps an ISID to anSVLAN, adds the UNI ports to the SVLAN, then adds the ISID to the BVLAN. Bandwidth profiles, ifspecified in the Ethernet service configuration, are applied to the UNI ports.Ridgeline <strong>Reference</strong> <strong>Guide</strong>115
Configuring and Monitoring Ethernet ServicesInformation about the Ethernet services known to Ridgeline is available in Network Views displays. TheServices view provides at-a-glance information about the Ethernet services, the devices and ports wherethey are configured, and details about the transport method specified for each service.E-Line ServiceAn E-Line service is a point-to-point Ethernet Virtual Connection (EVC) that can be implemented in aservice provider network, as illustrated in Figure 57. E-Line services can be created to support EthernetPrivate Line (EPL) and Ethernet Virtual Private Line (EVPL) services.In an E-Line service, two UNI ports connected to customer equipment (CE) devices form the endpointsfor the service. Customer traffic entering the service provider network at one UNI port is associatedwith the EVC. The UNI ports are associated with each other so that customer traffic in the E-Lineservice is exchanged only between the two UNI ports.Figure 57: E-Line ServiceUNI PortE-Line Service(Point-to-Point)UNI PortCustomerEquipmentTransport MethodCan be VLAN / VMAN / BVLANCustomerEquipmentService Provider NetworkWhen Ridgeline provisions an E-Line service, it also adds the VLAN, VMAN, or PBB BVLAN to anEAPS domain on the devices where the VLAN/VMAN/BVLAN is configured.E-LAN ServiceAn E-LAN service is a multipoint-to-multipoint EVC, as illustrated in Figure 58. An E-LAN service canhave two or more UNI ports connected to CE devices. E-LAN services can be created to supportEthernet Private LAN (EP-LAN) and Ethernet Virtual Private LAN (EVP-LAN) services.116Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7Figure 58: E-LAN ServiceE-LAN Service(Multipoint-to-Multipoint)UNI PortUNI PortCustomerEquipmentUNI PortTransport MethodCan be VLAN / VMAN / BVLANUNI PortCustomerEquipmentService Provider NetworkBandwidth ProfilesBy default, an E-Line or E-LAN service provides best-effort service for customer traffic on the UNIports. In some cases, such as when the UNI ports in an Ethernet service have different line rates, youcan specify bandwidth profiles and apply them to the UNI ports.A bandwidth profile can specify values for Committed Information Rate (CIR), Committed Burst Size(CBS), Excess Information Rate (EIR), Excess Burst Size (EBS), and single/dual-rate profile settings. Youcan apply bandwidth profiles to all UNI ports in the service, or to selected UNI ports.Configuring Ethernet ServicesUsing Ridgeline, you can perform the following Ethernet service configuration tasks:●●●●Create an Ethernet serviceModify settings for Ethernet servicesCreate and assign customer names to servicesCreate and apply bandwidth profilesFor more information on Ridgeline’s network resource provisioning feature, see “Provisioning NetworkResources” on page 115.Ridgeline <strong>Reference</strong> <strong>Guide</strong>117
Configuring and Monitoring Ethernet ServicesCreating an Ethernet ServiceTo create an Ethernet service, complete the following steps:1 Click Network Views, from the Services menu on the toolbar, select New > E-Line service or E-LANservice. This starts the Service Provisioning wizard. The window in Figure 59 is displayed:Figure 59: E-Line Service Provisioning Window2 Enter a name for the new E-Line or E-LAN service.3 Optionally, enter a description for the service.4 Select the customer who will be using this service. See “Creating a Customer Profile” on page 124 forinformation about adding a customer to this list.5 Select the transport type to be used with this service: 802.1Q (VLAN), 802.1ad (PB/VMAN), or802.1ah (PBB).6 Select the UNI ports for this service. An E-Line service must consist of 2 UNI ports. An E-LANservice can have 2 or more UNI ports.Devices that do not support Ethernet services are greyed-out in the service provisioning window.You can expand the list of items in the Available devices table by selecting a group from the Showdevices in box.7 Click Next to display the traffic mapping options for the service.118Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7Figure 60: Traffic Mapping Options for an Ethernet service (VLAN or VMAN Transport Type)Ridgeline <strong>Reference</strong> <strong>Guide</strong>119
Configuring and Monitoring Ethernet ServicesFigure 61: Traffic Mapping Options for an Ethernet service (PBB BVLAN Transport Type)8 In the Traffic Mapping box, select the VLAN, VMAN, or BVLAN that will be used as the transportmethod for the service. Ridgeline automatically populates the list box with the available VLANs,VMANs, or BVLANs.● For VLANs, specify whether traffic is tagged or untagged for both UNI ports, or for a selectedUNI port.● For BVLANs, specify the ISID and ISID name, and the name and tag of the VLAN (for port-basedservices), SVLAN, or CVLAN.9 Optionally specify a bandwidth profile to use one or more ports in the service. See “Creating aBandwidth Profile” on page 124 for information on setting up bandwidth profiles. (If the transportmethod is a BVLAN, bandwidth profile selection is on the following screen.)10 Indicate whether to enable the service after it has been provisioned on the target devices.11 By default, Ridgeline validates the settings you selected for the Ethernet service, then gives you theoption to deploy the service on the target devices.If you want to deploy the service immediately after successful validation, without a separatedeployment step, check the box next to “If validation has no errors, continue automatically tocreating the new service.”12 When you have finished configuring the Ethernet service, click Validate to start the validationprocess. (If the transport method is a BVLAN, click Next to specify bandwidth profile settings, thenclick Validate.)120Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7Figure 62: Validation Window for an Ethernet Service13 If the validation is successful, click Create Ethernet Service to deploy the service to the targetdevices. Otherwise, click Back to go back to the previous screen and modify the settings.Ridgeline <strong>Reference</strong> <strong>Guide</strong>121
Configuring and Monitoring Ethernet ServicesFigure 63: Provisioning Window for an Ethernet Service14 After Ridgeline successfully validates the selected options, it verifies network connectivity to thetarget switches. If a connection can be established to all of the target switches, Ridgeline deploys theconfiguration commands, then saves the configuration file on each switch. Finally, Ridgeline updatesits own database with information about the configuration changes on the switches.The information in the Provisioning window is logged in the Ridgeline Audit Log. See “ViewingLogged Information about Provisioning Tasks” on page 111 for more information.Modifying an Ethernet ServiceFor existing E-Line and E-LAN services, you can edit settings and deploy the changes to the deviceswhere the service is configured.To modify an Ethernet service, complete the following steps:1 Under Network Views, select the Services view.2 In the Services table, select the Ethernet service you want to modify, right-click, and select the settingyou want to modify from the pop-up menu.For an Ethernet service, you can edit the name and description of the service, the customer theservice is assigned to, bandwidth profile settings, and the UNI ports specified for the service.122Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 73 If you select Properties from the pop-up menu, the Properties window for the Ethernet service isdisplayed, which provides a list of settings you can modify.Figure 64: Ethernet Service Properties Window4 Click the setting you want to modify to bring up the provisioning box for that setting. For example,Figure 65 shows the provisioning box for the Ethernet service name and description.Figure 65: Provisioning Window for Ethernet Service Name and Description5 Make any necessary changes to the settings, then click the Save button to validate and deploy thechanges.Deleting an Ethernet ServiceYou can delete services from Ridgeline only or Ridgeline and devices. To do this:1 Select a service and click Delete.Choose Ridgeline only to remove the service from the Ridgeline database.Choose Ridgeline and devices to remove the service from the devices and the Ridgeline database.NOTEYou can only delete one service at a time. You cannot delete multiple services in one operation.Ridgeline <strong>Reference</strong> <strong>Guide</strong>123
Configuring and Monitoring Ethernet ServicesCreating a Customer ProfileWhen configuring an Ethernet service in Ridgeline, you can associate the service with a specificcustomer profile. The name of the customer associated with an Ethernet service appears in NetworkViews tables and in the Services view.To create a customer profile and associate it with an Ethernet service, complete the following steps:1 Open the Customer Profile configuration window. You can do this when creating the service byselecting New Customer from the Customer list in the Ethernet service provisioning window.You can also right-click an existing service in a Network Views table, and select Edit customer fromthe pop-up menu, or open the Properties page for a service and click the Edit customer button, orselect Customer Name from the Tools menu.Figure 66: Customer Profile Configuration Window2 Click New to create a new customer profile, or select an existing profile and click Edit.Figure 67: Customer Settings Window3 In the Customer Settings window, enter a name for the customer, and optionally specify adescription, address, contact, and fax number. When you are done, click Add (for a new customerprofile) or Modify (for an existing customer profile).4 After you create a customer profile, you can apply it to an Ethernet service. See “Modifying anEthernet Service” on page 122.Creating a Bandwidth ProfileA bandwidth profile compares traffic received on a UNI port with a series of thresholds, and specifieshow the traffic should be forwarded based on those thresholds. A bandwidth profile can specify per-124Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7port thresholds for Committed Information Rate (CIR), Committed Burst Size (CBS), Excess InformationRate (EIR), and Excess Burst Size (EBS), as well as single/dual-rate profile settings. You can applybandwidth profiles to all UNI ports in an Ethernet service, or to selected UNI ports.To create a bandwidth profile, complete the following steps:1 Open the Bandwidth Profile configuration window. You can do this when creating the service byselecting New profile from the Bandwidth profile list in the Traffic mapping options window.You can also right-click an existing service in a Network Views table, and select Edit bandwidthprofile from the pop-up menu, or open the Properties page for a service and click the Edit customerbutton, then select New profile from the Bandwidth profile list, or select Bandwidth Profile fromthe Tools menu.Figure 68: Bandwidth Profile Configuration Window2 Click New to create a new bandwidth profile, or select an existing profile and click Edit.Figure 69: Bandwidth Profile Settings Window3 In the Bandwidth Profile Settings window, enter a name for the bandwidth profile, and specifysettings for the following parameters:Ridgeline <strong>Reference</strong> <strong>Guide</strong>125
Configuring and Monitoring Ethernet ServicesBandwidth Profile Name: Quality Profile (QP)Single RateSelects single rate.Dual RateSelects dual rate.Committed Information Rate (CIR) The average rate for service traffic up to which the network delivers theservice traffic and is committed to meeting the performance objectivesdefined by the CoS Service Attribute.You can specify the CIR in Kbps, Mbps, or Gbps.Committed Burst Size (CBS) The maximum allowed size for a burst of service traffic sent at the UNIspeed to remain CIR-conformant.You can specify the CBS in Kb, Mb, or Gb.Excess Information Rate (EIR)Excess Burst Size (EBS)The average rate of service traffic up to which the network may deliverservice traffic but without any performance objectives.You can specify the EIR in Kbps, Mbps, or Gbps.The maximum size of a burst of service traffic sent at the UNI speed toremain EIR-conformant.You can specify the EBS in Kb, Mb, or Gb.4 When you are done, click Add (for a new bandwidth profile) or Modify (for an existing bandwidthprofile).5 After you create a bandwidth profile, you can apply it to the UNI ports in Ethernet services. See“Modifying an Ethernet Service” on page 122.Importing E-Line and E-LAN ServicesThe Ridgeline service reconciliation feature lets you integrate existing E-Line and E-LAN configurationsand services by importing them.NOTEWe recommend that you not perform provisioning related operations on Ridgeline when you are importingservices.You can refer to “E-Line Service” and “E-LAN Service” on page 116 for additional information aboutthese services. Also see “Viewing Ethernet Services Information” on page 133.To import an E-line or ELAN service, complete the following steps:1 On the menu bar, click Services > Import > E-Line. The E-Line wizard opens and asks: What is thename of the transport type of your service?Or, select a VLAN, VMAN, or BVLAN on the list and right-click on your choice. A menu opens.Select Import > E-Line. When the E-line Wizard Information Input screen launches, the transporttype is shown according to your choice (for example, if you choose a VLAN, it is VLAN). You cannotedit the information.The UNI port selection page has the VLAN information automatically populated in the drop downlist (combo-box); you cannot edit it.126Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7NOTEThe procedure to import an E-Line or E-LAN service is the same.2 Enter a name for the new E-Line or E-LAN service. See Figure 70. Enter a description for the service.This is optional.3 Select the customer who is using the service. Refer to “Creating a Customer Profile” on page 124 forinformation about adding a customer to this list.Figure 70: E-Line/E-LAN Wizard Dialog Box - Enter Name of New Service4 Choose the Transport type you want to use in this service from the drop down list:●●802.1Q (VLAN)802.1ah (PB/VMAN)● 802.1ad(PBB)5 Click Next. if you select VLAN as the transport type, the dialog box opens and asks: What is theVLAN used in the service? See Figure 71. A list of VLANs available in Ridgeline show in the802.1Q(VLAN) drop down list in the Traffic mapping section of the dialog box6 Choose the appropriate VLAN.7 Choose the UNI ports for this service; select a device from the Available devices list and select portsfrom the Available ports list. Then move them to the Selected list on the right. An E-Line servicemust consist of 2 UNI ports. An E-LAN service can have 2 or more UNI ports.Ridgeline <strong>Reference</strong> <strong>Guide</strong>127
Configuring and Monitoring Ethernet ServicesNOTEOnly the ports present in the VLAN show in the Available ports list.Figure 71: UNI Port Selection Dialog Box (Transport Type - VLAN)8 Click Validate if you chose VLANs as the transport type; then go to step 18.9 If you select PBB as the transport type, the dialog box opens asking: What are the BVLANs, ISIDs,and SVLANs/CVLANs used in the service? See Figure 72.Ridgeline shows a list of Available BVLANs in the 802.1ah(PBB) drop down list in the Trafficmapping section of the dialog box.When you choose the BVLAN, Ridgeline lists all the ISIDs associated with the BVLAN.When you choose ISID, all the CVLANs or SVLANs associated with the ISIDs show in the AvailableVLANs list in the Traffic mapping section of the dialog box. See Figure 7<strong>3.1</strong>0 Choose the CVLAN/SVLAN from the available VLANs list.11 Choose the UNI ports for this service from the Available ports list. Then move them to the Selectedlist on the right. An E-Line service must consist of 2 UNI ports. An E-LAN service can have 2 or UNIports.For additional information, refer to “Creating an Ethernet Service” on page 118.128Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7Figure 72: UNI Port Selection Dialog Box (Transport Type - PB/VMAN)Figure 73: UNI Port Selection Dialog Box (Transport Type - PBB12 When you finish adding UNI ports, click Validate to start the validation process.You have two validation options:● The default (that is, the check box is not selected), Ridgeline validates the settings you select forthe Ethernet service, then gives you the option to import the service to the database.●The check box is selected for “If validation has no errors, continue automatically to creating thenew service.” If you want to import the service immediately after successful validation, without aseparate import step.NOTEBandwidth profiles associated with UNI ports are not imported (reconciled). For more information aboutBandwidth profiles, refer to “Creating a Bandwidth Profile” on page 124.Ridgeline <strong>Reference</strong> <strong>Guide</strong>129
Configuring and Monitoring Ethernet Services13 If the validation is successful, click Import E-Line or E-LAN Service to import the service to thedatabase. Otherwise, click Back to go back to the previous screens and modify the settings. SeeFigure 74.14 After Ridgeline successfully validates the selected options, it imports the service into its database. Toview the newly created services, Refer to “Viewing Ethernet Services Information” on page 126.Figure 74: Successful Validation Results Dialog Box15 Click Import E-Line Service or ELAN Service, if no validation errors occurred. The validation processrepeats. The final results dialog box opens. See Figure 75. If the validation fails, the dialog box liststhe errors.130Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7Figure 75: Successful Results Dialog Box After Clicking Import E-Line or ELAN Service16 Click Close. The Services list shows the new entry and the map shows the newly imported service.See Figure 76.Ridgeline <strong>Reference</strong> <strong>Guide</strong>131
Configuring and Monitoring Ethernet ServicesFigure 76: Services List and Map with Newly Imported Service17 To validate and import services at the same time, click the check box: If validation has no errors,continue automatically to creating the new E-Line service. If the validation is successful, you save astep in this procedure. The dialog box opens showing the results.18 With a successful validation, click Close. Ridgeline shows the Services list with the newly importedservice and the map showing the service. See Figure 76.19 If the validation fails, the errors are listed. See Figure 77. Based on the validation errors, take theappropriate actions.132Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7Figure 77: Importing E-Line Service Dialog Box with Validation ErrorsViewing Ethernet Services InformationYou can display information about E-Line and E-LAN services from the All map or All table, or from theServices view under Network Views.Using the All Table and All Map ViewTo view information about the E-Line and E-LAN services known to Ridgeline, click a device group orthe All map or All table group under the Network Views folder, then click the Services tab. A table listingthe E-Line and E-LAN services in the group is displayed, as shown in Figure 78.Ridgeline <strong>Reference</strong> <strong>Guide</strong>133
Configuring and Monitoring Ethernet ServicesFigure 78: Services Table in Network ViewsYou can filter the contents of the table by expanding the Filter box, and entering text and search criteria,or by expanding the Quick Filter box and selecting an available quick filter.The Services table has the following columns:Overlay colorStatusNameOperational statusCustomer nameTransport typeTransport nameTransport tagTransport networkService end pointsDescriptionEthernet service typeIn Map Views, the color used to highlight the devices and ports that make up theEthernet service.The current status of the Ethernet service: UP if all UNI ports in the service are up,DOWN if all UNI ports in the service are down, or PARTIAL if some of the UNIports are up and others are down.The configured name of the Ethernet service, and an icon indicating its condition.The icon can be one of the following:Both ports in the E-Line service are up.One or both ports in the E-Line service are down.The E-Line service is disabled.All ports in the E-LAN service are up.At least two ports in the E-LAN service are up, but others are down.All or all but one of the ports in the E-LAN service are down.The E-LAN service is disabled.Whether the Ethernet service is currently enabled or disabled.The name of the Customer that the service was assigned to, if configured.The transport method specified for the service: 802.1Q (VLAN), 802.1ad (PB/VMAN), or 802.1ah (PBB).The name of the VLAN, VMAN, or BVLAN used as the transport method.The tag value of the VLAN, VMAN, or BVLAN used as the transport method.The network name of the VLAN, VMAN, or BVLAN used as the transport method, ifconfigured.The number of UNI ports configured for this Ethernet service. For an E-Line service,this is always 2. For an E-LAN service, this can be 2 or more.The configured description of this service, if configured.Whether the selected service is an E-Line or E-LAN service.134Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7If you also have enabled the map view of a device group, you can select a row in the table and displayan overlay view highlighting all of the devices and UNI ports in the map where the selected E-Line orE-LAN service is configured, as shown in Figure 78.Figure 79: E-LAN Service Selected in a Map ViewInformation about the selected Ethernet service appears in the Details panel. You can double-click onthe row in the Services table to display the information in a separate window. See “Displaying EthernetService Details” on page 137 for information on what this panel contains.Using the Services ViewThe Services view displays information about the E-Line and E-LAN services known to Ridgeline. Fromthe Services view, you can show information about a selected service and its transport method, view anoverlay map highlighting the devices where the selected item is configured, and view details about aselected service, transport method, or EAPS domain.Ridgeline <strong>Reference</strong> <strong>Guide</strong>135
Configuring and Monitoring Ethernet ServicesFigure 80: Services ViewServices Table Map Panel Details PanelServices TableThe Services table in the Services view has the following columns. You can filter the contents of thetable by expanding the Filter box, and entering text and search criteria.NameIDNetworkTransport TypeEthernet Service TypeStatusThe name of the Ethernet service. You can expand the list of items next to theservice name to show the transport method the service is configured to use. For E-Line services, the EAPS domain the service belongs to is displayed, if applicable.The ID of the VLAN/VMAN/BVLAN used as the transport method for the service. Ifan EAPS domain is selected, this is the ID of the control VLAN.The network name of the VLAN/VMAN/BVLAN or EAPS control VLAN, ifconfigured.The transport method specified for the service: 802.1Q (VLAN), 802.1ad (PB/VMAN), or 802.1ah (PBB).Whether the service is an E-Line or E-LAN service.The current status of the Ethernet service: UP if all UNI ports in the service are up,DOWN if all UNI ports in the service are down, or PARTIAL if some of the UNIports are up and others are down.136Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7Map PanelThe Map Panel in the Services view highlights the devices where the selected Ethernet service, VLAN,VMAN, BVLAN, or EAPS domain is configured. By default, the All map view is displayed. Select adevice group from the Overlay on this map box to show the Map View of the selected group.Details PanelWhen you select an Ethernet service, VLAN, VMAN, BVLAN, or EAPS domain in the Services table,details about the selected item appear in the Details panel. See one of the following sections forinformation about the contents of the Details panel:● For Ethernet service details, see “Displaying Ethernet Service Details” on page 137● For VLAN details, see“Displaying VLAN Details” on page 172● For VMAN details, see “Displaying VMAN Details” on page 137● For BVLAN details, see “Displaying PBB Details” on page 281● For EAPS details, see “Displaying EAPS Domain Details” on page 261Displaying Ethernet Service DetailsTo display details about an E-Line or E-LAN service, click on a row in the Services table. Informationabout the selected Ethernet service appears in the details window. If you double-click on the row, theEthernet service details are displayed in a separate window, as shown in Figure 81.Figure 81: E-Line Service Details WindowRidgeline <strong>Reference</strong> <strong>Guide</strong>137
Configuring and Monitoring Ethernet ServicesThe details window for an Ethernet service has the following fields:NameDescriptionCustomer nameService typeThe name of the Ethernet service.The description of the Ethernet service, if one is configured.The name of the customer configured to use this Ethernet service.The Ethernet service type, either E-Line or E-LAN.The following information about the transport method specified for the service is displayed:TypeTagNameNetworkProtocol FilterThe transport method specified for the service: 802.1Q (VLAN), 802.1ad (PB/VMAN), or 802.1ah (PBB).The tag value of the VLAN, VMAN, or BVLAN used as the transport method.The name of the VLAN, VMAN, or BVLAN used as the transport method.The network name of the VLAN, VMAN, or BVLAN used as the transport method, ifconfigured.The protocol filter configured for the VLAN, VMAN, or BVLAN used as the transportmethod, if applicable.Ports TabThe Ports tab includes the following columns:NumberTaggedIP AddressActual speedActual duplexTypePort statusLink stateNamePort number. If the device is a chassis device, then the port number is displayed inslot:port format.Whether the port is tagged.The IP address of the device.Speed of the port if known; Auto if the speed is auto-negotiated.Duplex of the port if known, either full or halfType of port.The port state (Enabled or Disabled)The link state.The name of the device.Bandwidth Profile TabIf a bandwidth profile has been applied to an individual port, select the port to display its bandwidthprofile settings.The Bandwidth Profile tab includes the following columns.Bandwidth Profile NameCIRCBSEIREBSCIR UnitCBS UnitThe name of the bandwidth profile applied to the selected port, if applicable.Committed Information RateCommitted Burst SizeExcess Information RateExcess Burst SizeWhether the Committed Information Rate is measured in Kbps, Mbps, or Gbps.Whether the Committed Burst Size is measured in Kb, Mb, or Gb.138Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 7EIR UnitEBS UnitRateQuality ProfileWhether the Excess Information Rate is measured in Kbps, Mbps, or Gbps.Whether the Excess Burst Size is measured in Kb, Mb, or Gb.Whether a single rate or dual rate profile has been applied to the port.The number the quality profile applied to the port.Customer VLAN TabIf the transport method for the Ethernet service is PBB, the following information is displayed about theCustomer VLANs on the selected port.Customer VLAN NameCustomer VLAN TagCustomer VLAN TypeThe configured name of the customer VLAN.The tag value of the customer VLAN.The customer VLAN type, port-based, SVLAN, or CVLAN.EAPS Domains TabFor E-Line services, information about the EAPS domains the service belongs to is displayed.The EAPS Domains tab includes the following columns:NameControl VLAN tagControl VLAN NetworkNameLast updatedThe name of the EAPS domain.VLAN tag (ID) of the EAPS control VLAN.The network name of the control VLAN, if one is configured. See “CategorizingVLANs With Network Names” on page 168 for information about how to create anetwork name and assign it to a VLAN.When the EAPS domain information was last updated from the Ridgeline database.Shared Links TabFor E-Line services, information about EAPS shared links is displayed. The Shared Links tab includesthe following information.Links TableThe Links table includes the following columns:StatusA deviceA IP addressAn icon showing two lines and a circle indicates the status of the shared link:• Green indicates that the link is up.• Greyed-out green indicates that the last-known status of the link was up.• Red indicates that the link is down.• Greyed-out red indicates that the last-known status of the link was down.• Yellow indicates that some ports on this link are up and that some are down.The name of the device on one end (the A side) of the link, along with an iconindicating the device status.The IP address of the device on the A side of the link.Ridgeline <strong>Reference</strong> <strong>Guide</strong>139
Configuring and Monitoring Ethernet ServicesA port nameA port number/annotationB deviceB IP addressB port nameB port number/annotationDiscovery protocolStateTypeA device statusA device worst alarmA port statusA link stateA port typeA port share detailsB device statusB device worst alarmB port statusB link stateB port typeB port share detailsNameThe name of the port on the A side of the link, along with an icon indicating the portstatus.The number of the port on the A side of the link.The name of the device on the other end (the B side) of the link, along with an iconindicating the device status.The IP address of the device on the B side of the linkThe name of the port on the B side of the link, along with an icon indicating the portstatus.The number of the port on the B side of the link.The protocol used to discover the link, either EDP or LLDP.The current state of the linkThe link type; for example, user-created.The current status of the device on the A side of the link.The status of the highest alarm on the device on the A side of the link.Whether the port on the A side of the link is enabled or disabled.Whether the A side of the link is ready to exchange traffic with the B side of the link.The type of port on the A side of the link.Information about the port sharing configuration on the A side of the link, ifconfigured.The current status of the device on the B side of the link.The status of the highest alarm on the device on the B side of the link.Whether the port on the B side of the link is enabled or disabled.Whether the B side of the link is ready to exchange traffic with the A side of the link.The type of port on the B side of the link.Information about the port sharing configuration on the B side of the link, ifconfigured.A description of the link in this format: p – p Domains TableThe Domains table includes the following columns:NameControl VLAN tagControl VLAN NetworkNameThe name of the EAPS domain shared on selected link.The tag value of the control VLAN for the EAPS domain shared on selected link.The network name of the control VLAN, if one is configured. See “CategorizingVLANs With Network Names” on page 168 for information about how to create anetwork name and assign it to a VLAN.140Ridgeline <strong>Reference</strong> <strong>Guide</strong>
8 PoliciesCHAPTERThis chapter describes how to set policy statements in the policy database and contains the followingsections:● “Overview” on page 141● “Viewing Policy Details” on page 141● “Creating a New Policy” on page 142● “Categorizing Policies” on page 152● “Creating and Managing Roles” on page 153OverviewThe policy manager is responsible for maintaining a set of policy statements in a policy database andcommunicating these policy statements to the applications that request them.Policies are used by the routing protocol applications to control the advertisement, reception, and use ofrouting information by the switch. Using policies, a set of routes can be selectively permitted (ordenied) based on their attributes, for advertisements in the routing domain. The routing protocolapplication can also modify the attributes of the routing information, based on the policy statements.Policies are also used by the access control list (ACL) application to perform packet filtering andforwarding decisions on packets. The ACL application programs these policies into the packet filteringhardware on the switch. Packets can be dropped, forwarded, moved to a different QoS profile, orcounted, based on the policy statements provided by the policy manager. Ridgeline supports only ACLbased policies. With Ridgeline’s policy manager, you can create a policy for a Role, for identitymanagement role-based access control. Or create a policy for virtual port profiles (VPPs) to managevirtual machines (VMs).Viewing Policy DetailsTo open policy view, complete the following steps:1 On the Folder list, choose Network Administration > Policies. The Policies tab opens. See Figure 82.Policy details are shown on the right. See Figure 83.Ridgeline <strong>Reference</strong> <strong>Guide</strong>141
PoliciesFigure 82: Policy ViewFigure 83: Policy Details2 Follow steps 5 through 18 described in “Creating a New Policy” on page 142.Creating a New PolicyTo create a new policy, complete the following steps:1 In the Folder List, click Network Administration > Policies. The Policies tab opens.2 On the menu bar, click File > New > Policy. See Figure 84. The New Policy dialog box opens.142Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 8Figure 84: Create New Policy on Menu3 Enter the name of the policy, the policy type, the policy direction, Ingress or Egress. Click New. SeeFigure 85. You can choose one of the following policy types:●●XNV: Virtual Port Profile —You can select Ingress or Egress or bothIdentity Management: Role—You can only select IngressFigure 85: New Policy Dialog Box4 Click New. The New Policy Rule dialog box opens and asks: What is the name, description, andmatch condition for your new rule? See Figure 86. It describes the criteria for the entries: You canspecify multiple, single, or zero match conditions. If no match condition is specified all packetsmatch the new entry.Ridgeline <strong>Reference</strong> <strong>Guide</strong>143
PoliciesFigure 86: New Policy Rule Dialog Box—Match Conditions5 Enter the Rule Name, Rule description, Rule category.6 Click on the available conditions to view a description, of each condition at the bottom of the dialogbox.7 You can select a condition from the list of Available match conditions, then move each condition tothe Selected match conditions list on the right. See “Attaching Policies to Roles” on page 562 forIdentity Management ingress policy match conditions and “Policy Match Condition Combinations”on page 225 for XNV ingress and egress match conditions.NOTEAll the conditions must be matched. That is, an implicit AND is included between all the matchconditionsThe IP protocol field at the bottom of the dialog box describes the choices in the Selected matchconditions. The following describes the conditions shown in the lists:●The blue icons before each condition indicate the OSI layer on which these reside.● Conditions that are not compatible with those you choose or not available are grayed out.8 Click Next. The dialog box opens and asks: What are the inputs for the selected match conditions foryour rule? See Figure 87.144Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 8Figure 87: New Policy Rule Dialog Box—Inputs for Match Conditions9 Enter and then select the match conditions information needed for the conditions you chose on theprevious dialog box.10 Click Next. The dialog box opens and asks: What is the action and action modifiers for your rule?See Figure 88.Ridgeline <strong>Reference</strong> <strong>Guide</strong>145
PoliciesFigure 88: New Policy Rule - Action and Action Modifiers11 If you do not select: Also include these action modifiers, click Create Rule. The New Policy dialogbox opens showing the newly created policy. See Figure 90.12 If you want to include action modifiers, select: Also include these action modifiers, then click CreateRule. The next dialog box asks: What are the inputs for action modifiers for your rule? See Figure 89.13 Select from the Available action modifiers list and move them to the Selected action modifiers list.14 Click Create rule. The next dialog box opens and asks: What are the inputs for action modifiers foryour rule?15 Enter the information shown in the Action modifier input section. For example an IP address or aMAC address.16 Click Create rule.146Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 8Figure 89: New Policy Rule - Inputs for Action Modifiers17 Click Create Rule. The New Policy dialog box opens showing the newly created rule on the Ruleslist. See Figure 90.18 Click Create Policy.Ridgeline <strong>Reference</strong> <strong>Guide</strong>147
PoliciesFigure 90: New Policy Dialog BoxCopying a Policy to Create a New PolicyTo copy an existing policy to create a new policy, complete the following steps:1 Click Network Administration > Policies in the Folder List. The Policies tab opens.2 Select a policy on the list.3 Click File on the menu bar and choose Save as. The Save Policy As dialog box opens. See Figure 91.148Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 8Figure 91: Save Policy As Dialog Box4 Choose the policy you want to copy from the Policies list.5 Choose from the following:●Save in Ridgeline - Saves the policy to the server where Ridgeline is installed.● Export to - Changes the policy file format that enables you to take the policy from a Ridgelineinstallation to another Ridgeline installation.aSelect the file type:.pol —The format used by EXOSRidgeline (NMS policy)—The format used by RidgelinebEnter the directory path where you want to save the policy file.6 Enter the policy name you want.7 Click Save.Editing a PolicyTo edit a policy, complete the following steps:1 In the Folder list, click Network Administration > Policies. The Policies tab opens.2 Double click on the policy information you selected or select a policy on the list of policies and rightclickto open a menu.3 Choose Open. The Policy dialog opens showing the name of the policy in the header. See Figure 92.Ridgeline <strong>Reference</strong> <strong>Guide</strong>149
PoliciesFigure 92: Edit Policy Dialog Box4 Click Edit. A Policy Rule dialog box opens and asks: What is the name, description, and matchcondition for your new rule? See Figure 85 on page 143.5 Make changes as you would when you create a new policy. Start at step 5 on page 143.6 When you finish making changes and the Edit Policy dialog box opens, click Save changes.Deleting a PolicyTo delete a policy, complete the following steps:1 Select the policy you want to delete from the list of policies.2 On the menu bar, click File > Delete. Or, right-click on the policy you select and choose Delete. Thepolicy is removed from the policy list.NOTEIf you cannot delete a policy that is in use and a dialog box opens to inform of this.150Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 8Figure 93: Policy Attached Dialog BoxDetaching a PolicyFor information about detaching a policy refer to “Detaching VPPs” on page 234.Attaching a Policy1 On the Policies tab, select the policy you want to attach.2 On the menu bar, click Edit > Attach > Policies to virtual port profiles. Or, right-click on the policyyou select and choose Attach policy to virtual port profile from the menu. The Attach Policy toVirtual Port Profiles dialog box opens.To attach a policy to a role, on the menu bar, click Edit > Attach > Policies to roles. The AttachPolicies to Roles dialog box opens.For more information about attaching a policy to a:● Virtual machine, see to “Managing Virtual Machines” on page 207.● Role, refer to “Using Identity Management” on page 525.Figure 94: Attaching Policy from Policies MenuRidgeline <strong>Reference</strong> <strong>Guide</strong>151
PoliciesCategorizing PoliciesYou can categorize policies to make it easier for you to find policies. This is a user tool; switches do notuse it, nor does it affect a policy’s function.To categorize policies, complete the following steps:1 Click Network Administration > Policies in the Folder List. The Policies tab opens.2 On the Policies list, right-click on the policy you want to categorize. See Figure 95. The CategorizePolicy dialog box opens. See Figure 96.Figure 95: Categorize a PolicyFigure 96: Categorize Policy Dialog Box3 Click New. The New Category dialog box opens. See Figure 97.4 Enter a name for the policy.152Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 8Figure 97: Name New Category5 Click Create.Categorizing Policy RulesTo categorize policy rules, complete the following steps:1 In the Folder list, click Network Administration > Policies. The Policies tab opens.2 Double click on the policy information you selected or select a policy on the list of policies and rightclickto open a menu.3 Choose Open. The Policy dialog box opens. The header shows the name of the policy to which therule belongs.4 Click Edit. A dialog box opens and asks: What is the name, description and match condition for yournew rule?5 From the Rule category drop down list, choose a category.6 Follow steps 5 through 18 described in “Creating a New Policy” on page 142.Creating and Managing RolesFor information about creating and managing Roles refer to “Using Identity Management” on page 525Viewing Active Policies for DevicesTo view active policies, complete the following steps:1 With the Policies tab open, go the Devices tabRidgeline <strong>Reference</strong> <strong>Guide</strong>153
Policies154Ridgeline <strong>Reference</strong> <strong>Guide</strong>
9ManagingCHAPTERand MonitoringVLANsThis chapter describes how to use Ridgeline for:●●●●●Configuring VLANs using Ridgeline’s network resource provisioning featureConfiguring VLANs using Ridgeline scriptsCategorizing VLANs by network nameViewing VLAN detailsViewing details about services configured on VLANsIt contains the following sections:● “Overview of Virtual LANs” on page 155● “Configuring VLANs” on page 156● “Viewing VLAN Information” on page 170● “Displaying VLAN Details” on page 172Overview of Virtual LANsA virtual local area network (VLAN) is a group of location- and topology-independent devices thatcommunicate as if they were on the same physical LAN. <strong>Extreme</strong> <strong>Networks</strong> switches have a VLANfeature that enables you to construct broadcast domains without being restricted by physicalconnections.Ridgeline creates and manages VLANs for <strong>Extreme</strong> <strong>Networks</strong> devices only. It does not handle otherthird-party devices, even though third-party devices can be managed through Ridgeline.<strong>Extreme</strong> <strong>Networks</strong> devices can support a maximum of 4095 VLANs per switch. VLANs on <strong>Extreme</strong><strong>Networks</strong> switches can be created according to the following criteria:●●●Physical port802.1Q tagProtocol sensitivity using Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol filters● A combination of these criteriaIn the Ridgeline system, a VLAN is defined uniquely by the following:● NameRidgeline <strong>Reference</strong> <strong>Guide</strong>155
Managing and Monitoring VLANs●●●802.1Q tag (if defined)Protocol filters applied to the VLANNetwork nameAs a result, multiple switches are shown as members of the same VLAN whenever all the above are thesame.VMANs (Virtual Metropolitan Area <strong>Networks</strong>) enable a service provider to offer the equivalent ofseparate and independent virtual bridged LANs to multiple customers over the provider’s bridgednetwork. Ridgeline can display detailed information about the VMANs configured in your network.For a more detailed explanation of VLANs and VMANs, see the <strong>Extreme</strong>XOS Concepts and Solutions<strong>Guide</strong>.Configuring VLANsWith Ridgeline, you can perform common VLAN configuration tasks, including creating, modifying,and deleting VLANs, as well as configuring VLAN protocol settings. There are two methods you canuse for configuring VLANs in Ridgeline:●●Using Ridgeline’s network resource provisioning featureUsing Ridgeline’s scripting feature.Additionally, you can optionally assign VLANs a network name, which is a means for categorizingVLANs into logical groups. After assigning one or more VLANs a network name, you can filter theinformation displayed in the VLAN table based on the network name. This can be useful if you have alarge number of VLANs to manage.Provisioning VLANsRidgeline’s network resource provisioning feature allows you to create new VLANs simply by selectingthe devices, ports, links, and tagging options you want, then validate and deploy the VLANconfiguration by clicking a button. You can modify existing VLANs by selecting the VLAN in NetworkViews windows, changing parameters, and deploying the changes to the devices where the VLAN isconfigured. The network resource provisioning feature also allows you to change VLAN settings onindividual devices, and to remove individual devices from VLANs without affecting the configurationof the devices remaining in the VLAN.For more information on Ridgeline’s network resource provisioning feature, see Chapter6, “Provisioning Network Resources.”Creating a VLANTo create a VLAN, complete the following steps:1 Under Network Views, select the folder containing the devices you want to configure.2 In the Navigation Table, or the Map View (if displayed), click on the devices to select them. For aVLAN, you can select one or more switches, links, or ports.156Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 9Figure 98: Selecting Devices to Provision3 From the Services menu, select New > VLAN, or right-click in the Navigation Table and selectVLAN from the pop-up menu. The VLAN Provisioning window is displayed, as shown in Figure 99.Ridgeline <strong>Reference</strong> <strong>Guide</strong>157
Managing and Monitoring VLANsFigure 99: VLAN Provisioning Window for Selected DevicesIn the VLAN provisioning window, the selected devices automatically appear in the Availabledevices table. If the switch software running on a device does not support the feature you areconfiguring, it is greyed-out in the Available devices table.You can expand the list of items in the Available devices table by selecting a group from the Showdevices in box.If you have selected one or more links to add to the VLAN, the links appear in the Selected linkstable. A link represents the two ports on the devices on either side of the link. Note that user-definedlinks to nodes or clouds are not displayed in the table of available links.Figure 100: VLAN Provisioning Window for Selected Links158Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 94 Click one of the devices to view the Available ports table for the device.5 For each port or link you want to add to the VLAN, select the port and click the Add tagged or Adduntagged button. When the VLAN is created, the port is removed from the default VLAN and beingadded to the new VLAN.6 Edit the values in the Tag and Name fields for the new VLAN.7 When you have finished configuring the VLAN, click the Create VLAN button to start the validationand deployment process. The Progress and Results window is displayed, as shown in Figure 101.Figure 101: Progress and Results Window for VLAN Provisioning TasksValidating command syntax andchecking software compatibilityVerifying connectivity to theselected devicesDeploying the commands onthe devicesUpdating the device informationin the databaseThe validation rules or commandsentered on the device for theselected task8 Ridgeline validates the options you selected against a set of predefined configuration rules, andensures that the target switches are running a version of software that supports the features you areprovisioning. The following validations are performed:Ridgeline <strong>Reference</strong> <strong>Guide</strong>159
Managing and Monitoring VLANs● The name length is not longer than 32 characters.● The name consists of only alphanumeric characters. No special characters such as “#” or “&” areallowed.● The tag range is from 1 to 4095.● The tag is not present on the selected device.● The name is not present on the selected device.● Port tag values are valid.If Ridgeline successfully validates the selected options, it verifies network connectivity to the targetswitches. If a connection can be established to all of the target switches, Ridgeline deploys theconfiguration commands, then saves the configuration file on each switch. Finally, Ridgeline updatesits own database with information about the configuration changes on the switches.The information in the Progress and Results window is logged in the Ridgeline Audit Log. See“Viewing Logged Information about Provisioning Tasks” on page 111 for more information.Creating a VLAN on a Specific DeviceYou can create a VLAN on a single device by using the Services menu in the Device details window.If you want to create a VLAN on a specific device, complete the following steps:1 Click Network Views > All table, or Network Views > All map.2 Click the Devices tab.3 Select the device that you want to configure the VLAN on, and double-click it, or right-click it andselect Open.4 From the Device window Services menu, select New > VLAN, as shown in Figure 102.Figure 102: Device Window Services Menu5 In the VLAN dialog for the selected device (Figure 103), enter a name for the VLAN.160Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 9Figure 103: VLAN Dialog for Selected Device6 Select the kind of VLAN that you want to create, tagged or untagged.●To create an untagged VLAN, click the Untagged radio button.● To create a tagged VLAN, click the radio button next to the number list, and select a numberfrom 1 to 4095 for the tag.7 Select the device ports that you want to include in the VLAN. If you are creating a tagged VLAN,you can add the ports as tagged or as untagged. If you are creating an untagged VLAN, you canonly add ports as untagged. Use the Add tagged button or the Add untagged button as appropriate.8 Click Create VLAN to start the validation and deployment process. The Progress and Resultswindow is displayed, as shown in Figure 104.Figure 104: Progress and Results Window for a Device-Specific VLANRidgeline <strong>Reference</strong> <strong>Guide</strong>161
Managing and Monitoring VLANs9 Ridgeline validates the options you selected against a set of predefined configuration rules, andensures that the target device is running a version of software that supports the features you areprovisioning.The following validations are performed:● The name length is not longer than 32 characters.● The name consists of only alphanumeric characters. No special characters such as “#” or “&” areallowed.● The tag range is from 1 to 4095.● The tag is not present on the selected device.● The name is not already present on the selected device.Modifying a VLANFor existing VLANs, you can edit settings and deploy the changes to the devices where the VLAN isconfigured. Control VLANs cannot be modified.To modify a VLAN, complete the following steps:1 Under Network Views, select the folder containing the devices you want to configure.2 In the Navigation Table, click the VLAN tab, and select the VLAN you want to modify.3 Right-click in the Navigation table and select the setting you want to modify from the pop-up menu.For a VLAN, you can edit the list of ports or links in the VLAN, as well as the name and networkname of the VLAN (although not the tag value). You can also delete the VLAN from the deviceswhere it is configured.162Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 9Figure 105: Selecting a VLAN to Modify4 If you select Properties from the pop-up menu, the Properties window for the VLAN is displayed,which provides a list of settings you can modify.Figure 106: VLAN Properties WindowRidgeline <strong>Reference</strong> <strong>Guide</strong>163
Managing and Monitoring VLANs5 Click the setting you want to modify to bring up the provisioning window for that setting. Forexample, Figure 107 shows the provisioning window for a VLAN port list.Figure 107: Provisioning Window for a VLAN Port List6 Make any necessary changes to the VLAN configuration. If you add ports as untagged to the VLAN,they will be removed from the default VLAN before being added to the VLAN you are modifying.7 When you have finished modifying the VLAN, click the Save changes button to validate and deploythe changes to the VLAN. When a port is added to a VLAN, the port is removed from the defaultVLAN and added to the new VLAN.Modifying VLAN Settings on One DeviceYou can modify VLAN settings on a single device. The device can be the only one in the VLAN, or itcan be one among multiple devices in the same VLAN. When you save the changes Ridgeline performsvalidations on the changes that you made.NOTEOther than the network name, device settings for a control VLAN or a protected VLAN cannot be modified.Menu options for editing and deleting VLANs are disabled when a control VLAN or a protected VLAN is selected.Network names cannot be modified for a control VLAN or a protected VLAN associated with an E-Line or ELANservice.To modify a VLAN settings on a specific device, complete the following steps:1 Click Network Views > All table, or Network Views > All map.2 Click the Devices tab.3 Select the device and double-click it, or right-click it and select Open.4 In the Device window, click the VLAN tab, as shown in Figure 108.164Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 9Figure 108: Device VLAN Tab5 Select a VLAN and right-click it to display the context menu (Figure 109).Figure 109: VLAN Settings in the Context Menu6 To change the name of the VLAN, select Edit Name from the context menu. Enter a new name in thedialog.7 To give the VLAN a network name, or edit the network name, complete the following steps:a Select Network name... from the context menu. You can also click the Network name icon in theDevice window.b In the VLAN Network Name dialog, click New and enter a network name for the VLAN, or clickRename and edit the existing network name in place.c Ensure that the radio button next to the network name that you want to use is selected.d Click Apply.8 To change the ports that the VLAN uses, select Edit Ports from the context menu. Make the changesthat you want to make in the Ports dialog.9 Click Save Changes.When a VLAN is modified, the software performs the following validations:● The name is no longer than 32 characters.● The name contains only alphanumeric characters.Ridgeline <strong>Reference</strong> <strong>Guide</strong>165
Managing and Monitoring VLANs●●The port tag value is valid.The network service selected is not used as a transport service in an E-Line or E-LAN service.Deleting a VLANYou can use the procedure in this section to delete a single VLAN. Multiple VLANs cannot be deletedin the same operation, and control VLANs cannot be deleted. These instructions can be used to deleteprotected VLANs.To delete a VLAN, complete the following steps:1 Under Network Views, select the folder containing the VLAN you want to delete.2 In the Navigation Table, click the VLAN tab.3 Select the VLAN you want to delete, and select Delete from the Edit menu.4 Confirm the deletion in the pop-up window.When you delete a VLAN, the software verifies that the services in the VLAN are not being used astransport services in an E-Line or E-LAN service.You can follow the same steps to delete VMANs and protected VMANs.Deleting a VLAN on a Specific DeviceYou can remove a specific device from a VLAN that contains other devices without affecting theconfiguration of the devices remaining in the VLAN.NOTEYou cannot remove a device from a control VLAN or from a protected VLAN. Edit and delete menu optionsare disabled when a control VLAN or a protected VLAN is selected.To remove a specific device from a VLAN, complete the following steps:1 Open the Device window by double-clicking on the device in the navigation table or by rightclickingthe device and selecting Open.2 In the Device dialog, click the VLAN tab. This tab lists the VLANs that the device is a member of.3 Select the VLAN that you want to remove the device from. Only one VLAN at a time can be selectedfor this operation. To confirm that this is the correct VLAN, you can right-click the entry, selectOpen, and examine the VLAN details.4 Right-click on the VLAN entry and select Delete from the context menu (Figure 110). You can alsoclick the Delete button in the Details window, or click Edit > Delete to do so.166Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 9Figure 110: Deleting a VLAN from a Device5 Confirm the deletion in the popup window displayed.When a VLAN is deleted, Ridgeline verifies that the network service associated with the VLAN is notused as a transport service in an E-Line or E-LAN service. Ridgeline validates the deletion and creates areport in the Progress and Results window. If the deletion does not succeed, use the information shownin this window to fix any problems, and then perform the procedure again.Running VLAN Configuration ScriptsRidgeline includes a number of bundled scripts that allow you to specify VLAN configuration settingsand deploy them on managed <strong>Extreme</strong> devices. Using Ridgeline scripts, you can perform the followingtasks:●●●●●Create and configure a new VLANModify an existing VLANConfigure protocol settings for a VLANDelete a VLAN and related configuration settingsAssign a VLAN to an EAPS domainTo run a Ridgeline script, go to the Services menu and select a script from the VLAN menu. You canalso run a script by expanding the list of items under the Network Administration folder, clickingScripts, and selecting a script from the table.Figure 111 shows the parameter configuration screen for the Create VLAN script.Ridgeline <strong>Reference</strong> <strong>Guide</strong>167
Managing and Monitoring VLANsFigure 111: Configuration Screen for the Create VLAN ScriptFor information on how to use Ridgeline scripts, see “Creating and Executing Ridgeline Scripts” onpage 399.NOTEAfter a VLAN is created, it may take between 1 and 5 minutes for the new VLAN to appear in Ridgelinedisplays.Categorizing VLANs With Network NamesA network name is a means for categorizing VLANs into logical groups, which can aid in filtering theinformation displayed in the VLAN table. This can be useful if you have a large number of VLANs tomanage.For example, you can assign VLANs to a category (a network name), such as “Building 1”, then use thequick filter function on the VLAN tab to limit the information displayed in the VLAN table to VLANswith the network name “Building 1.”Creating a Network NameTo create a network name, complete the following steps:1 Under the Network Views folder, select a device group or the All table or the All map.2 From the Tools menu, select Network name. The VLAN Network Name window is displayed, asshown in Figure 112.168Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 9Figure 112: VLAN Network Name Window3 Click New to open the New network name window.4 Enter the network name and click Create.Assigning VLANs a Network NameTo assign VLANs a network name:1 Under the Network Views folder, select the device group that contains the VLANs you want tocategorize, or select the All table or the All map.2 Do one of the following:●Click the VLANs tab in the table view to display the VLANs in the device group.● Click the Devices tab, then click the VLANs tab for the device to display the VLANs configuredon the device.3 In the table, select the VLANs that you want to assign to the network name. Use Ctrl-click or Shiftclickif you want to select multiple entries in the table.4 From the Tools menu, select Network name. The VLAN Network Name window is displayed, asshown in Figure 112.5 Click the radio button next to the network name to which you want to assign the VLANs, and clickSave.Filtering the VLANs Table Based on Network NameTo use the network name to filter the list of VLANs in the VLAN table, complete the following steps:1 Under the Network Views folder, select a device group or the All table or the All map.2 Click the VLANs tab in the table view to display the VLANs in the device group.3 Expand the Quick Filter box to display the available quick filters. One of the quick filters is Network,as shown in Figure 113.Ridgeline <strong>Reference</strong> <strong>Guide</strong>169
Managing and Monitoring VLANsFigure 113: Filtering the VLAN Table Using the Network Name Quick FilterNetwork NameQuick Filter4 In the Network quick filter box, select the network name to be used as the filter. Use Ctrl-click orShift-click to select multiple network names. The VLAN table then displays only VLANs with theselected network name(s).Viewing VLAN InformationTo view information about VLANs in Ridgeline, click a device group or the All map or All table groupunder the Network Views folder, then click the VLANs tab. A table listing the VLANs in the group isdisplayed.If you also have enabled the map view of a device group, you can select a VLAN and display anoverlay view highlighting all of the devices and links in the map where the selected VLAN isconfigured, as shown in Figure 114.170Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 9Figure 114: VLANs in a Map ViewThe VLANs table has the following columns. You can filter the contents of the table by expanding theFilter box, and entering text and search criteria, or by expanding the Quick Filter box and selecting anavailable quick filter.Vlan TagNameNetworkServicesProtocol filterIP forwardingLast updated fromdatabaseTypeThe VLAN tag value (if any) or “Untagged”, along with an icon indicating whetherthis is a VLAN or VMAN.Indicates this is a VLANIndicates this is an EAPS-protected VLANIndicates this is a VMANIndicates this is an EAPS-protected VMANThe VLAN name.The network name category (if any) that this VLAN belongs to. See “CategorizingVLANs With Network Names” on page 168 for more information.List of the type of services configured for the network VLAN.The protocol filter(s) configured for the VLANWhether IP forwarding is enabled for the VLAN.Date and time that the information about the VLAN was last retrieved from theRidgeline database.The VLAN type, either VLAN or VMAN.You can enable the “Show Full Path” checkbox to display the path a packet would take across thevarious VLANs in the network, taking into consideration VLAN services configured on the manageddevices, such as subscriber VLANs, Private VLANs, and VMANs.Ridgeline <strong>Reference</strong> <strong>Guide</strong>171
Managing and Monitoring VLANsDisplaying VLAN DetailsTo display details about a VLAN, click on the VLAN’s row in the VLAN table. Information about theVLAN appears in the details window. If you double-click on the row, the VLAN details are displayed ina separate window, as shown in Figure 115.Figure 115: VLAN Details WindowThe VLAN details window has the following fields:TagNetworkNameServicesProtocol filterIP forwardingControl VLANProtected VLANTypeLast updated from databaseThe VLAN tag value (if any) or “Untagged”.The network name category (if any) that this VLAN belongs to. See “CategorizingVLANs With Network Names” on page 168 for more information.The VLAN name.List of the type of services configured for the network VLAN.The protocol filter(s) configured for the VLANWhether IP forwarding is enabled for the VLAN.Whether any EAPS control VLAN is present in the list of available VLANs.Whether any EAPS protected VLAN is present in the list of available VLANs.The VLAN type, either VLAN or VMAN.Date and time that the information about the VLAN was last retrieved from theRidgeline database.172Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 9Device/Ports TabWhen you click the Device/Ports tab, the following columns are displayed:Device nameIP addressVirtual routerQOS profile nameControl VLANProtected VLANDomain Name SetVlan servicesSoftware versionSNMP versionLog on usernameForwarding-database pollingDevice manager protocolDevice typeAdmin StateThe name of the device, and an icon indicating the status of the device.The IP address of the device.The virtual router to which the VLAN is associated on the device. This information isavailable if the device has HTTP enabled, and runs <strong>Extreme</strong>XOS software version12.1 or later.QoS profile name configured for the VLAN on the device, if any.Whether this VLAN is configured as an EAPS control VLAN.Whether this VLAN is protected by an EAPS domain.EAPS domains to which the VLANs on the device belong.VLAN service type. Possible values are Translation, Translation-Member, VMAN,Translation VMAN, Translation-Member VMAN, Private-VLAN, Isolated-Subscriber,Non-Isolated Subscriber, Super VLAN, and Sub VLAN. This information is available ifthe device has HTTP enabled, and runs <strong>Extreme</strong>XOS software version 12.1 or later.The <strong>Extreme</strong>XOS software version running on the device.The SNMP version configured on the device.The username used to log on to the deviceWhether FDB polling is enabled on the device.The protocol used for accessing management functions on the device.The type of device.The administrative state of the VLAN, either Enabled or Disabled. This information isavailable if the device has HTTP enabled, and runs <strong>Extreme</strong>XOS software version12.1 or later.Ports TabSelecting a device in the Device/Ports table displays the ports on the selected device that are part of theVLAN. The following columns are displayed:NumberPort number. If the device is a chassis device, then the port number is displayed inslot:port format.NameThe name of the port, if configuredTaggedWhether the port is taggedMediaThe port media, if applicableType Port type; for example, Gigabit, Mgmt, 10/100.Actual speedActual duplexConfigured speedConfigured duplexStateSpeed of the port; Auto if the speed is auto-negotiated.Duplex of the port, either full or halfThe configured speed of the portThe configured duplex setting of the portThe port state (Enabled or Disabled)Ridgeline <strong>Reference</strong> <strong>Guide</strong>173
Managing and Monitoring VLANsLayer 3 Settings TabThe Layer 3 Settings tab includes the following columns:Device nameIP addressVLAN IP addressVLAN IP maskIP forwarding enabledThe name of the device, and an icon indicating the status of the device.The IP address of the device.The IP address of the VLAN.The subnet mask of the VLAN.Whether IP forwarding is enabled for the VLAN.Links TabThe Links tab contains information about the links that are part of the selected VLANStatusA deviceA IP addressA port nameA port numberB deviceB IP addressB port nameB port numberDiscovery protocolStateTypeA device statusA device worst alarmAn icon indicating the status of the link. The link status icon can be one of thefollowing colors:• A green line indicates that the link is up.• A red line indicates that the link is down.• A yellow line for a bundled link indicates that some links are down and some areup.• A grey line indicates that the link status is unknown.• A blue line indicates the link is user-created rather than automatically discoveredby Ridgeline.An icon showing a circle and two lines indicates a shared link:• Green indicates the link is up.• Greyed-out green indicates the last-known status of the link was up.• Red line indicates the link is down.• Greyed-out red indicates the last known state was down.• Yellow indicates that some ports on this link are up and that some are down.The name of the device on one end (the A side) of the link, along with an iconindicating the device status.The IP address of the device on the A side of the link.The name of the port on the A side of the link, along with an icon indicating the portstatus.The number of the port on the A side of the link.The name of the device on the other end (the B side) of the link, along with an iconindicating the device status.The IP address of the device on the B side of the linkThe name of the port on the B side of the link, along with an icon indicating the portstatus.The number of the port on the B side of the link.The protocol used to discover the link, either EDP or LLDP.The current state of the linkThe link type; for example, user-created.The current status of the device on the A side of the link.The status of the highest alarm on the device on the A side of the link.174Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 9A port statusA link stateA port typeA port share detailsB device statusB device worst alarmB port statusB link stateB port typeB port share detailsWhether the port on the A side of the link is enabled or disabled.Whether the A side of the link is ready to exchange traffic with the B side of the link.The type of port on the A side of the link.Information about the port sharing configuration on the A side of the link, ifconfigured.The current status of the device on the B side of the link.The status of the highest alarm on the device on the B side of the link.Whether the port on the B side of the link is enabled or disabled.Whether the B side of the link is ready to exchange traffic with the A side of the link.The type of port on the B side of the link.Information about the port sharing configuration on the B side of the link, ifconfigured.Viewing VLAN Services InformationIf the VLAN service type column for the VLAN indicates that a service is configured for the VLAN,additional information is displayed in the VLAN details window, next to the Ports tab. Depending onthe type of service configured, one of the following tabs may be displayed:●●●●●●●Translation VLAN tabTranslation-Member VLAN tabPrivate VLAN tabIsolated-Subscriber VLAN tabNon-Isolated Subscriber VLAN tabSuper VLAN tabSub VLAN tabNOTEIf a VLAN configured on one device does not have a service configured for it, but a VLAN configured on asecond device does have a service configured for it, and also has the same name, tag, and protocol as the VLANon the first device, then it may not be clear in Ridgeline displays which of the VLANs has the service configured onit. Consequently, it is recommended that you use different names for VLANs with services and VLANs withoutservices, so that both kinds of VLANs appear correctly in Ridgeline displays.Translation VLAN TabIf you select a device in the Device/Ports table that has a Translation VLAN configured (indicated by“Translation” in the VLAN service type column) the Translation VLAN tab appears.The Translation VLAN tab contains the following information:● The name of the Translation VLAN● The name of the network to which the Translation VLAN belongs● The tagged and untagged ports in the Translation VLANRidgeline <strong>Reference</strong> <strong>Guide</strong>175
Managing and Monitoring VLANsIn addition, a table listing the information about the members of the Translation VLAN is displayed.This table contains the following columns:TagNetworkNamePortsTag value of the Translation VLAN memberName of the network to which the Translation VLAN member belongsVLAN name of the Translation VLAN memberList of the tagged and untagged ports in the Translation VLAN memberTranslation-Member VLAN TabIf you select a device in the Device/Ports table that is a member of a Translation VLAN (indicated by“Translation-Member” in the VLAN service type column) the Translation-Member VLAN tab appears.The Translation-Member VLAN tab contains the following information:● Tag value of the Translation VLAN to which the member belongs● The name of the network to which the Translation VLAN belongs● The name of the Translation VLAN to which the member belongs● The tagged and untagged ports configured in the Translation VLANPrivate VLAN TabIf you select a device in the Device/Ports table that has a Private VLAN configured (indicated by“Private” in the VLAN service type column) the Private VLAN tab appears. The Private-NetworkVLAN tab contains the following information:● Name of the Private VLAN● Network name of the Private VLAN● List of Tagged, Untagged, and Translated Ports in the Private-Network VLANIn addition, a table listing information about the Isolated and Non-Isolated Subscriber VLANs isdisplayed. This table contains the following columns:TagTypeNetworkNamePortsTag value of the subscriber VLANWhether the subscriber VLAN is isolated or non-isolatedNetwork name of the Private VLANName of the subscriber VLANList of the tagged and untagged ports in the subscriber VLANIsolated-Subscriber VLAN TabIf you select a device in the Device/Ports table that is an isolated subscriber member of a Private VLAN(indicated by “Isolated-Subscriber” in the VLAN service type column) the Isolated-Subscriber VLANtab appears.The Isolated-Subscriber VLAN tab contains the following information:● Tag value of the Private-Network VLAN● Network name of the Private-Network VLAN● Name of the Private-Network VLAN176Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 9●●Name of the Private VLANList of Tagged, Untagged, and Translated ports associated with the Private-Network VLANNon-Isolated Subscriber VLAN TabIf you select a device in the Device/Ports table that is a non-isolated subscriber member of a PrivateVLAN (indicated by “Non-Isolated Subscriber” in the VLAN service type column) the Non-IsolatedSubscriber VLAN tab appears.The Non-Isolated Subscriber VLAN tab contains the following information:●●●●●Tag value of the Private-Network VLANNetwork name of the Private-Network VLANName of the Private-Network VLANName of the Private VLANList of Tagged, Untagged, and Translated ports associated with the Private-Network VLANSuper VLAN TabIf you select a device in the Device/Ports table that has a Super VLAN configured (indicated by “SuperVLAN” in the VLAN service type column) the Super VLAN tab appears. The Super VLAN tab containsthe following information:● The name of the Super VLAN● Network name of the Super VLAN● The tagged and untagged ports in the Super VLANIn addition, a table listing the information about the Sub VLANs of this Super VLAN is displayed. Thistable contains the following columns:TagNetworkSub RangeProxyNamePortsTag value of the Sub VLANName of the network to which the Translation VLAN member belongsRange of IP addresses in the Sub VLANStatus of the VLAN proxy, either Enabled or DisabledName of the Sub VLANList of the tagged and untagged ports in the Sub VLANSub VLAN TabIf you select a device in the Device/Ports table that has a Sub VLAN configured (indicated by “SubVLAN” in the VLAN service type column) the Sub VLAN tab appears. The Sub VLAN tab contains thefollowing information:Sub VLAN information:● IP address range of the Sub VLAN● VLAN proxy status of Sub VLAN, either Enabled or DisabledSuper VLAN information:● The name of the Super VLANRidgeline <strong>Reference</strong> <strong>Guide</strong>177
Managing and Monitoring VLANs●●●Tag value of the Super VLANNetwork name of the Super VLANThe tagged and untagged ports in the Super VLANDisplaying VLAN Details for a Selected DeviceSee “Displaying Device Details” on page 40 for information about displaying VLAN information for anindividual device.178Ridgeline <strong>Reference</strong> <strong>Guide</strong>
10CHAPTERManaging and MonitoringVMANs (PBNs)This chapter describes how to use Ridgeline for:●●Configuring VMANs using Ridgeline’s network resource provisioning featureViewing information about VMANs configured on devices managed by RidgelineIt contains the following sections:● “Overview of VMANs” on page 179● “Configuring VMANs” on page 180● “Viewing VMAN Information” on page 190● “Displaying VMAN Details” on page 192Overview of VMANsVirtual Metropolitan Area <strong>Networks</strong> (VMANs), which are also known as Provider Bridge <strong>Networks</strong>(PBNs), are defined by the IEEE 802.1ad standard, which is an amendment to the IEEE 802.1Q VLANstandard. Metropolitan area network (MAN) service providers can use a VMAN to carry VLAN trafficfrom multiple customers across a common Ethernet network. A VMAN uses Provider Bridges (PBs) tocreate a Layer 2 network that supports VMAN traffic. VMAN technology is sometimes referred to asVLAN stacking or Q-in-Q.VMANs enable a service provider to offer the equivalent of separate and independent virtual bridgedLANs to multiple customers over the provider’s bridged network.NOTEThe “VMAN” term is an <strong>Extreme</strong> <strong>Networks</strong> term that became familiar to <strong>Extreme</strong> <strong>Networks</strong> customersbefore the PBN standard was complete. The VMAN term is used in Ridgeline and also in this book to supportcustomers who are familiar with this term. The PBN term is also used in this guide to establish the relationshipbetween this industry standard technology and the <strong>Extreme</strong> <strong>Networks</strong> VMAN feature.For a more detailed explanation of VMANs, see the <strong>Extreme</strong>XOS Concepts and Solutions <strong>Guide</strong>.Ridgeline’s network resource provisioning feature allows you to create new VMANs and modifyexisting VMANs in your network. Ridgeline can display detailed information about VMANs inNetwork Views tables and maps.Ridgeline <strong>Reference</strong> <strong>Guide</strong>179
Managing and Monitoring VMANs (PBNs)Configuring VMANsUsing Ridgeline, you can perform common VMAN configuration tasks, including creating, modifying,and deleting VMANs, as well as configuring VMAN protocol settings.Additionally, you can optionally assign VMANs a network name, which is a means for categorizing theminto logical groups. After assigning one or more VMANs a network name, you can filter the informationdisplayed in the VLAN table based on the network name. This can be useful if you have a large numberof VLANs to manage.Ridgeline’s network resource provisioning feature allows you to create new VMANs on a group ofdevices or on a single device. You select the devices, ports, links, and tagging options you want, thenvalidate and deploy the VMAN configuration by clicking a button. You can modify existing VMANs byselecting the VMAN in Network Views windows, changing parameters, and deploying the changes tothe devices where the VLAN is configured. Network resource provisioning also allows you to remove asingle device from a VMAN, or modify the VMAN settings on a single device.For more information on Ridgeline’s network resource provisioning feature, see “Provisioning NetworkResources” on page 103.Creating a VMANTo create a VMAN, complete the following steps:1 Under Network Views, select the folder containing the devices you want to configure.2 In the Navigation Table, or the Map View (if displayed), click on the devices to select them. For aVMAN, you can select one or more switches, links, or ports.180Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 10Figure 116: Selecting Devices to Provision3 From the Services menu, select New > VMAN, or right-click in the Navigation Table and selectVLAN from the pop-up menu. The VLAN Provisioning window is displayed, as shown inFigure 117.Ridgeline <strong>Reference</strong> <strong>Guide</strong>181
Managing and Monitoring VMANs (PBNs)Figure 117: VMAN Provisioning Window for Selected DevicesIn the VMAN provisioning window, the selected devices automatically appear in the Availabledevices table. You can provision VMANs only on <strong>Extreme</strong> <strong>Networks</strong> switches running <strong>Extreme</strong>XOS12.1 or higher. Devices that do not support VMANs are greyed-out in the VMAN Provisioningwindow.When the switch is running EXOS image previous to 12.1, then Ridgeline shows VMANs configuredin the device as VLANs. To display the switches properly, upgrade the switches to a 12.1 image orabove.You can expand the list of items in the Available devices table by selecting a group from the Showdevices in box.If you have selected one or more links to add to the VMAN, the links appear in the Selected linkstable. A link represents the two ports on the devices on either side of the link. Note that user-definedlinks to nodes or clouds are not displayed in the table of available links.4 Click one of the devices to view the Available ports table for the device.5 For each port or link you want to add to the VMAN, select the port and click the Add tagged orAdd untagged button. When the VMAN is created, the port is added to the new VMAN, andremoved from the default VMAN if it was added as an untagged port.6 Edit the values in the Tag and Name fields for the new VMAN.7 Enter the Ethertype value. This value is used to specify the ethertype value on the selected device.See the <strong>Extreme</strong>XOS Concepts <strong>Guide</strong> for appropriate values for the device.8 When you have finished configuring the VMAN, click the Create VMAN button to start thevalidation and deployment process. The Progress and Results window is displayed, as shown inFigure 118.182Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 10Figure 118: Progress and Results Window for VMAN Provisioning TasksValidating command syntax andchecking software compatibilityVerifying connectivity to theselected devicesDeploying the commands onthe devicesThe validation rules or commandsentered on the device for theselected task9 Ridgeline validates the options you selected against a set of predefined configuration rules, andensures that the target switches are running a version of software that supports the features you areprovisioning. The following validations are performed:● The name length is not longer than 32 characters.● The name consists of only alphanumeric characters. No special characters such as “#” or “&” areallowed.● The tag range is from 1 to 4095.● The tag is not present on the selected device.● The name is not present on the selected device.● Port tag values are valid.If Ridgeline successfully validates the selected options, it verifies network connectivity to the targetswitches. If a connection can be established to all of the target switches, Ridgeline deploys theconfiguration commands, then saves the configuration file on each switch. Finally, Ridgeline updatesits own database with information about the configuration changes on the switches.The information in the Progress and Results window is logged in the Ridgeline Audit Log. See“Viewing Logged Information about Provisioning Tasks” on page 111 for more information.Ridgeline <strong>Reference</strong> <strong>Guide</strong>183
Managing and Monitoring VMANs (PBNs)Creating a VMAN on a Specific DeviceStarting from the Device window, you can create a VMAN on a selected device.To create a VMAN on a specific device, complete the following steps:1 Click Network Views > All table, or Network Views > All map.2 Click the Devices tab.3 Select the device that you want to configure the VMAN on, and double-click it, or right-click it andselect Open. The Device window appears.4 From the Services menu, select New > VMANFigure 119: Device WindowThe VMAN dialog box for the selected device appears (Figure 120).Figure 120: VMAN Dialog Box for Selected Device5 Enter a name for the VMAN.6 Select the kind of VMAN that you want to create, tagged or untagged.●To create an untagged VMAN, click the Untagged radio button.● To create a tagged VMAN, click the radio button next to the number list, and select a numberfrom 1 to 4095 for the tag.7 Select the device ports that you want to include in the VMAN. If you are creating a tagged VMAN,you can add the ports as tagged or as untagged. If you are creating an untagged VMAN, you canonly add ports as untagged. Use the Add tagged button or the Add untagged button as appropriate.184Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 108 Click Create VMAN to start the validation and deployment process. The Progress and Resultswindow is displayed, as shown in Figure 121.Figure 121: Progress and Results Window for a Device-Specific VMAN9 Ridgeline validates the options you selected against a set of predefined configuration rules, andensures that the target device is running a version of software that supports the features you areprovisioning.If Ridgeline successfully validates the selected options, it verifies network connectivity to the targetswitch. If a connection can be established to the switch, Ridgeline deploys the configurationcommands, then saves the configuration file on the switch. Finally, Ridgeline updates its owndatabase with information about the configuration changes on the switch.Modifying a VMANFor existing VMANs, you can edit settings and deploy the changes to the devices where the VMAN isconfigured.To modify a VMAN, complete the following steps:1 Under Network Views, select the folder containing the devices you want to configure.2 In the Navigation Table, click the VLAN tab, and select the VMAN you want to modify.You can limit the contents of the Navigation Table to just VMANs by expanding the Filter box andentering VMAN in the text box, or by expanding the Quick Filter box and selecting VMAN in theServices box, as shown in Figure 122.Ridgeline <strong>Reference</strong> <strong>Guide</strong>185
Managing and Monitoring VMANs (PBNs)Figure 122: Displaying VMANs in the VLANs Navigation Table3 Right-click in the Navigation Table and select the setting you want to modify from the pop-up menu.Figure 123: VMAN Popup MenuFor a VMAN, you can edit the list of ports or links in the VMAN as well as the name and networkname of the VMAN (although not the tag value). If you add ports as untagged to the VMAN, theywill be removed from the default VLAN before being added to the VMAN you are editing. You canalso delete the VMAN from the devices where it is configured.If you select Properties from the pop-up menu, the Properties window for the VLAN is displayed,which provides a list of settings you can modify.4 Click the setting you want to modify to bring up the provisioning window for that setting. Forexample, Figure 124 shows the provisioning window for a port list.186Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 10Figure 124: Provisioning Window for a VMAN Port List5 Make any necessary changes to the VMAN configuration.6 When you have finished modifying the VMAN, click the Save changes button to validate anddeploy the changes to the VMAN. When a port is added to a VMAN, the port is removed from thedefault VLAN and added to the new VMAN.Modifying VMAN Settings on One DeviceYou can modify VMAN settings on a single device. The device can be the only one in the VMAN, or itcan be one among multiple devices in the same VMAN. When you save the changes Ridgeline performsvalidations on the changes that you made.NOTEOther than the network name, device settings for a control VMAN or a protected VMAN cannot bemodified. Menu options for editing and deleting VLANs are disabled when a control VMAN or a protected VMAN isselected. Network names cannot be modified for a control VMAN or a protected VMAN associated with an E-Lineor ELAN service.To modify a VMAN settings on a specific device, complete the following steps:1 Click Network Views > All table, or Network Views > All map.2 Click the Devices tab.3 Select the device and double-click it, or right-click it and select Open.4 In the Device window, click the VLAN tab. The tab is shown in Figure 125.Some of the columns have been hidden to display the Type and Services columns.Ridgeline <strong>Reference</strong> <strong>Guide</strong>187
Managing and Monitoring VMANs (PBNs)Figure 125: Device VLAN Tab5 Select a VMAN and right-click it to display the context menu (Figure 126).Figure 126: VMAN Settings in the Context Menu6 To change the name of the VMAN, select Edit Name from the context menu. Enter a new name inthe dialog box.7 To give the VMAN a network name, or edit the network name, complete the following steps:a Select Network name... from the context menu. You can also click the Network name icon in theDevice window.b In the VMAN Network Name dialog box, click New and enter a network name for the VLAN, orclick Rename and edit the existing network name in place.c Ensure that the radio button next to the network name that you want to use is selected.d Click Apply.8 To change the ports that the VMAN uses, select Edit Ports from the context menu. Make the changesthat you want to make in the Ports dialog box.9 Click Save Changes.When a VMAN is modified, the software performs the following validations:● The name is no longer than 32 characters.188Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 10●●●The name contains only alphanumeric characters.The port tag value is valid.The network service selected is not used as a transport service in an E-Line or E-LAN service.Deleting a VMANYou can use the procedure in this section to delete a single VMAN. Multiple VMANs cannot be deletedin the same operation, and control VMANs cannot be deleted. These instructions can be used to deleteprotected VMANs.To delete a VMAN, complete the following steps:1 Under Network Views, select the folder containing the VMAN you want to delete.2 In the Navigation Table, click the VLAN tab.3 Select the VMAN you want to delete.You can limit the contents of the Navigation Table to just VMANs by expanding the Filter box andentering VMAN in the text box, or by expanding the Quick Filter box and selecting VMAN in theServices box, as shown in Figure 122.Figure 127: Displaying VMANs in the VLANs Navigation Table4 Select Delete from the Edit menu.5 Confirm the deletion in the pop-up window.When you delete a VLAN, the software verifies that the services in the VLAN are not being used astransport services in an E-Line or E-LAN service.Deleting a VMAN from a Specific DeviceWorking from the Device window, you can remove a specific device from a VMAN without affectingthe remaining devices in the VMAN.To remove a device from a VMAN, complete the following steps:1 Click Network Views > All table, or Network Views > All map.2 Click the Devices tab.3 Select the device that you want to remove from a VMAN and double click it to display the Devicewindow.Ridgeline <strong>Reference</strong> <strong>Guide</strong>189
Managing and Monitoring VMANs (PBNs)4 Click the VLANs tab and find the VMAN that you want to remove the device from. You can use theQuick Filter box to limit the contents of the list in the VMAN tab.5 Select the VMAN from which you want to remove the device. Only one VMAN at a time can beselected for this operation.6 Right-click the VMAN entry and select Delete from the context menu, as shown in Figure 128. Youcan also use the Delete button .Figure 128: Removing a Device from a VMAN7 Confirm the deletion in the popup window displayed.When a VMAN is deleted, Ridgeline verifies that the network service associated with the VMAN is notused as a transport service in an E-Line or E-LAN service. Ridgeline removes the device from theVMAN and displays the validations it is performing in the Progress and Results window. If the deletiondoes not succeed, a reason is given in the Progress and Results window.Categorizing VMANs With Network NamesA network name is a means for categorizing VMANs into logical groups, which can aid in filtering theinformation displayed in the VLAN table. This can be useful if you have a large number of VMANs tomanage.For example, you can assign VLANs to a category (a network name), such as “Provider 1”, then use thequick filter function on the VLAN tab to limit the information displayed in the VLAN table to VLANswith the network name “Building 1”.See “Categorizing VLANs With Network Names” on page 168 for information about how to create anetwork name and assign it to a VMAN. The procedure is the same for VLANs and VMANs.Viewing VMAN InformationTo view information about VMANs in Ridgeline, click a device group or the All map or All table groupunder the Network Views folder, then click the VLANs tab. A table listing the VLANs in the group isdisplayed.If you also have enabled the map view of a device group, you can select a VMAN and display anoverlay view highlighting all of the devices and links in the map where the selected VMAN isconfigured, as shown in Figure 129.190Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 10You can limit the contents of the Navigation Table to just VMANs by expanding the Filter box andentering VMAN in the text box, or by expanding the Quick Filter box and selecting VMAN in theServices box.Figure 129: VMANs in a Map ViewThe VLANs table has the following columns:Vlan TagNameNetworkServicesProtocol filterIP forwardingLast updated fromdatabaseThe VMAN tag value (if any) or “Untagged”, along with an icon indicating whetherthis is an EAPS-protected VMAN.Indicates this is a VMANIndicates this is an EAPS-protected VMANThe VMAN name.The network name category (if any) that this VMAN belongs to. See “CategorizingVMANs With Network Names” on page 190 for more information.List of the type of services configured for the VLAN. For VMANs (PBNs), this isVMAN.The protocol filter(s) configured for the VMAN.Whether IP forwarding is enabled for the VMAN.Date and time that the information about the VMAN was last retrieved from theRidgeline database.Ridgeline <strong>Reference</strong> <strong>Guide</strong>191
Managing and Monitoring VMANs (PBNs)Last updated byTypeThe ID of who last updated the VMAN information.The VLAN type. For VMANs (PBNs), this is VMAN.Displaying VMAN DetailsTo display details about a VMAN, click on its row in the VLAN table. VMANs are indicated by“VMAN” in the Type column in the VLAN table. When you do this, information about the VMANappears in the details window. If you double-click on the row, the VMAN details are displayed in aseparate window.NOTETo gather VMAN related information the VlanServiceDataCollection task must run successfully. You needXML API support on a device with EXOS image version 12.1 or above because Ridgeline does not differentiatebetween VLANS and VMANS.Figure 130: VMAN Details Window192Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 10The VMAN details window has the following fields:TagNetworkProtocol filterNameControl VMANProtected VMANTypeLast updated from databaseThe VMAN tag value (if any) or “Untagged”, along with an icon indicating whetherthis is an EAPS-protected VMAN.Indicates this is a VMANIndicates this is an EAPS-protected VMANThe network name configured for the VMAN.The protocol filter(s) configured for the VMAN.The name of the VMAN.For an EAPS-protected VMAN, the name of the Control VLAN in the EAPS domain.For an EAPS-protected VMAN, the name of the Protected VLAN in the EAPSdomain.The VLAN type, in this case VMAN.Date and time that the information about the VMAN was last retrieved from theRidgeline database.Device/Ports TabWhen you click the Device/Ports tab in the VMAN details window, the following columns aredisplayed:Device nameIP addressVirtual routerQOS profile nameControl VLANProtected VLANDomain Name SetVlan servicesSoftware versionSNMP versionLog on User NameForwarding-database pollingDevice manager protocolDevice typeAdmin StatusThe name of the device, and an icon indicating the status of the device.The IP address of the device.The virtual router to which the VMAN is associated on the deviceQoS profile name configured for the VMAN on the device, if any.Whether this VMAN is configured as an EAPS control VLAN.Whether this VMAN is protected by an EAPS domain.EAPS domains to which the VLANs on the device belong.VLAN service type. Possible values are Translation, Translation-Member, VMAN,Translation VMAN, Translation-Member VMAN, Private-VLAN, Isolated-Subscriber,Non-Isolated Subscriber, Super VLAN, and Sub VLAN. This information is available ifthe device has HTTP enabled, and runs <strong>Extreme</strong>XOS software version 12.1 or later.The <strong>Extreme</strong>XOS software version running on the device.The SNMP version configured on the device.The username used to log on to the deviceWhether FDB polling is enabled on the device.The protocol used for accessing management functions on the device.The type of device.The administrative state of the VMAN, either Enabled or Disabled.Ridgeline <strong>Reference</strong> <strong>Guide</strong>193
Managing and Monitoring VMANs (PBNs)Ports TabSelecting a device in the Device/Ports table displays the ports on the selected device that are part of theVMAN. The following columns are displayed:NumberPort number. If the device is a chassis device, then the port number is displayed inslot:port format.NameThe name of the port, if configuredTaggedWhether the port is taggedMediaThe port media, if applicableType Port type; for example, Gigabit, Mgmt, 10/100.Actual speedSpeed of the port; Auto if the speed is auto-negotiated.Actual duplexConfigured speedConfigured duplexStateDuplex of the port, either full or halfThe configured speed of the portThe configured duplex setting of the portThe port state (Enabled or Disabled)Links TabThe Links tab contains information about the links that are part of the selected VMAN.StatusA deviceA IP addressA port nameA port numberB deviceB IP addressB port nameAn icon indicating the status of the link. The link status icon can be one of thefollowing colors:• A green line indicates that the link is up.• A red line indicates that the link is down.• A yellow line for a bundled link indicates that some links are down and some areup.• A grey line indicates that the link status is unknown.• A blue line indicates the link is user-created rather than automatically discoveredby Ridgeline.An icon showing a circle and two lines indicates a shared link:• Green indicates the link is up.• Greyed-out green indicates the last-known status of the link was up.• Red line indicates the link is down.• Greyed-out red indicates the last known state was down.• Yellow indicates that some ports on this link are up and that some are down.The name of the device on one end (the A side) of the link, along with an iconindicating the device status.The IP address of the device on the A side of the link.The name of the port on the A side of the link, along with an icon indicating the portstatus.The number of the port on the A side of the link.The name of the device on the other end (the B side) of the link, along with an iconindicating the device status.The IP address of the device on the B side of the linkThe name of the port on the B side of the link, along with an icon indicating the portstatus.194Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 10B port numberDiscovery protocolStateTypeA device statusA device worst alarmA port statusA link stateA port typeA port share detailsB device statusB device worst alarmB port statusB link stateB port typeB port share detailsThe number of the port on the B side of the link.The protocol used to discover the link, either EDP or LLDP.The current state of the linkThe link type; for example, user-created.The current status of the device on the A side of the link.The status of the highest alarm on the device on the A side of the link.Whether the port on the A side of the link is enabled or disabled.Whether the A side of the link is ready to exchange traffic with the B side of the link.The type of port on the A side of the link.Information about the port sharing configuration on the A side of the link, ifconfigured.The current status of the device on the B side of the link.The status of the highest alarm on the device on the B side of the link.Whether the port on the B side of the link is enabled or disabled.Whether the B side of the link is ready to exchange traffic with the A side of the link.The type of port on the B side of the link.Information about the port sharing configuration on the B side of the link, ifconfigured.Ridgeline <strong>Reference</strong> <strong>Guide</strong>195
Managing and Monitoring VMANs (PBNs)196Ridgeline <strong>Reference</strong> <strong>Guide</strong>
11CHAPTERManaging Multi-Switch LinkAggregation GroupsThis chapter describes multi-switch link aggregation groups (MLAGs) and contains the followingsections:● “Overview” on page 197● “Viewing MLAG Information” on page 199OverviewMulti-switch link aggregation group (MLAG) takes link aggregation and extends it by allowing onedevice of a link aggregated group (LAG) to dual home into two separate devices, thus providingfailover support for devices. By using the MLAG feature, you can combine ports on two switches toform a single logical connection to another network device. The other network device can be either aserver or a switch that is separately configured with a regular LAG (or appropriate server port teaming)to form the port aggregation. MLAG is supported by the following <strong>Extreme</strong> <strong>Networks</strong> devices:●●BlackDiamond 8000 Series ModulesSummit Family SwitchesFigure 131 shows a device dual homed into two devices (MLAG 1). Server 1 treats the two links as aregular link aggregation group (LAG). Devices 2 and 3 participate in the MLAG to create the perceptionof a LAG.MLAG adds multi-path capability to a LAG, where the number of paths is limited to two. With MLAG,both links dual homed from Device 1 can be actively forwarding traffic. If one device in the MLAG fails,for example, if Device 3 fails, traffic is redistributed back to Device 2, thus allowing for both device andlink level redundancy while utilizing both active links. MLAG can be used in conjunction with LAG.MLAG is confined to two switches in the tier that support MLAG. That is, Device 2 and Device 3 needto be from the same vendor. Device 1, on the other hand, treats both the ports as regular LAG ports andcan be another vendor’s device. For example, MLAG can be used in conjunction with NIC teamingwhere Device 1 could be a server that can be dual homed to two switches operating as an MLAG.Ridgeline <strong>Reference</strong> <strong>Guide</strong>197
Managing Multi-Switch Link Aggregation GroupsFigure 131: Elements of a Basic MLAG ConfigurationSwitch 1 Switch 221 P136 6ISC 45P2 7MLAG - 18910Server 11 MLAG port that is a load-shared link. This port is the peer MLAG port for .2 MLAG peer switch for Switch 2.3 Inter-Switch Connection (ISC or ISC VLAN) has only the ISC port as a member port on both MLAG peers.4 ISC Link that connects MLAG peers.5 MLAG peer switch for Switch 1.6 ISC ports7 MLAG port that is a non-load-shared link. This port is the peer MLAG port for .8 MLAG group (MLAG-ID 1) that has 2 member ports (1 load-shared and 1 non-load-shared member).9 MLAG remote node sees the MLAG ports as a regular load-shared link.10 MLAG remote node - Can be a server or a switch.EX_ports_0049The basic operation of this feature requires two <strong>Extreme</strong>XOS switches interconnected by an inter-switchconnection (ISC). The ISC is a normal, directly connected, Ethernet connection and it is recommendedthat you engineer reliability, redundancy where applicable, and higher bandwidth for the ISCconnection. Then you logically aggregate ports on each of the two switches by assigning MLAGidentifiers (MLAG-ID).Ports with the same MLAG-ID are combined to form a single logical network connection. Each MLAGcan be comprised of a single link or a LAG on each switch. When an MLAG port is a LAG, the MLAGport state remains up until all ports in the LAG go down. As long as at least one port in the LAGremains active, the MLAG port state remains active.When an MLAG port (a single port or all ports in a LAG) fails, any associated MAC FDB entries aremoved to the ISC, forcing traffic destined to the MLAG to be handled by the MLAG peer switch.Additionally, the MLAG peer switch is notified of the failure and changes its ISC blocking filter to allowtransmission to the MLAG peer port. In order to reduce failure convergence time, you can configureMLAG to use ACLs for redirecting traffic via the “fast” convergence-control option.NOTEFor Layer 3 unicast forwarding, you must configure VRRP or ESRP on the peer switches198Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 11Each of the two switches maintains the MLAG state for each of the MLAG ports and communicateswith the other to learn the MLAG states, MAC FDB, and IP multicast FDB of the peer MLAG switch.ISC Blocking FiltersThe ISC blocking filters are used to prevent looping and optimize bandwidth utilization. When at leastone MLAG peer port is active, the upper layer software initiates a block of traffic that ingresses the ISCport and needs to be forwarded to the local MLAG ports. This is considered to be the steady statecondition.In normal steady state operation most network traffic does not traverse the ISC. All unicast packetsdestined to MLAG ports are sent to the local MLAG port only. However, flood and multicast traffictraverses the ISC but is dropped from MLAG peer port transmission by the ISC blocking filtermechanism.The ISC blocking filter matches all Layer 2 traffic received on the ISC and blocks transmission to allMLAG ports that have MLAG peer ports in the active state. When there are no active MLAG peer ports,the upper layer software initiates an unblocking of traffic that ingresses the ISC port and needs to beforwarded to the local MLAG ports thus providing redundancy. This is considered to be the failed state.Inter-Switch CommunicationKeep-alive ProtocolMLAG peers monitor the health of the ISC using a keep-alive protocol that periodically sends healthcheckmessages. The frequency of these health-check hellos can be configured.MLAG Status CheckpointingEach switch sends its MLAG peer information about the configuration and status of MLAGs that arecurrently configured over the ISC link. This information is checkpointed over a TCP connection that isestablished between the MLAG peers after the keep-alive protocol has been bootstrapped.Viewing MLAG InformationYou can view information about an MLAG peer, including an MLAG peer switch state, MLAG groupcount, and health-check statistics.You can also view each MLAG group, including local port number, local port status, remote MLAG portstate, MLAG peer name, MLAG peer status, local port failure count, remote MLAG port failure count,and MLAG peer failure count.To see if a port is part of an MLAG group or an ISC port, complete the following steps:Ridgeline <strong>Reference</strong> <strong>Guide</strong>199
Managing Multi-Switch Link Aggregation GroupsMLAG Table ViewFigure 132: MLAG ViewThe MLAG table view shows the following information.Column NameStatusIDNameISC VLAN tagISC VLAN namePeer A NamePeer A IP AddressPeer B NamePeer B IP AddressDescriptionMLAG overall statusMLAG IDMLAG nameInter-switch connection VLAN tagInter-switch connection VLAN nameName of MLAG peer A switchIP address of MLAG peer A switchName of MLAG peer B switchIP address of MLAG peer B switchMLAG Map ViewSelect MLAG from the Navigation table to see the map view. The map provides the followinginformation:●●●●MLAG links indicated by gray linesMLAG name and ID on each device nodeISC links iconPort number. hover the mouse over the switch icon.200Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 11●Peers indicated by double connecting linesThe following screens are examples of MLAG map views including:● Basic MLAG map view with a configured ISC (Figure 133)● MLAG Peers map view with a configured ISC (Figure 134)● MLAG Peers with LAG peers on network map view without an ISC (Figure 135)● MLAG Peers with LAG peers on network map view configured with an ISC (Figure 136)Figure 133: Basic MLAG Map View Configured with an ISCFigure 134: MLAG Peers Map View Configured with an ISCRidgeline <strong>Reference</strong> <strong>Guide</strong>201
Managing Multi-Switch Link Aggregation GroupsFigure 135: MLAG Peers with LAG peers on Network Map ViewFigure 136: MLAG Peers with LAG peers Network Map View Configured with an ISC202Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 11MLAG Detail ViewFigure 137: MLAG Detail ViewThe fields on this table are described in the following topics.MLAG Links TableThe descriptions of the columns on the MLAG Links table are as follows:Column NameStatusISC LinkA deviceA IP addressA port nameA port number/annotationA port share detailB deviceB IP addressB port typeB port nameB port number/annotationB port share detailDiscovery protocolDescriptionLink status: up or downBox color indicates link status of inter-switch connection linkName of peer device with inter-switch connection linkIP address of this peer deviceMLAG port name to which peer device is attachedPort number on which MLAG ports are associated with this MLAG peer switchPort A shared link detailName of peer device with inter-switch connection link.IP address of this peer deviceType of port of port BThe MLAG port name on which peer device is attachedPort number on which MLAG ports associated with this MLAG peerPort B shared link detailProtocol used to discover MLAG peersRidgeline <strong>Reference</strong> <strong>Guide</strong>203
Managing Multi-Switch Link Aggregation GroupsTypeA port typeType of link: physical or virtualDevice port protocolDevices TableThe descriptions of the columns on the Devices table are as follows:Column NameNameIP addressISC VLAN nameISC VLAN tagISC VLAN IP addressPeer nameVRPort countCheck point statusRx checkpoint messagesHello errorsHello timeoutsUp timeLocal Tx IntervalRemote Tx IntervalTx HellosTx Check PointsCheck point errorsPeer Connect errorsDescriptionName of deviceIP address of deviceName of the inter-switch connection VLAN through which the MLAG peercan be reachedInter-switch connection VLAN tagInter-switch connection VLAN IP addressName of MLAG peer switchName of the VR with which the MLAG peer VLAN is associated withNumber of MLAG ports associated with this MLAG peerCheckpointing status of this MLAG peer: up or downNumber of checkpoint messages received from the MLAG peer switchNumber of hello error messagesNumber of hello time out messagesSpecifies the time that the connectivity with the MLAG peer switch is upLength of the time, in milliseconds, between transmissions of health checkhello packetsTransmitting hello Interval of MLAG peer switch in millisecondsNumber of health check hellos transmittedNumber of transmitted checkpoint messagesNumber of checkpoint ErrorsNumber of MLAG peer switch connect errorsPeer State TableColumn NameLocal link statusRemote link statusLocal failure countRemote failure countDescriptionLocal MLAG port status. It reflects the status of entire LAG when LAG is used inconjunction with MLAG. Values: active, disabled, ready, and port not presentRemote MLAG port status. Values: up, down, and not availableNumber of ports that are down in the local MLAG portNumber of ports that are down in the remote MLAG portCustomer VLANs TableColumn NameTypeVLAN serviceDescriptionType of VLANType of VLAN service204Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 11Admin statusVLAN tagVLAN nameNetwork nameProtocol nameQoS profile nameIP forwarding enabledVLAN IP addressVLAN IP maskVirtual routerStatus of VLANVLAN trunk taggingName assigned to the VLANName of networkDevice protocolName assigned to the QoS profile configurationCheck box: If forwarding is enabled it has a check mark; if disabled thecheckbox is clear.IP address of VLANIP subnet maskName of virtual routerMLAG Device ViewSelect a device then open the MLAG tab for a list of MLAGs configured on this device.Figure 138: MLAG Device ViewRidgeline <strong>Reference</strong> <strong>Guide</strong>205
Managing Multi-Switch Link Aggregation GroupsStatusThere are five status categories:1 Up—Everything is normal: all links under ISC are up and all MLAGs are up2 Degraded—Either one or more ISC links are down and all MLAGs are uporOne or more MLAGs are down3 Protecting—ISC is up and one or more MLAG ports are down4 Unprotected—Either all ISC links are down and all MLAGs are up orOne MLAG port is down5 Down—Either all ISC links are down and all MLAGs are down orOne or more ISC links are down and all MLAGs are down orAll ISC links are up and all MLAGs are downMulti-Tier Status 1 Up—All lags are combined but one or more lags are down2 Down—All lags are downMLAG IDISC VLAN tagPeer 1 namePeer 1 IP addressPeer 2 namePeer 2 IP addressMLAG identifiers assigned to aggregate ports on each of the two switchesInter-switch connection VLAN tagName assigned to this peerIP address for this peerName assigned to this peerIP address for this peer206Ridgeline <strong>Reference</strong> <strong>Guide</strong>
12CHAPTERManaging Virtual MachinesThis chapter describes Ridgeline’s <strong>Extreme</strong> Network Virtualization (XNV) and contains the followingsections:● “Overview” on page 207● “Managing the XNV Feature, VM Tracking” on page 210● “Configuring Repository Settings on all VM Tracking Switches” on page 222● “Policy Match Condition Combinations” on page 225● “Creating a Virtual-Port Profile” on page 226● “Attaching and Detaching Policies, VPPs, and VMs” on page 228● “Detaching VPPs” on page 234● “Viewing Information on the VMs Tab” on page 241OverviewTypical data centers support multiple Virtual Machines (VMs) on a single server. These VMs usuallyrequire network connectivity to provide their services to network users and to other VMs. Thefollowing sections introduce Ridgeline features that support VM network connectivity.Introduction to the XNV FeatureThe Ridgeline XNV feature:●Enables network administrators to monitor, secure, and manage virtual machines (VMs) in acentralized and vendor agnostic manner.Starting with version <strong>3.1</strong>, Ridgeline supports VM management from popular vendors such asVMWare, Citrix, and Microsoft. For the Microsoft System Center Virtual Machine Manager(SCVMM), you must install a Ridgeline XNV agent on the host to enable Ridgeline communicatewith Microsoft SCVMM.NOTEThe link to the XNV agent download appears on the Ridgeline Welcome page.Ridgeline <strong>Reference</strong> <strong>Guide</strong>207
Managing Virtual Machines●●●Allows network administrators to import VMs from virtual machine managers (VMMs), such asvCenter, XenServer and Microsoft System Center, in a seamless manner.Once imported, Ridgeline keeps track of inventory changes in the source VMMs. The Ridgeline VMsviews show VMs from several vendors and VMMs in one place. The VMs view also shows networklocation of VMs, such as the switches and ports to which they are currently connected.Allows network administrators to author and attach profiles to VMs. Once attached, Ridgelineensures that the attached profile is applied to a VM no matter where it moves within the network.,enabling administrators to secure and ensure a quality of service level.Enables administrators to view VM movement history within the network.VM Port Configuration and Repository ManagementTo enable XNV capabilities on managed, top-of-rack <strong>Extreme</strong> switches, Ridgeline first needs to enablethe VM Tracking feature on switches and their ports that are connected to VM hosts.Ridgeline acts as a central repository of profiles, policies, and profile mappings for switches. Once theVM Tracking feature is enabled on a switch, it periodically synchronizes its repository database fromRidgeline.Ridgeline uses virtual port profiles (VPPs), which are also known as network virtual port profiles(NVPPs). A network virtual port profile (NVPP) contains policy files and ACL rules. Once attached to aVM, these policy and ACL rules are applied to the VM when it enters the switch authenticationdatabase.NOTEOnly the Summit x480, x650, and the BD8800 c-series and 8900 modules support egress ACLs.Therefore, VPPs that include egress ACL rules cannot be instantiated on other Summit platforms and BD8800modules.NVPPs are stored on an FTP server called a repository server. The XNV feature supports filesynchronization between XNV-enabled switches and the repository server. One of the advantages of therepository server that storage is centralized for NVPPs. Without the repository server, NVPPs wouldneed to be manually created or copied to each XNV-enabled switch.Local virtual port profiles (LVPPs), which override network policies, must be configured on each switch.LVPPs are recommended for simple network topologies, but NVPPs better facilitate networkmanagement for more complex network topologies.VM Authentication ProcessThe XNV feature on a switch supports three methods of authentication:●●●Ridgeline authentication.Network authentication, using a downloaded authentication database stored in the VMMAP file.Local authentication, using a local database created with <strong>Extreme</strong>XOS CLI commands.The default VM authentication configuration uses all three methods in the following sequence:Ridgeline server (first choice), network based .map file, and last local database. If a service is notavailable, the switch tries the next authentication service in the sequence.208Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12The following sections describe each authentication process:● “Ridgeline Authentication” on page 209● “Network Authentication” on page 209● “Local Authentication” on page 209Ridgeline Authentication. If Ridgeline authentication is enabled and a VM MAC address is detectedon a VM-tracking enabled port, the switch sends an Access-Request to the configured Ridgeline serverfor authentication. When the switch receives a response, the switch does one of the following:●●●●When an Access-Accept packet is received with an NVPP, the policies are applied on VM enabledport.When an Access-Accept packet is received and no NVPP file is specified, the port is authenticatedand no policy is applied to the port.When an Access-Reject packet is received, the port is unauthenticated and no policy is applied.When an Access-Reject packet indicates that the Ridgeline server timed out or is not reachable, theswitch tries to authenticate the VM MAC address based on the next authentication methodconfigured, which can be either network authentication or local authentication.Network Authentication. If network authentication is enabled and a VM MAC address is detected ona VM-tracking enabled port, the switch uses the .map file to authenticate the VM and applies theappropriate policies.Local Authentication. If local authentication is enabled and a VM MAC address is detected on a VMtrackingenabled port, the switch uses the local database to authenticate the VM and apply theappropriate policies.File SynchronizationRidgeline’s XNV feature supports file synchronization between XNV-enabled switches and therepository server. The files stored on the repository server include the policy files and the VM-profilemappings. One of the advantages of the repository server is that multiple XNV-enabled switches canuse the repository server to collect the network VM configuration files. The XNV feature provides foraccess to a secondary repository server if the primary repository server is unavailable.Through file synchronization, the VM configuration and policy files are periodically downloaded to theXNV-enabled switches, which allows these switches to continue to support VM connections when theRidgeline server or the repository server is unavailable. You can also initiate a file synchronization fromthe XNV-enabled switch.Example XNV ConfigurationFigure 139 is a diagram displaying an XNV topology. It illustrates the following:● A VM moves from the server connected to address 11.1.1.1/21 to the server connected to 11.1.1.2/21.● The switches automatically move the VPP from 11.1.1.1/21 to 11.1.1.2/21.●●The policies that were attached to port 11.1.1.1/21 are automatically attached to 11.1.1.2/21 when theVM moves.The VM is not affected by the change from one switch to another and continues to function as if itwere still 11.1.1.1/21.Ridgeline <strong>Reference</strong> <strong>Guide</strong>209
Managing Virtual MachinesThe diagram also shows:●●VM authentication using Ridgeline server, network, or local authentication.Ingress and egress port configuration for each VM.Figure 139: Topology of XNV ConfigurationClient 1Client 2Ridgeline repositoryserverNetworkData Centercore switchRidgeline serverLayer 3 networkTop of rackSwitch1Vlan V11:23 1:2211.1.1.50/24Vlan V123 11.1.1.1/24 11.1.1.2/24 222221 21Top of rackSwitch2Layer 2 networkVMWareserverVM MovementVM1VM2VM1VM2VM MovementVMWareserverVM1VM2EX_dctr_0001Managing the XNV Feature, VM TrackingThe Ridgeline XNV feature requires that target switches are upgraded to EXOS 12.5.2.1 or later.Disabling VM Tracking on a SwitchTo disable the VM tracking wizard on a switch, complete the following steps:1 From the Folder List, click on XNV: Virtualization management and then click on the VMmonitoringdevices tab.2 On the menu bar, click Edit > Disable monitoring of > VM information. You can also select thedevice from VM-monitoring Table list, right click, and choose Disable VM-monitoring. The disable210Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12monitoring of VM information window opens, indicating that VM monitoring on the switch issuccessfully disabled. See Figure 140.Figure 140: Disable Monitory of VM Information WindowLimitationsThe following limitations apply to this release of the VM tracking feature:●●●●VM tracking authentication cannot be used simultaneously with Network Login authentication onthe same port.When VM tracking is configured on a port, all existing learned MAC addresses are flushed. MACaddresses are relearned by the switch, and the appropriate VPP (if any) for each VM is applied.If a VM changes MAC addresses while moving between ports on a switch, the VM remainsauthenticated on the original port until the original MAC address ages out of the FDB.VM counters are cleared when a VM moves between ports on the same switch because ACLs aredeleted and recreated.Supported VMMs and VMsThe Virtual Machine Manager lists all virtual machine managers added to and used by Ridgeline.Ridgeline supports only the following versions of VMMs:●VMware 5.0 vCenter Server Virtualization ManagementRidgeline <strong>Reference</strong> <strong>Guide</strong>211
Managing Virtual Machines● Citrix (XenServer) 5.6.0● Microsoft System Center Virtual Machine Manager (SCVMM) 2.0.4275.0NOTEYou must install the Ridgeline XNV agent on the SCVMM host for the Microsoft SCVMM and its virtualmachines to be managed by the Ridgeline server. To obtain the Ridgeline XNV agent, go to the RidgelineWelcome page, click Get Ridgeline XNV agent here, and then follow the installation instructions forRidgelineXNVAgentInstaller.exe.Communication between the Ridgeline server and the Ridgeline XNV agent (default port 10556) occurs usinghttp protocol.Virtual Machine Manager TableTo open the Virtual Machine Manager Table, complete the following steps:1 On the Folder list, click Ridgeline Administration > XNV: Virtualization management. TheVirtualization management tab opens showing the Device/Ports tab and the VM managers tab.The Virtual Machine Manager table automatically updates and supports the following operations:●●●●Importing virtual machines from a selected VMMDeleting selected VMMsEditing selected VMMsUpdating VMMs—Use Updating VMMs to manually update all imported virtual machines and theirnetwork information.You can add a new VMM and import it. On the menu bar, click File > New > VM manager menu. Youcan delete a VMM or update its information by right-clicking the VMM row in the table choosing theappropriate context menu.NOTEWhen using VMware, one view per VMM opens. When using Citrix, individual entries for each Resourcepool or cluster show.The Virtual Machine Manager Table (Figure 140) provides the following information:●Table Columns- Name of VMM- Type of VMM- IP Address of VMM- VMM User Name- Status of VMM- Launch Points for VM managers212Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Figure 141: VM Managers TableAdding a New VM ManagerWhen you add a VM Manager, Ridgeline discovers and imports all virtual machines managed by theVM Manager. Once the import is complete, Ridgeline locates imported VMs on the network if XNVenabledswitches are managed by Ridgeline.Before you use the New VM Manager wizard, you need the following information:● IP address or host name of the VM Manager● VM Manager vendor● User Name● PasswordNOTEYou should have sufficient privileges to retrieve VM inventory information and receive events wheninventory information changes.Ridgeline <strong>Reference</strong> <strong>Guide</strong>213
Managing Virtual MachinesTo add a new VM manager, complete the following steps:1 With the XNV: Virtualization management view open, click File > New> VM manager. The NewVM Manager wizard launches. See Figure 142.Figure 142: New VM Manager Wizard2 Click Next. Ridgeline discovers VMs or resource pools and shows the information in the next dialogbox. See Figure 143.Figure 143: Discovered VM3 Click Save VM Manager.4 If Ridgeline cannot discover a new VM managers, the dialog box indicates it was unable to find anyVMs. You can click Back to return to the initial page where you entered the parameters or you clickCancel to exit the wizard.214Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Editing VM Manager SettingsYou can change the following VM manager settings:● IP address or host name of the VM manager● User Name● PasswordTo edit these VM manager settings, complete the following steps:1 On the XNV: Virtualization management view, click the VM managers tab.2 Right-click on the VM manager you want to edit.3 In the menu that opens, select Properties. The Edit VM Manager setting dialog box opens. SeeFigure 144.Figure 144: Edit VM Manager4 Enter the new User Name and/or Password for the VM manager, new VM manager, and host nameor IP address.5 Click Update. This updates the VMM credentials and performs the following operations:●●●●Closes the VMM session and opens a new sessionSynchronizes Ridgeline with selected VM managerImports newly discovered VMsUpdates existing VMs to reflect updated VMM settingsDeleting a VM ManagerTo delete a VM manager, complete the following steps:1 Click XNV: Virtualization management view > VM mangers tab > VMM Table and right-click onthe selected VMM.2 When the menu opens, click Delete. You are asked: Do you want to delete the virtual machinemanagers?3 Click Yes to confirm the deletion.Ridgeline <strong>Reference</strong> <strong>Guide</strong>215
Managing Virtual MachinesEnabling VM Tracking On a SwitchYou must enable the VM tracking feature on XNV switches to use the tracking feature. The VMTracking wizard lets you specify ports and enable or disable VM tracking on a switch.NOTEYou must turn VM tracking on for ports as well as for devices.To use the wizard, complete the following steps:1 On the menu bar, click File > Enable monitoring of > VM information. The devices dialog boxopens. See Figure 145.Figure 145: Select Device or Device Group Wizard2 Select Devices or Device groups. If you select Devices, a window opens and asks “Monitor VMs onwhich devices?” See Figure 146. It shows the switch names and their IP addresses. If you selectDevice groups, a window opens showing ports, device names, and IP addresses. See Figure 147. Thefollowing devices are disabled (and appear grayed out) when these conditions exist:●●●●Device is already enabled for VM monitoring.Device does not support VM monitoring.Device has Identity Management enabled.When all devices in the group belong to all the cases described, the group is disabled.NOTERemoving all ports on a switch disables tracking for the switch.216Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Figure 146: Select Devices to MonitorFigure 147: Select Device Group to Monitor3 Click Next. The Select the ports window shown in Figure 148 opens.Ridgeline <strong>Reference</strong> <strong>Guide</strong>217
Managing Virtual Machines4 Select the ports you want monitored from the Available Ports column in the dialog box. A port isgrayed out if it is an uplink port, has Netlogin enabled, or if it is part of LAG.Figure 148: Select Ports5 Click Next. The Configuring devices for virtual machines monitoring dialog box shown in Figure 149opens to show the progress of the operation.218Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Figure 149: Progress Window6 To view VM tracking on a device, from the Folder List, click the XNV:Virtualization management >VM-monitoring devices tab. See Figure 150.Ridgeline <strong>Reference</strong> <strong>Guide</strong>219
Managing Virtual MachinesFigure 150: Tracking On a Device220Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Editing List of PortsA wizard lets you edit the list of ports in the VM Monitoring Table.To use the wizard, complete the following steps:1 On the menu bar, click Edit > Ports > Of VM-monitoring devices. You can also select the devicefrom VM-monitoring Table, right-click Edit VM-monitoring ports. The Edit ports of VM monitoringdevices dialog box opens. See Figure 151.Figure 151: Edit Ports of VM Monitoring Devices2 To choose a device, click the device row in the left window pane.The center window pane shows the list of ports on the selected device.3 Click to select the ports you want to enable for VM monitoring and click Add.The window on the right shows the newly added VM monitoring-enabled ports.NOTEThe port is grayed out if it is an uplink port, has Netlogin enabled, or it is part of LAG.4 The progress of the configuration is shown in the Configuring Devices for virtual machinemonitoring window. See Figure 152.Ridgeline <strong>Reference</strong> <strong>Guide</strong>221
Managing Virtual MachinesFigure 152: Configuring Devices for Virtual Machine MonitoringConfiguring Repository Settings on all VM TrackingSwitchesYou can configure the repository server with or without credentials. If you configure credentials on theserver, you need to update the settings on all VM tracking switches.Setting Up a Repository ServerBefore you can use Ridgeline to configure a repository server, you need to set up an FTP server onanother system.Setting Credentials on a Repository ServerTo set credentials on a repository server, complete the following steps:222Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 121 In the Folder list, choose XNV: Virtualization management and click Settings under the XNV:Virtualization management tab. (See Figure 153)Figure 153: Settings Tab under XNV: Virtualization Management2 Click Change Repository server setting. The dialog box opens. (See Figure 154) Here you will set thecredentials to securely log onto the repository server. By default, Anonymous on all devices optionis chosen.Figure 154: Change Repository Server Dialog3 Choose from the list of credential settings:●Anonymous (least secure option)Anonymous is the default login setting on all XNV switches. It is the least secure setting.Switches running EXOS 12.5 or earlier are set to Anonymous only.Ridgeline <strong>Reference</strong> <strong>Guide</strong>223
Managing Virtual MachinesNOTECustom credentials are not supported by EXOS 12.5.2 XNV switches and earlier versions. You cannotset credentials on all devices if there is an unsupported switch in the network.● These credentials when the version of EXOS supports it and Anonymous on all other devicesEnter your FTP username and password.This allows both the switches with EXOS versions earlier than version 12.6 and version 12.6 andlater to operate in a seamless manner by configuring the EXOS “Anonymous” user for switcheswith EXOS earlier than version 12.6 and switches with EXOS version 12.6 and later to use theconfigured FTP user name and password● Always use these credentials (most secure option)Set up a custom username and password for repository synchronization.4 Click OK after choosing a setting.This applies the settings to all the VM tracking switches. This setting is not configurable if there arealready some devices running EXOS versions earlier than 12.6 and are already enabled for VMtracking.After enabling this option, the devices with EXOS versions earlier than 12.6 are grayed out(disabled) when you launch Enable VM-Tracking.The Progress and Results dialog box shows information about how the change is advancing and itscompletion. Figure 155 shows the Progress and Results dialog with an unsuccessful result. The fieldat the bottom of the dialog box provides more detailed information about the change process.224Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Figure 155: Progress and Results Dialog Box - SuccessfulPolicy Match Condition CombinationsTable 5 lists the ingress and policy match condition combinations for <strong>Extreme</strong> Network Virtualization.The following items provide additional information about the match conditions:● EXOS dynamically inserts the Source MAC address in the ingress policy. It does not allow you tomanually add a source MAC address in the ingress policy.● EXOS dynamically inserts the Destination MAC address in the egress policy. It does not allow you tomanually add a Destination MAC address in an egress policy.Ridgeline <strong>Reference</strong> <strong>Guide</strong>225
Managing Virtual MachinesTable 5: XNV Policy with Wide-key Mode (Default XNV Policy)IngressEgressSource IP AddressSource MACDMACdest IPprotocolsource-portdest-porttcp-flagsvlan-IDdot1pip-tosEthertypeSource MACdest MACethernet-typevlan-iddot1pCreating a Virtual-Port ProfileTo associate a VM with a policy, you must first create a VPP.To create a VPP, complete the following steps:1 Select XNV: Virtual-port profiles from the Folder List, and then click File > New > Virtual-portprofile. The New Virtual-Port Profile dialog box opens. See Figure 157.226Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Figure 156: Create a New VPP Menu2 Enter the name of the new VPP.3 Choose ingress or egress policy, both ingress and egress, or none.4 Choose a policy from the Policies list.Figure 157: New Virtual-Port Profile Dialog Box5 Click Create profile.The new VPP shows on the Virtual-port profile list. See Figure 158.Ridgeline <strong>Reference</strong> <strong>Guide</strong>227
Managing Virtual MachinesFigure 158: Virtual-Port Profile listAttaching and Detaching Policies, VPPs, and VMsThe following diagram shows the flow for attaching policies, VPPs, and VMs. You can achieveattachment results by creating and performing any of the following (see Figure 159):●●●●Create a policy and attach it to a VPP.Create a VPP and attach it to a Policy.Create a VPP and attach it to a VM.Create a VM and attach it to a VPP.Figure 159: Attaching Policies, VPPs, and VMsPolicyCreate a VPP and attach it to a PolicyCreate a Policy and attach it to a VPPVPPa VM and attach it to a VPPCreate a VPP and attach it to a VMVMEX 0004228Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Attaching a VPP to a VMTo attach a VPP to a VM, complete the following steps:1 On the menu bar, click File > Edit > Attach, or right-click on the VPP in the list to which you wantto attach a policy. The menu opens. See Figure 160.Figure 160: Menus to Attach a VPP to a VM2 Choose Attach > Virtual-port profiles to VMs from the menu bar or Attach to VMs when you rightclickon the Virtual-port profile list. The Attach Virtual-Port Profile to VMs dialog box opens.Ridgeline <strong>Reference</strong> <strong>Guide</strong>229
Managing Virtual MachinesFigure 161: Attach Virtual-Port Profile to VMs Dialog Box3 Choose a VM from the Available Virtual machines list, then add it to the Selected virtual machineslist.4 Click Attach.The results show in the dialog box. See Figure 162.Click Close to exit the dialog box and return to the Virtual-port profile list. The Virtual-port profilelist shows the VPP attached. See Figure 163.230Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Figure 162: Attach Virtual-Port Profile to VMs - ResultsFigure 163: Attached VPP to VMRidgeline <strong>Reference</strong> <strong>Guide</strong>231
Managing Virtual MachinesAttaching a Policy to a VPPTo attach a policy to a VPP, complete the following steps:1 On the menu bar, click File > Attach > Policies to virtual port profiles. See Figure 164.You can also access the menu by right-clicking on the profile. The virtual port profile dialog boxopens. It shows the policy name. See Figure 165.Figure 164: Attach Policies to Virtual-Port Profiles Menu232Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Figure 165: Attach a Policy to a VPP2 Choose a policy from the list and click Attach.After the policy is already attached to a VPP, click Save changes. The dialog box opens and showsthe results of the operation. See Figure 166.Figure 166: Results for Attaching an Existing Policy to a VPPRidgeline <strong>Reference</strong> <strong>Guide</strong>233
Managing Virtual MachinesDetaching VPPsTo begin the detach VPP operation, complete the following steps:1 On the menu bar, click File > Edit > Detach, or right-click on the VPP in the list to which you wantto Detach from a VPP. The menu opens.Figure 167: Detach a VPPDetaching a VPP from a VMTo detach a VPP from a VM, complete the following steps:1 Select a VPP on the list.2 On the menu bar, click File > Edit > Detach, or right-click on the VPP in the list from which youwant to detach a VM. The menu opens. See Figure 167.3 Select Detach Virtual-port profiles from VMs. The Detach Virtual-Port Profiles from Virtual Machinesdialog box opens. See Figure 168.234Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Figure 168: Detach Virtual-Port Profiles from VMs4 Select the VM you want to detach from the Available virtual-port profile list.5 Click Add to move it to the Selected virtual machines list.6 Click Detach. The dialog box opens and shows the successful results of the operation.7 Click Close to return to the list of VPPs.Detaching a VPP from a PolicyTo detach a VPP from a Policy, complete the following steps:1 Select a VPP on the list.2 On the menu bar, click File > Edit > Detach, or right-click on the VPP in the list from which youwant to detach a Policy. The menu opens. See Figure 172.3 Select Detach Policies from Virtual-port profiles. The Virtual-Port Profiles dialog box opens.Ridgeline <strong>Reference</strong> <strong>Guide</strong>235
Managing Virtual MachinesFigure 169: Detach a VPP from a Policy4 Deselect the policies you want to detach from the VPP.5 Click Save changes. The dialog box opens and shows the successful results of the operation.6 Click Close to return to the list of VPPs.Attaching a VM or Multiple VMs to a VPPTo attach a VM or multiple VMs to a VPP, complete the following steps:1 Select one or more VMs from the All table-VM tab (see Figure 170), VM tab (see Figure 171), AllMap-VM tab, or Device Group-VM tab, and then on the menu bar click Edit > Attach Virtual PortProfile. You can also right-click on the VM(s) in the table list to which you want to attach a VPP.A dialog opens if only one VM is selected as shown in Figure 172.236Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Figure 170: Attaching One VM Using the All table Tab.Figure 171: Attaching One VM Using the VM Tab.Ridgeline <strong>Reference</strong> <strong>Guide</strong>237
Managing Virtual MachinesFigure 172: Attaching One VM to a VPP2 Select a Virtual Port Profile (VPP) from the list of Virtual port profiles in the above dialog box andclick Attach.3 When more than one VMs are selected and Attach Virtual Port Profile menu is clicked, then a dialogbox is launched as shown in Figure 173.Select a Virtual Port Profile (VPP) from the list of Virtual port profiles in and click Attach. The VPPattaches to all the VMs that are shown in the Selected VMs list.238Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Figure 173: Attaching Selected Multiple VMs to a VPPDetaching a VM or Multiple VMs from a VPPTo detach a VM or multiple VMs from a VPP, complete the following steps:1 Select one or more VMs already associated with a VPP from the All table-VM tab (see Figure 175 andFigure 175), VM tab, All Map-VM tab, or Device Group-VM tab, and then on the menu bar click Edit> Detach Virtual Port Profile. You can also right-click on the VM(s) in the table from which youwant to detach a VPP.A confirmation dialog box appears asking whether you are sure that you want to detach the VPPfrom the VM is thrown.2 Choose Yes detach the VPP being from the selected VM(s).Ridgeline <strong>Reference</strong> <strong>Guide</strong>239
Managing Virtual MachinesFigure 174: Detaching One VM from a VPP Using the All table TabFigure 175: Detaching Selected Multiple VMs from a VPP Using the All table Tab240Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12Viewing Information on the VMs TabAfter successfully discovering VMs and enabling VM Tracking on the switches, Ridgeline shows themapping between the VMs and the devices they access. All associated policies are listed.This section describes the various views you can use to see a VM and associated policies and devices.All Table ViewsIn All table views, the VMs Tab lists all VMs that are part of the discovered VMMs and Resource Pools.These do not need to be accessing a device. This is the only view in which you can see all the VMs.You can filter the contents in Table view by expanding the Filter box and entering text in the searchcriteria, or by expanding the Quick Filter box and selecting an available quick filter. Table view has thefollowing columns to describe a VM:Power StatusVM mac addressDevice NameDevice IP AddressPort NumberPort Load SharingVirtual Port profileIngress PolicyCurrent power status of the VM which can be:• On• Off• Suspended• UnrecognizedMac address of the network interface card (NIC) of the VM (if there is morethan one NIC, they are shown as separate rows in the All Table View)Name of the device to which the VM is connectedIP Address of the device to which the VM is connectedPort number of the device to which the VM is connectedIndicates whether the port to which the VM is connected is configured for loadsharing or notVirtual Port profile (VPP) attached to the VMingress policy that is present in the VPP attached to the VMIngress Policy result Result of the ingress policy after being applied on the device, which can beone of the possible valuesSuccessfulPolicy was successfully applied on the device for the VMUnsuccessful-Not appliedEgress PolicyEgress Policy resultHost IP AddressHost NameHost DNSDevice IP AddressPortPolicyMLAGPolicy was not applied on the device for the VMEgress policy that is present in the VPP attached to the VMResult of the egress policy after being applied on the device, which can beone of the possible valuesIP Address of the Physical Host to which the VM belongsPhysical Host NamePhysical host DNS nameIP Address of the device that the VM is connecting toPort number of the deviceCurrent policy attached to the VMVM attached through MLAGRidgeline <strong>Reference</strong> <strong>Guide</strong>241
Managing Virtual MachinesFigure 176: All Table View242Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12If an MLAG is configured on a VM (Figure 177), All Table view shows the following information:Device nameDevice IP addressPort numberName of the MLAG deviceIP address of the MLAG deviceValue shows MLAG-MultipleFigure 177: All Table View with MLAG InformationRidgeline <strong>Reference</strong> <strong>Guide</strong>243
Managing Virtual MachinesIn Map view, when you select a VM, Ridgeline highlights the device and shows the number of VMscurrently accessing the switch. See Figure 178.Figure 178: All Map ViewServerSwitchDevice Group/Subgroup ViewsIn the VM tab > Device Group/Sub Group Table and Map View, only the VMs that access the deviceand are part of the selected group are shown. Figure 179 shows the selected device group, and itsaccess, dotted lines, to subgroups.Figure 179: Device Group/Sub Group Table View244Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12VM Details ViewThe VMs tab, Table view shows VM Details on the right side of the Ridgeline window. (See Figure 180)It includes the following information:VM properties view • VM name• Virtual port profile• Power status• Ingress or Egress policy nameCurrent host • Host IP address• Host name• Host connection status• Host vendor nameVMM details • Vendor• VMM name• Host IP address• VMM IP address• Data centerNIC tab• VM information• VM MAC address• VM IP address• Device name• Device IP address• Port number• Port name• Port load sharing• Ingress policy• Egress policyHistory tab • Device IP Address—Device IP where the VM was present• Port—Port on the device• Host IP Address—IP address of the current physical host• Host Name—Name of the current physical host machine• Date Appeared Time when the VM first appeared on the device• Date Left Time when the VM was removed from the device• Ingress Policy—Result• Egress Policy—Result• State—Open or Closed. Open indicates the history record describes thecurrent state of the NICRidgeline <strong>Reference</strong> <strong>Guide</strong>245
Managing Virtual Machines• MLAG information • MLAG ID• MLAG description• Devices for Selected NIC • Device nameFor MLAG information • Device IP addressshows devices that have anopen state based on their• Port numberVM Movement History • Load sharing• Ingress policy result: Shows result for individual device• Egress policy result: Shows result for individual deviceFigure 180: VM Detail View with MLAG InformationDevice Details with VM MonitoringThe Devices tab in the Table view shows VM Monitoring is enabled. See Figure 181.The Device Details window on the right shows the VM tab and contains the same information as theVM details view. See “VM Details View” on page 245.The VM table shows the following information:246Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 12PortHost IP addressHost nameHost DNS namePolicyPort on deviceIP address of the current physical hostName of the current physical host machinePhysical host DNS nameCurrent policy attached to the VMFigure 181: VM Monitoring Device DetailsVM Monitoring Audit LogInformation in the Audit Log for VM monitoring is listed under VM Monitoring tab > Audit Log node.See Figure 182.Ridgeline creates an Audit Log entry for the following reasons:1 A virtual port profile has been modified (for example, an update of an ingress or egress policy)2 A policy has been attached to a VPP3 A policy has been detached from a VPP4 To enable VM Tracking5 To disable VM Tracking ports6 To update VM Tracking portsThe VM Monitoring Audit Log table view lists the following attributes:Ridgeline <strong>Reference</strong> <strong>Guide</strong>247
Managing Virtual MachinesAction TimeActionUser NameOverall StatusTime when the VM policy was attached or detachedName of the action—Attachment of DetachmentName of user who performed the attachment or detachment operationThe operation was a Success or it FailedThe Actions window lets you filter the log information by hour or date and search for log items ordetails. It includes all the information listed in the Table view Audit Log and includes the following:Virtual MachineVirtual Port ProfileIngress PolicyEgress PolicyOverall StatusName of the virtual machineName of the virtual port profileName of the ingress policyName of the egress policySuccessful or unsuccessful validationFor more information about the Audit Log, refer to “Using the Ridgeline Audit Log” on page 429.Figure 182: VM Monitoring Audit Log248Ridgeline <strong>Reference</strong> <strong>Guide</strong>
13CHAPTERManaging and Monitoring EAPSDomainsThis chapter describes how to use Ridgeline for:●●●●●Configuring EAPS domains using Ridgeline’s network resource provisioning featureViewing table and map views of EAPS domain informationDisplaying detailed information about individual EAPS domainsVerifying the EAPS configurations in your networkRunning reports about the EAPS domains in your networkIt contains the following sections:● “EAPS Overview” on page 249● “Configuring EAPS” on page 250● “Viewing EAPS Information” on page 257● “Displaying EAPS Domain Details” on page 261● “Verifying EAPS Information” on page 266● “Running EAPS Reports” on page 267EAPS OverviewThe Ethernet Automatic Protection Switching (EAPS) protocol provides fast protection switching toLayer 2 switches interconnected in an Ethernet ring topology, such as a Metropolitan Area Network(MAN) or large campus. For details on how EAPS works, see the <strong>Extreme</strong>XOS Concepts <strong>Guide</strong>.Using Ridgeline, you can configure new EAPS domains, including specifying member links, the EAPSmaster node, primary and secondary ports, control VLAN, hello timer, and fail timer parameters. Yourconfiguration is validated by the software before it is deployed to managed devices.The EAPS monitoring function in Ridgeline provides a visual way to configure and view the status ofyour EAPS configurations (EAPS domains) and to verify the configuration of your EAPS-enableddevices. With its multiple status displays and the ability to focus on individual EAPS domains, it canalso help you debug EAPS problems on your network.Ridgeline <strong>Reference</strong> <strong>Guide</strong>249
Managing and Monitoring EAPS DomainsNOTEYour devices must be running <strong>Extreme</strong>Ware 7.7 or later, or <strong>Extreme</strong>XOS 11.3 or later in order to berecognized by Ridgeline as EAPS nodes. <strong>Extreme</strong>XOS 11.6 is required for full EAPS functionality within Ridgeline.Configuring EAPSUsing Ridgeline, you can perform the following EAPS configuration tasks:●●●●●Create an EAPS domainModify settings in an EAPS domainCreate a shared linkSpecify protected VLANs, VMANs, and BVLANsDelete an EAPS domainFor more information on Ridgeline’s network resource provisioning feature, see “Provisioning NetworkResources” on page 103.Creating an EAPS DomainTo create an EAPS domain, complete the following steps:1 From Network Views in on the Folder list go to the All map or ALL table view, and select the deviceyou want to include.Or,Choose ports.2 From the Protocol menu, click Edit > New > EAPS domain on the menu bar.Or,Select at least two or more links, then right-click to open the menu.The New EAPS Domain window opens as shown in Figure 183.250Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 13Figure 183: New EAPS Domain Window with Device SelectedFigure 184: New EAPS Domain Window with Ports Selected from All Map View3 Enter a name for the new EAPS domainRidgeline <strong>Reference</strong> <strong>Guide</strong>251
Managing and Monitoring EAPS Domains4 Select the links that will make up the new EAPS domain.5 In the Master Node box, open the drop down menu and select the device that will be the masternode for the new EAPS domain. The list of devices in the Master Node box is based on the selectedport.6 In the Primary port box, select a port. The available ports is based on the selected links and deviceselected to be the master node. The secondary port is automatically selected as the other port basedon the device based on the link.7 Enter values for the EAPS Hello timer and Fail timer, if you want to use values other than thedefault.8 Enter a name and tag value for the Control VLAN for the EAPS domain.9 When you finish configuring the EAPS domain, click Create EAPS domain to start the validation anddeployment process. The Progress and Results window is displayed.10 Ridgeline validates the options you selected against a set of predefined configuration rules, andensures that the target switches are running a version of software that supports the features you areprovisioning.If Ridgeline successfully validates the options you selected, it verifies network connectivity to thetarget switches. If a connection can be established to all of the target switches, Ridgeline deploys theconfiguration commands, then saves the configuration file on each switch. Finally, Ridgeline updatesits own database with information about the configuration changes on the switches.The information in the Progress and Results window is logged in the Ridgeline Audit Log. See“Viewing Logged Information about Provisioning Tasks” on page 111 for more information.Modifying an EAPS DomainFor existing EAPS domains, you can edit settings and deploy the changes to the devices where theEAPS domain is configured.To modify an EAPS domain, complete the following steps:1 Under Network Views, select the folder containing the EAPS domain you want to configure.2 In the Navigation Table, click the EAPS tab, and select the EAPS domain you want to modify.3 Right-click in the Navigation Table and select the setting you want to modify from the pop-up menu.For an EAPS domain, you can edit the device used as the master node, and the ports used asprimary and secondary ports, as well as the settings for the Hello and Fail timers.4 If you select Properties from the pop-up menu, the Properties window for the EAPS domain isdisplayed, which provides a list of settings you can modify.252Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 13Figure 185: EAPS Domain Properties Window5 Click the setting you want to modify to bring up the provisioning box for that setting. For example,Figure 186 shows the provisioning box for the EAPS Master node and port settings.Figure 186: Provisioning Window for EAPS Master Node and Port6 Make any necessary changes to the EAPS configuration, then click the Save changes button tovalidate and deploy the changes.Creating a Shared LinkAn EAPS shared link is a physical link that carries overlapping VLANs that are protected by more thanone EAPS domain.Ridgeline <strong>Reference</strong> <strong>Guide</strong>253
Managing and Monitoring EAPS DomainsTo create an EAPS shared link, complete the following steps:1 Under Network Views, from the Protocol menu, select New > Shared link. The New Shared Linkwindow is displayed, as shown in Figure 183.Figure 187: New Shared Link Window2 Select the link that will make up shared link. You can specify only one link to be used as a sharedlink.3 Enter values for the EAPS timeout values and Expiry action, if you want to use values other than thedefault.4 When you have finished configuring shared link, click the Create shared link button to start thevalidation and deployment process.Creating Protected VLANs, VMANs, and BVLANsAn EAPS domain consists of one master node and one or more transit nodes, and includes one controlVLAN and one or more protected VLANs. To create a protected VLAN, use the following procedure.The procedure for creating protected VLANs is the same for protected VMANs (Virtual MetropolitanArea <strong>Networks</strong>) and protected BVLANs (Backbone VLANs) used in the configuration of PBB (ProviderBackbone Bridge) networks.254Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 13To create a protected VLAN, complete the following steps:1 From the Services menu, select New > Protected VLAN. The Protected VLAN window is displayed,as shown in Figure 188.Figure 188: Protected VLAN Window2 Edit the values in the Tag and Name fields for the protected VLAN.3 Select the EAPS ring(s) that will be used to protect this VLAN, and click Add.4 Click the Create Protected VLAN button to start the validation and deployment process.When you create a protected VLAN, the software performs the same validations as those for nonprotectedVLANs, and verifies that the ring ports used are configured on all the relevant EAPSdomains. See “Creating a VLAN” Step 8 to learn what validations are performed for non-protectedVLANs.Modifying Protected VLANs, VMANs, and BVLANsYou can modify the list of EAPS domains, the name, and the network name of protected VLANsVMANs and BVLANs.To modify a protected VLAN, or VMAN, complete the following steps:1 Click the VLAN tab.2 Find the network you want to modify in the Navigation Table. VMANs are denoted with the wordVMAN in the Services column. You can scan for VMANs more easily by clicking on the Servicesheading to group all the VMANs together.3 Look at the Device Details frame and verify that the selected network has the EAPS protection value“present.”4 Right-click the VLAN or VMAN and select Properties to display the Properties dialog (Figure 189).You can also select Properties from the File menu to display this dialog.Ridgeline <strong>Reference</strong> <strong>Guide</strong>255
Managing and Monitoring EAPS DomainsFigure 189: VMAN Properties Dialog5 Click Edit List of EAPS... to edit the list of EAPS domains in the network. To edit the name of theVLAN or VMAN, click Edit name and change the name. Click Edit network name if you want tochange the network name.6 When you have made the changes you want to make, click Close to save the changes and close thedialog.To modify a protected BVLAN, complete the following steps:1 Click the PBB tab.2 Scan the Type column in the Navigation table for the word BVLAN. You can scan for BVLANs moreeasily by clicking the Type column heading to group all BVLANs together.3 Select the protected BVLAN that you want to modify. The BVLAN must have the EAPS protectionvalue “present” in the Device Details frame.4 Right-click the VLAN or VMAN and select Properties to display the Properties dialog (Figure 190).You can also select Properties from the File menu to display this dialog.256Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 13Figure 190: BVLAN Properties Dialog5 Click Edit List of EAPS... to edit the list of EAPS domains in the network. To edit the name of theVLAN or VMAN, click Edit name and change the name. Click Edit network name if you want tochange the network name.6 When you have made the changes you want to make, click Close to save the changes and close thedialog.Deleting an EAPS DomainTo delete an EAPS domain, complete the following steps:1 Select a device group or the All table or All Map in the Network Views folder, then click the EAPStab. A table listing the EAPS domains in the group is displayed.2 In the Domains table, select the EAPS domain you want to delete.3 From the Edit menu, select Delete. Ridgeline prompts you to confirm your action.4 Click Yes to delete the EAPS domain. Note that the Control VLAN is deleted along with the EAPSdomain.Viewing EAPS InformationTo view information about your EAPS domains, select a device group or the All table or All Map in theNetwork Views folder, then click the EAPS tab. A table listing the EAPS domains in the group isdisplayed.From the All map, or if you also have enabled the map view of a device group, you can select an EAPSdomain and display an overlay view highlighting all of the devices and links in the map where theselected EAPS domain is configured, as shown in Figure 191. The EAPS domain table has the followingcolumns. You can filter the contents of the table by expanding the Filter box, and entering text andsearch criteria.Ridgeline <strong>Reference</strong> <strong>Guide</strong>257
Managing and Monitoring EAPS DomainsFigure 191: EAPS Domain in a Map ViewNameControl VLAN TagControl VLAN Network NameLast updatedThe name of the EAPS domain, and an icon indicating the domain status• A green ring indicates that all domains in which this device participates are fullyoperational.• A yellow ring indicates that one or more of the domains is not fully operational,but is in a transitional state or an unknown state (as when the device is SNMPunreachable).• A red ring indicates that one or more of the domains is not operational—if thedevice has a master in a failed state or a Transit node in a “links down” state.• A grey ring indicates that the EAPS domain is disabled.VLAN tag (ID) of the EAPS control VLANThe Network Name of the control VLAN, if one has been assigned. See“Categorizing VLANs With Network Names” on page 168 for more information.When the EAPS domain information was last updated from the Ridgeline database.The EAPS Map ViewThe EAPS map view shows the devices in a device group with respect to their EAPS implementation,including the EAPS-related links between devices and a summary status for each device and for eachEAPS ring. Figure 192 above shows an example of the EAPS map view for a device group.258Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 13NOTEIf some of the devices in an EAPS domain are missing from Ridgeline’s inventory database, those deviceswill not appear in the EAPS map view, and the EAPS domain status may not correctly reflect the status of theentire domain Additionally, it may be difficult to troubleshoot domain operational problems that occur within nodes orlinks that are not shown on the map.Therefore, it is strongly recommended that you add all the nodes in your EAPS configuration to your Ridgelineinventory database.The combination of the Control VLAN tag and the VLAN network name identify an EAPS domain.Thus, two EAPS domains that share the same Control VLAN tag but have different VLAN networknames are two different EAPS domains.EAPS Node IconsEAPS status is shown on the map through icons displayed for each device node. Figure 192 shows thekinds of icons that can appear on an EAPS node.Figure 192: Icons on an EAPS NodeEAPS Node StatusNode Alarm StatusEAPS Domain StatusAn EAPS node on a map has the following icons:●●EAPS Node Status:For an EAPS node the status display shows whether the device is a Master node (M) or Transit node(T) within the EAPS domain.Note that if a node is unreachable, the EAPS node status will reflect the last known node status—thus a node that is unreachable may still display Master or Transit node status as green.For a Master node:●A Green M indicates the domain is complete (all links are up and forwarding).● A Yellow M indicates the domain is in a transient or startup state, or in an unknown state (aswhen the device is SNMP unreachable).● A Red M indicates the status is failed.For a Transit node:●●●A Green T means both ring ports are up and forwardingA Yellow T means a ring port is up but blockedA Red T means that one or both ring ports are down.Node Alarm Status (shown for all devices):If alarms have occurred on the node and have not yet been acknowledged, the highest severityalarm is indicated with the small bell symbol. The color indicates the severity of the alarm:Ridgeline <strong>Reference</strong> <strong>Guide</strong>259
Managing and Monitoring EAPS Domains●●●●●●A green bell is a “Normal” alarm.A yellow bell is a “Warning”A light-yellow bell indicates a “Minor” alarm.An orange bell indicates a “Major” alarmA red bell indicates a “Critical” alarm.EAPS Domain Status:A ring below the EAPS node status icon shows that the device is configured for EAPS, and alsoindicates the state of the EAPS domain of which the device is a member.● A green ring indicates that the domain in which this device participates is fully operational.● A yellow ring indicates that the domain is not fully operational, but is in a transitional state or anunknown state (as when the device is SNMP unreachable).● A red ring indicates that the domain is not operational—if the device has a master in a Failedstate, or a Transit node in a “links down” state.● A grey ring indicates that the EAPS domain is disabled.Figure 193 shows two examples of nodes that are members of EAPS domains:Node 1 status shows that the device is reachable, that it functions as a Master node (whose status isComplete) in the domain of which it is a member, and the domain of which it is a member isoperational. The device also has generated at least one unacknowledged Major alarm.Node 2 status shows that the device is currently unreachable; no alarms have been detected, and theEAPS domain of which it is a member is in a transitional state. It is a Transit node, and its last statusindicated that its ring ports were up and forwarding.Figure 193: Examples of EAPS Nodes Showing StatusNode 1 Node 2Link StatusLinks between devices may be single links (a connection exists between only one port on each device)or bundled links (connections exist between multiple ports on each of the devices.)Single links are shown as a single line. Bundled links are shown with a small box within the link.●●●●●A green line indicates that the link is up.A red line indicates that the link is down.A yellow line for a bundled link indicates that some links are down and some are up.A grey line indicates that the link status is unknown.A blue line indicates the link is user-created rather than automatically discovered by Ridgeline.An icon showing two lines and a circle●●Green indicates that the link is up.indicates the status of a shared link:Greyed-out green indicates that the last-known status of the link was up.260Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 13●●●Red indicates that the link is down.Greyed-out red indicates that the last-known status of the link was down.Yellow indicates that some ports on this link are up and that some are down.When the map is zoomed in sufficiently, the port endpoints are automatically displayed for each link.Displaying EAPS Domain DetailsTo display details about an EAPS domain, click on the domain’s row in the EAPS table. Informationabout the EAPS domain appears in the details window. If you double-click on the row, the EAPSdomain details are displayed in a separate window, as shown in Figure 194.Figure 194: EAPS Domain Details WindowThe EAPS Domain details window has the following fields:NameStatusLast UpdatedThe name of the EAPS domain.Status of the EAPS domain: Can be Idle, Complete, Failed, Links Up, Links Down,Preforwarding, Init, Precomplete, PreInit, or Unknown.When information about the EAPS domain was last updated in the Ridgelinedatabase.Ridgeline <strong>Reference</strong> <strong>Guide</strong>261
Managing and Monitoring EAPS DomainsThe following information is displayed about the Control VLAN in the EAPS domain:TagNameNetworkTypeVLAN tag (ID) of the EAPS control VLANThe configured name of the EAPS control VLANThe Network Name of the EAPS control VLAN, if one has been assigned. See“Categorizing VLANs With Network Names” on page 168 for more information.The VLAN type. For an EAPS control VLAN, this is VLAN.Devices TabWhen you click the Devices tab, the following columns are displayed:Status/ModeNameIP addressPrimary portSecondary portDevice enabledFast convergenceHello timerFailed timerFailed timer actionDomain statusDevice modeDevice typeMember ofWhether the node acts as a Master (M) or Transit (T) node for this domain, and thestatus of the domain.For a Master node:• A Green M indicates the domain is complete (all links are up and forwarding).• A Yellow M indicates the domain is in a transient or startup state, or in anunknown state (as when the device is SNMP unreachable).• A Red M indicates the status is failed.For a Transit node:• A Green T means both ring ports are up and forwarding• A Yellow T means a ring port is up but blocked• A Red T means that one or both ring ports are down.The name of the device, along with an icon indicating the device status.The IP address of the device.Primary port numberSecondary port numberWhether this node is enabled as an EAPS node.Whether the device is enabled for fast convergence.In EAPS fast convergence mode, the link filters on EAPS ring ports are turned off. Inthis case, an instant notification is sent to the EAPS process if a port’s statetransitions from up to down or vice-versa.The interval at which the EAPS master polls to check the status of its EAPS membernodesThe interval after a failure is detected before the Failed Timer expiresAction to be taken when Failed Timer expiresStatus of the node: Can be Idle, Complete, Failed, Links Up, Links Down,Preforwarding, Init, Precomplete, PreInit, or Unknown.Whether the node acts as a Master or Transit node for this domain.The model number of the <strong>Extreme</strong> switch.The device groups that the member belongs to.262Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 13Domain Related DetailsThe Devices tab has the following information related to the EAPS domain:Domain node nameControl VLAN nameControl VLAN tagControl VLAN networkPrimary Port StatusSecondary Port statusThe name of the node given to the device as a member of a domain.Name of the control VLAN.VLAN tag (ID) of the EAPS control VLAN.The network name of the control VLAN, if one is configured. See “CategorizingVLANs With Network Names” on page 168 for information about how to create anetwork name and assign it to a VLAN.Status of the primary port: Up, Down, Blocked, or UnknownStatus of the secondary port: Up, Down, Blocked, or UnknownDevice-specific Protected VLANsThe following information is displayed about the VLANs that are protected by the EAPS domain on theselected device.TagVLAN nameVLAN tag (ID) of the EAPS protected VLAN.Name of the protected VLAN.Ports TabWhen you click the Ports tab, the following columns are displayed:SharedDisplayDevice modeModeStatus in domainShared-port link idNeighbor-port statusRoot blocker statusShared-port statusExpiry actionSegment Health IntervalWhether this is a shared port.The port number on the Master or Transit node.Whether the device is a Master or Transit node.Whether the port is a Primary or Secondary portAn integer configured on the switch for the shared portStatus of the neighboring node: Down, Up, ErrorThe port’s status as a root blocker (None or Active)Status of the shared port: Idle, Ready, Blocking, Preforwarding.Action to be taken when the fail timer expires. This applies only to master nodes.• Send-alert – Sends a critical message to the syslog when the failtimer expires.• Open-secondary-port – Opens the secondary port when the failtimer expires.The interval at which health check PDUs are sent out each segment port.Segment TimeoutTime in seconds after which the segment fail timer expires, the fail flag is set, andexpiry action is taken.Link stateState of the common link.Device nameThe name of the device, along with an icon indicating the device status.IP addressThe IP address of the device.Shared-port modeWhether the node acts as a Controller or a Partner node for this shared link.Port type Port type; for example, Gigabit, Management, 10/100.Ridgeline <strong>Reference</strong> <strong>Guide</strong>263
Managing and Monitoring EAPS DomainsDevice typeNameThe model number of the <strong>Extreme</strong> switch.The name of the port, if configured.Sharing domains tableFor shared ports, Ridgeline displays the following information about the EAPS domains shared on theport:NameStatusOther ports in domainName of the EAPS domainStatus of the EAPS domain: Can be Idle, Complete, Failed, Links Up, Links Down,Preforwarding, Init, Precomplete, PreInit, or Unknown.Links TabWhen you click the Links tab, the following columns are displayed:StatusA deviceA IP addressA port nameA port number/annotationB deviceB IP addressB port nameB port number/annotationDiscovery protocolStateTypeA line indicating the status of the link:• A green line indicates that the link is up.• A red line indicates that the link is down.• A yellow line for a bundled link indicates that some links are down and some areup.• A grey line indicates that the link status is unknown.• A blue line indicates the link is user-created rather than automatically discoveredby RidgelineAn icon showing two lines and a circle indicates the status of a shared link:• Green indicates that the link is up.• Greyed-out green indicates that the last-known status of the link was up.• Red indicates that the link is down.• Greyed-out red indicates that the last-known status of the link was down.• Yellow indicates that some ports on this link are up and that some are down.The name of the device on one end (the A side) of the link, along with an iconindicating the device status.The IP address of the device on the A side of the link.The name of the port on the A side of the link, along with an icon indicating the portstatus.The number of the port on the A side of the link.The name of the device on the other end (the B side) of the link, along with an iconindicating the device status.The IP address of the device on the B side of the linkThe name of the port on the B side of the link, along with an icon indicating the portstatus.The number of the port on the B side of the link.The protocol used to discover the link, either EDP or LLDP.The current state of the linkThe link type; for example, user-created.264Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 13A device statusA device worst alarmA port statusA link stateA port typeA port share detailsB device statusB device worst alarmB port statusB link stateB port typeB port share detailsNameThe current status of the device on the A side of the link.The status of the highest alarm on the device on the A side of the link.Whether the port on the A side of the link is enabled or disabled.Whether the A side of the link is ready to exchange traffic with the B side of the link.The type of port on the A side of the link.Information about the port sharing configuration on the A side of the link, ifconfigured.The current status of the device on the B side of the link.The status of the highest alarm on the device on the B side of the link.Whether the port on the B side of the link is enabled or disabled.Whether the B side of the link is ready to exchange traffic with the A side of the link.The type of port on the B side of the link.Information about the port sharing configuration on the B side of the link, ifconfigured.A description of the link in this format: p – p Sharing domains tableIf a link is shared among EAPS domains, Ridgeline displays the following information about the EAPSdomains shared on the link:NameControl VLAN tagControl VLAN Network NameThe name of the EAPS domain shared on selected link.The tag value of the control VLAN for the EAPS domain shared on selected link.The network name of the control VLAN, if one is configured. See “CategorizingVLANs With Network Names” on page 168 for information about how to create anetwork name and assign it to a VLAN.Protected VLANs TabWhen you click the Protected VLANs tab, the following columns are displayed:TagNameNetworkTypeDomain node countVLAN tag (ID) of the protected VLAN.The configured name of the protected VLANThe Network Name of the protected VLAN, if one has been assigned. See“Categorizing VLANs With Network Names” on page 168 for more information.The VLAN type, either VLAN or VMAN.The number of nodes in the domain.Displaying EAPS Details for a Selected DeviceSee “Displaying Device Details” on page 40 for information about displaying EAPS information for anindividual device.Ridgeline <strong>Reference</strong> <strong>Guide</strong>265
Managing and Monitoring EAPS DomainsVerifying EAPS InformationRidgeline lets you verify the EAPS configurations in your network, and provides a report that showswhere configuration errors are found.To run the verification procedure on your EAPS domains, select Verify EAPS domains from theProtocol menu. Depending on the size of your network and your EAPS configurations, this can take aslong as 15 minutes.The results of the verification are shown in the EAPS Verification Results window.Figure 195: EAPS Verification Results WindowThe information shown in this window is as follows:TypeSeveritySourceDescriptionThe type of error. See the following table (Table 6) for a list of errors that the EAPSverification process may report.The severity level of the error: Error, Warning, or InformationThe element that was the source of the error.A more detailed description of the error.If errors are reported, you can log into the affected device(s) to correct the problems. Once you havecorrected any reported errors, you should run the verification again to ensure that the configuration iscorrect.●●Click the Refresh button to re-run the verification process.Click Save results... to save the verification results to a file.266Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 13The following table lists the error types that may be reported by the EAPS verification process:Table 6: EAPS Verification Error Types• No Master Node • Control VLAN not in QP3 • Domain List Mismatch• Multiple Master Nodes • Unprotected Shared Link • Link ID Not Configured• Disabled EAPS Node • Duplicate Link ID • Control VLAN Misconfigured• Missing Control VLAN • Missing Link ID • Protected VLAN Misconfigured• Missing Primary Domain Port • Mismatched Link ID • Shared Port Misconfigured• Missing Secondary Domain Port • Misconfigured Shared Port Mode • Controller Misconfigured• Mismatched Domain Ports • Shared Port Not Created• Incomplete VLAN Protection • No Physical Link• Inconsistent Control VLAN • Shared Port Not ConfiguredNamingRunning EAPS ReportsYou can run the following reports to produce information about the EAPS domains known to Ridgeline:● EAPS Summary Report, which provides a brief overview of the status of the EAPS domains●EAPS log report, which shows the EAPS traps and EAPS-related syslog entries that have occurredfor a specified device.EAPS Summary ReportThe EAPS Summary Report provides a brief overview of the status of the EAPS domains known toRidgeline.To run the EAPS Summary Report, select EAPS summary report from the Protocol menu.The report shows:● The total number of EAPS domains known to Ridgeline● The number of Domains currently in an error state● The number of domain failures that have occurred in the last 24 hours.Figure 196: The EAPS Summary ReportThe report can also be run from within Ridgeline’s Reports feature. See “EAPS Summary” on page 626.Ridgeline <strong>Reference</strong> <strong>Guide</strong>267
Managing and Monitoring EAPS DomainsEAPS Log ReportsThe EAPS log report shows the EAPS traps and EAPS-related syslog entries that have occurred for aspecified device.Once you run the report, you can filter it further based on the following:● The IP address (must be exact, wildcards are not supported).● The type of event (trap or syslog entries): you can enter any keywords that may appear under theType column as part of the description of the trap or syslog entry.●●Specific varbinds (enter a keyword that matches the varbind you want to find, such asextremeEapsLastStatusChange.)Events that occurred within a certain time frame.The EAPS log report can be run from within Ridgeline’s Reports feature, see “EAPS Summary” onpage 626.Figure 197: EAPS Log ReportThe EAPS Log report displays the following information:TimeSourceTypeVarbindsTime the event occurred, expressed in the local time zone of the Ridgeline server.IP address of the device and port number (if applicable) that generated the eventEvent type (SNMP trap or syslog, including description)Variable data transmitted with a trap, as appropriate268Ridgeline <strong>Reference</strong> <strong>Guide</strong>
14CHAPTERManaging PBB <strong>Networks</strong> withRidgelineThis chapter describes how you can use Ridgeline to configure and monitor Provider Backbone Bridge(PBB) networks. PBB networks are a way to transport traffic from multiple customer VMANs over asingle backbone network.It contains the following sections:● “PBB Overview” on page 269● “Configuring BVLANs” on page 271● “Viewing PBB Information” on page 279● “Displaying PBB Details” on page 281PBB OverviewVirtual metropolitan area networks (VMANs) allow metropolitan area network (MAN) serviceproviders to carry VLAN traffic from multiple customers across a common Ethernet network, known asa provider bridge network. The provider bridge network uses Provider Bridges (PBs) to create a Layer 2network that supports VMAN traffic.A Provider Backbone Bridge (PBB) network enables VMAN transport over the Internet. PBB is defined bythe IEEE 802.1ah Backbone Bridge standard, which is an amendment to the IEEE 802.1Q VLANstandard. This standard allows Internet Service Providers (ISPs) to use Ethernet to create a separatebackbone over which the subscriber’s frames are transported. In a PBB network, data from multiplesubscriber networks travels over a common ISP backbone, with traffic from the individual subscribernetworks completely separate from each other.Figure 198 shows a PBB network, which spans a set of ISP switches that serve as Provider BackboneBridges (PBBs).Ridgeline <strong>Reference</strong> <strong>Guide</strong>269
Managing PBB <strong>Networks</strong> with RidgelineFigure 198: PBB NetworkYou can view a PBB network as a Layer 2 network that supports VMAN traffic. The entry points to aPBB network are the access ports on the PBB network edge switches. These ports are designed toreceive and transmit VMAN traffic. VMAN traffic that is addressed to locations at other PBB networkaccess points enters a PBB network access port, is switched through the PBB network, and exits at a PBBnetwork access port. If you do not configure any frame manipulation options, the frames that exit thePBB network are identical to the frames that entered the PBB network.SVLANs, BVLANs, CVLANs and ISIDsFigure 198 shows two terms that are used during the configuration of a PBB network: Service VLAN(SVLAN) and Backbone VLAN (BVLAN). In a PBB network, an SVLAN is configured on each PBBnetwork access port, and a BVLAN is configured on each network port. The SVLAN is bound to theBVLAN, establishing the connection between the PBB network access ports and the PBB network portsthat establish the BVLAN.Traffic from Customer VLANs (CVLANs) is encapsulated with an SVLAN tag and travels through thePBB network, and the SVLAN tag is removed as it exits the service provider’s network.An Extended Service ID (ISID) is a method for binding one or more SVLANs to a BVLAN. Whenconfiguring a PBB network, you can create an ISID and an SVLAN, then associate the SVLAN with theISID, then bind the ISID to the BVLAN. A given BVLAN can have one or more ISIDs bound to it; anISID can be bound to only one BVLAN. A given SVLAN can be associated with multiple ISID/BVLANcombinations. On a given device, an SVLAN or CVLAN can be associated with one ISID.Typically, each SVLAN supports VMANs for a different service provider or service instance, with thedifferent VMANs completely separate from each other. Within a PBB network, the VMANs remainuntouched. The PBB network functions as a pure Layer 2 network that is transparent to users.270Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 14VMAN frames (802.1ad format) enter the PBB network through a PBB network access port. The PBBnetwork access port also accepts VLAN frames. To switch the frame through the PBB network, theswitch encapsulates the VMAN frame in an 802.1ah frame.Ridgeline can manage and monitor PBB networks by:●●●Configuring BVLANs on managed <strong>Extreme</strong> <strong>Networks</strong> devicesDiscovering information about a PBB network, including which devices are part of BVLANs andSVLANs, the relationship between the BVLANs and SVLANs, and I-tag and S-tag mappingDisplaying the components of a PBB network (ISIDs, BVLANs, SVLANs, and CVLANs) in RidgelineNetwork ViewsConfiguring BVLANsRidgeline’s PBB provisioning feature allows you to create BVLANs on selected devices, ports, or links,as well as modify and delete existing BVLANs.Creating a BVLANTo create a BVLAN, complete the following steps:1 From the Services menu, select New > BVLAN. The BVLAN Provisioning window is displayed, asshown in Figure 199.Figure 199: BVLAN Provisioning WindowIn the BVLAN provisioning window, the selected devices automatically appear in the Availabledevices table. You can provision BVLANs only on BlackDiamond 20K series switches running<strong>Extreme</strong>XOS 12.4 or higher. Devices that do not support BVLANs are greyed-out in the BVLANProvisioning window.Ridgeline <strong>Reference</strong> <strong>Guide</strong>271
Managing PBB <strong>Networks</strong> with RidgelineYou can expand the list of items in the Available devices table by selecting a group from the Showdevices in box.If you have selected one or more links to add to the BVLAN, the links appear in the Selected linkstable. A link represents the two ports on the devices on either side of the link. Note that user-definedlinks to nodes or clouds are not displayed in the table of available links.2 Click one of the devices to view the Available ports table for the device.3 For each port or link you want to add to the BVLAN, select the port and click the Add tagged orAdd untagged button. When the BVLAN is created, the port is added to it, and removed from thedefault BVLAN if it was added as untagged.4 Edit the values in the Tag and Name fields for the new BVLAN.5 When you have finished configuring the BVLAN, click the Create BVLAN button to start thevalidation and deployment process. The Progress and Results window is displayed, as shown inFigure 200.Figure 200: Progress and Results Window for VMAN Provisioning TasksValidating command syntax andchecking software compatibilityVerifying connectivity to theselected devicesDeploying the commands onthe devices6 Ridgeline validates the options you selected against a set of predefined configuration rules, andensures that the target switches are running a version of software that supports the features you areprovisioning. The same validations are performed for BVLANs as are performed for VLANs andRidgeline also verifies that tagged ports in SVLANs and CVLANs have not been added to theBVLAN being created. See “Creating a VLAN” Step 8 for a list of VLAN validations.272Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 14If Ridgeline successfully validates the selected options, it verifies network connectivity to the targetswitches. If a connection can be established to all of the target switches, Ridgeline deploys theconfiguration commands, then saves the configuration file on each switch. Finally, Ridgeline updatesits own database with information about the configuration changes on the switches.The information in the Progress and Results window is logged in the Ridgeline Audit Log. SeeChapter 6, “Provisioning Network Resources” for more information.Creating a BVLAN on a Specific DeviceStarting from the Device window, you can create a BVLAN on a selected device.To create a BVLAN on a specific device, complete the following steps:1 Click Network Views > All table, or Network Views > All map.2 Click the Devices tab.3 Select the device that you want to configure the BVLAN on, and double-click it, or right-click it andselect Open. The Device window appears.4 From the Services menu, select New > BVLAN, as shown in Figure 201.Figure 201: Device Window Service MenuThe BVLAN dialog for the selected device appears (Figure 202).Figure 202: BVLAN Dialog for Selected Device5 Enter a name for the BVLAN.6 From the Available ports list, select the ports that you want to include in the BVLAN and clickAdd tagged to add them to the Ports in VLAN column.Ridgeline <strong>Reference</strong> <strong>Guide</strong>273
Managing PBB <strong>Networks</strong> with Ridgeline7 Click Create BVLAN to start the validation and deployment process. The Progress and Resultswindow is displayed, as shown in Figure 203.Figure 203: Progress and Results Window for a Device-Specific BVLAN8 Ridgeline validates the options you selected against a set of predefined configuration rules, andensures that the target device is running a version of software that supports the features you areprovisioning.The following validations are performed:● The name length is not longer than 32 characters.● The name consists of only alphanumeric characters. No special characters such as “#” or “&” areallowed.● The tag range is from 1 to 4095.● The tag is not present on the selected device.● The name is not already present on the selected device.● The Port tag value is valid.● The ports used are not already present in a CVLAN or in an SVLAN.If Ridgeline successfully validates the selected options, it verifies network connectivity to the targetswitch. If a connection can be established to the switch, Ridgeline deploys the configurationcommands, then saves the configuration file on the switch. Finally, Ridgeline updates its owndatabase with information about the configuration changes on the switch.274Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 14Modifying a BVLANFor existing BVLANs, you can edit settings and deploy the changes to the devices where the BVLAN isconfigured.To modify a BVLAN, complete the following steps:1 Under Network Views, select the folder containing the devices you want to configure.2 In the Navigation Table, click the PBB tab, and select the BVLAN you want to modify.3 Right-click, and select Properties from the pop-up menu. The Properties window for the BVLAN isdisplayed, which provides a list of settings you can modify.For a BVLAN, you can edit the list of ports or links in the BVLAN, as well as the name and networkname of the BVLAN (although not the tag value). You can also delete the BVLAN from the deviceswhere it is configured.Figure 204: BVLAN Properties Window4 Click the setting you want to modify to bring up the provisioning window for that setting. Forexample, Figure 205 shows the provisioning window for a BVLAN port list.Ridgeline <strong>Reference</strong> <strong>Guide</strong>275
Managing PBB <strong>Networks</strong> with RidgelineFigure 205: Provisioning Window for a BVLAN Port List5 Make any necessary changes to the BVLAN configuration.6 When you have finished modifying the BVLAN, click the Save changes button to validate anddeploy the changes to the BVLAN.Modifying BVLAN Settings on One DeviceYou can modify BVLAN settings on a single device. The device can be the only one in the BVLAN, or itcan be one among multiple devices in the same BVLAN. When you save the changes Ridgelineperforms validations on the changes that you made.NOTEOther than the network name, device settings for a control BVLAN or a protected BVLAN cannot bemodified. Menu options for editing and deleting BVLANs are disabled when a control BVLAN or a protected BVLANis selected. Network names cannot be modified for a control BVLAN or a protected BVLAN associated with an E-Line or ELAN service.To modify a VLAN settings on a specific device, complete the following steps:1 Click Network Views > All table, or Network Views > All map.2 Click the Devices tab.3 Select the device and double-click it, or right-click it and select Open.4 In the Device window, click the PBB tab. The tab is shown in Figure 206.276Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 14Figure 206: Device PBB Tab5 Select a BVLAN and right-click it to display the context menu (Figure 207).Figure 207: BVLAN Settings in the Context Menu6 To change the name of the BVLAN, select Edit Name from the context menu. Enter a new name inthe dialog.7 To give the BVLAN a network name, or edit the network name, complete the following steps:a Select Network name... from the context menu. You can also click the Network name icon in theDevice window.b In the BVLAN Network Name dialog, click New and enter a network name for the VLAN, orclick Rename and edit the existing network name in place.c Ensure that the radio button next to the network name that you want to use is selected.d Click Apply.8 To change the ports that the BVLAN uses, Edit Ports from the context menu. Make the changes thatyou want to make in the Ports dialog.9 Click Save Changes.When a BVLAN is modified, the software performs the following validations:●●The name is no longer than 32 characters.The name contains only alphanumeric characters.Ridgeline <strong>Reference</strong> <strong>Guide</strong>277
Managing PBB <strong>Networks</strong> with Ridgeline●●The ports are not already used in a CVLAN or a SVLAN.The network service selected is not used as a transport service in an E-Line or E-LAN service.Deleting a BVLANYou can use the procedure in this section to delete a single BVLAN. Multiple BVLANs cannot bedeleted in the same operation, and control BVLANs cannot be deleted. These instructions can be used todelete protected BVLANs.To delete a BVLAN, complete the following steps:1 Under Network Views, select the folder containing the BVLAN you want to delete.2 In the Navigation Table, click the VLAN tab.3 Select the BVLAN you want to delete.You can limit the contents of the Navigation Table to just BVLANs by expanding the Filter box andentering BVLAN in the text box, or by expanding the Quick Filter box and selecting BVLAN in theServices box, as shown in Figure 208.Figure 208: Displaying BVLANs in the VLANs Navigation Table4 Select Delete from the Edit menu.5 Confirm the deletion in the pop-up window.When you delete a VLAN, the software verifies that the services in the VLAN are not being used astransport services in an E-Line or E-LAN service.Deleting a BVLAN from a Specific DeviceWorking from the Device window, you can remove a specific device from a BVLAN without affectingthe remaining devices in the BVLAN.To remove a device from a BVLAN, complete the following steps:1 Click Network Views > All table, or Network Views > All map.2 Click the Devices tab.3 Select the device that you want to remove from a BVLAN and double click it to display the Devicewindow.278Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 144 Click the PBB tab and find the BVLAN that you want to remove the device from. You can use theQuick Filter box to limit the contents of the list in the PBB tab.5 Select the BVLAN from which you want to remove the device. Only one BVLAN at a time can beselected for this operation.6 Right-click the BVLAN entry and select Delete from the context menu, as shown in Figure 209. Youcan also use the Delete button .Figure 209: Removing a Device from a BVLAN7 Confirm the deletion in the popup window displayed.When a BVLAN is deleted, Ridgeline verifies that the network service associated with the BVLAN isnot used as a transport service in an E-Line or E-LAN service. Ridgeline removes the device from theBVLAN and displays the validations it is performing in the Progress and Results window. If thedeletion does not succeed, a reason is given in the Progress and Results window.Viewing PBB InformationTo view information about PBB networks known to Ridgeline, click a device group or the All map or Alltable group under the Network Views folder, then click the PBB tab. A table listing the ISIDs, BVLANs,CVLANs, and SVLANs in the group is displayed, as shown in Figure 210.Ridgeline <strong>Reference</strong> <strong>Guide</strong>279
Managing PBB <strong>Networks</strong> with RidgelineFigure 210: PBB Table in Network ViewsThe PBB table has the following columns. You can filter the contents of the table by expanding the Filterbox, and entering text and search criteria, or by expanding the Quick Filter box and selecting anavailable quick filter.TypeTagISIDNameBVLAN networkLast updatedThe type of component in the PBB network, along with an icon indicating the PBBcomponent type. In the Map View, the icons indicate the component is configuredon the highlighted device. The icon can be one of the following:Extended Service ID (ISID)Backbone VLAN (BVLAN)Protected BVLAN; that is, a BVLAN protected by an EAPS ringCustomer VLAN (CVLAN)Subscriber VLAN (SVLAN)The configured tag value for the BVLAN/CVLAN/SVLAN; N/A for ISIDs.The tag value of the ISID that the PBB is associated with or bound to.The name of the BVLAN/CVLAN/SVLAN or ISID.The network name category (if any) that this BVLAN/CVLAN/SVLAN belongs to.You can assign a network name to a BVLAN. When a network name is assigned toa BVLAN, the SVLANs, CVLANs, and ISIDs associated with the BVLAN areautomatically assigned the same network name.See “Categorizing VLANs With Network Names” on page 168 for more information.Date and time that the information about the PBB component was last retrievedfrom the Ridgeline database.If you also have enabled the map view of a device group, you can select a row in the table and displayan overlay view highlighting all of the devices and links in the map where the selected BVLAN,CVLAN, or SVLAN is configured, as shown in Figure 210. ISIDs are not shown in the overlay view.280Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 14Figure 211: Displaying PBB Components in a Map ViewNOTETo view PBB information from an <strong>Extreme</strong> <strong>Networks</strong> switch, enable HTTP or HTTPS on the switch.Displaying PBB DetailsTo display details about a BVLAN, CVLAN, SVLAN, or ISID, click on a row in the PBB table.Information about the selected item appears in the details window. If you double-click on the row, thedetails are displayed in a separate window.BVLAN, CVLAN, and SVLAN DetailsFor BVLANs, CVLANs, and SVLANs, the following window is displayed:Ridgeline <strong>Reference</strong> <strong>Guide</strong>281
Managing PBB <strong>Networks</strong> with RidgelineFigure 212: PBB VLAN Details WindowThe PBB VLAN details window has the following fields:TagNameISIDBVLAN NetworkTypeLast updatedEAPS ProtectionThe configured tag value for the PBB VLAN, along with an icon indicating the PBBcomponent type. The icon can be one of the following:Backbone VLAN (BVLAN).Customer VLAN (CVLAN).Subscriber VLAN (SVLAN).The name of the BVLAN, CVLAN, or SVLAN.The tag value of the ISID that the PBB is associated with or bound to.The network name category (if any) that this BVLAN/CVLAN/SVLAN belongs to.You can assign a network name to a BVLAN. When a network name is assigned toa BVLAN, the SVLANs and CVLANs associated with the BVLAN are automaticallyassigned the same network name.To assign a network name to a BVLAN, select VLAN Network Name from the Toolsmenu. (This option is not available for SVLANs and CVLANs.)See “Categorizing VLANs With Network Names” on page 168 for more information.The PBB component type: BVLAN, CVLAN, or SVLAN.Date and time that the information about the PBB component was last retrievedfrom the Ridgeline database.The BVLAN is protected by EAPS.282Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 14Device TabWhen you click the Device tab, the following columns are displayed:NameIP AddressSNMP statusDevice typeLast updatedThe name of the device where the BVLAN, CVLAN, or SVLAN is configured.The IP address of the device.Whether the device is responsive to SNMP.The type of <strong>Extreme</strong> <strong>Networks</strong> switch.Date and time that the information about the device was last retrieved from theRidgeline database.Port TabWhen you click the Port tab, Ridgeline displays information about the ports on the selected device,where the selected BVLAN, SVLAN, or CVLAN is configured. The following columns are displayed:DisplayNameTypeThe port number on the device where the BVLAN, CVLAN, or SVLAN is configured.The name of the port, if configured.The speed of the port.VLANs and ISIDs TabThe VLANs and ISIDs Tab displays information about the relationship between the BVLAN, SVLAN, orCVLAN and the ISID.For a BVLAN, the table displays information about the SVLAN/CVLAN and the ISID. For an SVLANor CVLAN, the table displays information about the BVLAN and the ISID.TypeTagISIDNameNetworkLast updatedThe PBB component type: BVLAN, CVLAN, or SVLAN.The configured tag value for the PBB component.The tag value of the ISID that the PBB component is associated with or bound to.The name of the PBB component.The network name category (if any) that this VLAN belongs to. See “CategorizingVLANs With Network Names” on page 168 for more information.Date and time that the information about the PBB component was last retrievedfrom the Ridgeline database.Ridgeline <strong>Reference</strong> <strong>Guide</strong>283
Managing PBB <strong>Networks</strong> with RidgelineLinks TabWhen you click the Links tab, the following information is displayed about the links that make up thePBB component:StatusA deviceA IP addressA port nameA port number/annotationB deviceB IP addressB port nameB port number/annotationDiscovery protocolStateTypeA device statusA device worst alarmA port statusA link stateA port typeA port share detailsB device statusB device worst alarmB port statusB link stateB port typeA line indicating the status of the link:• A green line indicates that the link is up.• A red line indicates that the link is down.• A yellow line for a bundled link indicates that some links are down and some areup.• A grey line indicates that the link status is unknown.• A blue line indicates the link is user-created rather than automatically discoveredby RidgelineAn icon showing a circle and two lines indicates a shared link:• Green indicates the link is up.• Greyed-out green indicates the last-known status of the link was up.• Red line indicates the link is down.• Greyed-out red indicates the last known state was down.• Yellow indicates that some ports on this link are up and that some are down.The name of the device on one end (the A side) of the link, along with an iconindicating the device status.The IP address of the device on the A side of the link.The name of the port on the A side of the link, along with an icon indicating the portstatus.The number of the port on the A side of the link.The name of the device on the other end (the B side) of the link, along with an iconindicating the device status.The IP address of the device on the B side of the linkThe name of the port on the B side of the link, along with an icon indicating the portstatus.The number of the port on the B side of the link.The protocol used to discover the link, either EDP or LLDP.The current state of the linkThe link type; for example, user-created.The current status of the device on the A side of the link.The status of the highest alarm on the device on the A side of the link.Whether the port on the A side of the link is enabled or disabled.Whether the A side of the link is ready to exchange traffic with the B side of the link.The type of port on the A side of the link.Information about the port sharing configuration on the A side of the link, ifconfigured.The current status of the device on the B side of the link.The status of the highest alarm on the device on the B side of the link.Whether the port on the B side of the link is enabled or disabled.Whether the B side of the link is ready to exchange traffic with the A side of the link.The type of port on the B side of the link284Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 14B port share detailsNameInformation about the port sharing configuration on the B side of the link, ifconfigured.A description of the link in this format: p – p .ISID DetailsFor ISIDs, the following window is displayed:Figure 213: ISID Details WindowThe ISID details window has the following fields:ISIDNameTypeLast UpdatedBVLAN network nameThe identifier of the ISID, along with an icon indicating this is an ISID.The configured name of the ISID.ISID.Date and time that the information about the ISID was last retrieved from theRidgeline database.The name of the BVLAN network.Ridgeline <strong>Reference</strong> <strong>Guide</strong>285
Managing PBB <strong>Networks</strong> with RidgelineDevice TableThe Device table displays the following information about the devices where this ISID is configured:NameIP AddressSNMP statusDevice typeLast updatedThe name of the device where the ISID is configured.The IP address of the device.Whether the device is responsive to SNMP.The type of <strong>Extreme</strong> <strong>Networks</strong> switch.Date and time that the information about the device was last retrieved from theRidgeline database.VLANs TableThe VLANs Table has the following information for the BVLANs and SVLANs bound to or associatedwith the ISID on the selected device:TypeTagISIDNameNetworkLast updatedThe PBB VLAN type: BVLAN or SVLAN, along with an icon indicating the type.The configured tag value for the BVLAN or SVLAN.The tag value of the ISIDs that the BVLAN or SVLAN is associated with or boundto.The name of the BVLAN or SVLAN.The network name category (if any) that this BVLAN or SVLAN belongs to.Date and time that the information about the BVLAN or SVLAN was last retrievedfrom the Ridgeline database.Displaying PBB Details for a Selected DeviceSee “Displaying Device Details” on page 40 for information about displaying PBB information for anindividual device.286Ridgeline <strong>Reference</strong> <strong>Guide</strong>
15CHAPTERManaging and Monitoring VPLSDomainsThis chapter describes how to use Ridgeline to view information about VPLS domains in your networkand to configure VPLS domains using Ridgeline scripts. It contains the following sections:● “Overview of VPLS” on page 287● “Viewing VPLS Information” on page 290● “Displaying VPLS Details” on page 291● “Configuring VPLS” on page 296Overview of VPLSA Virtual Private LAN Service (VPLS) domain is a Layer 2 multipoint VPN that allows multiple sites tobe connected in a single bridged domain over a provider-managed IP/MPLS network. VPLS enablesservice providers to offer Ethernet private line services that use a simple Layer 2 interface at thecustomer edge, and benefit from the resilience and scalability of an MPLS/IP core.All customer sites in a VPLS domain appear to be on the same LAN, regardless of their locations. AVPLS-capable network consists of Customer Edge (CE) switches, Provider Edge (PE) switches, and acore MPLS network.MPLS pseudowire (PW) tunnels are logical connections between two LERs over an LSP. Layer 2 VPNdomains are created by adding PWs to each peer LSR to build a fully meshed interconnected VPLSdomain, as shown in Figure 214.Ridgeline <strong>Reference</strong> <strong>Guide</strong>287
Managing and Monitoring VPLS DomainsFigure 214: Fully meshed VPLS domainPEPEVPLS CorePEPECore Pseudo WiresIn a fully meshed VPLS domain, pseudo wires must be established between all VPLS peers across thecore. For each peer added to a VPLS domain, a PW is signaled that is used to carry traffic from the localLSR to the remote peer LSR. Flood traffic from the local service (broadcast, multicast, and unknownunicast packets) is replicated and forwarded across all PWs in the VPLS domain. Each peer receives onecopy of the packet for delivery to its locally attached service. As MAC learning occurs on PWs, unicastpackets to a known destination MAC address are forwarded to the peer over the PW from which theMAC address was learned.Hierarchical VPLS (H-VPLS)When MPLS is used at the edge of the network, a fully meshed VPLS domain becomes less practical,due to the number of PWs that must be configured between a large number of peers. A hierarchicalVPLS (H-VPLS) network can improve network scalability by reducing the number of PWs that need tobe configured between peers.In an H-VPLS domain, VPLS domains can be constructed hierarchically in a partial-mesh or hub-andspokeconfiguration. Within the context of H-VPLS, a spoke is a VPLS connection between two VPLSpeers. Typically, one spoke node provides connectivity to the customer VLAN or customer service whileits peer, a core node, provides repeater connectivity to other VPLS peers.H-VPLS introduces the concept of core and spoke PW types. In an interconnected fully meshed VPLSdomain, all of the PWs are of the type core. In an H-VPLS domain, PWs at the fully meshed core of thenetwork are of the type core, and PWs that connect peers at the edge of the network are of the typespoke.The forwarding rules for spoke and core pseudo wires are different. Flood traffic received on a corepseudo wire from another full-mesh core PE must not be transmitted over other core pseudo wires toother PEs. However, flood traffic received on a core pseudo wire is transmitted on all spoke pseudowires in the VPLS domain. Unlike core pseudo wires in a fully meshed VPLS, flood traffic received on aspoke pseudo wire must be transmitted on all other pseudo wires in the VPLS, including pseudo wiresto other core PEs.Figure 215 shows an example H-VPLS domain.288Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 15Figure 215: H-VPLS (Hub-and-Spoke) networkMTUPEPEVPLS CorePEMTUPESpoke Pseudo WireMTUMTUMTUCore Pseudo WireIn a hierarchical VPLS domain, a spoke node (often a Multi-Tenant Unit, or MTU) is only required toestablish a pseudo wire to a single core PE. A VPLS core node that has multiple spoke pseudo wires butno configured core pseudo wires is informally referred to as a hub.This results in a significant reduction in the number of pseudo wires that need to be established andmaintained. For example, a 10 core PE network with 50 MTU devices per core PE requires almost260,000 pseudo wires using a fully meshed VPLS design. A hierarchical VPLS design requires only 590pseudo wires.VPLS Support in RidgelineUsing Ridgeline, you can configure and monitor both fully meshed and hierarchical VPLS domains.Ridgeline queries managed devices, discovering their roles (if any) in VPLS domains. Information aboutdiscovered VPLS domains can be displayed in Network Views, along with a visual representation of therole of each device in the network.In Ridgeline maps, you can display overlay views of LSPs, pseudo wires, and VPLS domains. UsingRidgeline scripts, you can configure VPLS domains and add peer devices to them.Ridgeline provides detailed information about the status of the VPLS domain, its component services,peer devices, and pseudo wires. You can show the outer transport path of a pseudo wire in a VPLSdomain, as well as the LSP in use by a pseudo wires in a VPLS domain. You can select a device andshow information about its peers in a given VPLS domain.NOTEFor additional details about VPLS, see the <strong>Extreme</strong>XOS Concepts <strong>Guide</strong>.Ridgeline <strong>Reference</strong> <strong>Guide</strong>289
Managing and Monitoring VPLS DomainsViewing VPLS InformationTo view information about VPLS domains discovered in Ridgeline, click a device group or the All mapor All table group under the Network Views folder, then click the VPLS tab. A table listing the VPLSdomains in the group is displayed, as shown in Figure 216.Figure 216: VPLS Table in Network ViewsThe VPLS table has the following columns. You can filter the contents of the table by expanding theFilter box, and entering text and search criteria.VPN IDService TypeLast RefreshedThe name of the VPLS domain, along with an icon indicating its status.Indicates the VPLS domain is up.Indicates the VPLS domain is down.Indicates the status of the VPLS domain is unknown.The service type configured for the VPLS domain: ethernet.Date and time when the VPLS information was last updated.From the All map view, or if you also have enabled the map view of the device group, you can select aVPLS domain and display an overlay view highlighting all of the devices and links in the map wherethe selected VPLS domain is configured, as shown in Figure 216.290Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 15Figure 217: VPLS domain in a Map ViewWhen you select a VPLS domain from the table, all of the peer devices for the selected VPLS domain arehighlighted in the map view. In the Details panel, Ridgeline displays information about the pseudowires in the VPLS domain.For a selected VPLS domain, you can display information about the pseudo wires. When you select apseudo wire from the table, Ridgeline highlights the LSP in use. The links and the end nodes of the LSPare highlighted in the map view.Displaying VPLS DetailsTo display details about a VPLS domain, click on the VPLS domain’s row in the VPLS table.Information about the VPLS domain appears in the details window. If you double-click on the row, theVPLS details are displayed in a separate window, as shown in Figure 218.Ridgeline <strong>Reference</strong> <strong>Guide</strong>291
Managing and Monitoring VPLS DomainsFigure 218: VPLS Domain Details WindowThe VPLS Domain details window has the following fields:VPN IDNameService TypeService nameCustomer SitesLast RefreshedThe name of the VPLS domain, along with an icon indicating its status.Indicates the VPLS domain is up.Indicates the VPLS domain is down.Indicates the status of the VPLS domain is unknown.The name of the VPLS domainThe service type configured for the VPLS domain: ethernet.The name of the service configured for the VPLS domain, if set.The number of Customer Edge (CE) devices in the VPLS domainDate and time when the VPLS information was last updated.Nodes TabWhen you click the Nodes tab, the following columns are displayed:StatusNode addressNameIP addressVPLS nameService nameCurrent operational status of the VPLS peer. This can be Up, Down, or Other.IP address of the VPLS peer node.The name and current status of the device.The IP address of the device.The name of the VPLS domain.The name of the service configured for the VPLS domain, if set.292Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 15Number of peersVPLS operational statusVPLS admin statusDot1q tag optionMTUSNMP statusDevice typeLast updatedThe number of devices with a direct connection via a pseudo wire. They do not haveto be configured in the VPLS domain.Once VPLS is enabled, the status of the VPLS domain. This can be Up, Down, orOther.The administrative status of the VPLS domain. This can be Up, Down, or Testing.Testing means packets cannot be sent over the VPLS domain.Whether the dot1q tag option is included or excluded in this VPLS domain.Maximum Transmission Unit over the VPLS domainWhether the device is responsive over SNMPModel type of the device.When information about the device was last updated.Pseudowires TabWhen you click the Pseudowires tab, the following columns are displayed:StatusA node addressA device nameA IP addressB node addressB device nameB IP addressModeThe current status of the pseudo wire. This can be one of the following:Up. The pseudo wire is up.Down. The pseudo wire could be down if pseudo wire signaling is not yetfinished, or information available at the service level indicates that the pseudo wireis not passing packets.Lower layer down. One or more of the lower-layer interfaces responsible forrunning the underlying service is not in UP state.Not present. Some component is missing to accomplish the setup of thepseudo wire. This could be configuration error, incomplete configuration, or amissing hardware component.Testing. The pseudo wire is being tested.Dormant. The pseudo wire is not in a condition to pass packets, but is in a“pending” state, waiting for some external event.The address of the node on one side of the pseudo wire.The name and current status of the device on one side of the pseudo wire.The IP address of the device on one side of the pseudo wire.The address of the node on the other side of the pseudo wire.The name and current status of the device on the other side of the pseudo wire.The IP address of the device on the other side of the pseudo wire.Usage of the pseudo wire in the LSP. This can be one of the following: Core tocore, Spoke to core, Core to spoke.Displaying Pseudowire DetailsIf you double-click on a pseudo wire in the table, details about the selected pseudo wire are displayedin a separate window, as shown in Figure 218.Ridgeline <strong>Reference</strong> <strong>Guide</strong>293
Managing and Monitoring VPLS DomainsFigure 219: Pseudowire Details WindowGeneral TabThe General tab of the Pseudowire details window has two sections, Pseudowire and VPLS service. ThePseudowire section has the following fields:StatusA node addressA device nameA IP addressB node addressB device nameB IP addressThe current status of the pseudo wire. This can be one of the following:Up. The pseudo wire is up.Down. The pseudo wire could be down if pseudo wire signaling is not yetfinished, or information available at the service level indicates that the pseudo wireis not passing packets.Lower layer down. One or more of the lower-layer interfaces responsible forrunning the underlying service is not in UP state.Not present. Some component is missing to accomplish the setup of thepseudo wire. This could be configuration error, incomplete configuration, or amissing hardware component.Testing. The pseudo wire is being tested.Dormant. The pseudo wire is not in a condition to pass packets, but is in a“pending” state, waiting for some external event.The address of the node on one side of the pseudo wire.The name and current status of the device on one side of the pseudo wire.The IP address of the device on one side of the pseudo wire.The address of the node on the other side of the pseudo wire.The name and current status of the device on the other side of the pseudo wire.The IP address of the device on the other side of the pseudo wire.294Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 15ModeTransport LSPConfig typeRx labelTx labelAdmin statusLocal statusPW Created timePW Up timeLast refreshedWhether the pseudo wire is part of a mesh (Core) or hierarchical (Spoke) VPLSdomain.The signaling protocol in use for the transport LSP, either LDP, RSVP-TE, orunknown.Whether the configuration for the pseudo wire was done manually, or learnedthrough Auto-discovery.The label applied at the ingress of the pseudo wire.The label applied at the egress of the pseudo wire.The administrative status of the pseudo wire. This can be Up, Down, or Testing.Testing means packets cannot be sent over the pseudo wire.The status of the pseudo wire on the local node. This can be: No faults, Notforwarding, Service inbound fault, Service outbound fault, Packet switch networkinbound fault, or Packet switch network outbound fault.Date and time the pseudo wire was configured.The amount of time the pseudo wire has been operational.When information about the pseudo wire was last updated.The VPLS service section has the following fields:VPN IDService TypeCustomer SitesA number identifying the VPLS domain.The service type configured for the VPLS domain: ethernet.The number of Customer Edge (CE) devices in the VPLS domainConfigured LSP TabThe Configured LSP tab displays details about the transport LSP used with the pseudo wire. Thefollowing fields are displayed:Transport LSPLSP namePrimary path nameFast rerouteThe signaling protocol in use for the transport LSP, either LDP or RSVP-TE.The configured name of the LSP.The name of the primary path configured for this LSP.Whether fast reroute is enabled or disabled for the LSP.If the signaling protocol is RSVP-TE and a path is indicated, then the following additional details aredisplayed about the primary and secondary paths:OrderERO IP address/net maskTypeThe hop order for the selected LSR in the path.The explicit route object IP address and network mask.The type of device that the LSR is.Path in Use TabThe Path in Use tab displays details about the labels and interfaces used for the currently selected pathalong the LSP. The following columns are displayed:Ingress labelIngress interfaceLabel Switch Router IDThe label applied to packets arriving at the LSR for this path.The interface on the LSR where packets arrive for this pathThe identifier for this LSR.Ridgeline <strong>Reference</strong> <strong>Guide</strong>295
Managing and Monitoring VPLS DomainsNext hop IPEgress labelEgress interfaceOrderIP address of the next hop in the LSP.The label applied to packets exiting at the LSR for this path.The interface on the LSR where packets exit for this pathThe hop order for the selected LSR in the path.Displaying VPLS Details for a Selected DeviceSee “Displaying Device Details” on page 40 for information about displaying VPLS information for anindividual device.Configuring VPLSUsing Ridgeline, you can configure fully meshed and hierarchical (hub-and-spoke) networks. VPLSconfiguration tasks are performed using Ridgeline’s scripting feature.Running VPLS Configuration ScriptsUsing Ridgeline scripts, you can perform the following tasks:●●Create a VPLS domainAssociate peers with a VPLS domainTo run an Ridgeline script, click Scripts under the Network Administration folder to view the list ofavailable scripts, then select the script you want to run from the list. Figure 220 shows the parameterconfiguration screen for the Create VPLS script.296Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 15Figure 220: Configuration Screen for the Create VPLS ScriptFigure 221: Configuration Screen for Associating Peers with a VPLS DomainFor information on how to use Ridgeline scripts, see Chapter 19, “Creating and Executing RidgelineScripts.”Ridgeline <strong>Reference</strong> <strong>Guide</strong>297
Managing and Monitoring VPLS Domains298Ridgeline <strong>Reference</strong> <strong>Guide</strong>
16CHAPTERThe Ridgeline Alarm ManagerThis chapter describes how to use the Ridgeline Alarm Manager to:●●●View alarms that have occurredDefine new alarms and modify current alarm definitionsConfigure threshold-based alarmsIt contains the following sections:● “Overview of the Ridgeline Alarm Manager” on page 299● “The Alarm Log Detailed View” on page 304● “Defining an Alarm Log Display Filter” on page 306● “Deleting Alarm Records with Specified Conditions” on page 308● “Defining Alarms” on page 310● “The Alarm Definition Window” on page 312● “Alarm Categories” on page 326● “Threshold Configuration” on page 327● “Configuring a New Rule or Modifying a Rule” on page 331● “Synchronizing Ridgeline with Device RMON Rules” on page 337Overview of the Ridgeline Alarm ManagerThe Ridgeline Alarm Manager provides fault detection and alarm handling for the network devicesmonitored by Ridgeline. This includes <strong>Extreme</strong> <strong>Networks</strong> devices and some third-party devices. TheAlarm Manager provides a set of predefined, enabled alarms that immediately report conditions such asauthentication or login failures, device problems such as power supply or fan failures, reachabilityproblems, or device reboots.The Alarm Manager also lets you define your own alarms that report errors under conditions youspecify, such as repeated occurrences or exceeding threshold values. You can enable and disableindividual alarms, and you can specify the actions to be taken when an alarm occurs, such as sending e-mail, running a program, running a Ridgeline script, or sounding an audible alert.Fault detection is based on Simple Network Management Protocol (SNMP) traps, syslog messages, andsome limited polling. The Alarm Manager supports SNMP Management Information Base-2 (MIB-2),Ridgeline <strong>Reference</strong> <strong>Guide</strong>299
The Ridgeline Alarm Managerthe <strong>Extreme</strong> <strong>Networks</strong> private MIB, Remote Monitoring (RMON) traps, and selected traps from otherMIBs.For selected third-party devices that have been integrated into Ridgeline through its device integrationframework, Ridgeline can support the full set of traps provided by the device. For other MIB-2compatible devices, assuming they can be successfully added to Ridgeline’s inventory database,Ridgeline supports just the basic MIB-2 traps.NOTERidgeline automatically configures <strong>Extreme</strong> <strong>Networks</strong> devices to send traps to the Ridgeline server whenthose devices are added to the Ridgeline Inventory database; this is not true for non-<strong>Extreme</strong> <strong>Networks</strong> devices—you must manually configure those devices to send traps to the Ridgeline server.To receive syslog messages from a device, the device must be configured to use Ridgeline as a syslog receiver.This is true for both <strong>Extreme</strong> devices and non-<strong>Extreme</strong> devices.Not all trap events are supported in older versions of the <strong>Extreme</strong>Ware software. Please refer to “Event Types forAlarms” for information on the switch software required for specific traps.Predefined AlarmsFor convenience, the Ridgeline Alarm Manager provides a number of predefined alarms. These alarmsare enabled by default and are active as soon as the Ridgeline server starts up. These include thefollowing alarms:● Authentication failure (SNMP MIB-2 trap): This alarm indicates that an attempt has been made toaccess the device using an invalid community string or SNMPv3 credentials.●●●●●●●●●Config Download Failed (Ridgeline event, indicates failure in an download initiated by Ridgeline):This alarm indicates that a configuration download from Ridgeline to the device has failed tocomplete.Config Upload Failed (Ridgeline event, indicates failure in an upload initiated by Ridgeline): Thisalarm indicates that a configuration upload from the device to Ridgeline has failed to complete.Device reboot (Ridgeline event): This alarm indicates the device has rebooted.Device Warning from Ridgeline (Ridgeline event): This alarm indicates that Ridgeline has detecteda problem.EAPS State Change-Error (Ridgeline event): Ridgeline has detected that an EAPS Master node statushas changed from Complete to Failed.EAPS State Change-Warning (Ridgeline event): Ridgeline has detected that an EAPS Master nodestatus has changed from Failed to Complete.ESRP State Changed (<strong>Extreme</strong> proprietary trap): This alarm indicates that an ESRP state change hasoccurred on the device.Fan failure (Ridgeline event): This alarm indicates a cooling fan in the device has failed. This alarmoccurs only once, when the fan status transitions from OK to failed. For continuous notification ofthis problem (until resolved) use the <strong>Extreme</strong> proprietary trap for fan failure, rather than theRidgeline trap.Health Check Failed (<strong>Extreme</strong> proprietary trap): This alarm indicates that the health check has failedfor the device.300Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16●●●●●●●●Invalid login (<strong>Extreme</strong> proprietary trap): This alarm indicates that a login to the device has beenattempted with an invalid username or password.Overheat (Ridgeline event): This alarm indicates that Ridgeline has detected an overheat conditionin the device. This alarm occurs only once, when the temperature reaches the overheat threshold. Forcontinuous notification of this problem (until resolved) use the <strong>Extreme</strong> proprietary trap foroverheat, rather than the Ridgeline trap.Power Supply Failed (Ridgeline event): This alarm indicates a power supply in the device hasfailed. This alarm occurs only once, when the power supply status transitions from OK to failed. Forcontinuous notification of this problem (until resolved) use the <strong>Extreme</strong> proprietary SNMP trap forpower supply failure, rather than the Ridgeline trap.Rogue Access Point Found (Ridgeline event): This alarm indicates that an access point has beendetected that is not in the Safe list.Redundant Power Supply (RPS) alarm condition (<strong>Extreme</strong> proprietary trap): This alarm indicatesthat an attached redundant power supply is transmitting an alarm.SNMP unreachable (Ridgeline event): This alarm indicates that Ridgeline is unable to communicatewith a device using SNMP.Stack Member down (Ridgeline event): Ridgeline has detected that a stack member is down.Stacking Link down (Ridgeline event): Ridgeline has detected that a stack link is down.The Alarm Log BrowserClick Alarm manager in the Navigation frame to run the Alarm Manager and view the Alarm LogBrowser. To view alarms for a specific device, select the device in Network Views, and select Alarmsfrom the Device menu.The Alarm manager (icon) in the Navigation frame acts as an alarm indicator—if it is displayed in redinstead of black, it indicates that at least one new alarm has occurred.The Alarm Log Browser page displays a summary of the alarms that have occurred, optionally filteredbased on criteria you can specify.By default, if you have a device selected in another Ridgeline application when you run the AlarmBrowser, Ridgeline filters the display for the selected device. The filter Ridgeline created appears in theCurrent Filter field; you can save it if you want to be able to reuse it later. Otherwise, the default filterdisplays the last 300 alarms.An alarm can be generated due to an SNMP or RMON trap, a syslog message, or based on the results ofa poll. By default, all the predefined alarms are enabled; therefore, you may see alarm log entries thefirst time you run the Alarm Manager, even if you have not defined any alarms of your own.The Alarm Log Browser SummaryThe Alarm Log Browser summary displays all the alarms that match the selected filter.●●The Current Filter field at the top of the display shows the current filter definition.The Alarms indicator to the right of the Current Filter field shows the number of Alarm instancesthat matched the filter.Ridgeline <strong>Reference</strong> <strong>Guide</strong>301
The Ridgeline Alarm ManagerThe summary displays the following information for each alarm instance:IDNameCategorySeveritySourceTimeMessageAckedAn integer number assigned by the Ridgeline Alarm Manager based on the order in which thealarm occurredA name for the alarm, provided when the alarm is definedAn optional user-defined classification that defaults to “Default”The severity level associated with the alarm when it was defined, indicated by both name andcolor.The Severity Levels and the related icons are as follows:• Normal• Warning• Minor• Major• CriticalThe IP address of the device that generated the trap or responded to a pollThe date and time at which the alarm was receivedThe message generated by the alarmA green check is present in this column if the alarm has been acknowledgedThe summary is initially sorted by ID in descending numerical order, so that the most recent alarmappears at the top of the list. You can sort the display by the contents of any column by clicking on thecolumn heading. Click the heading a second time to reverse the sort order based on that column.Saving the Default FilterIf you have a device selected in another applet when you run the Alarm Browser, Ridgeline creates adefault filter that filters for alarms on that device only. You can save this filter for future user by doingthe following:1 Click the Filter button at the top of the page.This opens the Define Alarm Log Filter window with the predefined filter already displayed.2 Slick the Save button to save the alarm definition.See “Defining an Alarm Log Display Filter” on page 306 for a description of the DefineAlarm Log filter window.Acknowledging an AlarmTo acknowledge an alarm:1 Select the alarm or alarms you want to acknowledge.2 Click the Acknowledge (Ack) button at the top of the page.This sets the state of the selected alarms to “acknowledged,” and places a green check in the Ackedfield of the selected alarm log entries.You can “unacknowledge” alarms you have previously acknowledged, if needed:302Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 161 Select the alarm or alarms.2 Click the Unacknowledge (Unack) button at the top of the page.The Ack or Unack operation may take a few seconds to update the database. When the update iscomplete, the rows are deselected.Deleting Alarm Log EntriesTo delete an alarm log entry:1 Select the alarm entry or entries you want to delete.2 Click the Delete button at the top of the page.This removes the selected alarm log entries entirely from the Ridgeline database.Deleting Groups of Log EntriesRather than deleting alarm log entries one by one, you can delete groups of related log entries in asingle operation, based on specific filtering criteria that you set, such as all entries in a certain timeframe, all entries for selected devices, and so on.To delete a group of alarm entries, click the Del ... button at the top of the page. This opens awindow where you can define the set of conditions that Ridgeline should use to filter andidentify alarm entries that should be deleted.See “Deleting Alarm Records with Specified Conditions” on page 308 for a description of this window,and for instructions about filtering for and deleting groups of log entries.Viewing Alarm DetailsTo view the details of an individual alarm:1 Select the alarm you want to view.2 Click the Detail button at the top of the page, or double-click on the alarm entry in the log.This opens the Alarm Log Detail View window, showing detailed information about theselected alarm. See “The Alarm Log Detailed View” on page 304 for a description of thiswindow and the information it displays.Creating an Alarm Display FilterAlarm entries are displayed in the Alarm Log Browser based on a set of filtering criteria. There are fourpredefined filters:7 days ago View alarms that occurred one week agoDefaultView the most recent 300 entriesRidgeline <strong>Reference</strong> <strong>Guide</strong>303
The Ridgeline Alarm ManagerLast 24 hoursYesterdayView alarms that occurred within the last 24 hoursView alarms that occurred yesterday (the 24 hours from starting at 12:01 am yesterday)In addition to these, you can create your own filters based on criteria such as Source IP, Severity, AlarmName, LogID, and a number of others. Your filter can combine multiple criteria.To specify your own filter, click the Filter button at the top of the page.This opens the Define Alarm Log Filter window. See “Defining an Alarm Log Display Filter” onpage 306 for a description of this window, and information about creating your own filters.Deleting Saved Alarm Log FiltersYou can delete any saved alarm log display filters except for the default filter. To delete a filter, completethe following steps:1 Click the Del Filter button.This opens the Delete Filters window.2 Select the filter you want to delete, and click OK.Pausing All AlarmsYou can temporarily stop the processing of all enabled alarms using the Pause/Resume feature.To stop processing enabled alarms, click the Pause button at the top of the page. Ridgelineignores all traps when the alarms are paused.To resume processing traps, click Resume.The Alarm Log Detailed ViewTo view the details of an individual alarm:1 Select the alarm you want to view.2 Click the Detail button at the top of the page, or double-click on the alarm entry in the log.This opens the Alarm Log Detailed View window, as shown in Figure 222.The Alarm Log Detailed View displays detailed information about the selected alarm.304Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16Figure 222: Detailed View of an Alarm Log EntryThe fields in this view show the following information about the alarm:Log IDAlarm NameCategorySeverityRepeat timesRepeat PeriodDevice NameAlarm SourceAckedAlarm TimeAlarm MessageActions takenName of eventsThe ID number assigned to this event by RidgelineThe name of the alarmThe category to which this alarm belongsThe severity level of the alarmThe number of times the event occurred to trigger the alarm. If the alarm does requirerepeated events, this value is 1.The time period within which the repeated events occurred, for alarms with a repetitiveoccurrence specification. Displays N/A if the alarm does not require repeated events.The name of the device on which the alarm generating event(s) occurredThe IP address where the alarm event(s) originated and ifAlias corresponding to ifIndex in thetrapWhether this alarm has been acknowledgedThe time of day at which the alarm occurredThe message associated with the alarmThe list of actions defined for this alarm, if anyThe name of the event that triggered the alarmRidgeline <strong>Reference</strong> <strong>Guide</strong>305
The Ridgeline Alarm ManagerPattern matchingAlarm EventsThe pattern matched by the event data, if a pattern is defined for this alarmDetails of the events that triggered the alarm. If the alarm required repeated events in orderto trigger the alarm, all those events are shown. For each event the following is displayed:• Event Time: The time of day that the event occurred• Event Source: The IP address of the event source• Data: The data included with the event• Count: The event count, with 1 being the first (oldest) event occurrenceFrom the Alarm Log Detailed View window you can display details for other alarms without having toreturn to the Alarm Browser summary page.● Enter or select an alarm Log ID in the Go to alarm field. Selecting the ID immediately displays thatalarm entry.● Click the Next button to view the alarm entry in the row below the currently displayed entry in theAlarm Browser summary list.● Click the Previous button to view the alarm entry in the row above the currently displayed entry inthe list.● Click Close to close the display window.Defining an Alarm Log Display FilterYou can filter the alarms to be displayed in the Alarm Log Browser summary list based on criteria suchas Source IP, Severity, Alarm Name, LogID, and a number of others.To specify your own filter, click the Filter button at the top of the Alarm Log Browser summarypage.The Define Alarm Log Filter window opens displaying either the last filter definition you created, or theDefault filter (View last 300 alarms).Figure 223: Alarm Log Filter Definition Window306Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16To create your own filter, complete the following steps:1 Click the New button to clear the previous filter definition. This unchecks the View last 300 alarmscheckbox, if it was checked, and enables the other fields in the window (except for the name field—you can provide a name for your filter when you name it).2 Define a filter criteria by selecting or filling in the Field, Operator, and Value fields as follows:FieldOperatorValueThe parameter you want to use as a filter criterion. Select one from the pull-down menu. Thechoices are:• Log ID: Filter on Log ID• Alarm Name: Filter on Alarm name• Category: Filter on category name• Severity: Filter on severity level• Source IP: Filter on alarm source IP address• Port IfIndex: Filter on a port (for alarms that use Port as the source type)• Time: Filter on the entry date and time stamp• Acked: Filter on whether alarms have been acknowledged or notA comparison operator used to test the parameter against the specified value. Select one from thepull-down menu. Only choices relevant to the selected parameter type are available—in somecases only one choice is allowed.The value against which the parameter (specified in the Field field) should be tested. The type,format and range of the values you can specify depend on the parameter you selected in the Fieldfield. Values may be entered as follows:• Log ID: An integer. You can test equality relationships (equal, not equal, greater than, less than,greater than or equal, less than or equal) or for a range (Between). If you choose Between asthe operator, you are asked to enter two values.• Alarm Name: Text string. You can select an alarm name from the drop-down list in the Valuefield, or enter a text string. You can test for an exact match or non-match, or a substring(Contains). The Contains operator lets you match against a substring (portion of text) that shouldbe contained in the parameter value.• Category: Text string. You can select a category from the drop-down list in the Value field, orenter a text string. You can test for an exact match or non-match, or a substring (Contains).• Severity: An alarm severity level. You must select a severity level from the drop-down list in theValue field. You can test for a match or non-match.• Source IP: IP address. Can test for exact match or non-match, or for a range (Between). If youchoose Between you are asked to enter two values. You cannot match on a subnet.• Port IfIndex: An integer. Can test equality relationships (equal, not equal, greater than. less than,greater than or equal, less than or equal) or for a range (Between). If you choose Between youare asked to enter two values.• Time: Select a time period from the drop down list. Choices include periods such as Last 1 Hour,Yesterday, 2 Days Ago, etc. The filter matches all alarms within the time period.• Acked: Can select Yes (matches all Acknowledged alarms) or No (matches all unacknowledgedalarms).3 Click the Add/Modify Condition button to add this specification to the filter definition.You can create a filter that uses more than one condition, as long as each condition uses a differentparameter. Multiple conditions are combined using a logical AND function—all conditions must bematched for an alarm entry to be included in the filter results.You cannot filter using multiple specifications of the same parameter. For example, in order to findand view alarms for IP addresses 10.205.0.55 and 10.205.0.61, you must use the Between operator toRidgeline <strong>Reference</strong> <strong>Guide</strong>307
The Ridgeline Alarm Managertest for all Source IP addresses between these two IP addresses. You cannot create a filter thatincludes separate condition specifications for Source IP = 10.205.0.55 and Source IP = 10.205.0.61.4 To remove an individual condition specification, select it in the current filter list and click theRemove Condition(s) button. You can select and remove multiple filter criteria.5 When your filter definition is complete, you can save it as a named filter, or you can just apply it tothe Alarm Log without saving it.● To save it, click Save, and enter a name into the dialog box that appears.● To apply the filter to the Alarm Log summary without saving it, click OK. This filters the displaybased on the criteria you defined. You do not need to save the filter before you do this.If you do not save the filter definition before you apply it to the Alarm Log, you can re-open theDefine Alarm Log Filter window and save it later. The filter definition is retained in the DefineAlarm Log Filter window until you either create another filter definition, or exit the Alarm Manager.To restore the default filter definition, click the View last 300 alarms check box and click OK.Deleting Alarm Records with Specified ConditionsTo delete a group of alarm entries, click the Del ... button at the top of the page.The Delete alarm records with specified conditions window opens, as shown in Figure 224.Figure 224: Delete Alarm Records with Specified Conditions WindowIn this window you can define a filter—a set of conditions—that Ridgeline can use to determinewhether an alarm record should be deleted.308Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16To create a delete condition filter, complete the following steps:1 If the “View last 300 alarms” check box is checked, the remaining fields are grayed-out. Uncheck thecheck box to enable the other fields.2 Define a filter criteria by selecting or filling in the Field, Operator, and Value fields as follows:FieldOperatorValueThe parameter you want to use as a filter criterion. Select one from the pull-down menu. Thechoices are:• Log ID: Filter on Log ID• Alarm Name: Filter on Alarm name• Category: Filter on category name• Severity: Filter on severity level• Source IP: Filter on alarm source IP address• Port IfIndex: Filter on a port (for alarms that use Port as the source type)• Time: Filter on the entry date and time stamp• Acked: Filter on whether alarms have been acknowledged or notA comparison operator used to test the parameter against the specified value. Select one fromthe pull-down menu. Only choices relevant to the selected parameter type are available—insome cases only one choice is allowed.The value against which the parameter (specified in the Field field) should be tested. The type,format and range of the values you can specify depend on the parameter you selected in theField field. Values may be entered as follows:• Log ID: An integer. You can test equality relationships (equal, not equal, greater than, lessthan, greater than or equal, less than or equal) or for a range (Between). If you chooseBetween as the operator, you are asked to enter two values.• Alarm Name: Text string. You can select an alarm name from the drop-down list in the Valuefield, or enter a text string. You can test for an exact match or non-match, or a substring(Contains). The Contains operator lets you match against a substring (portion of text) thatshould be contained in the parameter value.• Category: Text string. You can select a category from the drop-down list in the Value field, orenter a text string. You can test for an exact match or non-match, or a substring (Contains).• Severity: An alarm severity level. You must select a severity level from the drop-down list inthe Value field. You can test for a match or non-match.• Source IP: IP address. Can test for exact match or non-match, or for a range (Between). Ifyou choose Between you are asked to enter two values. You cannot match on a subnet.• Port IfIndex: An integer. Can test equality relationships (equal, not equal, greater than. lessthan, greater than or equal, less than or equal) or for a range (Between). If you chooseBetween you are asked to enter two values.• Time: Select a time period from the drop down list. Choices include periods such as Last 1Hour, Yesterday, 2 Days Ago, etc. The filter matches all alarms within the time period.• Acked: Can select Yes (matches all Acknowledged alarms) or No (matches allunacknowledged alarms).3 Click the Add/Modify Condition button to add this specification to the filter definition.You can create a multi-criteria specification using more than one parameter as long as eachparameter is different. You cannot filter using multiple specifications of the same parameter.For example, in order to delete alarms for IP addresses 10.205.0.55 and 10.205.0.61, you must do thisin two operations.4 To remove an individual criteria, select it in the current filter list and click the Remove Condition(s)button. You can select and remove multiple filter criteria.5 When your filter definition is complete, click Delete.Ridgeline <strong>Reference</strong> <strong>Guide</strong>309
The Ridgeline Alarm ManagerAll alarm records that meet the conditions defined by the filter are deleted.If you simply want to delete the last 300 alarms, leave the “View last 300 alarms” box checked, andclick Delete.Defining AlarmsFor convenience, the Ridgeline Alarm Manager provides a number of predefined alarms. These alarmsare all enabled by default, and become active immediately when the Ridgeline server starts up. Thepredefined alarms generate alarm log entries, but no other actions are specified.You can modify the predefined alarms or define your own custom alarms to report errors based on anumber of event types under conditions you specify, such as repeated occurrences or exceedingthreshold values. You can also specify the actions to be taken when an alarm occurs, such as sending e-mail, running a program, running a Ridgeline script, or sounding an audible alert.To view a current alarm definition, to create a new definition, or to modify an existing definition, clickthe Alarm Definition tab at the top of the page. The Alarm Manager: Alarm Definition page isdisplayed, as shown in Figure 225.Figure 225: Alarm Manager: Alarm Definition pageThe Alarm Definition List shows all the current alarm definitions. This list shows the followinginformation about each alarm:NameCategoryThe name of the alarmThe category to which the alarm belongs.310Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16EventSeverityEnabledThe event that triggers this alarm (see “Defining the Basic Alarm Properties” on page 313 formore details)The severity level of the alarm (normal, warning, minor, major, critical)Whether the alarm is enabled or disabledTo view the settings for an individual alarm, select the alarm.The detailed definition of the selected alarm appears in the fields below the alarm list. In addition to thebasic properties shown in the Alarm Definition list, these fields show additional properties such aswhether pattern matching should be used on event data, or whether the event must occur more thanonce before the alarm is triggered. These basic properties are defined in detail in “Defining the BasicAlarm Properties” on page 313.Below the basic properties, two text fields show the alarm actions (if any) defined for the alarm, andscope of alarm.Alarm Actions are functions that the alarm manager executes when an alarm occurs, in addition tologging the occurrence of the alarm. By default the predefined alarms have no actions defined for them(other than logging). Alarm actions can include sending e-mail, sounding an audible alert, running aprogram or running a Ridgeline script. For the predefined alarms, an alarm event creates an entry in theAlarm Log, but no other actions occur. You can define additional actions for any of these alarms. AlarmActions are discussed in more detail in “Defining Alarm Actions” on page 318.The Alarm Scope defines which devices can trigger an alarm. The predefined alarms are scoped bydefault for all devices and ports. Thus, a trap received from any port or any device triggers thecorresponding alarm. You can modify the scope of any of these alarms. Alarm Scope is discussed inmore detail in “Defining the Alarm Scope” on page 315.Creating a New Alarm DefinitionTo create a new alarm, click the Add button at the top of the page.This opens the New Alarm Definition window, where you can define a custom alarm. See “TheAlarm Definition Window” on page 312 for a description of the window, with instructions forcreating an alarm definition.Modifying an Alarm DefinitionTo modify an alarm, select the alarm in the Alarm Definition List, and click the Modify buttonat the top of the page.This opens the Modify Alarm Definition window. This window is identical to the New AlarmDefinition window, except that the settings for the selected alarm are filled in. See “The AlarmDefinition Window” on page 312 for a description of the window, with instructions formodifying an alarm definition.Ridgeline <strong>Reference</strong> <strong>Guide</strong>311
The Ridgeline Alarm ManagerDeleting an Alarm DefinitionTo delete an alarm definition, select the alarm in the Alarm Definition List, and click the Deletebutton at the top of the page.After you verify that you want to delete the alarm, the definition is removed from the AlarmDefinition List and from Ridgeline’s database.You must remove alarm definitions one at a time.The Alarm Definition WindowThere are three parts to an alarm definition: the Basic properties definition, the Scope definition, and theAction definition. Each is represented on its own tab in the New Alarm Definition window or theModify Alarm Definition Window.The New Alarm Definition window, as shown in Figure 226, initially displays the Basic tab of the threepagealarm definition, with most of the fields blank. If you are modifying an existing Alarm definition,the Modify Alarm Definition window is identical except that the settings for the selected alarm areshown in the appropriate fields.Figure 226: The New Alarm Definition Window, Basic Definition Tab312Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16Use the tabs at the top of the window to move between the three pages. When you are finished withyour alarm definition, click OK. A new alarm definition is added to the Alarm Definition List; theexisting alarm definition is updated for an alarm that has been modified.See the Ridgeline Concepts and Solutions <strong>Guide</strong> for a more extensive discussion about Ridgeline alarms,including examples of alarm definitions for common network events.Defining the Basic Alarm PropertiesOn the Basic page, you define the event-related parameters of the alarm: its name, severity, the eventthat triggers it, and so on. The fields in this window are defined as follows:NameEnabledCategorySeverityEvent TypeEvent NamePattern Matching onEvent DataThe name of the alarm as it will appear in the alarm log and (optionally) elsewhere. Thisdefines the variable alarmName.Indicates whether the alarm is “turned on” or not. If you uncheck this box, the alarmremains defined but is not operational.The category assigned to this alarm. Select the category using the pull-down menu at theend of the field (see “Creating a New Alarm Category” on page 326 for more information).This defines the variable alarmCategory.The severity of the alarm. Select one of the five severity levels from the pull-down menu(normal, warning, minor, major, critical). This defines the variable alarmSeverity. Theseverity level also determines the sound that is played as an audible alert.The type of event (SNMP trap, RMON Trap Rising Alarm, RMON Trap Falling Alarm,Ridgeline, or Syslog message). This determines the list of events you can select in theEvent Name field. The event type is concatenated with the event name to define thevariable eventTypeName.The specific event (trap) that should trigger this alarm. Select the event from the pull-downlist provided. The event name is concatenated with the event type to define the variableeventTypeName.For RMON Rising or RMON Falling trap types, pull-down list includes the configuredRMON rule names. RMON events (rules) must be configured under the ThresholdConfiguration tab before they appear in the Event Name list. See “ThresholdConfiguration” on page 327 for information on defining RMON events.See “Event Types for Alarms” for a description of the Ridgeline and SNMP events fromwhich you can choose.You can specify that the alarm should be triggered only if the data provided with the eventmatches a specific pattern. If you leave this data unchecked, the default is “Don’t Care.”Pattern matching is done on the contents of the eventData variable.The pattern matching syntax uses regular expressions.• You can use “*” or “%” to match any sequence of zero or more characters.• “?” or “_” (question mark or underscore) can be used to match any one character.• To match one of a set of characters, enclose the characters in brackets. For example,[abcd] matches one of a, b, c, or d.For example, the following regular expressions can be used for monitoring MPLS removalsand insertions using alarm pattern matching:• For removals: *ConfiguredType: 104?*InsertedType: 1?*State: 1*• For insertions: *ConfiguredType: 104?*InsertedType: 104?*State: 5*Ridgeline <strong>Reference</strong> <strong>Guide</strong>313
The Ridgeline Alarm ManagerRepetitive occurrencespecification(Issue an alarm...)The required number of times an event must occur before an alarm is generated. You canspecify both the number of times the event must occur, and the time frame within whichthese events must occur. This lets you filter out short-lived or non-repeatable events, anddefine an alarm that will take action only if the triggering event occurs repeatedly within adefined time frame.When you use the Repetitive occurrence specification for an SNMP Unreachable alarm,then note that Ridgeline generates SNMP Unreachable alarms only when there are SNMPstate changes (reachable to unreachable) occurring for that device according to theconfigured repetitive occurrence setting.For example, if you configure the Repetitive occurrence specification parameter as 2 timeswithin 15 minutes, Ridgeline does not generate SNMP unreachable alarms if it finds thedevice is unreachable twice within 15 minutes. Instead, those alarms are generated onlywhen Ridgeline finds state changes (reachable to unreachable) for the device twice within15 minutes.See Table 40 on page 697 for a description of SNMP Unreachable and SNMP reachablealarms.If you want Ridgeline to generate SNMP unreachable alarms even without a SNMP statechange, then edit the management.properties file and changeEmitSnmpUnreachableEventAlways from FALSE to TRUE, then restart the Ridgelineserver and database. This change results in continuous SNMP unreachable alarmgeneration for all unreachable devices on every status poll, but when combined withRepetitive occurrence specification, the alarms will be generated according to the settings.Event TypesRidgeline alarms can be triggered by SNMP traps, RMON rising or falling traps, Ridgeline events, orSyslog messages.A Ridgeline event is generated by Ridgeline based on the results of its periodic polling. In some cases, acondition that causes a Ridgeline event may also generate an SNMP or other trap. Creating an alarmtriggered by a Ridgeline event guarantees that the condition is eventually detected by polling even ifthe corresponding trap is missed.See “Event Types for Alarms”for a description of the Ridgeline and SNMP events supported by theRidgeline Alarm Manager.SNMP traps are notifications from a device of events that occur on a device. Ridgeline must beconfigured as a trap receiver on the device in order to be notified of these events; this happensautomatically on <strong>Extreme</strong> devices. Certain SNMP events may require additional configuration on theswitch in order to enable specific trap conditions.RMON Trap Rising and RMON Trap Falling events are triggered by RMON or CPU utilization traps.RMON events, including Port utilization, temperature, or STP topology change events, and eventsbased on CPU utilization, are defined through the Threshold Configuration page of the Ridgeline AlarmManager (see “Threshold Configuration” on page 327). RMON event rules can be configured only onswitches running <strong>Extreme</strong>Ware 6.1 or later. CPU Utilization rules can only be configured on switchesrunning <strong>Extreme</strong>Ware 6.2 or later.NOTERMON must be enabled on the switch in order for RMON trap events to be generated.Syslog messages may also be used to trigger alarms. To receive Syslog messages, the Ridgeline Syslogfunction must be enabled, and remote logging must be enabled with Ridgeline configured as a Syslogreceiver on the devices from which you want to receive Syslog messages.314Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16Refer to “Devices Properties” on page 471 for information about configuring devices to use Ridgeline asa Syslog receiver. Syslog messages received from devices not managed by Ridgeline are ignored.For certain other events, you must do the configuration on the switch using an SNMP configuration toolsuch as SNMPc. See “Configuring SNMP Trap Events” on page 695 for related information.Table 7: Ridgeline Alarm VariablesVariable NamealarmIDalarmNamealarmCategoryalarmSeverityalarmRepeatTimesalarmRepeatPeriodalarmSourceDeviceNamealarmSourceIPalarmSourceIfIndexalarmGMTTimealarmLocalTimealarmMessagealarmActionseventLogIDeventTypeNameeventGenericTypeeventSpecificTypeeventSpecificTypeStreventEnterpriseeventDatatrapDescriptionAn integer number assigned by the Ridgeline Alarm Manager based on the orderin which the alarm occurredThe name of the alarm as defined in the Name fieldThe user-defined alarm category assigned to the alarmThe severity level assigned to the alarmThe number of times the event must occur before an alarm is generatedThe time frame within which the repeated events must occur for the alarm to begeneratedThe name of the device on which the event(s) occurred (taken from the Ridgelinedatabase)The IP address of the device on which the event(s) occurredThe interface on the device on which the event(s) occurredThe time at which the alarm occurred, in Greenwich Mean TimeThe time at which the alarm occurred, in local timeThe message defined for the alarm (for use by an external program executed asan alarm action)The list of actions defined for the alarmThe ID of the event in Ridgeline’s event logThe type of event (SNMP Trap, RMON Rising Trap, RMON Falling Trap, orRidgeline event) concatenated with the Event Name (the SNMP trap name, RMONrule name, or Ridgeline event name)The SNMP Generic Type number of the trapThe SNMP Specific Type number for an enterprise-specific trapThe event descriptionThe Enterprise portion of the Object ID (OID) of the eventThe data associated with the trap, or the Syslog message contentThe trap varbinds from SNMP trap.Defining the Alarm ScopeTo define a scope for the alarm, click the Scope tab. The Scope definition page is displayed, as shown inFigure 227.Ridgeline <strong>Reference</strong> <strong>Guide</strong>315
The Ridgeline Alarm ManagerFigure 227: New Alarm Definition Window, Scope DefinitionIn this window you define the scope of the alarm—the set of devices that can trigger the alarm. You candefine the scope as a set of individual devices, one or more device groups, as a set of individual ports,or as one or more port groups.For events that originate from a device port (such as link down) the scope determines whether thealarm is generated based on an event from a single port, on events from any port on a device, or fromany port on any device in a device group.For example, to define an alarm that is fired for any port on device A, you can scope the alarm as“Device,” select the appropriate device group, and select Device A. To define the alarm only to be firedon selected ports on Device A, you would scope the alarm as “Port,” select Device A, and select theindividual ports. You could also define a port group for the specific ports of interest, the scope thealarm as Port Group and select the appropriate group.To define the alarm scope, select a Source Type (and Device Group, if appropriate), select individualdevices, ports, device groups, or port groups, and add them to the Selections list. The scope can containa combination of source types.316Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16The fields and buttons in this window are defined as follows:Scope on all devicesand portsSource TypeSelect GroupSource list (Device/Device Group/PortGroup)ifIndexSelectionWhen this is checked, an event received from any device or device port will trigger thealarm. In addition, as new devices are added to the Ridgeline inventory database, thosedevices and ports will also be included in the device scope.Uncheck the checkbox to enable scoping by specific devices, device groups, ports or portgroups.The source of the scoping definition (Device, Device Group, Port, or Port Group). Select thetype you want from the pull-down list.Select Device Group or Port Group to scope the alarm on all members of the selectedgroup. Group membership is evaluated every time a trap is received. Therefore, changes tothe group membership (adding or removing devices or ports) have an immediate effect onalarm processing.To scope the alarm on individual devices or ports, select Device or Port.If you select Device or Port as the Source Type, you must select a Device Group to indicatethe set of devices (and ports) you want to see in the Source List.The list of components of the specified type. The field label changes based on the SourceType. It is labeled Device when you select either Device or Port as the Source Type.The list of ports available on the device selected in the Device source list. This list appearsonly if you have selected Port as the Source Type. Select a device from the Device sourcelist, and the appropriate set of ports for the device appears.The devices, ports, device groups, or port groups that are currently included in the scope.The buttons in the middle of the page let you move selected devices, ports, or groups between thesource list and the Selection list:●●●●Add->—Adds the selected Device(s), Port(s), Device Groups or Port Groups to the Selection list, forinclusion in the scope of this alarm.Add All->—Adds all the components in the source list to the Selection list.
The Ridgeline Alarm ManagerDefining Alarm ActionsTo define actions for the alarm, click the Actions tab. The Action definition page is displayed, as shownin Figure 228.Figure 228: New Alarm Definition Window, Action DefinitionIn this window you define the actions for the alarm—the functions that should be performed when thealarm occurs. You can have the alarm perform any or all of the actions defined here.NOTEIn order to use an e-mail action, you must first configure your e-mail settings. You will not be able to selectan e-mail action until this has been done. See “Setting Up E-mail for the Alarm Manager” on page 321.318Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16The fields and buttons in this window are defined as follows:Sound AlertSend an e-mailE-mail Settings...Run programVariables...Forward Trap toEdit TrapForwardingSettings...Click the check box to have the alarm manager play an audible alert on the client computerwhen the alarm occurs. The alarm will sound on all Ridgeline clients currently connected to theRidgeline server. The sound that is played depends on the severity level of the alarm.The alert sound files are kept on the Ridgeline server in the \extreme subdirectory of theRidgeline installation directory, and are named according to the severity level they represent(normal.wav, warning.wav and so on).Click this check box to indicate that e-mail should be sent, then enter the e-mail address(es) ofthe recipients for the e-mail. E-mail addresses in a list can be separated by commas,semicolons, or spaces.For details on how to preview the messages, see “Defining Messages” on page 323.Note: If the e-mail check boxes are grayed out, you must first configure your e-mail settings.Send a long mail to—Select this check box to indicate that a long e-mail should be sent. Thenenter the e-mail address(es) of the recipients for the e-mail. E-mail addresses in a list can beseparated by commas, semicolons, or spaces.Send a text message (short version) to—Select this check box to indicate that a short e-mail(appropriate for text paging) should be sent. Then enter the e-mail address(es) of the recipientsfor the e-mail. E-mail addresses in a list can be separated by commas, semicolons, or spaces.Short email provides the alarm number, name and the IP address of the source of the alarm inthe subject header. The message body provides alarm name, source of alarm, ifAliascorresponding to the ifIndex in the trap, severity and the alarm message.Click the Edit E-mail Settings to display the Email Settings window, where you can configureyour e-mail settings. You will need to do this if the Email to and Short email to checkboxes arenot accessible. See “Setting Up E-mail for the Alarm Manager” on page 321 for details onsetting up e-mail for use with alarm actions.By default this button is disabled. This button is enabled, after you select Send an e-mailoption.Click the check box to specify a program that should be run when this alarm occurs. Enter thecommand string for the program in the field provided. To include Alarm Manager variables asarguments in the command string, click the Variables... button and select the variables you wantto include.You can also include trap varbinds as arguments in the command string, if the SNMP eventthat triggers this alarm provides varbinds.Note: If you are running Ridgeline on a Windows system, see “Running a Program as an AlarmAction Under Windows” on page 320.Click this to display a list of the variables you can select for inclusion as arguments in thecommand string of the program you have specified in the Run program field.See Table 7 on page 315 for a definition of the Alarm Manager variables you can use in themessage field.Click this check box to forward the trap event that caused this alarm. The forwardinginstructions currently in force are shown to the right of the check box:• Host: The host name or host IP address of the system to which the trap is forwarded.• Port: The port on which the specified host receives traps.• Community String: The community string for the specified host.• <strong>Version</strong>: The version of SNMP to which traps will be converted. This can specify Noconversion, Convert trap to SNMPv1 or Convert trap to SNMPv2c.Note: To change any of these settings, click the Settings... button to the right of this field.Click this to display the Trap Forwarding Settings window, where you can configure the trapforwarding instructions. See “Configuring the Trap Forwarding Settings” on page 322 for detailson configuring trap forwarding settings.Ridgeline <strong>Reference</strong> <strong>Guide</strong>319
The Ridgeline Alarm ManagerRun MacroSelect A Macro...Click this checkbox to specify a Ridgeline script that should run when this alarm occurs. Enterthe script name or click the Macros... button to select a script from a list of saved scripts.When the script is run as an alarm action, the results of the script can be saved in theRidgeline audit log. To do this, enable the “Save results in Audit Log” option in the run-timesettings for the script. See “Specifying Run-Time Settings for a Script” on page 406 for moreinformation.Click this to display the Select Macro window, where you can select a Ridgeline script from alist of saved scripts.Running a Program as an Alarm Action Under WindowsOn a Windows system, if you want to run a program that does output to the desktop, you must specifythat output to the desktop is allowed when you start the Ridgeline server service. Otherwise, theprogram will not run. See the Alarm Manager section in the Ridgeline Concepts and Solutions <strong>Guide</strong> forinstructions on restarting the Ridgeline server service with this option enabled.If you want to specify a batch file that does output to the desktop, you must specify the “.bat” filewithin a DOS “cmd” command, as follows:cmd /c start where is the batch file you want to run.Using Trap Varbinds in a Command StringIf the event that defines this alarm is an SNMP trap that includes varbinds, you can use the varbinds asarguments in a command string you run as an alarm action. Ridgeline will substitute the value of thevariables from the trap into the command string.In the Basic tab of the Alarm Definition window, the Event Type must be set to SNMP Trap, and theselected trap event (Event Name) must be one that includes variables.In the Actions tab, clicking Details>> shows the list of variables associated with the trap event, andtheir indexes.You specify the variable by including the trap variable $trap followed by the varbind index: e.g.$trap(0) etc. You do not need to include all the variables, and they can be in any order. You can insertthe $trap variable by selecting from the list of system variables displayed when you click the Variables...button; however, you must still add the index, enclosed in parentheses.The example in Figure 229 shows a command taking the extremeEapsPrimaryStatus andextremeEapsSecondaryStatus as arguments.320Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16Figure 229: Using trap varbinds as arguments to a command as an alarm actionBecause the variables may return values in a form that is not usable in a CLI command, two functionsare provided to convert values to CLI-readable formats. These are:●●$ToCliPort() — converts a port IfIndex to the slot:port format$ToCliVlanName() — converts a VLANID to a VLAN name.For example, for the trap extremeEdpNeighborAdded, the variable extremeEdpPortIfIndex is returnedas the second varbind (index=1).So upon an EDP Neighbor Added trap, to run a program “testprog” and pass it the port number, youcould use the commandcmd c:/testprog $ToCliPort($trap(1))For example, if the trap returns an IfIndex of 1009, the $ToCliPort function will convert it to 1:9, sothat the resulting run command is:cmd c:/testprog 1:9Setting Up E-mail for the Alarm ManagerOnce you select the Send an email option, the e-mail capability is enabled. You can configure the e-mailsettings now.Ridgeline <strong>Reference</strong> <strong>Guide</strong>321
The Ridgeline Alarm ManagerTo configure the e-mail capability, complete the following steps:1 Select Send an e-mail check box on the Action page.2 If you are configuring the e-mail settings for the first time, select Send a long version to or Send atext message to option.3 Click the Edit E-mail Settings button.This displays the Alarm Definition Email Settings window, as shown in Figure 230.Figure 230: Setting up Email for Alarm Actions4 Type the information required to configure the mail server in the fields provided, then click OK.SMTP HostSent ByMy server requiresauthenticationUser NamePasswordThe outgoing mail server name (or IP address).The e-mail address that should be used as the sender of the e-mail.Check this if your mail server authenticates the user before sending out e-mail andenter the username and password of an account that the SMTP server will accept.Usually this is the account you use to log into your network.If you don’t know whether your server requires authentication, you can go aheadand enter the authentication information—it is ignored if it is not actually needed.The username for mail server authenticationThe password for mail server authenticationNOTEIf you have e-mail configured as an alarm action and the mail server is not reachable and times out whenan alarm occurs, the Alarm Manager will stall waiting for the action to complete. The Alarm Manager may also stallif a program configured as alarm action never completes.Configuring the Trap Forwarding SettingsYou can change the settings for trap forwarding as follows:1 Click the Edit Trap Forwarding Settings button on the Action page.This displays the Trap Forwarding Settings window, as shown in Figure 231. The window initiallyshows the global trap receiver settings configured in Ridgeline Administration, as part of the ServerProperties configuration for SNMP (see “SNMP Properties” on page 476 for how to set these globalsettings).322Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16Figure 231: Trap Forwarding Settings Window2 Uncheck the Use Global Settings checkbox to enable the following fields. Type the informationneeded to configure the receiver for the forwarded traps, then click OK.HostPortCommunity String<strong>Version</strong>Type the host name or host IP address of the system to which the trap will be forwarded.Type the port on which the specified host receives traps.Type he community string for the specified host.Select the version of SNMP to which traps will be converted:• No conversion: No conversion is done.• Convert trap to SNMPv1: All traps are converted to SNMPv1.• Convert trap to SNMPv2c: All traps are converted to SNMPv2.The new settings are shown on the Action page of the New or Modified Alarm Definition window.To return to the default (global) settings, just check the Use Global Settings checkbox.Configuring Forwarding for Ridgeline EventsIf trap forwarding is configured globally, Ridgeline events such as Config Upload OK, Config UploadFailed, SNMP Unreachable, and SNMP Reachable can be forwarded as traps to an Event ManagementSystem or other system configured to receive traps that Ridgeline servers forward.For more information about configuring the global settings see “SNMP Properties” on page 476.To decipher these events the system that receives them must have the file EXTREME-EPICENTER-MIB.mib. This file is available on the Ridgeline server in \Program Files\<strong>Extreme</strong><strong>Networks</strong>\Ridgeline3.0\deploy\extreme.war\mibs or in /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/deploy/extreme.war/mibs.Defining MessagesTo define messages for the alarm, click the Message tab. The Action definition page is displayed, asshown in Figure 232.Ridgeline <strong>Reference</strong> <strong>Guide</strong>323
The Ridgeline Alarm ManagerFigure 232: New Alarm Definition Window, Message DefinitionIn this window, you can add the messages that will be sent when the alarm occurs.A message you specify that will be transmitted whenever the alarm occurs. By default, the composefield contains the variable eventTypeName. You can delete this variable, add other variables asprovided in the system variables list, and add your own text. For Syslog messages, use the eventDatavariable to display the Syslog message.The email header provides the alarm number, alarm name, source IP address, the device name, andifIndex, severity.The body of the email provides the alarm time, alarm name, alarm category, severity, source IP addressand ifIndex, alarm message, the event name that triggered the alarm, the result of the alarm action, anda URL link to the Ridgeline server.System variablesA list that provides a list of variables you can select to include in the Message field. SeeTable 7 on page 315 for a definition of the Alarm Manager variables you can use in themessage field.The preview pane provides three previews; Ridgeline, Email, and Text Message. The preview shows themessage as it will appear when the alarm is triggered. The values of variables that are known aredisplayed. Variables that are unknown until the alarm is triggered will appear as variable names,surrounded by carets ().324Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16Figure 233: New Alarm Definition Window, Message Definition: NMS PreviewFigure 234: New Alarm Definition Window, Message Definition: E-mail PreviewRidgeline <strong>Reference</strong> <strong>Guide</strong>325
The Ridgeline Alarm ManagerFigure 235: New Alarm Definition Window, Message Definition: Text Message PreviewAlarm CategoriesAlarm categories are arbitrary collections of alarms that you can define as appropriate to your needs,and then assign to specific alarm definitions. For example, you might use categories to designate alarmsfrom individual buildings, floors, or workgroups. An ISP might define categories for alarms from aspecific customer’s equipment.By default, all alarms are assigned to the category named Default. This category can be renamed, but itcannot be deleted.Creating a New Alarm CategoryTo create a new alarm category, click the Add button at the top of the window.A small pop-up window appears into which you can enter the name of the new category. Click OK toenter the new category into the Category List.Modifying an Alarm CategoryTo rename an alarm category, click the Modify button at the top of the window.326Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16A small pop-up window appears and displays the current name of the category. Modify the name andclick OK to enter the revised category into the Category List.When an alarm category is renamed, all alarms assigned to that category are updated to use the newcategory name.Deleting an Alarm CategoryTo delete an alarm category, select the category from the Category List, then click the Deletebutton at the top of the window.CAUTIONDeleting a category also deletes all the alarm definitions that are assigned to that category. If you do notwant to delete those alarm definitions, you must first modify the alarm definitions to use a different alarm categorybefore you delete the category.A warning message appears to let confirm that you want to delete the category and the alarmdefinitions that are assigned to it. Click OK to delete the category and the alarms from the Ridgelinedatabase.The Default category cannot be deleted.Threshold ConfigurationCreating alarm definitions based on threshold events such as RMON utilization is a two-step process.First you must define the rules that control trap (event) generation. Then, you use these rules to definealarms for Rising or Falling threshold conditions.The Threshold Configuration page lets you define the conditions or rules that will cause certain trapevents to occur, and specify the devices on which these rules should be configured. You can use thispage to define thresholds for RMON utilization or CPU utilization. You can configure RMON thresholdtraps for a wide range of variables, but several (specifically port utilization, temperature, and STPtopology change) have been partially predefined to make the rule definition process easier.In these types of events, traps are generated based on comparing the value of the sample variable witha threshold value. The rules you set up specify the threshold values. Once these rules are in place, youcan use them in your Ridgeline alarm definitions for alarms that respond when a sample value crossesone of the thresholds you’ve defined. You must defined Ridgeline alarms based on the threshold rulesyou create; the trap events generated by threshold conditions will be ignored by the Alarm Manageruntil you define alarms that take actions on those events. See “Defining Alarms” on page 310 for moreinformation on creating alarms (known as RMON Trap Rising Alarms and RMON Trap Falling Alarms)using threshold event rules.NOTERMON must be enabled on the switch in order for RMON trap events to be generated.Ridgeline <strong>Reference</strong> <strong>Guide</strong>327
The Ridgeline Alarm ManagerNOTEThere are other SNMP traps supported by the Ridgeline Alarm Manager, but not included in Ridgeline’sthreshold configuration function, that may require conditions to be set on the switch to define when a trap shouldoccur. See “Configuring SNMP Trap Events” for additional information.In addition to specifying the conditions under which trap events should be generated, you also use theThreshold Configuration page to define the target devices on which the event rules should beconfigured.To view the current threshold configuration rules, and to create new rules or modify existing rules, clickthe Threshold configuration tab at the top of the page. The Alarm Manager Configuration page isdisplayed, as shown in Figure 236.Figure 236: Threshold Configuration WindowThe Configurations tree shows the existing RMON rule definitions as nodes in the tree, with the devicesto which they are applied shown as subnodes. The main panel shows the definition for the selected ruleon each target device.CPU Utilization is a predefined node in the Configurations tree. Devices on which a CPU utilizationrule is configured are shown as subnodes of the CPU Utilization node. There can be only one CPUutilization rule per device.Click the small plus next to a rule node to display in the tree the devices associated with that rule.To display the definition of a rule, click the rule node.RMON Rule DisplayFor RMON rules, the display shows the following for each device targeted by that rule:DevicePortVariableSample TypeSample IntervalThe name of the deviceThe port to which the rule appliesThe MIB variable being monitoredAbsolute or DeltaThe time between samples, in seconds.328Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16Rising ThresholdFalling ThresholdStartupIndexA threshold value that triggers an event when the value of the variable increments pastthis value.A threshold value that triggers an event when the value of the variable decreases past thisvalue.The condition that causes the initial event (Rising, Falling, or RisingOrFalling).The rule’s row index in the SNMP tables as obtained from the device’s SNMP agent.For a detailed definition of these parameters, see “Configuring an RMON Rule” on page 332.CPU Utilization Rule DisplayTo display the CPU Utilization rules, click the CPU Utilization node in the Configurations tree.Figure 237 shows the Alarm Manager Configuration page as it appears when displaying CPUConfiguration rules for a selected device.Figure 237: Threshold Configuration Window Showing CPU Configuration RulesFor each device targeted by that rule, the CPU Utilization rule display shows the following:DevicePortVariableSample TypeSample IntervalRising ThresholdFalling ThresholdStartupIndexThe name of the deviceThe port to which the rule appliesThe MIB variable being monitored (always extremeCpuUtilRisingThreshold.0)The method used to compare the variable to the threshold (shown as N/A, alwayscompares the actual sample value).The time between samples, in seconds.The threshold value that triggers an event when the CPU Utilization value (a percentage)increments past this value.Shown as zero, predefined to be 90% of the Rising Threshold value.The condition that causes the initial occurrence of this event (shown as N/A, predefined tobe Rising).The rule’s row index as returned by the device’s SNMP agent.For a detailed definition of these parameters, see “Configuring CPU Utilization Rules” on page 333.Ridgeline <strong>Reference</strong> <strong>Guide</strong>329
The Ridgeline Alarm ManagerCreating an Event RuleTo create a new event rule, click the Add button at the top of the page. This displays the NewRule configuration page, where you can configure a new event rule.See “Configuring a New Rule or Modifying a Rule” on page 331 for details about the fields inthis window.Modifying a RuleOnce a set of rules have been created, they must be modified individually. To modify a rule completethe following steps:1 Select the rule folder or the individual rule name in the Configurations tree to display therule details in the main panel of the window.2 Select the individual rule you want to modify.3 Click the Modify button at the top of the page.This opens the Modify Configuration window, showing the rule definition for the target youselected. The Modify Configuration window shows the same information as the NewConfiguration window, but with the information for the current target filled in.See “Configuring a New Rule or Modifying a Rule” on page 331 for details about the fieldsin this window.Deleting a RuleTo delete a rule, complete the following steps:1 Select the rule folder or the individual rule name in the Configurations tree to display therule details in the main panel of the window.2 Select the individual rule or rules you want to delete.3 Click the Delete button at the top of the window.4 A warning is displayed asking you to confirm that you want to delete these rules. Click Yesto delete the rule(s) or No to cancel the action.Synchronizing with Device RMON RulesTo synchronize the Ridgeline database with the RMON rules in place on a switch, click the Syncbutton at the top of the window.This opens the Synchronize RMON Rules window, where you can select devices forsynchronization. See “Synchronizing Ridgeline with Device RMON Rules” on page 337 for adescription of the Synchronize RMON Rules window, with instructions on performing the syncoperation.330Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16Configuring a New Rule or Modifying a RuleCreating a new rule and modifying an existing rule use the same window fields. The NewConfiguration and Modify Configuration windows look identical except that Modify Configurationdisplays the current settings for an existing rule. The definitions below apply to both operations.There are two parts to an event rule; the rule configuration itself, and the association of the rule to itstarget devices.The New Configuration window opens with the Configuration page displayed, as shown in Figure 238.The Modify Configuration window also opens showing the Configuration page, with the configurationsettings for the selected rule displayed.Figure 238: New Configuration Window for an RMON RuleTo create or modify a rule, complete the following steps:1 In the Configuration Type field, select the type of rule you want to create (RMON Event, CPUUtilization, Port Utilization, Temperature, or Topology change) from the drop-down list.NOTECPU Utilization is only supported on switches running <strong>Extreme</strong>Ware 6.2 or later. STP Topology changetraps are only supported on switches running <strong>Extreme</strong>Ware 6.2.2 or later.2 Type or select the configuration information in the appropriate fields. The information you can enterdiffers depending on the selection you made in the Configuration Type field.See “Configuring an RMON Rule” on page 332 for details about the information required for anRMON rule. See “Configuring CPU Utilization Rules” on page 333 for how to configure CPUUtilization Rules. See “Configuring Rules for the Predefined RMON Event Types” “ConfiguringRules for the Predefined RMON Event Types” on page 335 for configuring other predefined RMONevent types.3 Specify the devices that should be configured to generate the event you have defined; see“Configuring the Rule Target” on page 336 for details.4 Click Apply to add the new rule to the Configurations tree.For RMON rules, the rule name is included as a “folder” and each target device for the rule appearsas a separate component under that rule. The rule name also appears in the Event Name list.Ridgeline <strong>Reference</strong> <strong>Guide</strong>331
The Ridgeline Alarm ManagerFor CPU Utilization rules, each target device for a CPU utilization rule appears as a separatecomponent under the CPU Utilization “folder” in the Configurations tree.Configuring an RMON RuleIf you select RMON Event as the Configuration Type, the fields and buttons in this window are definedas follows:NameMIB VariableLook Up...DescriptionRising ThresholdFalling ThresholdSample TypeThe name for this rule.The MIB variable that the rule monitors. Type in the complete OID in its numeric form, or clickthe Look Up... button to bring up a list of variables that are available.• Type the beginning of a variable name into the MIB Variable field, then type a space, andthe Alarm Manager attempts to match your typing to the variable list and auto-complete yourentry.MIB variables that apply to the entire device have the suffix “.0” appended to them to createthe complete OID. MIB variables that apply per port are combined with the port ifIndex togenerate the OID.If the MIB variable you want to monitor does not appear in the MIB Variable lookup list, youcan still use the variable by typing its complete OID. Enter the OID in its numeric form, endingin .0 if it is a per device variable, or in the specific index if it is a per-port variable. If it is a tablevariable, you may need to enter each index and apply it to each target device one by one.Click this to display a list of the MIB variables that may be used in an RMON rule. The list isorganized by MIB group. Within the MIB variable list:• Click on a variable group to display the individual variables within the group.• Use the up and down arrow keys to scroll the list.Note: The MIB variable list displays only the MIBs that were shipped with the Ridgelinesoftware, and indexed by ifIndex. It does not display table variables in tables indexed by anindex other than (or in addition to) ifIndex.The description of the MIB variable. This description should specify the units of measure for thevariable, needed in order to correctly specify the Rising Threshold and Falling Thresholdvalues.A threshold value that triggers an event when the value of the variable increments past thisvalue. An event is generated when the sample value meets the following conditions:• When the sample value becomes greater than or equal to the Rising Threshold for the firsttime after the alarm is enabled, if the Startup Alarm condition is set to Rising orRisingOrFalling• The first time the sample value becomes greater than or equal to the Rising Threshold, afterhaving become less than or equal to the Falling ThresholdA threshold value that triggers an event when the value of the variable decreases past thisvalue. An event is generated when the sample value meets the following conditions:• When the sample value becomes less than or equal to the Falling Threshold for the firsttime after the alarm is enabled, if the Startup Alarm condition is set to Falling orRisingOrFalling• The first time the sample value becomes less than or equal to the Falling Threshold, afterhaving become greater than or equal to the Rising ThresholdThe method used to compare the variable to the threshold. Specify the type as follows:• Absolute to use the actual sample value of the variable• Delta to calculate the difference between the current sample value and the previous samplevalue of the variable, and use the difference in the comparison332Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16Sample Interval(seconds)Startup AlarmThe interval, in seconds, over which the data is sampled and compared to the rising and fallingthresholds.The condition that should be met to cause the initial occurrence of this event. Select from thefollowing:• Rising: An event is generated the first time the sample value becomes greater than or equalto the Rising Threshold value. No events are generated related to the Falling threshold untilafter this has occurred.• Falling: An event is generated the first time the sample value becomes less than or equal tothe Falling Threshold value. No events are generated related to the Rising threshold untilafter this has occurred.• RisingOrFalling: An event is generated the first time the sample value becomes eithergreater than or equal to the Rising Threshold value, or less than or equal to the FallingThreshold value.It is important to understand that, except for the initial occurrence of the alarm, an RMON alarm eventis generated only the when the sample value of the variable crosses one of the thresholds for the firsttime after having crossed the other threshold.NOTETo configure an alarm using an RMON threshold event, select RMON Rising or RMON Falling as theEvent Type.Configuring CPU Utilization RulesNOTECPU Utilization is only supported on switches running <strong>Extreme</strong>Ware 6.2 or later.If you select CPU Utilization as the Configuration Type, only the Rising Threshold field allows input, asshown in Figure 239. The other fields and buttons in this window are predefined.Figure 239: New Configuration Window for a CPU Utilization RuleRidgeline <strong>Reference</strong> <strong>Guide</strong>333
The Ridgeline Alarm ManagerThe fields displayed are defined as follows:Rule NameRising ThresholdDescriptionFor CPU Utilization, the name is predefined because there can only be one rule of this typeon a device.A threshold value, in percent, that triggers an event when the CPU utilization rises past thisvalue. This value is also used to compute a falling threshold, which is defined as 80% ofthe rising threshold.The description of the extremeCpuUtilRisingThreshold MIB variable.For a CPU Utilization event, the other parameters, such as the MIB variable, threshold, etc., arepredefined by the <strong>Extreme</strong> switch agent to be the following:MIB VariableFalling ThresholdSample IntervalSample TypeStartup AlarmThe MIB variable is predefined to be extremeCpuUtilRisingThreshold.0.This is predefined as 80% of the rising threshold.The sample interval for a CPU Utilization alarm is also predefined, and is set to 3 seconds.The sample value (a percentage) is always an absolute value.The Startup condition is predefined to be Rising.NOTETo define an alarm for a CPU Utilization threshold event, select SNMP Trap as the Event Type, then selectCPU Utilization Rising Threshold or CPU Utilization Falling Threshold as the Event Name.If you define an alarm for a CPU Utilization Rising Threshold event, an alarm is generated each timethe sample value meets the following conditions:●●The sample value becomes greater than or equal to the Rising Threshold for the first time (includingthe initial sample) after the alarm is enabled. (This is the startup condition.)The sample value becomes greater than or equal to the Rising Threshold, after having become less thanor equal to the Falling Threshold (80% of the Rising threshold).If you define an alarm for CPU Utilization Falling Threshold events, an event is generated each time thesample value becomes less than or equal to 80% of the Rising Threshold, after having become greaterthan or equal to the Rising Threshold.It is important to understand that, except for the initial occurrence of a Rising Threshold alarm, a CPUUtilization alarm is generated only the when the sample value of the variable crosses the targetthreshold for the first time after having crossed the other threshold.The startup condition for a CPU Utilization event is always predefined to be Rising.334Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 16Configuring Rules for the Predefined RMON Event TypesNOTEWhen you modify a Port Utilization, Temperature or Topology Change rule, you can modify all the fieldsavailable for general RMON Rules. See “Configuring an RMON Rule” on page 332 for the details on the fields youcan change.The Port Utilization, Temperature, and Topology Change configuration types are actually RMONutilization rules with a predefined configuration interface. The New Configuration and ModifyConfiguration windows are the same of the Configuration windows for a CPU Utilization event, (seeFigure 239), except that you must provide a name for the rule.NOTESTP Topology Change traps are only supported on switches running <strong>Extreme</strong>Ware 6.2.2 or later.The fields in this window are defined as follows:Rule NameRising ThresholdDescriptionThe name for this rule. For these events, this is user-defined.A threshold value that triggers a trap event when the value of relevant variable rises pastthis value. The thresholds are specified based on the configuration type as follows:• Port Utilization—A threshold value, in 100ths of a percent, that triggers an event whenthe port utilization rises past this value.• Temperature—A threshold value, in degrees celsius, that triggers an Overheat eventwhen the temperature rises past this value.• Topology Change—An integer threshold value that triggers a topology change eventwhen the total number of topology changes seen by this device since the managemententity was last reset or initialized, rises past this value.The description of the relevant MIB variable for the selected rule type.The Falling Threshold is automatically defined as 90% of the rising threshold value.The other parameters that you can set when you configure an RMON event are predefined in the<strong>Extreme</strong> switch agent for these three events. These are:MIB VariableFalling ThresholdStartup AlarmSample IntervalSample TypeThe MIB variable is predefined to be one of the following:• For Port utilization: extremeRtStatsUtilization.0• For Temperature: extremeCurrentTemperature.0• For Topology Change: dot1dStpTopChanges.0This is predefined as 90% of the rising threshold.The Startup condition is predefined to be RisingOrFalling.The sample interval is also predefined, and is set to 15 seconds.The sample value is an absolute value.NOTETo define an alarm using one of these predefined threshold events, select RMON Trap Rising Alarm orRMON Trap Falling Alarm as the Event Type in the Alarm Definition window.Ridgeline <strong>Reference</strong> <strong>Guide</strong>335
The Ridgeline Alarm ManagerConfiguring the Rule TargetClick the Target tab to display the New Configuration Target page, as shown in Figure 240.This page lets you specify which devices should be configured to generate the event you have defined.Figure 240: RMON Target Selection WindowThe fields and buttons in this window are defined as follows:Source TypeSelect GroupDevice/Device Group/Port GroupIfIndexSelectionThe source of the RMON rule targets (Device, Device Group, Port, or Port Group). Selectthe type you want from the pull-down list. The choices you have are determined by thevariable you selected for the rule. For example, if the variable you have selected to monitoris applied per port, you will be able to select by Port or Port Group.The device group whose members are displayed in the Device list. This choice is notavailable if you have selected Device Group or Port Group as the Source Type.The list of components (devices or groups) of the specified type. The field label changesbased on the Source Type. It is labeled Device when you select either Device or Ports (asecond field is provided for port selection if needed).If you leave your cursor over a device name for a moment, a pop-up displays the IPaddress of the device.The list of ports available on the device selected in the Device Source list. This list appearsonly if you’ve selected Port as the Source Type. Select a device from the Device list, andthe appropriate set of ports for the device appears.The devices, ports, device groups, or port groups that are currently targets for the RMONrule.The buttons in the middle of the page let you move selected devices, ports, or groups between thesource list and the Selection list:Add ->Adds the selected device(s), port(s), device Groups or Port Groups to the Selection list forinclusion in the scope of this alarm.Add All ->Adds all the components in the source list to the Selection list.
Chapter 16Synchronizing Ridgeline with Device RMON Rules1 To synchronize Ridgeline’s database with the RMON rules in place on a switch, click theSync button at the top of the window.The Synchronize RMON Rules window opens, as shown in Figure 241.Figure 241: Synchronize RMON Rules WindowYou can synchronize individual devices or all devices in a device group.1 To select a device group, select Device Group from the pull-down list in the Source Type field. A listof device groups is displayed.To select individual devices, select Devices in the Source Type field. A list is displayed showing allthe <strong>Extreme</strong> <strong>Networks</strong> devices managed by Ridgeline.2 To add a device or device group to the Selection list, select the device or device group and clickAdd ->. To add all devices or device groups in the list, click Add All ->.3 To remove a device or device group from Selection list, select the item and click
The Ridgeline Alarm Manager338Ridgeline <strong>Reference</strong> <strong>Guide</strong>
17CHAPTERConfiguration ManagerThis chapter describes how to use the Ridgeline Configuration Manager feature for:●●●●●Uploading and archiving configuration settings from one or more devices to Ridgeline, on demandor at a predefined (scheduled) time.Creating Baseline Configurations for one or more devices.Downloading configuration settings from Ridgeline to a device.Downloading an incremental configuration to one or more devices.Specifying and configuring the TFTP server to be used for uploading and downloadingconfiguration settings and software images.It contains the following sections:● “Overview of the Configuration Manager” on page 339● “Device Configuration Summary Status” on page 342● “Uploading Configurations from Devices” on page 345● “Downloading Configuration Information to a Device” on page 354● “Downloading an Incremental Configuration to Devices” on page 356● “Creating a Baseline Configuration File” on page 358● “Scheduling a Baseline Upload” on page 359● “Restoring a Baseline Configuration to a Device” on page 361● “Viewing a Configuration File” on page 362● “Comparing Two Configuration Files—The Diff Command” on page 363● “Configuring a Viewer” on page 364● “Configuring the TFTP Server” on page 365● “Configuring and Deploying <strong>Extreme</strong>XOS Scripts” on page 366Overview of the Configuration ManagerThe Ridgeline Configuration Manager provides a graphical interface for uploading and downloadingfiles to and from managed devices. It provides a framework for storing the configuration files to allowtracking of multiple versions, including baseline configuration files. Configuration file uploads can beRidgeline <strong>Reference</strong> <strong>Guide</strong>339
Configuration Managerperformed on demand, or can be scheduled to occur at regular times—once a day or once a week. TheConfiguration Manager supports <strong>Extreme</strong> <strong>Networks</strong> devices only.For devices running <strong>Extreme</strong>XOS, both the current configuration file and any Policy files saved on theswitch are uploaded, and saved in .zip format. The individual elements of the zip file (configuration fileand policy files) can be inspected individually.The Configuration Manager also provides the ability to view the differences between configuration files,or between Policy files (for <strong>Extreme</strong>XOS). If a baseline file exists, the Configuration Manager willautomatically check for differences whenever a scheduled archive upload is performed.Additionally, the Configuration Manager provides an interface for creating and editing <strong>Extreme</strong>XOSscripts, and deploying them to managed devices.To start the Configuration Manager, expand the Network Administration folder and click ConfigurationManager.Configuration Manager FunctionsThere are multiple ways to invoke the functions provided by the Configuration Manager:●●●●Selecting an option from the Configuration > Tasks menu on the Ridgeline Tools menu fromNetwork ViewsSelecting Configuration manager from the Network Administration folderSelecting a device in Network Views, then selecting Configuration files from the Device menuUsing the menus at the top of the main Configuration Manager frameThe Config MenuThe Config menu contains the following items:Upload from deviceSchedule archiveDownload to deviceDownload increment todeviceUpload configuration from one or more devices. See “Uploading Configurations fromDevices” on page 345 for details on using this feature.Create a schedule for archiving configuration information from one or more devices.See “Scheduling Device Archive Uploads” on page 349 for details on using thisfeature.Download a saved configuration to a selected device. See “Downloading ConfigurationInformation to a Device” on page 354 for details on using this feature.Download an incremental configuration to one or more selected device. See“Downloading an Incremental Configuration to Devices” on page 356 for details onusing this feature.Baseline (valid only for devices running <strong>Extreme</strong>Ware or <strong>Extreme</strong>XOS 11.4 or higher)Create for groupRemove from groupDesignate the selected saved configuration as the baseline configuration. If a devicegroup is selected, designates the most recent uploaded configuration file for eachdevice as the baseline configuration for that device. See “Creating a BaselineConfiguration File” on page 358.Remove the saved baseline configuration file, and reset the baseline time and baselinefilename in the status display. If a device group is selected, removes the savedbaseline files for all devices in the group, and resets the baseline status for thosedevices. See “Removing a Baseline Configuration File” on page 359.340Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17ScheduleRestoreScheduled configurationsCreate a schedule for uploading configuration information that will be saved as thebaseline configuration for the device, or for all devices in a device group. See“Scheduling a Baseline Upload” on page 359.Restores the baseline configuration to the selected device. See “Restoring a BaselineConfiguration to a Device” on page 361.Displays the status and results of the configuration upload/download activities for alldevices and device groups, as well as information about the next scheduledconfiguration upload.The Scripts MenuThe Scripts menu in Configuration Manager contains commands used with the <strong>Extreme</strong>XOS scriptingfeature. The Scripts menu contains the following item:Managed ScriptsOpen the Managed Scripts window, which allows you to create, view, edit and deploy<strong>Extreme</strong>XOS scripts using Ridgeline. See “Uploading Configurations from Devices” onpage 345” for details on using this feature.Configuration File LocationsConfiguration and baseline files are saved in different directories depending on how they wereuploaded (manually, as a scheduled archive, or as a baseline). The default locations are as follows:●●●Configuration files that are uploaded manually (not as a scheduled operation) are stored as text files(for <strong>Extreme</strong>Ware) or as Zip archive files (for <strong>Extreme</strong>XOS) in the \configs directory,in a subdirectory hierarchy organized by year, month, and day. The file names by default are formedfrom the IP address of the device with a timestamp appended. The default form of the file name fora manually uploaded configuration file is:\configs\\\\_.txt for devicesrunning <strong>Extreme</strong>Ware\configs\\\\_.zip for devicesrunning <strong>Extreme</strong>XOS.Configuration files that are uploaded through a scheduled archive upload are stored in the\configs\archive directory, also in a subdirectory hierarchy organized by year,month, and day. The form of the file name for an archived configuration file is:\configs\archive\\\\_.txt for devicesrunning <strong>Extreme</strong>Ware\configs\archive\\\\_.zip for devicesrunning <strong>Extreme</strong>XOS.Baseline configuration files for <strong>Extreme</strong>Ware are stored in the \baselines subdirectory.Since there can only be one baseline configuration per device, baseline configuration files are savedwith filenames created just from the device IP address. The form of the file name for a baselineconfiguration file is:\baselines\.txt for devices running <strong>Extreme</strong>Ware or <strong>Extreme</strong>XOS11.4 or higher.NOTEBaselining is not supported for devices running versions of <strong>Extreme</strong>XOS lower than 11.4.Ridgeline <strong>Reference</strong> <strong>Guide</strong>341
Configuration Manager is the location of the TFTP server.By default, is deploy\user.war\tftp.In the Windows operating environment, is c:\Program Files\<strong>Extreme</strong><strong>Networks</strong>\Ridgeline3.0.In a Linux or Solaris environment, is /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0.<strong>Extreme</strong>XOS Script File LocationsThe <strong>Extreme</strong>XOS script scripts that have been deployed on the device are stored on the Ridgeline serverin the following directory:\scripts\The is by default deploy\user.war\tftp where is the directory where the Ridgeline server is installed. Note that if youspecified an alternate name for the script using the “Save script on device with this filename” option onthe script customization screen, the script is stored on the Ridgeline server under its original name, notthe name that you specified.Device Configuration Summary StatusWhen the Configuration Manager opens, a blank table is displayed. Click All devices or specify adevice group name in the Device group box to display the summary status for the devices in the group,as shown in Figure 242.342Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17Figure 242: Configuration Manager showing summary device statusThis display shows a summary of the upload and download activity for each managed device, asfollows:NameIP AddressLast Upload StatusLast Successful UploadNext UploadLast Successful DownloadBaseline TimeDifferentThe device nameThe device IP address.The status of the most recent configuration activity; Successful, Failed or None.The date and time of the last successful upload for the deviceThe date and time for the next Archival upload, if one is scheduled.The last configuration download that has taken place through the RidgelineConfiguration Manager for this device.The date and time that a baseline configuration upload occurred.Indicates whether the last uploaded device configuration is the same as the baselineconfiguration. A green check indicates that configurations are the same. A red Xindicates that the current configuration is not the same as the baselineconfiguration.You can display the upload and download status of the configuration information for an individualdevice by selecting the device, then selecting Configuration files from the right-click menu. Thisdisplays a status window for the device similar to the one shown in Figure 243.Ridgeline <strong>Reference</strong> <strong>Guide</strong>343
Configuration ManagerFigure 243: Configuration and Software Status for an Individual Device (<strong>Extreme</strong>Ware)The top section of the device status window displays the currently archived configuration files, with thefollowing information about each file:FilenameDirectoryUpload TimeBaselineThe filename of the archived configuration (.txt extension for <strong>Extreme</strong>Ware devices,.zip extension for <strong>Extreme</strong>XOS devices).For <strong>Extreme</strong>XOS devices, the .zip file itself can be expanded to display its componentparts—the configuration file, script files, and policy files:• If the <strong>Extreme</strong>XOS device is running version 11.4 or higher, the configuration file isin plain ASCII text format (file extension .xsf), and in XML format (file extension.txt)• If the <strong>Extreme</strong>XOS device is running a version of <strong>Extreme</strong>XOS earlier than 11.4, theconfiguration file is a text file in XML format. (file extension .txt)• Script files (file extension .xsf)• Policy files (file extension .pol)The directory where the archived configuration file is storedThe date and time at which the configuration was uploaded from the device.Whether the configuration is the baseline configuration. A green check indicates thatthis file has been designated as the baseline configuration. A red X indicates that this isnot the baseline configuration.344Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17The bottom section of the device status window shows status information about the device. The firstlines show basic identification information for the device. The remaining lines show the followinginformation about the device configuration files.Baseline FileBaseline TimeScheduled BaselineLast Upload StatusLast Upload FilenameNext Upload TimeLast Download TimeLast Download StatusLast Download FilenameFilename (with path) of the baseline configuration, if there is one.The date and time at which the baseline configuration was uploaded from the device.The date and time for the next scheduled baseline configuration upload, if one isscheduled.Whether the last upload was successful or not, and if successful, whether it isdifferent from the saved baseline configuration.Filename (with path) of the last successful archive upload for the deviceThe date and time for the next archival upload, if one is scheduled.The date and time of the last time a configuration file was downloaded to the device.The status of the download (In progress..., successful, failure, or none).Filename (with path) of the configuration file that was last downloaded to the device.Any of the files within the <strong>Extreme</strong>XOS zip file can be selected and then viewed with the Viewcommand (see “Viewing a Configuration File” on page 362). If multiple configuration zip files havebeen uploaded from a device running <strong>Extreme</strong>XOS, you can select and view the differences betweenlike elements from within the files (i.e. the configuration files or policy files). See “Comparing TwoConfiguration Files—The Diff Command” on page 363 for more information.The Configuration Scripts tab lists all of the <strong>Extreme</strong>XOS scripts that have been deployed on this deviceusing Ridgeline, and when the scripts were last modified. If you modified a script’s parameters for thedevice before deploying the script, the device-specific version of the script is listed here.When the Configuration Scripts tab is selected, columns in the top section show the followinginformation about each script file:Script NameModified OnThe name of the deployed script. To view the contents of the script, select the scriptfrom the list and click the View button (or select View from the Scripts menu). Thescript is opened in a read-only window.When the script was last modified on the server.To view the differences between two <strong>Extreme</strong>XOS scripts deployed on the device, select the two scriptsin the list and click the Diff button. The differences between the scripts are shown in the configuredDiff viewer for Ridgeline.The bottom section of the device status window shows information about the last script that wasdeployed to the device.Last Deployed ScriptLast Deployment StatusLast Deploy TimeThe name of the last script deployed on the deviceThe result of the deployment (success or failure)The date and time of the deploymentUploading Configurations from DevicesTo upload the configuration information from one or more devices, click the Upload button at the top ofthe window, or select Upload from device from the Config menu.Ridgeline <strong>Reference</strong> <strong>Guide</strong>345
Configuration ManagerFor <strong>Extreme</strong>XOS devices, this command uploads the configuration information and any policy filessaved on the device, and saves them into a compressed archive file (zip file).The Upload Configuration from Devices window appears, as shown in Figure 244.Figure 244: Upload Configuration from Devices WindowThe fields in this window are as follows:Device Group:Available Devices:Devices for Upload:Upload File OptionsArchive to DefaultLocationBaselineArchive to:Device group from which to select devices for upload. Determines the devices shown in theAvailable Devices list. Select All Devices from the drop-down menu to include all devices inthe Available Devices list.The devices from which you can upload configuration information. Shows devices in theDevice Group selected in the Device Group field.The devices you have selected from which to upload configuration files.Select this option to create files for each upload under the Ridgeline configs directory, in asubdirectory hierarchy organized by year, month, and day. The form of the fully qualified filenames for these files is:\configs\\\\_.txtor\configs\\\\_.zipwhere is the location of your TFTP server. (By default, isdeploy\user.war\tftp.)Check this option to designate the uploaded Configuration files as the baseline files for theselected devices. If this option is checked, the file is placed in a baseline subdirectory:\baseline\.txtSelect this to specify your own directory structure and file naming convention relative to theTFTP root’s configs subdirectory. The structure will be of the form:\configs\\_.txtor\configs\\_.zipwhere is the subdirectory you specify in the File Location field, and is the string you specify in the FileName Trailer field.346Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17File Location:FileName Trailer:Configurationinformation saved at:Specify the path where the files should be stored, starting from theconfigs subdirectory. This field is available only when the Archive To option is selected.• Do not include \configs\ as part of the path; just include the remainingpath.Specify a string to be appended to the regular file name format to create a file name. Thisfield is available only when the Archive To option is selected.For example, if you specify a file name trailer of “week_8_backup” then the filename for thedevice, assuming the default file name format, would be__week_8_backup.txt.Shows the directory path where configuration information will be saved, and the current filename format, as specified using the Configure Upload File Name Format dialog. See “Changingthe Configuration Filename Format” on page 348 for details.To upload device configurations to Ridgeline, complete the following steps:1 Select a device group or All Devices from the drop-down menu in the Device Group field.2 From the Available Devices list, select the devices from which you want to set an upload schedule,and click Add to add them to the Devices for Upload list. Click Add All to add all the devices inthe Available Devices list.3 Specify where the uploaded information should be stored.To store the files in the Ridgeline default configs directory, select Archive to Default Location. Tospecify your own location, select Archive to.In either case, you can designate these configuration files as the baseline files for the selected devicesby checking the Baseline checkbox.NOTEIf you have reconfigured your TFTP root directory (see “Configuring the TFTP Server” on page 365), theconfigs subdirectory will be found directly below your TFTP root directory.4 You can change the location (relative to the TFTP root’s configs subdirectory) and file namingconvention used to store your uploaded files. The location and naming structure will be of the form:\configs\\_.txt (or .zip)●●●To change the File Location, type the path you want Ridgeline to create under the\configs\To have Ridgeline append a text trailer to the file names it creates, enter the trailer string in theFileName Trailer field.By default, Ridgeline saves configuration files using file names created from the device name, IPaddress, and the time at which the upload was performed: _.txt.In addition to appending some trailer text, you can change the format of the file name. The IPAddress and Time elements are required, but you can change the order, and include otherelements as well as adding text of your own. See “Changing the Configuration Filename Format”on page 348.5 Click Apply to start the upload process.Ridgeline <strong>Reference</strong> <strong>Guide</strong>347
Configuration ManagerChanging the Configuration Filename FormatTo change the filename format:1 Click the Configure Upload Filename Format button to open the Configure Upload FilenameFormat window.2 Create your filename format in the field provided as follows:● Type a space to invoke a list of elements you can include. These include the system name(SysName), IP address, Date, and Time. The default is _, which you canspecify as a unit by choosing DEFAULT from the list. You can select these in any order, but youmust include both the IP address and the Time somewhere in your filename format. Each elementyou choose is separated from its neighboring elements by an underscore.● You can include text of your own in the filename format; it will then appear in every file nameRidgeline creates (until you change the format).3 Click Apply when you have finished.When you change the filename format, it becomes the default format for any upload operations youperform within this Configuration Upload session—when you close the Configuration Upload window,the filename format reverts to the default.You can change the default configuration filename format from within Ridgeline Administration, ServerProperties, under the Other category. See “Server Properties Administration” on page 469 for moreinformation.Archiving Configuration SettingsYou can schedule the uploading (archiving) of configuration information so that it is done automatically,either once a day or once a week. You can set up a global archive schedule, as well as schedulearchiving for individual devices. All new devices added to the Ridgeline database use the global uploadschedule, if one has been set up, until they are configured with an individual archiving schedule. Bydefault, no global archiving is scheduled.When a scheduled upload occurs for a device, if a baseline configuration has been designated for thedevice, Ridgeline automatically compares the new archive configuration with the baseline configuration,and sends an email report if differences are found. This requires configuration of the email notificationfeature (see “Configuring E-Mail Notification of Archive/Baseline Differences” on page 354). Thesereports are saved in the \configs\reports directory.Since archiving files on a regular basis for a large number of devices could eventually use too muchdisk space, you can set limits on the number of archive files that are kept, or set a time limit for howlong they are kept.In addition, in Ridgeline Administration you can specify whether the device configurations are alwaysuploaded at the scheduled archive time, or are uploaded only when the device configuration haschanged. The default is to perform a scheduled upload only when the configuration has changed. See“Server Properties Administration” on page 469 for more information about how to set the uploadingconfiguration settings.348Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17Scheduling Device Archive UploadsA device, a set of devices, or one or more device groups can be scheduled for archive individually andindependently of other device upload schedules. To schedule device configuration archive uploads, clickthe Archive button at the top of the window, or select Schedule archive from the Config menu.The Schedule Upload window appears, as shown in Figure 245, with the Device Schedule tabdisplayed.Figure 245: Schedule Upload WindowThe fields in the Device Schedule window are as follows:Device GroupThe device group from which to select devices for upload. Determines the devices shownin the Available Devices list. Select All Devices from the drop-down menu to include alldevices in the Inventory database in he Available Devices list.Available Devices: The devices from which you can upload configuration information. Shows devices in theDevice Group selected in the Device Group field.Devices for Scheduling: The devices you have selected from which to upload configuration files.Set ScheduleSpecify the schedule you want:• No Schedule Removes any schedule associated with the device(s) in the Devices for Scheduling list.• Repeat Every Day The upload should be done every day at the specified time for the devices in the Devicesfor Scheduling list. When you select this option, you can specify the time of day (the hourand minutes) at which the upload should be done.Ridgeline <strong>Reference</strong> <strong>Guide</strong>349
Configuration Manager• Repeat Every Week The upload should be done every week at the specified day and time for the devices inthe Devices for Scheduling list. When you select this option, you can specify the time ofday (the hour and minutes), and the day of the week at which the upload should bedone.At:Hours (0-23): Specify the hour at which the upload should be done.Minutes (0-60): Specify the minute within the hour at which the upload should be doneDays of Week: For a weekly schedule, specify the day of the week on which to performthe upload.Configurationinformation saved at:Shows the directory path where archived configuration files are saved, and the currentfile name format.By default, archived file information will be stored in the form:\configs\archive\\\\_.txtwhere is the location of your TFTP server.(By default, is deploy\user.war\tftp.)You can change the filename format using the Configure Upload File Name Format dialog.See “Changing the Configuration Filename Format” on page 348 for details.To schedule the upload of device configurations, complete the following steps:1 Select a device group or All Devices from the drop-down menu in the Device Group field.2 From the Available Devices list, select the devices from which you want to set an upload schedule,and click Add to add them to the Devices for Upload list. Click Add All to add all the devices inthe Available Devices list.3 Specify the schedule you want.4 Click Apply to have the upload schedule set for these devices.Scheduling Global Archive UploadsWhen you add devices to the Ridgeline database, configurations on those devices are automaticallysaved according to the global schedule for configuration uploads, if one has been set. If you have adevice or series of devices that require a configuration upload schedule that differs from the globalschedule, see “Scheduling Device Archive Uploads” on page 349 for information on how to create anindividual configuration schedule.To set or modify the Global Upload schedule, select the Global Schedule tab in the Schedule Uploadwindow (as shown in Figure 246).350Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17Figure 246: Global Schedule Upload WindowThe fields in this window are as follows:Current Global Schedule Indicates the current schedule.Change Current Global Specify the global schedule using one of the options below.Schedule• No Schedule Removes any schedule associated with the device(s) that use the global schedule.• Repeat Every Day The upload should be done every day at the specified time for devices that use theglobal schedule. When you select this option, you can specify the time of day (the hourand minutes) at which the upload should be done on.• Repeat Every Week The upload should be done every week at the specified day and time for devices thatuse the global schedule. When you select this option, you can specify the time of day(the hour and minutes), and the day of the week at which the upload should be done.At:Hours (0-23): Specify the hour at which the upload should be done.Minutes (0-60): Specify the minute within the hour at which the upload should be doneDays of Week: For a weekly schedule, specify the day of the week on which to performthe upload.Configuration informationsaved at:Shows the directory path where archived configuration files are saved.Archived file information will be stored in the form:\configs\\\\_.txtwhere is the location of your TFTP server.By default, is deploy\user.war\tftp.You can change the filename format using the Configure Upload File Name Format dialog.See “Changing the Configuration Filename Format” on page 348 for details.Click Apply to set the global upload schedule for devices that do not have an individually setconfiguration schedule.Setting Archive LimitsConfiguration File LocationsRidgeline <strong>Reference</strong> <strong>Guide</strong>351
Configuration ManagerDevice Configuration Summary StatusUploading Configurations from DevicesConfiguration File LocationsScheduling Device Archive UploadsArchive/Baseline Differences ReportConfiguring E-Mail Notification of Archive/Baseline DifferencesDownloading Configuration Information to a DeviceDownloading an Incremental Configuration to DevicesCreating a Baseline Configuration FileScheduling a Baseline UploadRestoring a Baseline Configuration to a DeviceViewing a Configuration FileComparing Two Configuration Files—The Diff CommandConfiguring a ViewerConfiguring the TFTP ServerYou can limit the number of archived configuration files keeps for a device to prevent accumulated filesfrom using too much disk space on the Ridgeline server. You can set a limit either by specifying thenumber of files kept for each device, or by specifying how long to keep files.NOTEArchive limits apply only to files created automatically through a scheduled upload.To set archive limits, select the Archive Limit tab in the Schedule Upload window (as shown inFigure 247).Figure 247: Archive Limits WindowThe archive limit settings you can select are:No LimitAn unlimited number of files can be saved for each device. This is the default.352Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17Number of copies per device tokeepSpecifies the number of files to keep for each device. When the limit isreached, the oldest files for the device are deleted.Days to keep the configuration files Specifies that Ridgeline should not keep configuration files that are older thanthe time limit. When a configuration file exceeds the age limit, it is deleted.Click Apply to set the archive limit.Archive/Baseline Differences ReportWhen Ridgeline uploads a scheduled archive configuration, it automatically compares the newconfiguration with the baseline configuration for the device, if a baseline configuration exists. Ifdifferences are found, it generates a report that can be emailed (see “Configuring E-Mail Notification ofArchive/Baseline Differences” on page 354). The report is created as an Adobe Acrobat PDF file, and issaved in the \configs\reports directory, named with the date at which the report wascreated (for example, 2009_10_11.pdf). Figure 248 shows an example of this report. The one reportcontains information about configuration changes detected for all devices included in the scheduledarchive operation.Figure 248: Configuration Change ReportFor each device, the report shows the information about each configuration change it has detected:TypeThe type of change that occurred (add, modify, or delete)Ridgeline <strong>Reference</strong> <strong>Guide</strong>353
Configuration ManagerConfiguration ChangeSwitch Log EventThe changed lines in the configuration fileThe switch log event entries (if any) that are related to the configuration change.If either the baseline configuration or the archived configuration file for a device is too large, Ridgelinedoes not attempt to analyze the differences.Configuring E-Mail Notification of Archive/Baseline DifferencesIf differences are found between the newly archived configuration and the baseline configuration,Ridgeline can send a report via email. You must configure the email notification part of this featurebefore it can function properly.To configure email notification, select E-mail settings from the main Ridgeline Tools menu.Figure 249: Email Settings WindowFill in the fields as follows:Email toSMTP HostSent ByMy server requiresauthenticationUser NamePasswordThe email address(es) of the recipient(s) of the email. E-mail addresses in a list canbe separated by commas, semicolons, or spaces.The outgoing mail server name (or IP address).The e-mail address that should be used as the sender of the e-mail.Check this if your mail server authenticates the user before sending out e-mail andenter the username and password of an account that the SMTP server accepts.Usually this is the account you use to log into your network.If you don’t know whether your server requires authentication, you can go aheadand enter the authentication information—it is ignored if it is not actually needed.The username for mail server authentication.The password for mail server authentication.Downloading Configuration Information to a DeviceDownloading a configuration does a complete configuration download, resetting the current switchconfiguration and replacing it entirely with the new downloaded configuration. The switch is rebootedautomatically after the download has completed. On <strong>Extreme</strong> devices, you can have the switch save theconfiguration after reboot as the Primary, Secondary or Current configuration. You can only downloadto one device at a time.354Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17To download saved configuration information to a device, click the Download button at the top of thewindow, or select Download to device from the Config menu.The Download Configuration window appears, as shown in Figure 250.Figure 250: Download Configuration WindowThe fields in this window are as follows:Device Group:DeviceLast Uploaded ConfigurationFile Location:Show Uploaded ConfigsDevice group from which to select the device for a configuration download.Determines the devices shown in the Device list. Select All Devices from the dropdownmenu to include all devices in the Available Devices list.The devices for which you can download configuration information. Shows devicesin the Device Group selected in the Device Group field.If configuration information has been uploaded from the device, the file where itwas saved.The location and name of the file to download. When you select a device, the filedisplayed as the Last Uploaded Configuration appears here.To select a different file, you can type a filename into this field, or click the ShowUploaded Configs button and select the file to be downloaded.Click to display a pop-up list of configuration files available for the selected device.Select a configuration the file to be downloaded from the list and click OK, or Closeto close the pop-up list.Ridgeline <strong>Reference</strong> <strong>Guide</strong>355
Configuration ManagerDownload configuration to:Save configuration to:Select the location on the device to which the configuration should be downloaded:• Current: Downloads to the current partition (<strong>Extreme</strong>Ware devices only).• Primary: Downloads to the Primary partition.• Secondary: Downloads to the secondary partition.For devices running <strong>Extreme</strong>Ware, check to automatically save the configurationfile on the device after the device reboots.Select the location on the device where the configuration should be saved:• Current: Saves as the current configuration.• Primary: Saves as the Primary configuration.• Secondary: Saves as the secondary configuration.To download a configuration to a device, complete the following steps:1 Select a device group or All Devices from the drop-down menu in the Device Group field.2 Select the device from the device list presented. You can only download to one device at a time.3 Select the file you want to download. The default is the Last Uploaded Configuration, if there is one.You can also enter a file name or select from a list of files saved for this device.4 For <strong>Extreme</strong>Ware devices, specify the target location for the configuration, and whether Ridgelineshould save the file on the device after reboot.5 To start the download, click the Apply button. The Message from Server dialog box appears.Downloading an Incremental Configuration to DevicesThe Incremental download feature lets you download only selected configuration settings to a device,instead of replacing the entire device configuration file.An incremental configuration download executes only the commands specified in the incrementaldownload file. It does not reset the switch configuration or replace any other configuration settings thatmay exist in the device. No reboot is necessary. The Ridgeline incremental download does not save theconfiguration; you must do so manually.Within Ridgeline, you can create or designate a set of configuration information as a baselineconfiguration for devices running <strong>Extreme</strong>Ware 6.0 or later or <strong>Extreme</strong>XOS 11.4 or later (see “Creating aBaseline Configuration File” on page 358). Using an incremental download to execute a baselineconfiguration provides a known, “standard” configuration that you can use to ensure that devices areconfigured into a known state. For example, if you want to set a group of devices to the same basicconfiguration, you can first set individual IP addresses on each device, and then use the incrementalconfiguration download feature to set all other configuration settings on all devices to a common state.Incremental downloads are supported on <strong>Extreme</strong> <strong>Networks</strong> devices running <strong>Extreme</strong>Ware 6.0 or later.To download an incremental configuration to a device, click the Increment button at the top of thewindow, or select Download incremental to device from the Config menu.356Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17The Download Incremental Configuration to Devices window appears, as shown in Figure 251.Figure 251: Download Incremental Configuration WindowThe fields in this window are as follows:Device Group:Supported DevicesDownload Incrementalconfig to listAvailable IncrementalConfigsSelect a device group or All Devices from the drop-down menu.Select the devices for which you want to download the baseline configuration, then clickthe Add-> button.If you want to download the baseline configuration to all the devices in the devicegroup, click the Add All-> button.When you select devices from the Supported Devices list and click Add-> or Add All->,the devices are moved to the Download Incremental Config to list.To remove devices from the Download Incremental config to list, select the devices andclick the Adds the selected device(s) to the Devices for Upload list.Adds all the devices in the Available Devices list to the Devices for Upload list.
Configuration ManagerNOTEThe Ridgeline software does not reboot the device or save the configuration on the device after thedownload. You can use Telnet to open a Telnet session on the affected devices and execute a save configurationcommand.NOTEThe Configuration Manager displays an error if you attempt an incremental download on a switch running aversion of <strong>Extreme</strong>Ware prior to 6.0.Creating a Baseline Configuration FileNOTEBaseline configuration files are not supported for devices running <strong>Extreme</strong>XOS versions lower than 11.4.The purpose of a baseline configuration is to provide a set of known, standard configuration settingsyou can download to a device to restore it or initialize it to a known software state.There are several ways to create a baseline configuration:● You can start with a configuration file you have previously uploaded, and designate it as a baselineusing the Baseline > Create command from the Config menu.a Select the device for which you want to create a baseline.b Select the configuration file that should be designated as the baseline.c Select Baseline, then Create from the Config menu.●●You are asked to confirm that this configuration file should be used as the baseline.You can upload a configuration as a baseline. You do this by using the Upload command, andchecking the Baseline checkbox under Upload File Options. See “Uploading Configurations fromDevices” on page 345 for more information.You can schedule a baseline upload. See “Scheduling a Baseline Upload” on page 359 for details.Baseline configuration files are stored in the \baselines directory, where isthe location of your TFTP server. By default, isdeploy\user.war\tftp.Baseline files are always named in the form .txt. So, the baseline file for the devicewith IP address 10.205.2.39 will be 10_205_2_39.txt in the directory \baselines. is the Ridgeline installation directory. Thus, if you installed the Ridgelineserver under Microsoft Windows using the default installation path, the baseline configuration fordevice 10.205.2.39 would be saved in c:\Program Files\<strong>Extreme</strong><strong>Networks</strong>\Ridgeline3.0\deploy\user.war\tftp\baselines\10_205_2_39.txt, unless you havereconfigured your TFTP root directory.358Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17NOTEIf you have reconfigured your TFTP root directory (see “Configuring the TFTP Server” on page 365), thebaselines subdirectory will be found directly below (as a child of) your TFTP server root directory.Removing a Baseline Configuration FileYou can remove baseline configuration files using the Baseline > Remove command from the Configmenu.● If you have an individual device selected when you execute this command, Ridgeline deletes thebaseline file for the selected device, and resets the device status so the Baseline Time is set to Noneand the Baseline filename is cleared.● If you have a device group selected, Ridgeline deletes any baseline files for all devices in the devicegroup, and resets the baseline status of those devices.Scheduling a Baseline UploadYou can schedule the upload of a baseline configuration for one or more devices. Unlike the Archivefeature, this is a one-time event; you cannot schedule repeating baseline uploads. This feature allowsyou to schedule the upload up to a week ahead at a convenient time (when network activity is low, forexample) without requiring administrator attendance.NOTEBaseline configuration files are not supported for devices running <strong>Extreme</strong>XOS versions lower than 11.4.To schedule baseline configuration uploads, select Baseline, then Schedule from the Config. TheSchedule Baseline window appears, as shown in Figure 252.Ridgeline <strong>Reference</strong> <strong>Guide</strong>359
Configuration ManagerFigure 252: Schedule Baseline WindowThe fields in the Schedule Baseline window are as follows:Device GroupAvailable Devices:Devices for Scheduling:Set ScheduleThe device group from which to select devices for upload. Determines the devices thatappear in the Available Devices list. Select All Devices from the drop-down menu toinclude all devices in the Inventory database in the Available Devices list.Groups and subgroups within a device group hierarchy are indicated by a vertical bar(|) character between device group names. For example, “North America | Bay Area”indicates a top-level device group “North America” with a subgroup “Bay Area”.The devices from which you can upload a baseline configuration. Shows devices in theDevice Group selected in the Device Group field.The devices you have selected from which to upload baseline configuration files.Specify the schedule you want:• No Schedule Removes any schedule associated with the device(s) in the Devices for Scheduling list.• Schedule Baseline The upload should be done at the specified day and time for the devices in the Devicesfor Scheduling list. When you select this option, you can specify the day and the timeof day (the hour and minutes) at which the upload should be done.At:Configuration informationsaved at:Hours (0-23): Specify the hour at which the upload should be done.Minutes (0-60): Specify the minute within the hour at which the upload should be doneDays of Week: For a weekly schedule, specify the day of the week on which to performthe upload.Shows the directory path where the baseline configuration files are saved.By default, baseline file information will be stored in the form:\baseline\_.txtwhere is the location of your TFTP server.By default, is deploy\user.war\tftp.To schedule the upload of device configurations, complete the following steps:1 Select a device group or All Devices from the drop-down menu in the Device Group field.2 From the Available Devices list, select the devices from which you want to set an upload schedule.360Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17The buttons in the center of this window function as follows:Add ->Adds the selected device(s) to the Devices for Upload list.Add All ->Adds all the devices in the Available Devices list to the Devices for Upload list.
Configuration ManagerThe fields in this window are as follows:Device Group:DeviceBaseline ConfigurationDownload configurationto:Save configuration to:Device group from which to select the device for a configuration download.Determines the devices shown in the Device list. Select All Devices from the dropdownmenu to include all devices in the Available Devices list.The devices to which you can download a baseline configuration. Shows devices inthe Device Group selected in the Device Group field.If a baseline configuration has been uploaded from the device, the file where it wassaved.Select the location on the device to which the configuration should be downloaded:• Current: Downloads to the current partition.• Primary: Downloads to the Primary partition.• Secondary: Downloads to the secondary partition.Check to automatically save the configuration file on the device after the devicereboots.Select the location on the device where the configuration should be saved:• Current: Saves as the current configuration.• Primary: Saves as the Primary configuration.• Secondary: Saves as the secondary configuration.To restore (download) a baseline configuration to a device, complete the following steps:1 Select a device group or All Devices from the drop-down menu in the Device Group field.2 Select the device from the device list presented. You can only restore to one device at a time. You donot need to select a configuration file as the baseline file is used.3 For <strong>Extreme</strong>Ware devices, specify the target location for the configuration, and whether Ridgelineshould save the file on the device after reboot.4 To start the download, click the Apply button.Viewing a Configuration FileThe view feature allows you to look at the contents of a saved configuration or baseline file using eithera built-in viewer, or a file viewer of your choice. See “Configuring a Viewer” on page 364 forinformation on configuring a different file viewer.To view a configuration file:1 In the main Configuration Manager window, select the device with the configuration file you wantto view, then select Configuration files from the right-click pop-up menu.2 Select the configuration file you want to view.For <strong>Extreme</strong>XOS devices, you must expand the contents of the .zip file and select the configurationfile or a policy file from within the .zip file to view. You cannot use the View function by selectingthe .zip file.3 Click the View button at the top of the window, or select View from the Config menu.If you have not selected a configuration file, if you select more than one file, or if you select a .zip file(for devices running <strong>Extreme</strong>XOS), the View button and View command are not available.362Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17To view a baseline configuration file:1 In the main Configuration Manager window, select the device whose baseline you want to view,then select Configuration files from the right-click pop-up menu.2 Select Baseline > View from the Config menu. If the device does not have a saved baselineconfiguration, the Baseline > View command is not available.The View Configuration window appears with the baseline file you selected displayed.Figure 254 shows an example of the default configuration viewer.Figure 254: View Configuration Window (Ridgeline Default Viewer)When you have finished, click Close to close the viewer window.The Save button is always disabled; you cannot save a configuration file you are viewing using theView feature.Comparing Two Configuration Files—The DiffCommandThe Diff feature allows you to contents of two saved configuration files for a device, or a configurationfile and the baseline file using a difference viewer of your choice (see “Configuring a Viewer” onpage 364 for information on configuring a difference viewer). You can only compare files on a singledevice.To view differences between two configuration files for a device:1 In the main Configuration Manager window, select the device for which you want to compareconfiguration files then select Configuration files from the right-click pop-up menu.2 Select the two configuration files you want to compare (using Ctrl-click or Shift-click).Ridgeline <strong>Reference</strong> <strong>Guide</strong>363
Configuration ManagerFor <strong>Extreme</strong>XOS devices, you must expand the contents of two .zip files; then you can select andcompare the configuration files or policy files from within the two zip files. You cannot use the Difffunction to compare the two .zip files themselves.3 Click the Diff button at the top of the window, or select Diff from the Config menu.If you have not selected two configuration or policy files, the Diff button and Diff commands arenot available.To view differences between the baseline file and a configuration file for a device:1 In the main Configuration Manager window, select the device for which you want to compare abaseline and a configuration file, then select Configuration files from the right-click pop-up menu.2 Select the one configuration file you want to compare to the baseline.3 Select Baseline > Diff from the Configuration menu. If you have not selected a configuration file tocompare, the Baseline > Diff command is not available.Ridgeline invokes the Difference viewer in a separate window, with the two files you selecteddisplayed. Figure 254 shows an example of a differences comparison using WinMerge in Windows.Figure 255: Diff Results Window (Using WinMerge)The functions within the Diff viewer depend on the viewer you elect to install. See the documentationfor the product you have selected for information about using the Diff viewer.Configuring a ViewerThe Configuration Manager View and Diff functions each require a viewer application; View uses asimple text editor to show the contents of a configuration file, while the Diff function uses a Diff viewerto compare and display the differences between two configuration files.● The View function by default uses a built-in viewer, but you can configure Ridgeline to use analternate application. You can use a viewer such as Notepad or WordPad in Windows, or vi in Linuxor Solaris.● The Diff function requires an external Difference viewer. A difference viewer displays the twoconfiguration files simultaneously and indicate the places where they differ. You cannot use the Difffunction until you have configured a viewer. You can use any Difference viewer you have installed:364Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17- For Windows, WinMerge, an open source viewer, is assumed as the default.- For Linux or Solaris, sdiff (in /usr/bin/sdiff) is assumed as the default.To configure either of these viewers, select Difference viewer from the main Ridgeline Tools menu. TheSetup Viewers dialog box appears, as shown in Figure 256.Figure 256: Setup Viewers Window●●To set up a Configuration Viewer:a Uncheck the Use Default Configuration Viewer checkboxb Type the path and filename of the viewer you want to use, or use the browse button (three dots)to select a viewer executable file.To set up a Difference Viewer, type the path and filename of the Difference Viewer, or use the browsebutton (three dots) to select a viewer executable file.Configuring the TFTP ServerIf you already have a TFTP server installed on the system where the Ridgeline server is running, youmay choose to use that TFTP server instead of the one provided with Ridgeline. The TFTP serverconfigured through Ridgeline is the one that is used for downloading and uploading from the devices.NOTEThe Configuration Manager may cause multiple devices to contact the TFTP server at once to performupload or download operations. Some third party TFTP servers have problems accepting multiple TFTP requests. Ifyou are running a third party TFTP server and this happens, disable the TFTP server and use the Ridgeline TFTPserver.The Configure TFTP Server function lets you enable or disable the embedded Ridgeline TFTP server.Disable the embedded Ridgeline TFTP server if you want Ridgeline to use a different TFTP server whendownloading and uploading from the devices. If you disable the embedded Ridgeline TFTP server, youcan also specify the root path for your TFTP server.To configure the TFTP server, select TFTP server configuration from the main Ridgeline Tools menu.Ridgeline <strong>Reference</strong> <strong>Guide</strong>365
Configuration ManagerFigure 257: Configure TFTP Server WindowBy default, the embedded TFTP server is enabled.●●Click the Disable System TFTP Server button to disable the server.Click the Enable System TFTP Server button to enable the server.The Ridgeline TFTP server root is deploy\user.war\tftpwhere is the directory where the Ridgeline server is installed. If you areusing the Ridgeline TFTP server, the TFTP root directory cannot be changed.If you want to use a TFTP server other than the Ridgeline TFTP server, click the Disable System TFTPServer button, and enter the root directory of your TFTP server in the Set TFTP Root field.Ridgeline creates six subdirectories (baselines, bootrom, configs, images, slotImages, andslotBootRom) as children of the directory you specify as the TFTP server root.NOTEIf you change the location of the TFTP root directory after you have saved any configuration image files inany of these directories, Ridgeline will no longer be able to find those files. You must copy the files from the oldTFTP root location into the new directories at the new location.NOTEIf you plan to use this TFTP server with other software, such as the <strong>Extreme</strong>Ware CLI or for any otherpurpose, be aware of possible differences in the expected locations of the TFTP server and other components suchas <strong>Extreme</strong>Ware software images or configuration files. See the Ridgeline Release Notes for information on anyknown issues.Configuring and Deploying <strong>Extreme</strong>XOS Scripts<strong>Extreme</strong>XOS scripts are files containing CLI commands and scripting structures to be executed on<strong>Extreme</strong> devices. Any <strong>Extreme</strong>XOS CLI command can be used in an <strong>Extreme</strong>XOS script. <strong>Extreme</strong>XOSscripts are supported on devices running <strong>Extreme</strong>XOS 11.4 or later.In an <strong>Extreme</strong>XOS script, values for some parameters in the CLI commands are automaticallysubstituted by the system, while other CLI command parameters can be defined within the script itself.366Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17<strong>Extreme</strong>XOS scripting also provides control structures such as IF/THEN/ELSE and data manipulationfunctions. See the “CLI Scripting” chapter in the <strong>Extreme</strong>XOS Concepts <strong>Guide</strong> for more information on<strong>Extreme</strong>XOS script functionality and syntax.The Ridgeline Configuration Manager provides an interface for editing, managing, and deploying<strong>Extreme</strong>XOS scripts. Using Ridgeline, you can create an <strong>Extreme</strong>XOS script, either from scratch or usinga pre-configured script template, then deploy the script to selected devices. You can also viewinformation about scripts that have been executed on <strong>Extreme</strong> devices.Using the <strong>Extreme</strong>XOS Script EditorTo get to the <strong>Extreme</strong>XOS script editor, select Managed Scripts from the Scripts menu in theConfiguration Manager. The Managed configuration scripts window appears, as shown in Figure 258.Figure 258: Managed Configuration Scripts WindowThis window displays a table of the existing <strong>Extreme</strong>XOS scripts on the Ridgeline server. The fields inthis window are as follows:SearchThe currently selected search filter. By default this is set to All, meaning that all of the scriptsare displayed in the Filtered Scripts list below.Ridgeline <strong>Reference</strong> <strong>Guide</strong>367
Configuration ManagerFor:Script NameModified OnLimits the list of displayed scripts to those that match the text entered in the box.For example, if you enter VoIP in the box, only scripts that have VoIP in their names aredisplayed in the Filtered Scripts table. Filtering scripts in this way is useful if you have a lot of<strong>Extreme</strong>XOS scripts on the server.You can further limit the list of scripts clicking the icon and selecting one or more of thefollowing search filters:All:Looks for the search text in all columns (the default)Script Name: Looks for the search text in the Script Name columnModified On: Looks for the search text in the Modified On columnCase sensitive: Performs a case-sensitive search for the textCase insensitive: Performs a non-case-sensitive search for the text (the default)Match from start:Specifies that the search text must start at the beginning of the columnMatch anywhere: Specifies that the search text can start anywhere within the column (thedefault)The filename of the <strong>Extreme</strong>XOS script.The modification date of the <strong>Extreme</strong>XOS script.The buttons at the bottom of the window function as follows:NewViewDiffDeleteDeployCloseOpens the Script Editor window with default content, allowing you to create and edit a new<strong>Extreme</strong>XOS script. See “Creating a New <strong>Extreme</strong>XOS Script” on page 371.Opens the selected <strong>Extreme</strong>XOS script in the Script Editor window.Displays the differences between two selected <strong>Extreme</strong>XOS scripts. See “Viewing theDifferences Between Two <strong>Extreme</strong>XOS Scripts” on page 375.Deletes the selected <strong>Extreme</strong>XOS script from the server. See “Deleting an <strong>Extreme</strong>XOS Script”on page 376.Deploys (download and execute) the selected script to managed devices.Closes the window.The Script Editor WindowThe Script Editor window has three tabs, Purpose, Overview, and Script View.The buttons at the bottom of the Script Editor window function as follows:Save ChangesSave AsDeployCloseSaves changes to the current <strong>Extreme</strong>XOS script.Saves the current <strong>Extreme</strong>XOS script under a new name.Deploys (downloads and executes) the selected script to managed devices.Closes the window.The Purpose tab contains descriptive information about the script.368Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17Figure 259: <strong>Extreme</strong>XOS Script Editor Window (Purpose Tab)The Overview tab contains fields to enter script variables, if any are defined.Figure 260: <strong>Extreme</strong>XOS Script Editor Window (Overview Tab)The Script View tab displays the script in a text editor window, where you can modify it directly.Ridgeline <strong>Reference</strong> <strong>Guide</strong>369
Configuration ManagerFigure 261: <strong>Extreme</strong>XOS Script Editor Window (Script View Tab)metadata sectionvariable definition sectioncommand section<strong>Extreme</strong>XOS scripts created in Ridgeline contain two sections that you can edit: a metadata section and acommand section. The metadata section (starting with the #@MetaDataStart line and ending with the#@MetaDataEnd line) appears at the beginning of the script, and the command section follows it.In the metadata section, you can specify a brief and detailed description of the script and define scriptvariables. The detailed description information appears in the Purpose tab for the script, and thevariable definitions appear as input fields in the Overview tab. You can enter values for the variables inthe appropriate fields in the Overview tab. The brief description appears at the top of the Overview tab.In the command section, you enter the <strong>Extreme</strong>XOS CLI commands and scripting structures to beexecuted on the device where the script is deployed. See the “CLI Scripting” chapter in the <strong>Extreme</strong>XOSConcepts <strong>Guide</strong> for information on how to develop <strong>Extreme</strong>XOS scripts.370Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17Creating a New <strong>Extreme</strong>XOS ScriptWhen you click the New... button in the Managed configuration scripts window, a Script Editor windowappears, displaying a script with default content.Figure 262: <strong>Extreme</strong>XOS Script Editor WindowBy default, an <strong>Extreme</strong>XOS script created in Ridgeline contains the following items:●●●●●A metadata section where you can enter a description of the script and define variables.Commands to enable and disable CLI scripting on a device.Commands to create a log entry when the script starts and when it finishes running.An error handling section consisting of <strong>Extreme</strong>XOS scripting commands that allow you to specifywhat happens if the script encounters an error when it is executed. You can specify that script stoprunning (abort) when an error is encountered (the default), or you can specify that the scriptcontinue running and ignore errors.Blank space in the metadata and command sections where you can enter <strong>Extreme</strong>XOS script code.Ridgeline <strong>Reference</strong> <strong>Guide</strong>371
Configuration ManagerIn the metadata section, you can edit the #@ScriptDescription line and the area between the#@DetailDescriptionStart and #@DetailDescriptionEnd lines to supply a description for the script.This description will appear in the Purpose tab. (Note the # character that begins each line in the scriptdescription area.) For example:Figure 263: Specifying a Description for an <strong>Extreme</strong>XOS ScriptYou can place variable definition statements in the metadata section, so that variables can be defined byentering values in the Overview tab window. For example:372Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17Figure 264: Defining variables in the metadata section of an <strong>Extreme</strong>XOS scriptWhen you do this, the variable definition field appears on the Overview tab, as shown in Figure 265.Figure 265: Overview Tab with a Variable Definition FieldRidgeline <strong>Reference</strong> <strong>Guide</strong>373
Configuration ManagerIn the command section, you can place <strong>Extreme</strong>XOS scripting commands. The following example showsthe commands for a script that creates a specified number of VLANs on a switch, with IP addressesranging from 10.1.1.1/16 to 10.100.1.1/16.Figure 266: Sample <strong>Extreme</strong>XOS script in the Script View tabTo save the script, click the Save As... button. Ridgeline prompts you for the name of the script. Theextension .xsf is automatically appended to the name you specify.374Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17Figure 267: Save Script As dialogEditing an Existing <strong>Extreme</strong>XOS ScriptAfter you save a script, it is added to the Filtered Scripts table. You can open the script, edit it, and saveit with a new name.To open the script, select it in the Filtered Scripts table and click the View... button (or double-click onthe script name). The script is opened in the Script Editor window. To edit the script, you can eitherchange the values for variables in the Overview tab, or you can edit the text in the Script View tabdirectly.Figure 268: Editing an <strong>Extreme</strong>XOS Script from the Overview TabWhen you have finished editing the script, you can save the changes to the current version of the scriptby clicking the Save Changes button, or you can save a copy of the script with a new name by clickingthe Save As... button. When you save the script with a new name, both versions appear in the FilteredScripts table.Viewing the Differences Between Two <strong>Extreme</strong>XOS ScriptsYou can view the differences between two <strong>Extreme</strong>XOS scripts. To do this, select the scripts you want tocompare in the Filtered Scripts table, then click the Diff... button. The differences between the scripts areshown in the configured Diff viewer for Ridgeline.Ridgeline invokes the Diff viewer in a separate window, with the two files you selected displayed.Figure 269 shows an example of a differences comparison using WinMerge in Windows.Ridgeline <strong>Reference</strong> <strong>Guide</strong>375
Configuration ManagerFigure 269: Viewing Differences Between Two <strong>Extreme</strong>XOS ScriptsViewing differences between scripts requires that you specify an external Diff viewer in Ridgeline. See“Configuring a Viewer” on page 364 for information on how to set up a Diff viewer on your system andmake it available to Ridgeline.Deleting an <strong>Extreme</strong>XOS ScriptTo delete an <strong>Extreme</strong>XOS script, select the script (or scripts) you want to delete in the Filtered Scriptstable, and click the Delete button. Ridgeline prompts you for confirmation before deleting the selectedscript(s).Deploying <strong>Extreme</strong>XOS ScriptsDeploying <strong>Extreme</strong>XOS scripts to devices managed by Ridgeline consists of the following tasks:1 Select the devices where you want to execute the script.2 Optionally customize the script parameter settings, or set script parameters for each individualdevice.3 Download the script to the device(s).4 Execute the script commands on the device(s).376Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17NOTEThe devices to which you deploy the scripts must be running a software image that supports <strong>Extreme</strong>XOSCLI scripting. <strong>Extreme</strong>XOS CLI scripting is supported on devices running <strong>Extreme</strong>XOS version 11.4 or higher. Ifyou want to use secure communication (SSH and SFTP) to deploy scripts, <strong>Extreme</strong>XOS version 12.0 SR1 isrequired. <strong>Extreme</strong>XOS CLI scripting is not supported on <strong>Extreme</strong>Ware devices.To deploy a script, do one of the following:●●Select the script in the Filtered Scripts table and click the Deploy button.View the script in the Script Editor window and click the Deploy button.Device Selection Screen of the Deploy Script WizardClicking the Deploy button starts the Deploy Script wizard. You are prompted to select the devices towhich you want to deploy the script.Figure 270: Selecting Devices in the Deploy Script WizardThe fields in this window are as follows:Device Groups:ChooseDevice group from which to select the device for <strong>Extreme</strong>XOS script deployment.Determines the devices shown in the Device list. Select All Devices from the dropdownmenu to include all devices in the Device list.Specifies the device(s) in the Device list where the <strong>Extreme</strong>XOS script is to bedeployed. If the managed device is running a software image that does not support<strong>Extreme</strong>XOS CLI scripting, then the device is grayed-out in the list and cannot beselected.Ridgeline <strong>Reference</strong> <strong>Guide</strong>377
Configuration ManagerNameIP AddressThe name of the managed deviceThe IP address of the managed deviceFrom this window, complete the following steps:1 Select a device group or All Devices from the drop-down menu in the Device Groups field.2 Select one or more devices device from the Device list presented.3 Click the Next button to continue to the next screen.Script Customization Screen of the Deploy Script WizardAfter you select the devices where you want to deploy the script, the script customization screen isdisplayed. The script customization screen shows the contents of the script in the Profile, Overview, andScript View tabs. On this screen, you can optionally make changes to the script parameters before thescript is deployed.Figure 271: Script Customization Window in the Deploy Script Wizard378Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 17The fields in this window are as follows:Script ParametersConfiguration ScriptOther optionsAllows you to specify whether the <strong>Extreme</strong>XOS script should be applied identicallyon all of the selected devices (the default), or if the script should use customparameter settings when run on each device.For example, you can configure the script to create 255 VLANs on all of theselected devices, or you can configure the script to create 50 VLANs on one device,100 VLANs on another device, and so on.To do this, select the “Customize parameter per device” option, select a device fromthe Device list, and modify parameter settings in the Overview tab of theConfiguration Script section.Shows the script in the Script Editor interface. Here you can optionally makechanges to the script parameters before the script is deployed.You can modify the parameter settings in the Overview tab only; you cannot modifythe text in the Profile or Script View tabs.Contains optional settings for the <strong>Extreme</strong>XOS script:• A filename under which the script is saved on the device where it is deployed.• Whether the script is executed after it is downloaded to the selected devices. Bydefault, the script is executed after it is downloaded to a device.• If the script is executed after it is downloaded, you can also select whether tosave the configuration and/or delete the script from the device after execution.The previous configuration file is saved as snapshot.cfg.• The number of seconds allotted for execution of the script on the device. If thescript has not completed after this number of seconds, it is halted.When you have finished making changes on the script customization screen, click the Deploy button todeploy the script to the selected devices.Deployment Results ScreenThe deployment results screen shows the progress of the script as it is deployed on each device, andreports the result of the deployment process.Ridgeline <strong>Reference</strong> <strong>Guide</strong>379
Configuration ManagerFigure 272: Deployment results Window in the Deploy Script WizardThe fields in this window are as follows:NameIP AddressDeployment ResultDetailsThe name of the device(s) where the script was deployed. To view scriptdeployment details for a device, select the device name in the list.The name of the device(s) where the script was deployed.Whether the script was deployed on the device successfully or unsuccessfullyInformation about the script deployment on the selected device. The last 2,000 linesof the deployment results are displayed in the Details box.You can save the text in the Details box to file by clicking the Save button andspecifying a filename.If the script deployment is unsuccessful, information in the Details box may provideinformation about why it failed.After the script deployment is completed, click Finish to exit the Deploy Script wizard.Script Deployment Results Log FileA log of the script deployment results for the device is stored on the Ridgeline server in the followinglocation:\scripts\\.logThe is by default deploy\user.war\tftp where is the directory where the Ridgeline server is installed. If the script couldnot be downloaded to the device, no script deployment results log is generated.380Ridgeline <strong>Reference</strong> <strong>Guide</strong>
18CHAPTERThe Firmware ManagerThis chapter describes how to use the Ridgeline Firmware Manager feature for:●●●●●●Downloading a new software image to one or more <strong>Extreme</strong> <strong>Networks</strong> devices.Downloading a BootROM image to one or more <strong>Extreme</strong> <strong>Networks</strong> devices.Downloading a new Slot software image to one or more modules on an <strong>Extreme</strong> <strong>Networks</strong> device.Downloading a BootROM image to one or more modules on an <strong>Extreme</strong> <strong>Networks</strong> device.Specifying a software image as the “recommended” image. The Firmware Manager compares theimage currently running in a switch to determine if the switch is running the recommended or mostcurrent image.Retrieving the latest software images from <strong>Extreme</strong> <strong>Networks</strong>.It contains the following sections:● “Overview of the Firmware Manager” on page 381● “Obtaining Updated Software Images” on page 385● “Upgrading the Software or BootROM on Your Switches” on page 388● “Specifying the Current Software <strong>Version</strong>s” on page 395Overview of the Firmware ManagerThe Ridgeline Firmware Manager feature provides a graphical interface for managing versions of<strong>Extreme</strong>Ware and <strong>Extreme</strong>XOS software images and BootROM images, and upgrading <strong>Extreme</strong> devicesas appropriate. The Firmware Manager provides a framework for storing image and BootROM files,and allows tracking of multiple versions. It also provides an automated function that can check the<strong>Extreme</strong> web site and indicate when newer versions of these files are available.Firmware Manager FunctionsThere are multiple ways to invoke the functions provided by the Firmware Manager:●●●Selecting an option from the Firmware > Tasks menu on the main Ridgeline Tools menuSelecting a device in Network Views, then selecting Firmware from the Device menuUsing the menus at the top of the main Firmware Manager frameRidgeline <strong>Reference</strong> <strong>Guide</strong>381
The Firmware Manager●Selecting Firmware manager from the Network Administration folderFor simplicity, most of the instructions in this chapter only specify one method of invoking a function(usually the function button).Firmware Manager Function ButtonsThe Firmware Manager buttons provide the following functions:Table 8: Firmware Manager Function ButtonsUpgrade<strong>Version</strong>sUpdateUpgrade the software or BootROM image on <strong>Extreme</strong> devices or to <strong>Extreme</strong>modules that include software. See “Upgrading the Software or BootROM on YourSwitches” on page 388 for details on using this feature.Specify the current version of the software for each type of <strong>Extreme</strong> <strong>Networks</strong>device. See “Specifying the Current Software <strong>Version</strong>s” on page 395 for details onusing this feature.Displays a list of available software and allows you to connect directly to <strong>Extreme</strong><strong>Networks</strong> to download the most current software images and BootROM images toyour local Ridgeline server. See “Obtaining Updated Software Images” onpage 385 for details on using this feature.The Firmware MenuRidgeline provides a set of menus at the top of the main Firmware Manager frame. Most of these arestandard across all the Ridgeline features.The Firmware Manager provides an additional menu, Firmware, that contains commands unique to theFirmware Manager.The Firmware menu contains the following items:Table 9: The Firmware MenuUpgradeConfigure Standard <strong>Version</strong>Update Firmware InformationUpgrade the software or BootROM image on <strong>Extreme</strong> devices or to <strong>Extreme</strong>modules that include software. See “Upgrading the Software or BootROM onYour Switches” on page 385 for details on using this feature.Specify the current version of the software for each type of <strong>Extreme</strong> <strong>Networks</strong>device. See “Specifying the Current Software <strong>Version</strong>s” on page 395 for detailson using this feature.Displays a list of available software and allows you to connect directly to <strong>Extreme</strong><strong>Networks</strong> to download the most current software images and BootROM imagesto your local Ridgeline server. See “Obtaining Updated Software Images” onpage 385 for details on using this feature.Software and BootROM Image LocationsDownloading software or BootROM images from <strong>Extreme</strong> does not automatically upgrade the deviceswith the new images. Instead, they are stored on the Ridgeline server, and are available for download toa device or module.Depending on the type of software image, they are stored on the Ridgeline server in one of thefollowing directories:382Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 18●●●●Device images are saved in \imagesDevice BootROM images are saved in \bootromSlot images are saved in \slotImagesSlot BootROM images are saved in \slotBootRom is the location of the TFTP server. By default, isdeploy\user.war\tftp.NOTEOnly software and BootROM images stored locally on the Ridgeline server can be used to upgrade adevice or module through the Ridgeline Firmware Manager.The Firmware Manager Main WindowTo start the Firmware Manager feature, expand the Network Administration folder and click FirmwareManager. (see Figure 273)Figure 273: Firmware Manager Window Showing Summary Status for a Device Group●Click All devices to display Summary Status for all devices, or click Device group and specify adevice group in the box to see Summary Status for the devices in the group.Ridgeline <strong>Reference</strong> <strong>Guide</strong>383
The Firmware ManagerThe table displays the following information:NameIP AddressSoftware <strong>Version</strong>sSoftware/Standard versionSoftware ObsoleteBootROM <strong>Version</strong>sBootROM ObsoleteTypeThe name of the deviceThe IP address of the deviceThe version number of the software image on the device.The version number of the software image designated as the standard version forthis device type.If no standard version has been specified, no version number is shown. See“Specifying the Current Software <strong>Version</strong>s” on page 395for more information onspecifying standard versions.Whether this software version is considered “obsolete,” meaning it has beensuperseded by a newer General Availability release. If you have AutomaticInformation Updates enabled, Ridgeline checks the <strong>Extreme</strong> <strong>Networks</strong> web siteonce every 24 hours for the newest version information.The version number of the BootROM software.Whether this BootROM version is considered “obsolete,” meaning it has beensuperseded by a newer General Availability release.The type of <strong>Extreme</strong> <strong>Networks</strong> device.●Select a device, then select Firmware from the right-click menu to see status for the individualdevice.The main area of the window displays information about any modules installed in the device thatinclude a version of <strong>Extreme</strong>Ware or <strong>Extreme</strong>XOS. If a device does not contain any modules, or themodules do not require an OS, then this area will be empty.Stacking Device SupportStacking devices running <strong>Extreme</strong>Ware 7.4 or later and <strong>Extreme</strong>XOS 12.0 or later are handled as if theyare slots; displaying status for the stack master shows the stack members as if they are modules.Figure 274: Stacked Device Display384Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 18In the bottom portion of the window, basic information about the device is shown: the device status, IPaddress, device type, and the current software and BootROM versions.The device summary table displays the following information about slots in the device:SlotThe slot number of the module or stack member (<strong>Extreme</strong>Ware 7.4 or later,<strong>Extreme</strong>XOS 12.0 or later).Type The type of module or stack member (<strong>Extreme</strong>Ware 7.4 or later, <strong>Extreme</strong>XOS 12.0or later).Software <strong>Version</strong>s The version number of the software image on the module, and whether it is anSSH-capable release.ObsoleteA red X indicates that this software version is considered “obsolete,” meaning it hasbeen superseded by a newer General Availability release. If you have AutomaticInformation Updates enabled, Product Name checks the <strong>Extreme</strong> <strong>Networks</strong> web siteonce every 24 hours for the newest version information.BootROM <strong>Version</strong>s The version number of the BootROM software on the moduleObsoleteA red X indicates that this BootROM version is considered “obsolete,” meaning ithas been superseded by a newer General Availability release.Obtaining Updated Software ImagesIn order to upgrade your devices, you must have the new software or BootROM image stored locally onthe Ridgeline server. If you have a support contract with <strong>Extreme</strong>, you can download software andBootROM images from <strong>Extreme</strong> to your local Ridgeline server.The Display Software Images Updates window displays a list of the available software on the <strong>Extreme</strong>server, and allows you to connect directly to <strong>Extreme</strong> <strong>Networks</strong> to download the most current softwareimages and BootROM images to your local Ridgeline server. After you download the new images, youcan use the images to upgrade your managed devices and modules.NOTEBefore you can download the software images, you must have a current support contract as well as ausername and password to obtain access to the <strong>Extreme</strong> <strong>Networks</strong> server.NOTEYou cannot download SSH-capable versions of the software images using the Firmware Manager’s imageupdate feature. You must obtain SSH-capable images outside of Ridgeline, and place them in the images orslotImages subdirectories (see “Software and BootROM Image Locations”on page 382). SSH-capable images aresubject to export restrictions, and require a special license. To request SSH code, contact Technical Support.For <strong>Extreme</strong>XOS, modular software packages also cannot be downloaded using the Firmware Manager’s imageupdate feature. You must also obtain those images outside of Ridgeline, and place them in the images orslotImages subdirectoriesDownloading the software or BootROM images from <strong>Extreme</strong> <strong>Networks</strong> does not automaticallyupgrade the devices with the new images—it just stores them with the Ridgeline server.Ridgeline <strong>Reference</strong> <strong>Guide</strong>385
The Firmware ManagerObtaining New Software ImagesTo obtain a current software image select the Update command from the Firmware menu. This opensthe Display Software Images Updates window, as shown in Figure 275.You can also access the Display Software Images Updates window by clicking the Display Updates...button from the Upgrade Wizard window, or from the Select Software Image window as described inthe section, “Specifying the Current Software <strong>Version</strong>s” on page 395.NOTEIf you declined to enable Automatic Information Updates when you installed the Ridgeline server, the list ofimages in this display may not reflect the most current versions available from <strong>Extreme</strong> <strong>Networks</strong>. You can enableinformation updates in Ridgeline Administration, through the External Connections server properties.Figure 275: Display Software Images Update WindowThe columns in this window show the following information:Change<strong>Version</strong>TypeNameWhether this image has changed since the last time the software information wasupdated. A green check indicates there is a new version available. A red Xindicates there have been no changes. When you display image updates for thefirst time, all images are marked as changed.The version number of the software.Whether the image is a version of device or slot software or a version of device orslot BootROM software.The name of the software build.386Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 18StatusPresentDescriptionSupported HardwareThe release status of the software: whether the software is a General Availabilitysoftware release or Obsolete (meaning it has been superseded by a newerGeneral Availability release). If you have Automatic Information Updates enabled,Ridgeline checks the <strong>Extreme</strong> <strong>Networks</strong> web site once every 24 hours for thenewest version information.Whether this version of software is available on your local system.• A red check indicates that the software has not been downloaded from <strong>Extreme</strong><strong>Networks</strong>.• A green check indicates the software is available on the Ridgeline server in onof the directories: \images, \bootrom,\SlotImages, or \slotBootRom. is the location of your TFTP server; by default this isdeploy\user.war\tftpProvides a description of the software. Use the description information todetermine the type of device or module the software is intended for.When an image is selected, the column shows the hardware types (device or slottype) on which the image can be installed.To download new images to the Ridgeline server:1 Select the device or slot images you want to update. You can select more than one image.2 Click Download.A Login window for the <strong>Extreme</strong> download web site appears, as shown in Figure 276.Figure 276: Login to Remote Server Window3 Type your <strong>Extreme</strong> Support username in the User Name field and password in the Password field toaccess the <strong>Extreme</strong> server, and click OK.NOTEYou must have a current support contract and an e-Support user name and password to obtain accessto the <strong>Extreme</strong> <strong>Networks</strong> server.See the Ridgeline Release Notes for additional information about downloading software images from <strong>Extreme</strong><strong>Networks</strong>.A message window appears showing the progress of the downloads you have requested to theRidgeline server. Figure 277 shows an example of this window. Click OK when the downloads havecompleted.Ridgeline <strong>Reference</strong> <strong>Guide</strong>387
The Firmware ManagerFigure 277: Messages from Server Window Showing Image Update ProgressAcknowledging the <strong>Version</strong> ChangesOnce you have downloaded the software versions of interest to you, you can accept and acknowledgethe list of software image updates: this changes any green checks in the Change column to red X’s. Ared X indicates that the version shown in the Software Image list has not changed since the last timeyou viewed and acknowledged the list. Thereafter, green checks will appear only when you update thesoftware information list and changes in the list are detected—the changed images will be indicatedwith a green check.Checking for <strong>Version</strong> AvailabilityTo check for the availability of new software versions and update the list, click Update SoftwareInformation. This queries the <strong>Extreme</strong> server and updates the list in the Software Image field. Anyversions that have changed since you last acknowledged the update list now show a green check toindicate the change.Upgrading the Software or BootROM on YourSwitches<strong>Extreme</strong> <strong>Networks</strong> software images contains the executable code that runs on the switch and on certain<strong>Extreme</strong> modules that include software. An image comes pre-installed from the factory on every switchand on certain modules. You can upgrade this image by downloading a new version to the switchthrough the Firmware Manager. You can download the image into either the primary or secondaryimage, and specify whether the switch should be rebooted to immediately use the new image.The BootROM software initializes certain important switch variables during the switch or module bootprocess.CAUTIONIf a BootROM upgrade does not complete successfully, it could prevent the switch from booting.388Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 18Ridgeline provides an Upgrade Wizard to help you select and download a new software image orBootROM image to a device or a module.When you perform a software image upgrade, Ridgeline automatically creates a backup of your existingswitch configuration. Switch configuration files for <strong>Extreme</strong>Ware are saved as text files in the\configs directory and configuration files for <strong>Extreme</strong>XOS (along with Policy files, if any)are stored as zip files in the same location. is the location of the TFTP server, by defaultdeploy\user.war\tftp. See Chapter 17, “Configuration Manager” for moreinformation on where and how configuration files are stored, and how to restore them to a device ifnecessary.Ridgeline supports the Hitless upgrade feature on a BlackDiamond chassis under certain conditions.Hitless upgrade allows an <strong>Extreme</strong>Ware software upgrade on a BlackDiamond 6800 series chassis, or an<strong>Extreme</strong>XOS upgrade on a BlackDiamond 10K without taking it out of service or losing traffic. TheUpgrade Wizard presents the Hitless upgrade as an option when you specify an upgrade on aBlackDiamond that meets the following conditions:● A BlackDiamond running <strong>Extreme</strong>Ware 7.1.1 or later, with BootROM 8.1 or later and 2 MSMsinstalled.● A BlackDiamond 10K running <strong>Extreme</strong>XOS 11.1 or later with 2 MSMs installed.Hitless upgrade is supported for BootROM images as well. You can perform a hitless BootROMupgrade for BlackDiamond 10K switches running <strong>Extreme</strong>XOS 11.1 or later that have 2 MSMs installed.Upgrading a Stacking DeviceFor <strong>Extreme</strong> <strong>Networks</strong> devices that support stacking, the Upgrade Wizard allows you to upgrade theimages for the stack master and for individual stack members, as needed. The stack master must beupgraded in a separate operation, using the appropriate device image for the stack master device type.Stack members can be upgraded individually or in groups, using the slot image version of the currentdevice image.Upgrading Your Switches Using the Upgrade WizardThe Upgrade Wizard helps manage the upgrade process for both software images and BootROMimages, for either devices or modules. The Wizard will check to ensure that the requested software orBootROM image is appropriate and compatible with the devices or modules selected for the upgrade.To download a new software or BootROM image to an <strong>Extreme</strong> device or module, select Upgrade fromthe Firmware menu.Image SelectionThe Image Selection page of the Upgrade Wizard appears, as shown in Figure 278.Ridgeline <strong>Reference</strong> <strong>Guide</strong>389
The Firmware ManagerFigure 278: Upgrade Wizard, Image Selection pageThe Software Image table shows you the images that are available on the Ridgeline server to be used toupgrade your managed devices.The fields in the Software Image table show the following:TypeName<strong>Version</strong>StatusDescriptionWhether the image is a version of device or slot software or a version of device orslot BootROM software.The name of the software build.The version number of the software.The release status of the software: whether the software is a General Availabilitysoftware release.Provides a description of the software. Use the description information to determinethe type of device or module the software is intended for.When you select an image in the Software Image table, the Supported Hardware column to the rightdisplays the hardware models on which the selected image is supported.●If the software image you need is not listed in the Software Images table, you can click DisplayUpdates... to open the Display Software Images Updates window, where you can download asoftware image or determine if newer versions of the images are available. See “Obtaining UpdatedSoftware Images” on page 385 for more information.To begin the upgrade process, complete the following steps:1 Select an image in the Software Images table. You can only upgrade using one image at a time.2 Click Next>> to go to the next page of the Upgrade Wizard.NOTEFor stacking devices running <strong>Extreme</strong>Ware 7.4, <strong>Extreme</strong>Ware 7.5, or <strong>Extreme</strong>Ware 7.6, stack membersare treated as if they are modules, and therefore are updated using the appropriate Slot Image. To upgrade thestack master, select the Device Image for that switch type; to upgrade a stack member, select the Slot Image for390Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 18that switch type. From <strong>Extreme</strong>Ware 7.7, to upgrade the images of all devices in the stack, select the Device Imagefor the stack master. The stack members will also be upgraded.From <strong>Extreme</strong>XOS 12.0, you can upgrade the images of all devices in the stack from the stack master. Toupgrade all devices, select the Device Image for the stack master. The image upgrade is allowed only fornon-current partition. The image upgrade on individual slots can be on current partition.Hardware SelectionNormally, the next page to appear is the Hardware Selection page of the Upgrade Wizard, as shown inFigure 280. This is the normal case for images and BootROM releases that have General Availabilitystatus, since Ridgeline knows which devices are supported. You will then be able to select among thedevices supported by the image.If, however, Ridgeline does not recognize the image, a Supported Hardware Selection page may appear,as shown in Figure 279. This may occur if you have obtained a Beta or Controlled Ramp release image,or if the image has been newly released as a General Availability release, and Ridgeline does not yetrecognize the release.If the image you selected is one that Ridgeline recognizes as associated with a set of supported devicetypes, the Supported Hardware page does not appear. The next page you see is the Hardware Selectionpage.NOTEIf the Supported Hardware Selection page appears when you do not expect it, go back to the ImageSelection page and verify that you have selected the image you intended. Refer to the latest Ridgeline ReleaseNote for information on images that may require special handling.The Supported Hardware Selection pageIf the Supported Hardware Selection page appears, it means that Ridgeline does not recognize theimage you have selected, and does not know what type of hardware is supported by that image. Thiscan occur if you have obtained a Beta or Controlled Ramp release image, or if the image has been newlyreleased as a General Availability release.On the Supported Hardware page, Ridgeline presents a list of all the hardware types it thinks may beappropriate, and you can either select a hardware type from the list, or you can simply click Next>> tomove to the Hardware Selection page of the Upgrade Wizard.CAUTIONRidgeline will not prevent you from proceeding with the upgrade, even if you select an image and ahardware type that are incompatible. If the Supported Hardware Selection page appears when you did not expect it,you should go back to the image selection page and verify that you have selected the correct image for thehardware you want to upgrade.Ridgeline <strong>Reference</strong> <strong>Guide</strong>391
The Firmware ManagerFigure 279: Upgrade Wizard, Supported Hardware Selection page●●If you select an item from the hardware list, Ridgeline will assume the hardware type is supportedby the image, and will display only devices of that type as being eligible for upgrade.If you simply select Next>>, you will be able to select and upgrade any device shown in thecomponent tree.NOTEIf you want to have Ridgeline recognize a non-standard image, contact <strong>Extreme</strong> <strong>Networks</strong> TechnicalSupport. They can help you create or obtain a supplemental software image list file.The Hardware Selection PageThis page lets you select the devices you want to upgrade with the image you selected on the first pageof the Upgrade Wizard.392Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 18Figure 280: Upgrade Wizard, Hardware Selection pageThe two fields at the top of the page show the name of the image you selected, and the type of theimage (Device Image, Device BootROM, Slot Image, or Slot BootROM).If you have selected a Device Image or Device BootROM, the Select devices to be upgraded list showsdevices that can be upgraded to the image you selected. As long as Ridgeline recognizes the image,only devices that are supported by that image are shown in this list. You can select a device group inthe Component Tree to the left to display devices from specific device groups.If you selected a Slot Image or Slot BootROM, then you must select a device in the Component Tree onthe left in order to see a list of slots that can be upgraded.The Select devices to be upgraded list shows the following information:CategoryDeviceDevice TypeSlotImageBootROMStandard ImageThe device category, used to indicate devices that can be upgraded at the same time.Categories are indicated by letter: A, B, C etc. Devices in the same category can beupgraded together; for example, multiple devices in category A can be selected forupgrade together, but devices in category B cannot be upgraded in the same operationas devices in category A.The name and/or IP address of the deviceThe type of the deviceThe slot number of the module (shown if the image is a slot image).The image currently running on the device or moduleThe version of the BootROM running on the device or moduleThe version you have specified as the standard version in the <strong>Version</strong>s list for devicesor modules of this type. If you have not specified a software version in the <strong>Version</strong>swindow, this is blank.Ridgeline <strong>Reference</strong> <strong>Guide</strong>393
The Firmware ManagerTo select a device for upgrade, complete the following steps:1 Select the Device Group in the Component Tree to display a list of devices you can upgrade. If youare upgrading a module, select a device in the Component Tree to display the modules on thatdevice that you can upgrade.NOTEIf the list is empty, it means there are no devices present in the Device Group that can be upgraded tothe image you have selected. If this happens, click button.The devices or modules you select are moved to the Upgrade image on the following devices list.To remove devices from the Upgrade image on the following devices list, use the to go to the next page of the Upgrade Wizard.If you want to select a different software or BootROM image, click to go to the next page of the Upgrade Wizard.394Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 18If you want to select different hardware for the upgrade, click
The Firmware ManagerThis information is used by the Ridgeline software to determine whether an individual device isrunning the version you have specified as the “standard version.” This is the version that appears in theStandard Image column in the Hardware Selection page of the Upgrade Wizard. It is also used todetermine whether the image on a device matches the standard version as indicated the Software<strong>Version</strong>s and BootROM <strong>Version</strong>s columns in the main Firmware Manager display.Select Configure Standard <strong>Version</strong> from the Firmware menu in the Firmware Manager window todisplay the Configure Standard version window, as shown in Figure 282.Figure 282: Configure Standard <strong>Version</strong> WindowTo select a software version for a particular device type, type in the software version or click theConfigure <strong>Version</strong>... button to display the Select Software Image window, as shown in Figure 283.396Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 18Figure 283: Select Software Image WindowSelect the version that you want to be standard for the selected device type across your network andclick OK.If the software image you want is not shown in the Software Images list, you can click DisplayUpdates... to open the Display Software Images Updates window, where you can download a softwareimage or determine if newer versions of the images are available. See “Obtaining Updated SoftwareImages” on page 385 for more information.Ridgeline <strong>Reference</strong> <strong>Guide</strong>397
The Firmware Manager398Ridgeline <strong>Reference</strong> <strong>Guide</strong>
19CHAPTERCreating and ExecutingRidgeline ScriptsThis chapter describes the scripting functionality built in to Ridgeline, and how you can use Ridgelineto create scripts and execute them on managed devices. It contains the following sections:● “Ridgeline Script Overview” on page 399● “The Ridgeline Script Interface” on page 400● “Managing Ridgeline Scripts” on page 402● “Ridgeline Script <strong>Reference</strong>” on page 418Ridgeline Script OverviewRidgeline scripts are files containing CLI commands, control structures, and data manipulationfunctions. Ridgeline scripts can be executed on one or more devices: simultaneously on multipledevices, or on one device at a time.You can schedule Ridgeline scripts to run on specified devices at specified times, either on a one-time orrecurring basis. Scripts can be designated as script tasks that can be executed according to a pre-setschedule.Ridgeline scripts are similar to <strong>Extreme</strong>XOS scripts in that they are collections of <strong>Extreme</strong>XOS CLIcommands and control structures. Ridgeline scripts add some additional commands that are specific toRidgeline.In general, Ridgeline scripts support syntax and constructs from the following sources:●<strong>Extreme</strong>XOS CLI commands<strong>Extreme</strong>XOS CLI commands in a Ridgeline script are sent to the device, and the response can beused by the script.NOTEAbbreviated <strong>Extreme</strong>XOS commands do not work unless you prefix the shortened command with CLI.Example: To abbreviate show vlan, type CLI sh vlan.●<strong>Extreme</strong>XOS CLI scriptsRidgeline <strong>Reference</strong> <strong>Guide</strong>399
Creating and Executing Ridgeline ScriptsControl structures such as IF..ELSE and DO..WHILE can be used in Ridgeline scripts. See the “CLIScripting” chapter in the <strong>Extreme</strong>XOS Concepts <strong>Guide</strong> for more information on <strong>Extreme</strong>XOS scriptfunctionality and syntax.● The Tcl scripting language version 8.1For general information about the Tcl scripting language, see http://www.tcl.tk.For a list of the Tcl commands that are supported in Ridgeline scripts, see “Tcl Support in RidgelineScripts” on page 423.Syntax and constructs from these sources work seamlessly within Ridgeline scripts. For example, theresponse from a switch to an <strong>Extreme</strong>XOS CLI command issued from a script can be processed usingTcl functions.Bundled Ridgeline ScriptsRidgeline includes a number of sample scripts that you can use as templates for your own Ridgelinescripts. These scripts perform such tasks as downloading firmware, uploading/downloadingconfiguration files, and configuring VLANs.The sample scripts included with Ridgeline are available to users with an Administrator role. The XMLsource files for the scripts are located in the /user/scripting/bundled_scripts/xml directory.The Ridgeline Script InterfaceTo display the scripts configured in Ridgeline, expand the list of items in the Network Administrationfolder, and click Scripts. Figure 284 shows the Scripts View.400Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Figure 284: Ridgeline Scripts ViewThe Scripts tab contains the following columns:Category The script category, if configured. See “Categorizing Scripts” on page 415.NameThe name of the script.CommentsComments or a description of the script.Modified byWho last modified the script.Date ModifiedWhen the script was last modified.Associated with an alarm Whether the script is associated with an alarm action.The Script Tasks tab contains the following columns:ScheduledCategoryNameUser NameScript nameCommentsDate modifiedHow often the script task is scheduled to run: One-time, Recurring, or N/A if there is noschedule for the script task.The script category, if configured.The name of the script task.Who created the script task.The name of the script run by the script task.Comments or a description of the script task.When the script was last modified.Ridgeline <strong>Reference</strong> <strong>Guide</strong>401
Creating and Executing Ridgeline ScriptsThe Scripts table lists all of the scripts configured in Ridgeline. To the right of the Scripts table is a viewof the selected script. You can double click a script to open it in the Script Editor window, which isshown in Figure 285.Figure 285: Ridgeline Script Editor WindowThe Ridgeline Script Editor is where you can add content to a script, set values for parameters, specifyruntime settings, and indicate which Ridgeline users can run the script.The following tabs appear in the Ridgeline Script Editor window:OverviewContentDescriptionRun-time SettingsPermissions and MenusDisplays fields to enter script parameters. The contents of this tab is derived from themetadata specified in the script.Displays the script in a text editor window, where you can modify it directly.Contains descriptive information about the script. The script description is specified in themetadata section of the script.Specifies script settings that are applied when the script is run.Specifies which kind of Ridgeline users can run the script, and whether an option to runthe script should appear in the Network Views menu or in a shortcut menu.Managing Ridgeline ScriptsThis section explains how to complete the following steps tasks:●●●●●Create an Ridgeline scriptSpecify run-time settings for a scriptSpecify permissions and menu locations within Ridgeline for a scriptRun a script on one or more managed devices, with device-specific parametersConfigure script tasks402Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Creating a New Ridgeline ScriptTo create a new Ridgeline script, select New > Script from the Ridgeline File menu. A Script Editorwindow appears, displaying a script with default content.Figure 286: Ridgeline Script Editor WindowRidgeline <strong>Reference</strong> <strong>Guide</strong>403
Creating and Executing Ridgeline ScriptsBy default, a new script created in Ridgeline contains a metadata section where you can enter a scriptdescription and define script sections and metadata that appears on the Overview tab. See “MetadataTags” on page 418 and on page 427 for more information. For example:Figure 287: Specifying a script descriptionA detailed script description can be placed between the metadata tags #@DetailDescriptionStart and#@DetailDescriptionEnd. This appears on the Description tab.404Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19You can place variable definition statements in the metadata section, so that variables can be defined byentering values in the Overview tab. For example:Figure 288: Defining variables in the metadata section of a scriptWhen you do this, the variables appear on the Overview tab as script parameters, as shown inFigure 289.Figure 289: Overview tab with a variable definition fieldRidgeline <strong>Reference</strong> <strong>Guide</strong>405
Creating and Executing Ridgeline ScriptsYou can enter <strong>Extreme</strong>XOS 12.1 CLI scripting commands and Tcl commands and constructs after themetadata section of the script. See “Ridgeline Script <strong>Reference</strong>” on page 418 for information about whatcan appear in a Ridgeline script.Saving the ScriptTo save the script, select Save As... from the File menu. Ridgeline prompts you for the name of thescript and for an optional script comment. You can save the script on the Ridgeline server, or you canclick Export to and specify a directory on your local system. The script is saved in XML format.Figure 290: Save Script As dialogSpecifying Run-Time Settings for a ScriptTo specify the run-time settings for a script, click the Run-time Settings tab.406Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Figure 291: Run-time Settings TabOn this tab you can specify the following settings:●●●Whether the configuration on the device is saved after the script is run successfully.Script run timeout in seconds. This timeout value applies to each device independently.Whether to create an entry in the Ridgeline Audit Log when this script is run.The first two settings apply to all users; the third is available to Ridgeline users with read/write access.Specifying Permissions and Launch Points for a ScriptYou can specify which Ridgeline user roles have permission to run the script, and whether an option torun the script should appear in the Network Views menu or in a shortcut menu.To set permissions and menu locations for the script, click the Permissions and menus tab.Ridgeline <strong>Reference</strong> <strong>Guide</strong>407
Creating and Executing Ridgeline ScriptsFigure 292: Permissions and Menus Tab●●In the Permissions section of the window, you can specify the Ridgeline user roles that are able tosee and run the script.In the Availability in Network View menus section, you can create a menu item to run the script.Select an option under Show in Menu Bar to list the script in the Ridgeline menu bar, either in theServices menu, or in the Tools menu, under Run Script. When you do this, the script is visible as aoption in these menus when one of the folders under Network Views is selected.Select whether you want to list the script in the Run Script window, which is available from theright-click menu for a device, port, or group. For example, if you select the Device option, you canrun the script by selecting a device, right-clicking, and selecting Run Script from the pop-up menu.Running a ScriptTo run a script, do one of the following:●Select a device, port, or group in a Network Views folder, and select Run script from the Devicemenu, or right-click the item and select Run script. If the script has been configured to be shown inthe shortcut menu for the selected item, then the script is listed in the Run Script window, as shownin Figure 293.408Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Figure 293: Run Script Window●Select the script in the Script view, then select Run from the Action menu. A window appearsprompting you for the Device or Device group where the script should be run. Follow the promptsto select the devices.After the devices have been selected, a window appears prompting you for the sequence in which toexecute the script on the devices. You can specify an order, or leave the default order.Ridgeline <strong>Reference</strong> <strong>Guide</strong>409
Creating and Executing Ridgeline ScriptsFigure 294: Selecting the Order for Executing a ScriptAfter the sequence for script execution has been selected, you can make device-specific changes to theparameters in the script.Figure 295: Changing Parameters in a Script410Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19To modify the script parameters for a device, select the device in the table, then click on the parameteryou want to modify, and change it in the text box. The modified parameter applies only when the scriptis run on the selected device.After you have made device-specific parameter changes, the following window appears, which allowsyou to specify the script task options for the script.Figure 296: Specifying Script Task OptionsIn this window, you can optionally configure the script as a script task, which can be run on ascheduled basis.Indicate whether you want to run the run the script now, without saving it as a script task, or if youwant to run the script now, saving it as a script task, or if you want to save the script as a script taskand schedule the script task to run later. If you want to configure the script as a script task, enter aname in the Task name box.Click Next to display a window where you can view the runtime information for the script and run iton the specified devices.Ridgeline <strong>Reference</strong> <strong>Guide</strong>411
Creating and Executing Ridgeline ScriptsFigure 297: Script Verification WindowClick Run Script to execute the script on the selected devices. A window appears indicating theprogress and results of the script execution.412Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Figure 298: Progress and Results of Script ExecutionYou can display the script execution results (and any errors) for each device where the script wasexecuted. The results can be saved to a file. You can also elect to run the script again, or save the scriptas a script task.The Ridgeline Audit Log feature provides a way to view information about scripts that have been runon managed devices. If you encounter errors during script execution, you can use the Audit Log tocorrect the errors and rerun the scripts. See “Using the Ridgeline Audit Log” on page 429 for moreinformation.Ridgeline <strong>Reference</strong> <strong>Guide</strong>413
Creating and Executing Ridgeline ScriptsImporting Scripts into RidgelineYou can import XML-formatted scripts into Ridgeline. To import a script, complete the following steps:1 Expand the list of items in the Network Administration folder, and click Scripts.2 From the File menu, select Import script. The following window is displayed:Figure 299: Import Script Window3 In the From field, specify the location on your local system where the script file in XML formatresides.4 In the Script name field, enter the name of the script file to import.5 Click Import to import the script into Ridgeline.NOTEExported EPICenter 6.0 telnet macros cannot be imported as XML scripts.Exporting a ScriptTo save a script, select Save As... from the File menu. Ridgeline prompts you for the name of the scriptand for an optional script comment. You can save the script on the Ridgeline server, or you can clickExport to and specify a directory on your local system. The script is saved in XML format.414Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Figure 300: Save Script As dialogDeleting a ScriptTo delete a script, complete the following steps:1 Expand the list of items in the Network Administration folder, and click Scripts.2 In the script table, select one or more scripts you want to delete.3 From the Edit menu, select Delete.4 Click Yes to confirm the script deletion.Categorizing ScriptsYou can optionally assign scripts to categories, such as “VLAN Scripts”, “Port Scripts”, and so on.Placing scripts into logical groups in this way can aid in filtering the information displayed in theScripts table. This can be useful if you have a large number of scripts to manage. The category youcreate also becomes a menu option in the Tools > Run Script menu.To assign a script to a category, complete the following steps:1 Expand the list of items in the Network Administration folder, and click Scripts.2 In the script table, select the script you want to categorize.Ridgeline <strong>Reference</strong> <strong>Guide</strong>415
Creating and Executing Ridgeline Scripts3 From the Action menu, select Categorize. The following window is displayed:Figure 301: Categorize Script Window4 To create a new category, click New, and specify a category name.5 To assign the script to a category, click the button next to the category and click Save.After a script has been assigned to a category, you can filter the scripts table using the category name.For example:Figure 302: Filtering the Scripts Table by Category NameSpecifying a Ridgeline Script as an Alarm ActionYou can define an alarm to execute a script when the alarm is triggered. See “Defining Alarm Actions”on page 318 for information about how to do this.Configuring Script TasksYou can optionally designate Ridgeline scripts as tasks to be executed according to a pre-set schedule.When you configure a Ridgeline script, if you select the option to save it as a script task, the script taskappears in the Script Tasks table.416Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Figure 303: Script Tasks TableFrom the Script Tasks table, you can configure parameters for a script task as well as specify a schedulefor running it. To configure a script task, double-click it in the table, or highlight it and select Openfrom the File menu. The Script Task Configuration window is displayed.Figure 304: Script Task Configuration Window●●●●On the Script tab, you can specify global or device-specific parameters for the script.On the Device and order tab you can specify the sequence of devices on which the script is executed.On the Run-time settings tab you can specify run-time comments, audit log settings, and a timeoutvalue for the script.On the Schedule tab, you can configure the script to run at specified times, either on a one-time orrecurring basis. You can also specify how often the script is run.To save the configuration for the script task, select Save from the File menu. To run the script task,select Run from the Actions menu.Ridgeline <strong>Reference</strong> <strong>Guide</strong>417
Creating and Executing Ridgeline ScriptsRidgeline Script <strong>Reference</strong>This section contains reference information for Ridgeline scripts. It contains the following topics:● “Metadata Tags” on page 418● “Ridgeline-Specific Scripting Constructs” on page 420● “Tcl Support in Ridgeline Scripts” on page 423● “Entering Special Characters” on page 423● “Line Continuation Character” on page 424● “Case Sensitivity in Ridgeline Scripts” on page 424● “Reserved Words in Ridgeline Scripts” on page 424● “<strong>Extreme</strong>XOS CLI Scripting Commands Supported in Ridgeline Scripts” on page 424● “Ridgeline-Specific System Variables” on page 427Metadata TagsA Ridgeline script may contain a metadata section, which can serve as a usability aid in the scriptinterface. The metadata section, if present, is the first section of a Ridgeline script, followed by the scriptlogic section, which contains the CLI commands and control structures in the script. The metadatasection is delimited between #@MetaDataStart and #@MetaDataEnd tags. A metadata section is optionalin a Ridgeline script.You can use metadata tags to specify the description of the script, as well as parameters that the scriptuser can input. The information specified by the metadata tags appears in the Overview tab for thescript.NOTERidgeline script metadata tags are backwards-compatible with Ridgeline UPM profile metadata tags.#@MetaDataStart and #@MetaDataEndIndicates the beginning and end of the metadata section of the script. In order for descriptioninformation and variable input fields to appear in the Overview tab for a script, the correspondingmetadata tags must appear in the metadata section.Example#@MetaDataStart# @SectionStart (description = “Protocal Configuration Section”)Set var protocolSelection eaps# @SectionEnd# @SectionStart (description = “vlan tag section”)Set var vlanTag 100#@MetaDataEnd418Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19#@ScriptDescriptionSpecifies a one-line description of the script. The description specified with this tag cannot contain anewline character.Example#@ScriptDescription “This is a VLAN configuration script.”#@DetailDescriptionStart and #@DetailDescriptionEndSpecifies the beginning and end of the detailed description of the script. The detailed description can bemultiple lines or multiple paragraphs. Each line in the description should be commented. The detaileddescription is shown in the Script View tab in the script editor window.Example#@DetailDescriptionStart#This script performs configuration upload from Ridgeline to the switch.#The script only supports tftp.#This script does not support third party devices.#@DetailDescriptionEnd#@SectionStart and #@SectionEndSpecifies the beginning and end of a section within the metadata part of a script. If this is the lastsection of the metadata, ending with a #@MetaDataEnd tag, then the #@SectionEnd tag is not required.Once a section starts with the #@SectionStart tag, the previous section is automatically ended.Example# @SectionStart (description = “Protocol Configuration Section”)Set var protocolSelection eaps# @SectionEnd#@VariableFieldLabelDefines user-input variables for the script. For each variable defined with the #@VariableFieldLabeltag, you specify the variable’s description, scope, type, and whether it is required.DescriptionScopeTypereadonlyvalidValuesRequiredLabel that appears as the prompt for this parameter in the Overview tabWhether the parameter is device-specific or global (uses the same value for all devices)Valid values: global, device. Default value is global.Parameter data type. This determines how the parameter input field is shown in theoverview tab. Valid value: String (shows the parameter input field as a text field in theoverview tab).Whether the parameter is read-only and cannot be modified by the user. Valid values:Yes, No. Default value is No.Lists all possible values a parameter can take. All values should be separated bycommand and put into square bracket.Whether specifying the parameter is required to run the script. Valid values: Yes, No.Ridgeline <strong>Reference</strong> <strong>Guide</strong>419
Creating and Executing Ridgeline ScriptsExample#@VariableFieldLabel (description = “Partition:”, scope = global,#required = yes, validValue = [Primary,Secondary], readOnly=false)set var partition “”Ridgeline-Specific Scripting ConstructsThis section describes the scripting constructs that are specific to Ridgeline.Specifying the Wait Time Between CommandsAfter the script executes a command, the sleep command causes the script to wait a specified numberof seconds before executing the next statement.Syntaxsleep Example# sleep for 5 seconds after executing a commandsleep 5Printing System VariablesThe printSystemVariables command prints the current values of the system variables. Specifically,values for the following variables are printed:●●●●●●●●●●●deviceIPdeviceNameserverNamedeviceSoftwareVerserverIPserverPortdatetimeabort_on_errorCLI.OUTrunModeSyntaxprintSystemVariablesExample# Display values for system variablesprintSystemVariables420Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Configuring a Carriage Return Prompt ResponseA special string within the script, , indicates a carriage return in response to a prompt for acommand.SyntaxExampledownload image 10.22.22.22 t.txt //cancel downloadSynchronizing the Device with RidgelineThe PerformSync command manually initiates a synchronization for specified Ridgeline feature areasand scope.SyntaxPerformSync [-device ] [-scope ][-vlan ]If -device is not specified, the current device (indicated by the $deviceIP system variable) is assumed.if -scope is not specified, INVENTORY scope is assumed. The -vlan option is only applicable if VLANscope if chosen.The PerformSync command is executed in an asynchronous manner. That is, when the command isexecuted, Ridgeline moves on to the next command in the script without waiting for thesynchronization to complete.Examples# Perform sync for TopologyPerformSync -scope TOPOLOGYIf there are multiple VLANs in the -vlan argument, enclose them in double quotes. For example:PerformSync -scope VLAN -vlan "foo,bar"Saving the Configuration on the Device AutomaticallyThe run time settings for script may include the option to issue the save command in the backgroundafter the script is run successfully on the device. If an error is encountered as a result of the savecommand, a “Save command failed” alarm is issued in Ridgeline against the device.Sending Events to RidgelineYou can configure a script to send events to Ridgeline from the device where it is run. The events aredisplayed in the Ridgeline alarm browser.Ridgeline <strong>Reference</strong> <strong>Guide</strong>421
Creating and Executing Ridgeline ScriptsIn order for an event to be displayed in the alarm browser, the corresponding event should be added tothe alarm definition (if not already present), and the target device should be included in the scope of thealarm (in the alarm definition) prior to sending events.SyntaxSendEvent [-subtype ] messageWhere can be one of the following:1 Ping failed2 Ping OK3 SNMP Reachable4 SNMP Unreachable5 Reachability unknown6 Configuration Upload Failed7 Configuration Upload OK8 Custom Event9 Device Reboot10 Overheat11 Fan Failed13 High Trap Count14 Policy Configuration Start15 Policy Configuration End16 Device Policy Configuration17 Power Supply Failed18 Device Warning From Ridgeline19 Syslog Flood20 One-Shot Event No Longer Valid21 Rogue Access Point Found22 Stacking Link Down23 Stack Member Down73 Configuration Download Failed74 Configuration Download OK100 EAPS Domain State Changed - ERROR101 EAPS Domain State Changed - WARNING102 Scripts, save operation failed103 A background script execution failed104 Script eventExample#Send Configuration Download Failed event if error occursdownload image 10.210.14.4 image.txtif ($STATUS != 0) thenSendEvent -subtype=73 ${CLI.OUT}endif422Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Printing a String to a FileThe ECHO command prints a specified string to a file.SyntaxECHO "string"Example# Write Device IP address to fileECHO "device ip is $deviceIP"NOTEThe Tcl puts and ECHO commands have the same function. However, the ECHO command is not casesensitive,while the puts command is case-sensitive.Tcl Support in Ridgeline ScriptsThe following Tcl commands are supported in Ridgeline scripts:Table 10: Tcl commands supported in Ridgeline scriptsTcl Commandsafter concat for info lrange puts set unsetappend continue foreach interp lreplace read split updatearray eof format join lsearch regexp string uplevelbinary error gets lappend lsort regsub subst upvarbreak eval global lindex namespac rename switch variableecatch expr history linsert open return tell vwaitclock fblocked if list package scan time whileclose flush incr llength proc seek traceSee http://www.tcl.tk/man/tcl8.2.3/TclCmd/contents.htm for syntax descriptions and usageinformation for these Tcl commands.Entering Special CharactersIn a Ridgeline script, you can use the backslash character as the Escape character if you need to enterspecial characters, such as “ ” (quotation marks) : (colon), or $ (dollar sign).Exampleset var value 100set var dollar \$valueshow var dollar>>> $valueRidgeline <strong>Reference</strong> <strong>Guide</strong>423
Creating and Executing Ridgeline ScriptsNOTEDo not place the backslash character at the end of a line in a Ridgeline script.Line Continuation CharacterThe line continuation character is not supported in Ridgeline scripts. Each command statement shouldbe placed on a single line.Case Sensitivity in Ridgeline ScriptsThe commands and constructs in a Ridgeline script are not case-sensitive. However, if a command isreferenced inside another command, the inner command is case-sensitive. In this instance, the innercommand case should match how it appears in the Ridgeline documentation.Example (Usage of the Ridgeline command ECHO)echo hi (valid)echo [echo hi] (error)echo [ECHO hi] (valid)Reserved Words in Ridgeline ScriptsThe following words cannot be used as variable names in a Ridgeline script. They are reserved byRidgeline.● Names of system variables (see “Ridgeline-Specific System Variables” on page 427)●●●●Names of Ridgeline command extensions (see “Ridgeline-Specific Scripting Constructs”)Names of <strong>Extreme</strong>XOS CLI commandsepic_responseFileIdNames of Tcl functionsIn addition, you should not use a period (.) within a variable name. Use an underscore instead.<strong>Extreme</strong>XOS CLI Scripting Commands Supported in RidgelineScriptsThe CLI commands in this section are supported in Ridgeline scripts.$VAREXISTSChecks if a given variable has been initialized.Switch CompatibilityThis command is supported on devices running <strong>Extreme</strong>XOS 12.1 and higher.424Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Exampleif ($VAREXISTS(foo)) thenshow var fooendif$TCLEvaluates a given Tcl command.The $TCL command is supported within following constructs:●●●set varifwhileSee Table 10 for a list of supported Tcl commands.Switch CompatibilityThis command is supported on devices running <strong>Extreme</strong>XOS 11.6 and higher.Exampleset var foo $TCL(expr 3+4)if ($TCL(expr 2+2) == 4) then$UPPERCASEConverts a given string to upper case.The $UPPERCASE command is supported within following constructs:●●●set varifwhileSwitch CompatibilityThis command is supported on devices running <strong>Extreme</strong>XOS 11.6 and higher.NOTEThe $UPPERCASE command is deprecated in <strong>Extreme</strong>XOS 12.1 CLI scripting. The $TCL(stringtoupper ) command should be used instead.Exampleset var foo $UPPERCASE("foo")Ridgeline <strong>Reference</strong> <strong>Guide</strong>425
Creating and Executing Ridgeline Scriptsshow varPrints the current value of a specified variable.Switch CompatibilityThis command is supported on devices running <strong>Extreme</strong>XOS 11.6 and higher.Exampleshow var foodelete varDeletes a given variable. Only local variables can be deleted; system variables cannot be deleted.Switch CompatibilityThis command is supported on devices running <strong>Extreme</strong>XOS 11.6 and higher.Exampleset var foo bardelete var fooif ($VAREXISTS(foo)) thenECHO "this should NOT be printed"elseECHO "Variable deleted."endifconfigure cli mode scripting abort-on-errorConfigures the script to halt when an error is encountered.If there is a syntax error in the script constructs (set var / if ..then / do..while ), execution stopseven if the abort_on_error flag is not configured.Switch CompatibilityThis command is supported on devices running <strong>Extreme</strong>XOS 11.6 and higher.Exampleenable cli scripting\$UPPERCASE uppercase# should not printshow var abort_on_error426Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 19Ridgeline-Specific System VariablesThe following system variables can be set in Ridgeline scripts:$abort_on_error$CLI.OUT$CLI.SESSION_TYPE$date$deviceIP$deviceLogin$deviceName$deviceSoftwareVer$deviceType$epicenterUser$isExosWhether the script terminates if a CLI error is encountered; 1 aborts on error, 0 continues onerror.The output of the last CLI commandThe type of session for the connection to the device, either Telnet of SSHThe current date on the Ridgeline serverThe IP address of the selected deviceThe name of the login user for the selected deviceThe DNS name of the selected deviceThe version of <strong>Extreme</strong>XOS running on the selected deviceThe product type of the selected deviceThe name of the Ridgeline user running the scriptWhether the device is an <strong>Extreme</strong>XOS device. Possible values are True or False$portSelected port numbers, represented as a string. If the script is not associated with a port, thissystem variable is not supported.$serverIPThe hostname of the Ridgeline server$serverNameThe hostname of the Ridgeline server$serverPort The port number used by the Ridgeline web server; for example, 8080$STATUSThe execution status of the previously executed <strong>Extreme</strong>XOS command, 0 if the command wasexecuted successfully, non-zero otherwise$time$vendorThe current date on the Ridgeline serverVendor name of the device; for example, <strong>Extreme</strong>Ridgeline <strong>Reference</strong> <strong>Guide</strong>427
Creating and Executing Ridgeline Scripts428Ridgeline <strong>Reference</strong> <strong>Guide</strong>
20CHAPTERUsing the Ridgeline Audit LogThis chapter describes how to use the Ridgeline Audit Log for:●●●Displaying information about UPM profiles, Ridgeline scripts, and network provisioning tasks thathave been deployed on managed devicesViewing details about deployed UPM profiles, Ridgeline scripts, and network provisioning tasksCorrecting and redeploying UPM profiles and Ridgeline scriptsIt contains the following sections:● “Audit Log Overview” on page 429● “Displaying Audit Log Details” on page 431Audit Log OverviewThe Ridgeline Audit Log is a means for viewing information about the UPM profiles, Ridgeline scripts,and network provisioning tasks that have been deployed in your network.You can use the Audit Log as a troubleshooting aid to reveal errors when UPM profiles and Ridgelinescripts are deployed unsuccessfully. Using the Audit Log, you can correct the errors and redeploy theprofiles or scripts.Audit Log ViewTo display the Audit Log, click on Audit Log under the Network Administration folder. The Audit Logview is displayed, as shown in Figure 305.Ridgeline <strong>Reference</strong> <strong>Guide</strong>429
Using the Ridgeline Audit LogFigure 305: Audit Log ViewTime Period FilterLog Items FilterDetails FilterLog TableDetails TableThe Audit Log View has separate tabs to display information about the deployed UPM profiles,Ridgeline scripts, and network provisioning tasks.Within each tab are filters that allow you to limit the information in the display based on the timeperiod deployed, log table contents, or details table contents. The log table contains information abouteach deployed profile, script, or provisioning activity task. The details table contains information aboutthe deployment results of a selected profile, script, or provisioning activity on each device where it wasrun.Filtering the Audit Log ViewThe log table displays all of the profiles, scripts, or provisioning tasks that meet the filter criteriadefined in the Time Period and Log Items filter. For example, you can specify for the Time Period filterto display all scripts deployed over the past 24 hours. When you do this, the filtered list of scriptsappears in the log table.You can further filter the log table by entering text in the Log Items filter. For example, if you enterVLAN in the Log Items filter, the log table shows only rows that contain the text VLAN. Using the drop-430Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 20down search menu, you can specify additional filter criteria, including column name, case-sensitivity,and wildcard matching.Displaying Audit Log DetailsTo display details about a deployed UPM profile, Ridgeline script, or network provisioning task, clickon a row in the log table. Information about the selected item appears in the details table. If you doubleclickon the row, the details are displayed in a separate window, as shown in Figure 306.Figure 306: Audit Log Details WindowThe Audit Log Details window displays the name of the deployed profile or script, user-definedcomments, and who created it.The following columns are displayed:Action TimeNameIP addressResultPortsThe time that the script or profile was deployed.The name of the device where the profile or script was deployed.IP address of the device.Result of the deployment, successful or unsuccessful.The ports on which the script or profile were deployed.You can display additional information about how a script was deployed on a specific device byselecting Open from the File menu, or double-clicking a row in the table. When you do this, theResponse Detail window is displayed, as shown in Figure 307.Ridgeline <strong>Reference</strong> <strong>Guide</strong>431
Using the Ridgeline Audit LogFigure 307: Response Detail Window for a ScriptThe response detail window displays messages generated when the script was run. As atroubleshooting aid, you can review the contents of the window for error messages.For provisioning tasks, Ridgeline displays the progress and results for the task when it was run.Figure 308: Audit Log Details Window for a Provisioning TaskClick on a row in the window to display additional information about each operation carried outduring the provisioning task.432Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 20Redeploying Profiles or ScriptsIf the deployment result for a profile or script was unsuccessful, you can open it from Ridgeline, makecorrections, and redeploy it on the device.To open a profile or script, select it in the Audit Log Details window and then select Open script orOpen profile from the File menu. The script or profile is opened in an editor window. You can thenmake changes to the profile or script, and redeploy it.● For information on editing UPM profiles, see “Using the Universal Port Manager” on page 485.●For information on editing Ridgeline scripts, see “Creating and Executing Ridgeline Scripts” onpage 399.To redeploy a script or profile from the Audit Log, select Rerun from the Action menu. This starts thedeployment wizard for the profile or script.Ridgeline <strong>Reference</strong> <strong>Guide</strong>433
Using the Ridgeline Audit Log434Ridgeline <strong>Reference</strong> <strong>Guide</strong>
21CHAPTERUsing the IP/MAC AddressFinderThis chapter describes how to use the IP/MAC Address Finder for:● Creating search requests for locating specific MAC or IP addresses, and determining the devices andports where they are located.● Creating search requests to identify the MAC and IP addresses on specific devices and ports.It contains the following sections:● “Overview of the IP/MAC Address Finder” on page 435● “Tasks List Summary Window” on page 437● “Creating a Search Task” on page 438● “Detailed Task View” on page 441Overview of the IP/MAC Address FinderUsing the IP/MAC Address Finder you can specify a set of Media Access Control (MAC) or InternetProtocol (IP) network addresses, and a set of network devices to query for those addresses. The appletreturns a list of the devices and ports associated with those addresses. You can also specify a set ofdevices and ports, and search for all MAC and IP addresses that appear on those devices and ports.The Search Tool lets you configure and start a search task, view the status of the task, view the taskresults, and export the results either to your local system or to the Ridgeline server system. The taskspecification and results are kept in the task list until you delete them, or until you end your Ridgelinesession by logging out.The IP/MAC Address Finder supports two types of searches: a Database search, which looks for aMAC or IP address among edge port information maintained in the Ridgeline database, and a <strong>Networks</strong>earch, which searches switches on the network for the specified MAC or IP addresses.If you have configured Ridgeline to do MAC polling, Ridgeline maintains in its own database theinformation it learns about edge ports from the switches it polls. (See Chapter 23, “AdministeringRidgeline” for information on setting MAC Poller properties to enable MAC polling). In this case, theIP/MAC Address Finder can search for addresses within the database rather than searching over thenetwork. If you do not have MAC polling enabled, the IP/MAC Address Finder will always do anetwork search.Ridgeline <strong>Reference</strong> <strong>Guide</strong>435
Using the IP/MAC Address FinderIn a network search the IP/MAC Address Finder searches the IP Address Translation Table (theipNetToMediaTable) in each device agent for IP addresses, and the Forwarding Database (FDB) forMAC addresses of the switches in your search domain to find address information. If you specify asearch for a specific IP address, the IP/MAC Address Finder will attempt to ping that address from theswitches you have included in the search domain.<strong>Extreme</strong>Ware Software RequirementsThe IP/MAC Address Finder requires certain versions of <strong>Extreme</strong>Ware to be running on your <strong>Extreme</strong>switch in order to retrieve data from an IP address or MAC address search task.Table 11 lists versions of <strong>Extreme</strong>Ware and whether or not they are currently supported by the IP/MACAddress Finder.Table 11: <strong>Extreme</strong>Ware Requirements for Using the IP/MAC Address Finder<strong>Extreme</strong>Ware <strong>Version</strong> Requirements6.1.5 Not supported.6.1.6 through 6.1.9 Supported using the using the dot1dTpFdbTable. Use the enable snmpdot1dTpFdbTable command to enable the dot1dTpFdbTable on the switch.6.2 and later Fully supported using a private MIB.Displaying the IP/MAC Address FinderTo display the IP/MAC Address Finder in Ridgeline, click on Network Views. From the Tools menu,select Find IP and/or MAC address. The IP/MAC Address Finder window displays, as shown inFigure 309. Initially no search requests display.Figure 309: IP/MAC Address Finder Window436Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 21Tasks List Summary WindowAs search tasks are initiated, they are placed in the Find Address Tasks List in the Component Tree.Selecting the Find Address Tasks folder in the Component Tree displays a summary of the status of thetasks in the Task List (see Figure 310).Figure 310: Tasks List SummaryThe Tasks List shows you basic information about the tasks you set up:IDNameSearch TypeStatusDate SubmittedDate CompletedAutomatically assigned by the Ridgeline server.The name you gave the task when you created it. Giving a task a unique name isimportant to distinguish it from other tasks in the Tasks List.The type of search this will perform (Database of Network).Shows the status of the request.Shows the date and time the task was submitted.Shows the date and time the task was finished.From the Tasks List you can perform the following functions:CancelDeleteReRunCloneExportExport LocalSelect a Pending task and click Cancel to cancel the task before it has completed.Select a task and click Delete to delete an individual task. This deletes the taskspecification as well as the task results. Once a task has completed, it cannot be rerununless it is the most recent task completed.Select a task and click ReRun to execute the task againSelect a task and click Clone to bring up the Find Addresses window with thespecifications of the selected task already displayed.Select a task and click Export to export the task details to a text file. See “ExportingTask Results to a Text File” on page 443for more information.Select a task and click Export Local to export the task details locally to a text file onyour local system. See “Exporting Task Results to a Text File” on page 443 for moreinformation.Ridgeline <strong>Reference</strong> <strong>Guide</strong>437
Using the IP/MAC Address FinderNOTEThe specified tasks and their search results persist as long as you logged in to Ridgeline, even if you leavethe IP/MAC Address Finder and go to another Ridgeline feature. However, when you exit Ridgeline, all the taskspecifications and search results are deleted.Creating a Search TaskTo create a search task, click the Find button in the Tool bar at the top of the IP/MAC AddressFinder page. This displays the Find IP and MAC Addresses window (Figure 311).NOTEIf you have already submitted a task, the most recent task with its specifications is displayed in the FindAddresses window.Figure 311: Find IP and MAC Addresses WindowThe fields in this window are as follows:Task NameSearch TargetsA user-defined name for the task. The name helps you identify the task in the FindAddress Tasks List. Names of the form, such as Task 1, Task 2, and so on, areprovided by default.The search criteria for addresses to find.438Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 21Enter an Address areaAddRemove AddressAddresses to FindSearch TypeDatabaseNetworkSearch DomainsSource TypeSelect GroupDevices/Domains/Ports/Port GroupsAddRemoveThe addresses to be located:• IP lets you enter an IP address (as four octets).• MAC lets you enter a MAC address (as six hexadecimal tuples).• All specifies that the IP/MAC Address Finder should find all addresses in the TargetDomain.• WildCard enables a search for a MAC address defined only by the first threehexadecimal tuples.Adds the specified address to the Addresses to Find list.Removes selected addresses from the Addresses to Find list.Lists the addresses to find based on search criteria specified in the Enter an Addressarea.Define the search type: Database or Network.Database performs a search from the Ridgeline database using the collected edge portinformation. Ridgeline does not report unreachable devices with this type of search.This option results in a much faster search.A database search will not be available if MAC Polling is disabled; see “MAC PollingProperties” on page 478 for information on enabling or disabling MAC Polling.Network performs a search from the network by searching the devices in the searchdomain. This option may take longer to complete, but can provide more current results.If you perform a network search, Ridgeline reports unreachable devices.Define the search domain criteria (the devices to be searched) for a Network search.Note: No search domain can be specified if you are doing a Database search.Specifies the type of elements that will appear in the search domains list, from whichyou can select to add to the Target Domain.Devices: Displays a list of individual devices from the device group specified in theSelect Group field.Device Groups: Displays a list of device groups (domains).Ports: Displays devices and ports from the device group specified in the Select Groupfield.Port Groups: Displays a list of Port Groups.If you select Devices or Ports as the Source Type, you must also select a DeviceGroup from the Select Group field to define the list of devices that will appear in theDevices list. If you select Device Groups or Port Groups, this field will be inactive.Select a device group, to display the devices in that group in the search domains list.Displays a list of components from which you can select to include in the TargetDomains list. The types of components available in this list is determined by yourselection in the Source Type field.Moves the selected component to the Target Domains list.Removes the selected component from the Target Domains list.Ridgeline <strong>Reference</strong> <strong>Guide</strong>439
Using the IP/MAC Address FinderRemove AllTarget DomainsRemoves all components from the Target Domains list.Lists the devices, device groups (domains), ports, or port groups to be included in thesearch. Devices not included in the Target Domain will not be searched.Select the Device, Port, Device Group, or Port Group that you want to search and clickthe Add button to move it into the Target Domains list.For each item you have added to the Target list, the following is displayed:Type: The type of target—Devices, Device Groups, Ports, Port GroupsValue: The name, IP address, or port number of the selected targetDevice Status: If the target is a device or port, shows the status of the device:• Online.• Offline—Device Status is offline when the manageability status of the device isdisabled.• Marginal—Device Status is marginal when a fan failure or power failure occurs orwhen the device becomes too hot.• Down—Device Status is down when it does not respond to SNMP requests.To remove a member from the Target Domains list, select the item in the list and clickRemove. To clear the Target Domains list, click Remove All.To create a search task to do a Database search:1 Provide a name in the Task Name field.2 Define the search targets.You can paste a MAC address or IP address into the address field; place the cursor into the first cellof the address and paste an address you have copied, using your system’s keyboard paste command(Ctrl-V in Windows). For example, you might copy an address from a report or a syslog entry topaste into the IP/MAC Address Finder.3 Select Database as the search type.4 Click the Submit button at the bottom of the window to initiate the search.NOTEA Database search is only available if you have MAC Polling Enabled. If you specify a database search,you cannot specify a search domain; the entire Ridgeline database will be searched.To create a search task to do a Network search:1 Provide a name in the Task Name field.2 Define the search targets.3 Select Network as the search type.4 Define the search domain. The Target Domains list specifies the scope of the devices to be includedin the search. Devices not included in this domain are not searched.Select the devices, ports, Device Groups, or Port Groups that you want to search and click the Addbutton to move them into the Target Domains list.You can create a target domain that includes a combination of these specifications.NOTEThe IP/MAC Address Finder does not support hierarchical port groups. If you have created port groupsin Ridgeline that include subgroups as members, those subgroups will not appear in the Target Domains list.440Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 21Instead, any ports that are members of subgroups will be displayed directly under the top-level port group, as ifthey are members of the top-level group.5 When you have completed your search specification, click the Submit button at the bottom of thewindow to initiate the search.The IP/MAC Address Finder searches the IP Address Translation Table (the ipNetToMediaTable) ineach device agent for IP addresses, and the Forwarding Database (FDB) for MAC addresses.NOTEThe IP/MAC Address Finder will not identify a device’s own IP address when you search for IP addresseson that device. In other words, it will not find IP address 10.2.3.4 on the switch whose address is 10.2.3.4. It canonly find addresses that are in the agent’s IP Address Translation table, and a device’s own address is not includedin the table. The IP/MAC Address Finder will find the address on the other switches that have connectivity to theswitch with the target IP address, however.NOTEEach search task can return a maximum of 2,000 MAC address entries. If a search returns more than2,000 entries, a warning message is displayed in the status window. If you see a warning message, add additionalsearch constraints to reduce the number of returned MAC addresses to less than 2,000.Detailed Task ViewWhen you initiate a search, the task is placed in the Find Address Tasks list in the Component Tree. Themain panel displays the Detailed Task View for the current search task.While the task is in progress, the window shows the status as Pending. When the search is complete,the Detailed Task View shows the results for the search (Figure 312).Ridgeline <strong>Reference</strong> <strong>Guide</strong>441
Using the IP/MAC Address FinderFigure 312: Address Search Results in the Detailed Task ViewThe Detailed Task View shows the following information about your search:Task NameStatusSearch TypeSubmittedEndedThe name you gave the task when you created it. Giving a task a unique name isimportant to distinguish it from other tasks in the Tasks List.Shows the status of the request.The type of search (Database or Network).Shows the date and time the task was submitted.Shows the date and time the task was finished.The Search Criteria areas shows:Addresses to FindSearch DomainsThe list of IP or MAC addresses that were the object of the searchFor a Network search only, the Search Domains where the search took place. This willbe empty when the search type is Database.For a Network search, the Search Domains lists shows:Type: The type (Devices, Device Groups, Ports, Port Groups) of the components in thedomain specificationValue: The name of the component (group or device name)Device Status: If the target is a device or port, shows the status of the device: Online orOffline/DownThe Search Results list shows the results of the search. For every address successfully located, this listshows:MAC AddressIP AddressSwitchPortUserThe MAC addressThe corresponding IP addressThe switch to which the address is connectedThe port to which the address is connectedThe User (name) currently logged in at that address442Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 21Once the search is complete, the search results will stay in the Tasks List until you explicitly delete themusing the Delete Function from the Tasks List Summary View, or until you exit Ridgeline.From the Task Detail window you can complete the following:CancelDeleteReRunCloneExportExport LocalCancel a running task.Delete this task. This deletes the task specification as well as the task results.Execute the task again.Bring up the Find Addresses window with the specifications of the selected task alreadydisplayed.Export task search results to a text file on the server machine. See “Exporting Task Results toa Text File” on page 443for more information.Export task search results locally to a text file on your local system. See “Exporting TaskResults to a Text File” on page 443 for more information.The text field located above the action buttons (Delete, ReRun, Clone) provides search status details,such as a list of devices that are offline or not reachable.Exporting Task Results to a Text FileYou can export a task’s detail results or search results to a text file. You can do this from the Tasks List.To export the detail or search results to a file, complete the following steps:1 From the Detailed Task View, click the Export button to save the file on the Ridgeline server. Clickthe Export Local button to save the file locally.If you select Export, the Export pop-up dialog is displayed.If you select Export Local, a Save File dialog is displayed.2 Enter a file name and subdirectory name in the fields provided.If you select Export:- Detail and search result files for a task are saved in the Ridgeline user.war/AddressFinderResultsdirectory, which is a subdirectory of the Ridgeline installation directory. You can optionallyspecify a subdirectory within the AddressFinderResults directory by entering the subdirectoryname into the Directory field.- By default, a search result exported file will be given a name created from the current date, time,and task name. For example, the results for task “Task 2” run on April 25, 2006 at 3:52 pm will besaved in a file named 2006_4_25_1552_Task 2.txt. You can change the file name by replacingthe name in the File Name field.If you select Export Local:- Select the location where you want the file to be saved.- You must provide a file name, it is not predefined for this option.3 Click the Apply button to save the results.Click Reset to clear all the fields.Click Close to close the dialog without saving the file.Ridgeline <strong>Reference</strong> <strong>Guide</strong>443
Using the IP/MAC Address Finder444Ridgeline <strong>Reference</strong> <strong>Guide</strong>
22CHAPTERReal-Time StatisticsThis chapter describes how to use the Real-Time Statistics applet for:●●Viewing percentage utilization or total errors data for multiple ports in an <strong>Extreme</strong> <strong>Networks</strong> switch,a switch slot, or a port group.Viewing historical utilization, total errors, or individual errors data for a specific port on an <strong>Extreme</strong><strong>Networks</strong> switch.It contains the following sections:● “Overview of Real-Time Statistics” on page 445● “Displaying Multi-Port Statistics” on page 448● “Displaying Statistics for a Single Port” on page 450● “Changing the Display Mode” on page 451● “Setting Graph Preferences” on page 452● “Taking Graph Snapshots” on page 454Overview of Real-Time StatisticsThe Real-Time Statistics feature of the Ridgeline software enables you to view a graphical presentationof utilization and error statistics for <strong>Extreme</strong> <strong>Networks</strong> switches in real time. The data is taken fromManagement Information Base (MIB) objects in the etherHistory table of the Remote Monitoring(RMON) MIB. The Real-Time Statistics function is supported only for <strong>Extreme</strong> <strong>Networks</strong> switches.NOTEYou must have RMON enabled on the switch in order to collect real-time statistics for the switch. You canenable RMON for a switch using the enable rmon CLI command.You can view data for multiple ports on a device, device slot, or within a port group, and optionallylimit the display to the “top N” ports (where N is a number you can configure). If you choose to viewmultiple ports, the display shows data for the most recent sampling interval for the selected set of ports.The display is updated every sampling interval.Ridgeline <strong>Reference</strong> <strong>Guide</strong>445
Real-Time StatisticsYou can also view historical statistics for a single port. If you choose to view a single port, the displayshows the value of the selected variable(s) over time, based on the number of datapoints the MIBmaintains in the etherHistory table.You can choose from a variety of styles of charts and graphs as well as a tabular display.You can view the following types of data:Percent UtilizationTotal ErrorsIndividual ErrorsError VariablesThe percent of utilization for each port in the set (device, port group, or single port).This percent reports the value of the etherHistoryUtilization MIB object. The MIBdefines this variable as the best estimate of the mean physical layer networkutilization on this interface during this sampling interval, graphed in percents.Note that <strong>Extreme</strong> devices use only the ingress utilization (Rx) value whendetermining the utilization percentage and populating it in the etherHistoryUtilizationMIB object.Total number or errors for each port in the set (device, port group, or single port).Total Errors is the sum of the six error variables shown below.The total errors number takes into account both ingress (Rx) and egress (Tx) traffic.The number of individual errors for a single port. An individual errors display showsthe six error variables shown below.RMON etherHistory error variables for port error displays.• etherHistoryCRCAlignErrors The number of packets received during this sampling interval that had a lengthbetween 64 and 1518 octets, inclusive (excluding framing bits but including FrameCheck Sequence (FCS) octets), but that had either a bad FCS with an integralnumber of octets (FCS Error) or a bad FCS with a non-integral number of octets(Alignment Error).• etherHistoryUndersizePkts The number of packets received during this sampling interval that were less than 64octets long (excluding framing bits but including FCS octets) and were otherwisewell formed.• etherHistoryOversizePkts The number of packets received during this sampling interval that were longer than1518 octets (excluding framing bits but including FCS octets) but were otherwisewell formed.• etherHistoryFragments The total number of packets received during this sampling interval that were lessthan 64 octets in length (excluding framing bits but including FCS octets) had eithera bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error)or a bad FCS with a non-integral number of octets (Alignment Error).• etherHistoryJabbers The number of packets received during this sampling interval that were longer than1518 octets (excluding framing bits but including FCS octets), and had either a badFrame Check Sequence (FCS) with an integral number of octets (FCS Error) or abad FCS with a non-integral number of octets (Alignment Error).• etherHistoryCollisions The best estimate of the total number of collisions on this Ethernet segment duringthis sampling interval.Real-Time Statistics FunctionsTo display statistics for a device, click on the device and select Statistics from the Tools menu.446Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 22Real-Time Statistics Function ButtonsThe buttons at the top of the main Real-Time Statistics applet provide the following functions:Table 12: Real-Time Statistics Function ButtonsSelect this to determine whether the display for a device or port group will include all ports, or onlythe top N ports (where N is initially fifteen). Click the icon to toggle between the red X, whichindicates the top N limitation is not in effect, and a green check, which indicates that the top Nports are being displayed. The top N ports are displayed in order from highest (largest percentutilization or largest total errors) to lowest. The number of ports (N) is a user-configurable setting.This option is available only for multi-port displays.Select this to display the data as a line graph. This chart type is especially useful when displayingindividual errors for a single port.Select this to display the data as a pie chart. This chart type is available only when you aredisplaying statistics for multiple ports on a device, device slot, or in a port group. The maximumnumber of slices in the pie is a user-configurable setting. It is initially set to display 10 slices.Select this to display the data as a bar chart. A 3D bar chart is the default for all chart displays.The 3D setting is also a user-configurable option.Select this to display the data as a horizontal bar chart. This chart type by default displays in 3D.The 3D setting is also a user-configurable option.Select this to display the data as a stacked bar chart. This chart type is only available when youare displaying individual errors for a single port.Select this to display the data as an area chart. This chart type by default displays in 3D. The 3Dsetting is also a user-configurable option.Select this to display the data as a table.Select this to zoom in on (magnify) the size of the display. You can select this repeatedly to zoomup to three times the screen size.Select this to zoom out (shrink) the size of the display. You can select this repeatedly until thechart is the desired size.Select this to display grid lines on the background of the chart.Determines whether the graph data is updated automatically at every sampling interval. Click onthe icon to toggle between continuous updates, and suspended updates.Select this to take a “snapshot” of the graph or table view of the current real-time statistics data.Select this to bring up the graph preferences pop-up window. You can change a variety of settings,such as graph and data colors, the sampling interval, or the number of ports in a top N display.Ridgeline <strong>Reference</strong> <strong>Guide</strong>447
Real-Time StatisticsDisplaying Multi-Port StatisticsYou can select a device, slot, or port group to display statistics on all the ports in that item, or you canselect an individual port to display statistics for the port.NOTEThe Real-Time Statistics applet does not support hierarchical port groups. If you have created port groupsthat include subgroups as members, the subgroups will not appear in the Component Tree of the Real-Timestatistics applet. Instead, any ports that are members of subgroups will be displayed directly under the top-level portgroup, as if they are members of the top-level group.For a port, you can display individual errors in addition to utilization and total errors.●●Select a network device to display data for some or all ports on the device.Select a port group to display data for all ports in the port group.You will first see a message saying “Please wait, loading statistics data.” If the Ridgeline server issuccessful in accessing the data, utilization data is displayed as shown in Figure 313.Figure 313: Bar Chart Showing Port Statistics for a Group of PortsIf you place the cursor near a bar in the chart, a pop-up window shows the port number and device,actual data value, and the time stamp on the data sample.448Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 22You can use the mouse to change the depth and rotation of a three-dimensional chart:●●Hold down the [Shift] key, press the left mouse button, and drag the cursor left or right to rotate thegraph.Hold down the [Ctrl] key, press the left mouse button, and drag the cursor up or down to set thedepth of the three-dimensional view.For any of the bar graphs, move the cursor and then wait to see the change take effect, which may takea few seconds.There are cases where you may not see data for every port you expect in a multi-port display:●●You have selected the “top N” feature (top 15 by default), so only the “N” ports with the highestutilization or the highest total number of errors are displayed.RMON is disabled for some ports on the switch. If the switch as a whole can be reached and isreporting data, then individual ports that do not report data will be ignored. No error messageappears in this case.If the Ridgeline server is not successful in loading data from the device, it displays a message similar tothat shown in Figure 314.Figure 314: Warning displayed when the Ridgeline server cannot retrieve dataThere are several reasons why the Ridgeline server may not be able to display any device data:●●The Ridgeline server cannot communicate with the device (indicated by an “S” in a red circle next tothe device name).The device does not have RMON enabled, or RMON was just recently enabled and no data samplesexist yet.Ridgeline <strong>Reference</strong> <strong>Guide</strong>449
Real-Time Statistics●The device is marked offline.Displaying Statistics for a Single PortIn addition to displaying data for a set of ports, you can display historical data for an individual port.You can select a port in one of two ways:● Double-click on the data point for an individual port in the device or port group statistics display(bar, data point, or pie slice in the respective chart, or row in a tabular display).● Click on a device, device slot, or port group to list the ports it contains, then select a port.A set of utilization statistics for the selected port is displayed, as shown in Figure 315.Figure 315: Utilization data over time for an individual port on a deviceThe number of data points displayed, and the sampling interval are user-configurable parameters,within the limitations of the device’s RMON configuration. The defaults are:●●A 30-second sampling interval50 data points displayed450Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 22NOTEFor BlackDiamond switches, only 25 data points are displayed because that is the maximum number ofvalues the switch stores as historical data.For an individual port, you can display individual errors in addition to utilization and total errors.Select the tab at the bottom of the page to generate one of these displays. Figure 316 is an example.Figure 316: Individual errors in a single-port chartChanging the Display ModeThe buttons at the top of the page let you select the format of the statistical display, and control severalother aspects of the display. The commands on the Statistics menu perform the same functions. You canchange the display mode in the following ways:● Apply a top 15 limitation, which means only the top 15 ports should be displayed. The top 15 portsare displayed in order from highest (largest percent utilization or largest total errors) to lowest. Thenumber of ports is a user-configurable setting and is 15 by default. This option is available only formulti-port displays.● Display the data as a line graph, pie chart, bar chart, horizontal bar chart, stacked bar chart, or anarea chart.● Display the data as a table.Ridgeline <strong>Reference</strong> <strong>Guide</strong>451
Real-Time Statistics●●●●Zoom in (magnify) or Zoom out (shrink) the display.Display grid lines on the background of the chart.Take a “snapshot” of the graph or table view of the current real-time statistics data.Open the graph preferences pop-up window where you can change a variety of settings, such asgraph and data colors, the sampling interval, or the number of ports in a top N display.See “Setting Graph Preferences” on page 452 for a more complete description of the display functions.Setting Graph PreferencesTo change the graph settings used in this applet, click the Prefs function button.The Graph Preferences window is displayed, as shown in Figure 317.Use the tabs across the top of the window to select the type of setting you want to change. Each tabdisplays a page with a group of related settings. When you have changed any setting you want on agiven page:●●Click Apply to put the changes into effect, but keep the Graph Preferences window open so you canmake changes on another page.Click OK to put the changes into effect and close the Graph Preferences window.NOTEThe Graph preferences settings are not persistent—if you log out of Ridgeline, the settings will return tothe defaults.Graph View (Figure 317) lets you change from 3D to 2D displays, and change the values for the 3Ddepth, elevation and rotation.Figure 317: Setting 3D Graph PreferencesThe fields in this window are as follows:Set 3D Graph View box To change to a 2D graph view, click the Set 3D Graph View box to remove the checkmark.View Depth Controls the depth of a bar. The default is 10, maximum is 1000.452Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 22View ElevationControls the elevation (rise) from the front of the bar to the back, in degrees. Thedefault is 10°, range is ±45°.View Rotation Controls the angle of rotation of the bar, in degrees. The default is 12°, range is ±45°.Minimum GraphedUtilizationMinimum Graphed ErrorsSpecifies the minimum scale for the Y axis for utilization graphs. The default is 1.0(1%), meaning that the Y axis will not show less than 1% as the top value of the Yaxis.Specifies the minimum scale for the Y axis for error graphs. The default is, meaningthat the Y axis will not show less than 25 errors as the top value of the Y axis.The Graph Colors tab (Figure 318) lets you set the colors for the graph background and text (data andaxis labels).Figure 318: Setting Graph Color PreferencesTo change a color, click on a button with the color bar icon. This displays a color selection windowwhere you can select the color you want. You can select a color using color swatches, or by specifyingHSB or RGB values.The fields in this window are as follows:Set Graph Background ColorSet Graph Foreground ColorSet Plot Background ColorSets the color of the background surrounding the graph.Sets the color of the text and bar outlines.Sets the color of the background behind the graph data.The Data Colors tab (Figure 319) lets you set the colors used for the various data sets in your graph.Figure 319: Setting Data Color PreferencesRidgeline <strong>Reference</strong> <strong>Guide</strong>453
Real-Time StatisticsTo change a color, click on a button with the color bar icon. This displays a color selection windowwhere you can select the color you want. You can select a color using color swatches, or by specifyingHSB or RGB values.The fields in this window are as follows:Set Data Color 1Set Data Color 1 through 12The color used for Utilization and Total Error graphs.The colors used for the different errors in a individual errors chart.Data colors in order starting from 1 are used in a pie chart, for as many slices as you’ve specified. (Ifyou specify more than 12 slices, the colors will repeat, with slice 13 using the same color as slice 1.)The Graph Data tab (Figure 320) lets you set several miscellaneous graph parameters.Figure 320: Setting Other Graph PreferencesThe fields in this window are as follows:Top N Display Count Specifies the number of ports to include in a Top N display. The default is 15,maximum is 100.Pie Slice Display Count Specifies the number of slices to display in a pie chart. The default is 10, maximum is50.Historical Data DisplayCountHistorical Data SamplingIntervalSpecifies the number of historical data points to display in a graph for an individualport. The default is 50, the maximum value you can set is 100. However, the actualmaximum number of data points you can get is determined by the SNMP agentrunning in the device from which you are getting data.The sampling interval to use when displaying historical data. Select a choice from thepull-down list. The choices in the list are determined by the configuration of the devicefrom which you are getting data.Taking Graph SnapshotsThe Real-Time Statistics Snapshot feature lets you take a static image of a graph or table view of thecurrent real-time statistics data. The snapshot generates a persistent HTML page that is displayed in aseparate window (see Figure 321).454Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 22Figure 321: Snapshot of Real-Time Statistics Graph DisplayTo take a snapshot, click the camera icon located in the toolbar at the top of the RT Statistics appletwindow. The snapshot image will be displayed in a new window in the same form (graph or table) as itwas in the RT Statistics applet. Graph images reflect the current display size and graph type (pie, bar,etc.).From the window, the snapshot image can be saved as a file, printed, or sent by e-mail, just as with anyother HTML page.When a graph image is displayed in the window, you can click a link below the initial display to changethe way the data is displayed:display tabledisplay graph/tabledisplay graph imageReformats the data as a table.Displays both the graph and table formats on the same HTML page.Displays the data as a graph, in the style in which it was displayed when the snapshotwas taken.Ridgeline <strong>Reference</strong> <strong>Guide</strong>455
Real-Time StatisticsNOTEOnce you select “display graph image” you can no longer change the display format to a table or to adual display. However, you can use the browser “Back” button to go to the previously displayed page.When you snapshot a table, you cannot change to a graph from within the snapshot image window.The HTML page persists in a snapshot image cache until the Ridgeline server is restarted, or until theimage cache becomes full. When the image cache reaches its limit, older snapshot images will bedeleted as needed to make room for new snapshot images.456Ridgeline <strong>Reference</strong> <strong>Guide</strong>
23CHAPTERAdministering RidgelineThis chapter describes how to use the Ridgeline Administration functions for the following:●●●●●●●Changing your own user password, for users without Administration accessAdding and deleting Ridgeline usersSetting and modifying user permissions RidgelineConfiguring the Ridgeline server as a RADIUS client for user authenticationEnabling or disabling Ridgeline Syslog receiver functionalityModifying Ridgeline server properties to change settings such as polling rates, time-outs, portassignments and other similar settingsConfiguring Ridgeline for a distributed server configurationIt contains the following sections:● “Overview of User Administration” on page 457● “Administration Functions” on page 458● “User Administration” on page 461● “Changing Your Password” on page 463● “Role Administration” on page 464● “RADIUS Administration” on page 467● “Server Properties Administration” on page 469● “Distributed Server Administration” on page 482Overview of User AdministrationIn order to log in to the Ridgeline server and use its management features, you must have a usernameand password. A Ridgeline administrator can create and modify user accounts, passwords, and accountpermissions through the Ridgeline Administration window. Individual users, regardless of their roles,can change their own password using the Ridgeline Administration window.NOTERidgeline <strong>Reference</strong> <strong>Guide</strong>457
Administering RidgelineBy default, Ridgeline provides its own authentication and authorization for Ridgeline users. However,through the Ridgeline Administration window, you can configure Ridgeline to act as a RemoteAuthentication Dial In User Service (RADIUS) client, allowing it to use an external RADIUS server toauthenticate Ridgeline users. Alternatively, you can configure an external RADIUS server to return userrole information as well as user authentication. Or you can configure Ridgeline to act as a RADIUSserver; however, the RADIUS server built into Ridgeline should only be used for demonstration ortesting purposes. It should not be used to provide primary authentication services in a productionenvironment.Finally, the Ridgeline Administration window provides an interface that allows a Ridgelineadministrator to modify a number of properties that affect the performance and configuration of theRidgeline server. These properties are stored in the Ridgeline database along with other Ridgeline data.Administration FunctionsUnlike many of the other Ridgeline functions, the Administrator function does not provide access to itsfeatures through menus. Instead, functional areas are accessed through tabs in the RidgelineAdministration window.The Ridgeline Administration window provides the standard Ridgeline menus (File, Tools, and Help).Right-click pop-up menus are not available in this feature.Ridgeline Access RolesThe Ridgeline server provides four predefined roles that define levels of access to Ridgeline functions:AdministratorDisabledManagerMonitorUsers who can create, modify, and delete user accounts, and can create or modifyroles. By default Administrators also have read/write access to all other Ridgelinefeatures, enabling them to modify device parameters as well as view status informationand statistics.Users whose account information is maintained, but who do not have Ridgeline access.Users who, by default, have read/write access to all Ridgeline features (but do nothave Administrator capabilities). They can modify device parameters as well as viewstatus information and statistics.Users who, by default, have read-only access to Ridgeline features—they can viewstatus information and statistics.The access for each of these roles can be specified on a feature-by-feature basis. With the exception ofthe Disabled role, access to Ridgeline features can be changed or disabled per feature (see “Adding orModifying a Role” on page 462). A Ridgeline Administrator can also create new roles as needed. Theseroles can have any combination of access to features. While access to Ridgeline features can be changedor disabled for the Administrator role, the administrator’s ability to create, modify, and delete useraccounts and roles cannot be changed.The four predefined roles cannot be deleted.In addition to modifying Ridgeline feature access through roles, an Administrator can disable access toindividual Ridgeline features on a global basis. When a feature is globally disabled, it cannot be enabledfor any roles. See “Features Properties” on page 472 for information on globally enabling or disablingRidgeline features.458Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23The Ridgeline server provides two default users:adminuserUser with Administrator role access. This user cannot be deleted.User with Monitor role accessThe two default users do not initially have passwords. All other usernames must be added and enabledby an Administrator user.Regardless of your access role, you can run the Ridgeline Administration window to change your ownpassword. Users with an Administrator role can add and delete users and assign user access levels.NOTEThe Ridgeline user accounts are separate from the <strong>Extreme</strong> switch user accounts. You can configure boththrough the Ridgeline software, or you can have switch access independently of the Ridgeline software.Access to <strong>Extreme</strong> SwitchesThrough the Ridgeline software, you can enable three levels of access to <strong>Extreme</strong> switches:AdministratorNo AccessUserUser can modify device parameters as well as view status information and statistics.User does not have switch access (cannot login, cannot obtain device statusinformation, cannot change device settings or configuration.User can view device status information and statistics, but cannot modify anyparameters.These permissions enable access to <strong>Extreme</strong> <strong>Networks</strong> switches through Telnet.The use of the RADIUS server avoids the need to maintain usernames, passwords, and accesspermissions in each switch, and instead centralizes the configuration in one location in the Ridgelineserver.Ridgeline and RADIUS AuthenticationBy default Ridgeline provides its own authentication and authorization for Ridgeline users. However,Ridgeline can be configured to act as a client to an external RADIUS server.RADIUS provides a standard way for the Ridgeline software and <strong>Extreme</strong> <strong>Networks</strong> switches to handleuser authentication, permitting the unification of the <strong>Extreme</strong>XOS CLI, and Ridgeline userauthentication.When Ridgeline acts as a RADIUS client, the external RADIUS server can be configured using a VendorSpecific Attribute (VSA) to provide user role information to Ridgeline along with the login andpassword authentication.The Ridgeline software incorporates a basic RADIUS server that may be useful for demonstration ortesting purposes. However, the built-in RADIUS server should not be used in a productionenvironment. It is not sufficiently robust for use as an authentication service in a productionenvironment.Ridgeline <strong>Reference</strong> <strong>Guide</strong>459
Administering RidgelineFor additional information about Ridgeline and RADIUS authentication, refer to “Using RADIUS forRidgeline User Authentication” on page 589.Setting Ridgeline Server PropertiesThe Server Properties tab of the Ridgeline Administration window allows a Ridgeline administrator tomodify a number of parameters that affect server performance and function. These includecommunication parameters such as polling intervals, time-outs, port usage, number of retries, and anumber of other parameters.460Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23User AdministrationYou must be logged in as a user with the Administrator role to administer Ridgeline users.On the User Administration page you can create and delete users, and modify user account settings:passwords, roles and <strong>Extreme</strong>Ware RADIUS access.To access the Ridgeline Administrator window, click Users, Roles, and Servers under the RidgelineAdministration folder.The User Administration page appears, as shown in Figure 322. Initially, the only users are “admin” and“user.”Figure 322: User Administration WindowNOTEIf you have not done so already, you should add a password for the “admin” user account. By defaultneither the “admin” or “user” accounts have a password when Ridgeline is first installed. See “Adding or ModifyingUser Accounts” on page 462 for further information.When you select a user in the Users list, the Ridgeline Feature Access list at the bottom of the pagedisplays that user’s access on a feature-by feature basis, as determined by his current Role. To changethis list, you can either assign a different role to the user, or modify the feature access defined for thecurrent Role (which will affect all users with that Role).Ridgeline <strong>Reference</strong> <strong>Guide</strong>461
Administering RidgelineRidgeline Access RolesAccess to <strong>Extreme</strong> SwitchesChanging Your PasswordUser AdministrationRole AdministrationRADIUS AdministrationServer Properties AdministrationDistributed Server AdministrationAdding or Modifying User AccountsTo add users to the Ridgeline database, or to modify Ridgeline user account access, follow these steps:1 Click Add to add a new user.Select a User Name and click Modify to change a user’s password, Ridgeline access role, or<strong>Extreme</strong>Ware access.A New User window or Edit User window appears (Figure 323).Figure 323: New User and Edit User WindowsThe fields in these windows are:User NamePasswordVerify PasswordRole<strong>Extreme</strong>Ware RADIUSAccount AccessThe Ridgeline login name for the user. This is filled in and cannot be modified if youare editing an existing user.The password for this user.The password typed a second time for verification.The Ridgeline Role for this user. The four basic roles (Administrator, Disabled,Manager, and Monitor) are presented, along with any additional roles a Ridgelineadministrator may have defined.Thee <strong>Extreme</strong>Ware RADIUS Access level for this user:• Administrator access allows the user to modify device parameters as well asview status information and statistics.• User access allows the user to view device status information and statistics, butnot modify any parameters.• No Access provides no access privileges, but keeps the user’s accountinformation in the Ridgeline database.2 For a new user, enter the appropriate information. For an existing user, make the necessary changesto the password, role or <strong>Extreme</strong>Ware access. Note the for the user “admin” you cannot change therole. (The user “admin” cannot be deleted, either.)462Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 233 Click OK.The new user information is stored in the Ridgeline database.NOTEA change to a user account does not take effect until the next time the user logs in.Deleting a UserYou must be logged in as a user with the Administrator role to delete users.To delete a user, follow these steps:1 From within the Ridgeline Administration window, click the User tab to show the UserAdministration page.2 Select the User Name you want to delete and click Delete.NOTEYou cannot delete the “admin” user.A confirmation window appears.3 Click Yes.This removes all information about this user account from the Ridgeline database.NOTETo remove all access privileges for a user without removing the user account from the Ridgeline database,use the Modify User function and change the Role to Disabled.Changing Your PasswordTo change your password, follow these steps:1 Click Users, Roles, and Servers under the Ridgeline Administration folder.The User Administration window appears, as shown in Figure 324.Ridgeline <strong>Reference</strong> <strong>Guide</strong>463
Administering RidgelineFigure 324: Change PasswordThe window shows your username, Ridgeline role and <strong>Extreme</strong>Ware RADIUS Access level, but youcannot change them.2 Click Modify and the Edit User window appears.3 Type your new password in the Password field, and type it again in the Verify Password field.4 Click OK.Your new password is stored in the Ridgeline database.NOTEThe change does not take effect until the next time you log in.Role AdministrationIf your user role is Administrator, you can add, modify and delete Ridgeline roles.Roles let you define different combinations of access to the features of Ridgeline. For each feature, a rolecan provide Read/Write Access, Read-only access, or have access disabled for a feature.464Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23The Ridgeline server provides four predefined roles:AdministratorManagerMonitorDisabledUsers who can create, modify, and delete user accounts, and can create or modifyroles. By default Administrators also have read/write access to all other Ridgelinefeatures, enabling them to modify device parameters as well as view status informationand statistics.Users who, by default, have read/write access to all Ridgeline features (but do nothave Administrator capabilities). They can modify device parameters as well as viewstatus information and statistics.Users who, by default, have read-only access to Ridgeline features—they can viewstatus information and statistics.Users whose account information is maintained, but who do not have Ridgeline access.Except for the Disabled role, you can modify the feature access for each of these roles, but you cannotdelete them. You can also create new roles with a combination of access to various Ridgeline features.NOTEFeature access can be globally disabled through Server Properties administration. If a feature is globallydisabled you cannot provide access to the feature through any role. See “Features Properties” on page 472 fordetails.To administer roles, click the Roles tab from within the Ridgeline Administration window.The Roles Administration page opens, as shown in Figure 325.Figure 325: The Roles Administration WindowRidgeline <strong>Reference</strong> <strong>Guide</strong>465
Administering RidgelineWhen you select a role, the feature setting for the role are displayed in the Ridgeline Feature Access listat the bottom of the page.Adding or Modifying a RoleTo add or modify a user role, follow these steps:1 To add a role, click Add.To modify a role, select the role and click Modify. (You cannot modify the Disabled role).A Role: New or Role: Modify window opens (see Figure 326).Figure 326: The Role: New and Role: Modify Windows2 For a new role, enter the role name and an optional description.For an existing role, you can change the description and feature access, but not the role name.3 Select the level of access the role should allow for each feature. The levels of access are:DisabledRead OnlyRead/WriteA user with this role cannot access this feature. The icon will not appear in theNavigation Toolbar when a user with the role logs into Ridgeline.A user with this role has read only access to this feature. This means the user cansee any status or statistics displays, but cannot make any changes (such asdiscovering or adding devices, creating Topology maps, and so on).A user with this role has full access to this feature.NOTEFor the predefined roles (Administrator, Manager, and Monitor) you can disable access to Ridgelinefeatures, but you cannot change a feature from Read/Write to Read Only or vice-versa. The Administrator and466Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23Manager roles always provide full access to any features for which access is enabled, and the Monitor roleprovides only Read Only access to any features for which access is enabled.4 Click Apply to create or modify the role.If features are globally disabled through the Features Properties settings under the Server PropertiesConfiguration tab, you will not be able to select those features when you add or modify a role. TheAccess column will show Globally Disabled instead of access options. The STP and VoIP features areglobally disabled by default, and this is shown in Figure 326.Deleting a RoleTo delete a role, follow these steps:1 From within the Ridgeline Administration window, click the Roles tab to show the RoleAdministration page.2 Select the role you want to delete and click Delete.NOTEa user.You cannot delete any of the predefined roles. You also cannot delete a role that is currently assigned toA confirmation window appears.3 Click Yes.This removes the role from the Ridgeline database.RADIUS AdministrationIf your user role is Administrator, you can enable Ridgeline as a RADIUS client, and change its port orthe RADIUS secret. By default RADIUS authentication is disabled.Enabling Ridgeline as a RADIUS client means that when a user attempts to login to the Ridgelineserver, Ridgeline will request authentication from an external RADIUS server. The external RADIUSserver can also be configured to return role information to Ridgeline along with a successfulauthentication. If this feature is enabled, you must create corresponding roles in Ridgeline for every rolethat the RADIUS server may return. If a user is authenticated with a role that Ridgeline does notrecognize, the user will be given the Monitor role by default. See the Ridgeline Concepts and Solutions<strong>Guide</strong> for information on configuring this in the RADIUS server.Disabling RADIUS in Ridgeline means that Ridgeline’s RADIUS server will not be available forauthenticating users, and it will not request user authentication from an external RADIUS server.To change the Ridgeline server RADIUS configuration, click the RADIUS tab at the top of the page. TheRADIUS Administration page appears, as shown in Figure 327.Ridgeline <strong>Reference</strong> <strong>Guide</strong>467
Administering RidgelineFigure 327: RADIUS Administration pageRADIUS Client ConfigurationTo enable Ridgeline as a RADIUS client, complete the following steps:1 Click the Enable Ridgeline as a RADIUS Client button at the top of the page.This enables the fields in the Client Configuration panel.It is recommended, but not required, that both a primary and a secondary RADIUS server beavailable for authentication.2 Fill in the name or IP address of the primary and secondary RADIUS servers.3 The default port used for the RADIUS server is 1812. If either RADIUS server uses a different port,enter that port number in the appropriate RADIUS Port field.NOTEThe port you enter must match the port configured for the RADIUS server or Ridgeline will not be ableto access the RADIUS server.4 Enter the RADIUS server’s shared secret in the RADIUS Secret field for both the primary andsecondary RADIUS servers.This shared secret is a shared key by which the RADIUS server and its clients recognize each other,and which they use for secure transmission of user passwords.468Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23NOTEIf the shared secret is changed in either of the RADIUS servers, you must change it in Ridgeline aswell, or else Ridgeline will no longer be able to access the RADIUS server.5 Click Apply to have the configuration changes take effect.NOTESome configuration may be required on the external RADIUS server to allow Ridgeline to authenticateusers with various roles. See the Ridgeline Concepts and Solutions <strong>Guide</strong> for a full explanation of how to configurean external RADIUS server to perform Ridgeline user authentication.Disabling RADIUS for RidgelineTo disable the use of RADIUS authentication, complete the following steps:1 Click the Disable RADIUS button at the top of the page.2 Click Apply to have the configuration changes take effect.Server Properties AdministrationIf your user role is Administrator, you can modify the values of a number of properties that affect thefunction and performance of the Ridgeline server.To modify server properties, complete the following steps:1 Click the Server Properties tab at the top of the page.The Server Properties Configuration page appears, as shown in Figure 328. This page displaysDevices properties when it is first opened, and you can select other properties to set from the dropdownmenu at the top of the page.Ridgeline <strong>Reference</strong> <strong>Guide</strong>469
Administering RidgelineFigure 328: Server Properties Configuration, Devices Page2 Select a set of properties from the drop-down menu. You can select from these sets of properties:- Devices- Features- Scalability- SNMP- External Connections- MAC Polling- OtherThe Server Properties Configuration page displays the properties in that set.3 Type a new value into the field for the property you want to change, or click a check-box to turn onor off an option. The specific properties and their meanings are discussed in the following sections.4 Click the Apply button to cause your changes to take effect.You can undo your changes in one of two ways:- Click the Reset button to restore the values that the displayed properties held when you firstentered this page.- Click the Reset to Defaults button to restore the values to the Ridgeline server default values (thevalues in effect immediately after installation).5 For some changes, you will need to restart the Ridgeline server for the changes to take effect. A popupdialog box will inform you that this is necessary.Click OK to dismiss the dialog box, and then shut down and restart the Ridgeline server.See the Ridgeline Installation and Upgrade Note for information on how to shut down and restart theRidgeline server.470Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23Devices PropertiesDevices properties page are shown in Figure 328. When you select Devices from the drop-down menufield at the top of the properties panel, you can set the following properties:Telnet Login TimeoutPeriod (sec)Device HTTP PortThe length of time, in seconds, after which a CLI/Telnet login request to a switchshould time out. The default is 10 seconds, the range is 1 to 30 seconds.The port that the Ridgeline server will use to communicate with an <strong>Extreme</strong> switch’sweb server to run <strong>Extreme</strong>Ware Vista. Default is port 80.Device Telnet Port The port that the Ridgeline server will use to Telnet to a switch. Default is port 23.Device SSH PortUpload/Download TimeoutPeriod (sec)Reboot TimeoutPeriod (min)Syslog Server settings:Enable Syslog ServerThe TCP port number that Ridgeline uses to connect with the switch using the SSHprotocol. The default is port 22.The length of time, in seconds, after which a configuration upload or downloadoperation should time out. If some devices have a large number of VLANs, the timeoutmay need to be increased to allow an upload or download operation to completesuccessfully without timing out.The length of time, in minutes, to wait for a device to reboot after an image/bootromupgrade in the Firmware Manager. Default is 5 minutes. some devices may requiremore time for a device to reboot.A check specifies that the Ridgeline server can function as a Syslog receiver to receiveSyslog messages. Uncheck the checkbox to disable syslog server functionality. Thedefault is enabled.Note: For Solaris, you must stop the Solaris Syslog server before you can enableRidgeline’s syslog server. To stop the server in Solaris, enter the command /etc/init.d/syslog stop. In Ridgeline, you can restart the Syslog server by disablingand then re-enabling it.On the device side, remote logging must be enabled, and the switch must beconfigured to log to the Ridgeline server. The default on <strong>Extreme</strong> switches is forlogging to be disabled. You can use the Ridgeline Telnet feature or the <strong>Extreme</strong>WareCLI to configure your switches appropriately. See the Ridgeline Concepts andSolutions <strong>Guide</strong> for more information on setting up Syslog access.Syslog Server Port The port used for remote syslog communication from a switch. Default is port 514.Accept SysLogMessages with minSeveritySave ChangedConfigurations OnlyAutomatically saveconfiguration on devicePoll Devices using TelnetThe minimum severity level of messages to be logged in a switch Syslog file. Allmessages with Severity equal to or higher than the setting you select will be logged.For example, if you select 2: Critical, then messages of severity 2 (Critical), 1 (Alert),and 0 (Emergency) will be logged. The default is 6: Information.A check specifies that device configurations should be uploaded by the ConfigurationManager Archive feature only when the device configuration has changed (the default).Uncheck the checkbox to specify that switch configurations should always be uploadedat the scheduled archive time.A check indicates that Ridgeline automatically saves the configuration to a switchwhenever configuration changes are made. This is the default setting. If this checkboxis not checked, you must use the Save command to save changes to a switchconfiguration.Uncheck the checkbox to disable CLI/Telnet polling. This disables ESRP polling as wellas EDP polling. It also disables polling for Netlogin information, and disables FDBpolling for edge port MAC address information.Ridgeline <strong>Reference</strong> <strong>Guide</strong>471
Administering RidgelineSave Switch Password forVista LoginUse Ridgeline login/password for Telnet/SSHA check specifies that Ridgeline should save the switch password in the database foruse when logging into a switch using <strong>Extreme</strong>Ware Vista(accessible from the Devices sub-menu). If you disable (uncheck) this property, you willbe required to login to each switch in order to view Configuration and Statisticsinformation through the Web interface. The default is enabled (passwords will besaved).A check indicates that the Ridgeline login name and password should be used forestablishing user-initiated Telnet or SSH2 sessions with the switch. Backgroundfunctions, including trap handling, polling, and scheduled operations continue to usethe Telnet/SSH login and password configured for the switch using the InventoryManager.Features PropertiesSelect Features from the drop-down menu at the top of the properties panel to display the FeatureProperties page, as shown in Figure 329.Figure 329: Feature PropertiesFrom this list, you can globally control which Ridgeline features appear in the Navigation menu.Disabling a feature through the Features Properties menu disables it for all Ridgeline users, regardlessof their role. Features may also be enabled and disabled on a role-by-role basis, so that only users with472Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23access based on the role will be affected. See “Role Administration” on page 464 for more informationon Roles.To globally disable a feature, uncheck the checkbox for that feature, then click Apply. Check thecheckbox to enable a feature.Disabling a feature has the following effects:● Removes the associated feature from the Navigation menu for all Ridgeline users.●●Removes the entries, if appropriate, from the Device submenu available from a right-click pop-upmenu, from the Ridgeline Tools menuMakes the feature unavailable when creating or modifying roles.In some cases, disabling a feature has additional effects:● Disabling the Alarm Manager disables the generation and processing of alarms. However, traps andevents are still logged, and traps are still forwarded if required.● Disabling the Alarm Manager or the Configuration Manager removes the associated report linksfrom the main Reports page.Enabling a feature restores it to the Navigation menu and restores the appropriate Ridgeline menus andpop-up menus.By default, all features are globally enabled.NOTEIn some cases, the change takes effect as soon as you click Apply. In other cases, such as the enablingthe Configuration Manager, the Ridgeline server must be restarted. A notification is displayed if a restart is required.You can control the following features in this panel:Ethernet Services provisioningEthernet Services monitoringEAPS provisioningVLAN provisioningVMAN provisioningMapsPBB provisioningThis feature allows users to create and modify E-Line and E-LAN services.Unchecking this feature automatically unchecks the Ethernet, EAPS, VLAN, andVMAN services in this panel, although these features can be individuallyrechecked.Allows users to view the E-Line and E-LAN services created through Ridgeline.When this feature is disabled, users cannot see Ethernet services in All Table orAll Map network views, or when they have selected Services from the NetworkViews branch.Allows users to create and modify EAPS domains. Monitoring EAPS domains isbase functionality. When this feature is disabled, users cannot make changes toEAPS domain configurations.Allows users to create and modify VLANs. Monitoring VLANS is basefunctionality. When this feature is disabled, users cannot make changes to VLANconfigurations, but can still view VLAN configurations.Allows users to create and modify VMANs. Monitoring VMANS is basefunctionality. When this feature is disabled, users cannot make changes to VMANconfigurations, but can still view VMAN configurations.Allows users to create, modify, and view network maps for device groups.Allows users to create and modify BVLANs. Unchecking this option automaticallyunchecks PBB monitoring, although PBB monitoring can be individuallyrechecked.Ridgeline <strong>Reference</strong> <strong>Guide</strong>473
Administering RidgelinePBB monitoringStatisticsVPLS monitoringAlarm ManagerAudit LogConfiguration ManagerFirmware ManagerProfile ManagerScriptsDevice ManagerIP/MAC address finderOptionsTelnetAllows users to monitor BVLANs and related SVLANs, CVLANs, and ISIDs. Whenthis feature is disabled, users cannot view PBB information in the All Table or AllMap network views.Allows users to view utilization and error statistics for ports, devices, and portgroups. When this feature is disabled the Statistics option is disabled in the Toolsmenu whether or not a device is selected.Allows users to view VPLS domains. When this feature is disabled, users cannotview VPLS information in the All Table or All Map network views.Allows users to create, modify, and view alarms. When this feature is disabled,the Alarms option is disabled in the Device menu, whether or not a device hasbeen selected.Allows users to view script and profile-related actions, and run some scripts.When this feature is disabled, the Audit Log option under the NetworkAdministration branch is disabledAllows users to upload, download, and view configuration files. When this featureis disabled, the Configuration Manager option under the Network Administrationbranch is disabled.Allows users to view and upgrade software bootROM images. When this featureis disabled, the Firmware Manager option under the Network Administrationbranch is disabled.Allows users to create and deploy <strong>Extreme</strong>XOS profiles. When this feature isdisabled, the Profile Manager option under the Network Administration branch isdisabled.Allows users to create, run and view system scripts. When this feature is disabled,the Scripts option under the Network Administration branch is disabled.Gives users access to the browser-based <strong>Extreme</strong>XOS ScreenPlay or<strong>Extreme</strong>Ware Vista device management interfaces.Allows users to search for IP and MAC addresses on the network.Allows users access to the options listed.Allows users to telnet into devices.Scalability PropertiesSelect Scalability from the drop-down menu field at the top of the properties panel to modify thesettings for server resources to provide better performance when managing a large number of devices.Scalability properties are shown in Figure 330.474Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23Figure 330: Scalability PropertiesManipulating the thread pool size, default thread allocation size, number of SNMP sessions, and thenumber of traps and syslog messages Ridgeline processes per minute lets you configure the Ridgelineserver to provide better performance based on the amount of server resources (number and speed ofprocessors, amount of memory) available. Changing these values should not normally be necessaryunless you are managing a very large number of devices (more than 1000 devices).If you are managing more than 1000 devices, it is recommended that you run the Ridgeline server on asystem with a 1 GHz or faster processor, and at least 1 GB of physical memory. For such aconfiguration, you may also be able to improve the performance of the Ridgeline server by changing theparameters below.NOTEChanging the scalability properties on a system without suitable hardware could actually decrease theperformance of the Ridgeline server.To see the effects of the current scalability settings, run the Server State Summary Report under Reports.You can set the following properties to affect the scalability of Ridgeline:Thread Pool Size This specifies the maximum number of threads available. The default is 40.Thread Default Alloc SizeTraps per Device in 1/2MinuteThis specifies the default number of threads allocated for a process request. Thedefault is 20.This specifies the maximum number of traps that can be received from an individualdevice in 28 seconds. If more than this number of traps are received from an individualdevice within a 28 second interval, the excess traps are dropped.Ridgeline <strong>Reference</strong> <strong>Guide</strong>475
Administering RidgelineTotal Traps Accepted perMinuteSyslog Messages perDevice in 1/2 MinuteTotal Syslog MessagesAccepted per MinuteNumber of InteractiveTelnet SessionsThis specifies the maximum total number of traps that Ridgeline can receive from allmanaged devices in 55 seconds. If more than this number of traps are received withina 55 second interval, the excess traps are dropped. The default is 275, the maximumyou can set is 500.This specifies the maximum number of syslog messages that can be received from anindividual device in 28 seconds. If more than this number of traps are received within a28 second interval, the excess messages are ignored.This specifies the maximum number of syslog messages that Ridgeline can receive inone minute from all managed devices. If more than this number of messages arereceived within a one-minute interval, the excess messages are ignored. The default is275, the maximum you can set is 500.This specifies the maximum number of interactive Telnet sessions allowed.NOTEYou should not change the values for traps and syslog messages accepted unless the Ridgeline Serverreports dropping lots of traps. Run the Server State Summary Report under Reports to view the current performancemetrics.SNMP PropertiesSelect SNMP from the drop-down menu field at the top of the properties panel to display the SNMPproperties, shown in Figure 331.Figure 331: SNMP Properties476Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23You can set the following SNMP properties in this panel:Poll IntervalTimeout PeriodNumber of RetriesRidgeline Trap ReceiverPortThe interval, in minutes, between SNMP polls of a switch to fetch basic device statusinformation. The default is five minutes. The range is one minute to one hour. You candisable all SNMP polling by setting this property to zero.Note: This Poll Interval is not the same as the Device Polling Interval you can setthrough the Inventory Manager. The Device Polling Interval controls the frequency ofpolling for detailed device information such as software version, BootROM version, andso on. The polling interval set here in the Ridgeline Administration window controls onlythe basic SNMP status information necessary to ensure SNMP reachability, and istypically performed relatively frequently.The length of time, in seconds, to wait for an SNMP poll request to complete beforetiming out. The default is five seconds. The range is one to 60 seconds.This setting determines the time-out interval only for the first unsuccessful SNMPrequest; once a request times out, subsequent requests will time out more slowly,based on an exponential time-out back-off algorithm, until it reaches the maximumnumber of retries.The number of SNMP requests that should be attempted before giving up, for arequest that has timed out. The default is one.The port on which Ridgeline expects to receive traps. Default is port 10550.Trap Fowarding:These provide the default settings for the Trap Forwarding alarm action.HostThe host name or IP address of the system to which traps should be forwardedPort The port on which the specified host receives traps (by default, port 162)CommunityTrap ConversionThe community string for the specified hostThe version of SNMP to which traps should be converted:• No conversion: Trap will be sent as is.• Convert trap to SNMPv1• Convert trap to SNMPv2cExternal Connections PropertiesSelect External Connections from the drop-down menu to display properties for external connections.These properties are shown in Figure 332.Ridgeline <strong>Reference</strong> <strong>Guide</strong>477
Administering RidgelineFigure 332: External Connections PropertiesYou can set the following properties for external connections:Load Information from http://www.extremenetworks.comHTTP Proxy DeviceHTTP Proxy PortA check in this box specifies that Ridgeline can automatically connect to the<strong>Extreme</strong> <strong>Networks</strong> web site to update image information using an external (web)connection.The external connection is used by Ridgeline to query the <strong>Extreme</strong> <strong>Networks</strong> website for the latest versions of <strong>Extreme</strong>Ware software images and BootROMimages. It uses this information to determine if the versions running in yourswitches are current, or are obsolete. This information is shown in the FirmwareManager.This also determines the latest version and patch level of the Ridgeline software,and compare the information to the version currently running. If a newer versionis available, it is noted on the basic status page, displayed when you first launchRidgeline.If you selected Yes to the Automatic Information Updates question when youinstalled the Ridgeline server, this property will be enabled.The IP address or hostname of an HTTP proxy device used to connect to the<strong>Extreme</strong> <strong>Networks</strong> web site if your network uses a firewall. When an HTTP proxyis configured, all HTTP connections are made through the proxy server ratherthan directly to <strong>Extreme</strong> <strong>Networks</strong>.The port number for the HTTP Proxy, used to connect to the <strong>Extreme</strong> <strong>Networks</strong>web site if your network uses a firewall.MAC Polling PropertiesMAC Address polling is used to identify edge ports and get the status of the devices on those ports.MAC Polling must be enabled in order to see the Edge Port FDB display in the Inventory Manager and478Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23Device Properties displays, and to enable a database-only search in the IP/MAC Address Finderwindow. Select MAC Polling from the drop-down menu to display MAC polling properties. Theseproperties are shown in Figure 333.Figure 333: MAC Polling Properties PageRidgeline implements MAC Address polling using Telnet to retrieve FDB and ARP table data from theaffected devices (devices that support FDB polling and for which FDB polling has been enabled in theInventory Manager). Telnet requests are initiated in sets—requests are sent to groups devicessimultaneously. A MAC address polling cycle is complete when these multiple sets of requests haveresulted in the retrieval of FDB table data from all eligible devices. Once a polling cycle is complete, anew polling cycle is started.Individual devices are polled once in each MAC address polling cycle. The interval between polls of theFDB on a given device (the length of time before FDB data is refreshed) is a function of the number ofdevices being polled per cycle, and the interval between the sets of Telnet polls in a complete pollingcycle.Ridgeline calculates the interval between sets of Telnet requests dynamically, based on the length oftime it took for the previous set of Telnet requests to complete. Ridgeline assumes that if a set of Telnetrequests takes a long time to complete, it means the Ridgeline server is more heavily loaded than if therequests complete quickly.The System Load setting tells Ridgeline whether the calculated interval between sets of Telnet requestsshould be relatively longer or shorter compared to the perceived Ridgeline server load. Ridgeline usesthe System Load setting, in conjunction with the time it took for the last set of Telnet requests tocomplete, to determine how long to wait before issuing the next set of Telnet requests.Ridgeline <strong>Reference</strong> <strong>Guide</strong>479
Administering RidgelineThe Server State Summary Report includes Poller Statistics showing the status of the polling activity(see “Server State Summary Report” on page 636).You can set the following properties for MAC polling:Enable MAC PollingSystem LoadA check in this box enables MAC address polling. Polling is disabled by default.Tells Ridgeline how much impact on Ridgeline server performance is acceptable due tothe MAC address polling cycle. Ridgeline uses the System Load setting, in conjunctionwith the length of time it took for the most recent set of Telnet requests to complete, tocalculate how long to wait before issuing the next set of Telnet requests.A setting of Light (recommended) means Ridgeline will calculate a relatively longerinterval before the next set of Telnet requests, to place a lighter load on the Ridgelineserver. This in turn means it will take longer for the server to accomplish a completeMAC Address polling cycle.Moving the load indicator towards Heavy will result in shorter elapsed times betweensets of Telnet requests, at the cost of a heavier load on the Ridgeline server due toMAC address polling. However, if your polling data is frequently out of date, movingthis setting towards Heavy may result in more timely data.Other PropertiesSelect Other from the drop-down menu of the properties panel to display Other Properties, shown inFigure 334.Figure 334: Other Properties480Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23When you select Other from the drop-down menu field at the top of the properties panel, you can setthe following properties:DNS Lookup TimeoutPeriodSession Timeout PeriodServiceWatch URLIP QoS Rule PrecedenceClient PortUpdate Type Library onServerDevice Tree UIPort Tree UIDHCP Temporary LeaseEnable Link Up/Link DownCorrelationTelnet Screen WidthThe time-out period, in seconds, when performing DNS lookup operations for hostsfound through DLCS or when importing from an NT Domain Controller. The default isone second.The non-activity time-out period, in minutes, after which the user is required to re-loginto the Ridgeline server. The default is 30 minutes. You can disable the time-out bysetting the property to -1.To activate the session timeout period, you must also edit thedeploy/extreme.war/client.properties file, andset the epicenter.client.enable.inactivity.monitor setting to true.The URL for accessing ServiceWatch, to allow it to be launched from the RidgelineNavigation Toolbar, and to run in the main Ridgeline window.For example, if ServiceWatch is running on a system named “tampico” at port 2000,you would enter http://tampico:2000 as the ServiceWatch URL. You must thenrestart the Ridgeline server to activate the ServiceWatch integration.The starting value that the Ridgeline server will use for setting precedence for IP QoSrules. This is an integer between 1 and 25,000. The default value is 10,000.The TCP port number that a client will use to connect to the Ridgeline server. Thedefault is 0, meaning that the server will use any available port. You can use thissetting to specify a fixed port number that the Ridgeline server will use. For example, ifthe Ridgeline server is behind a firewall, you may need to provide a fixed port numberto allow clients to connect thought the firewall.This function updates the Ridgeline type library, which is a repository of informationabout devices (primarily from <strong>Extreme</strong> <strong>Networks</strong>) that are supported by Ridgeline.Note: If you are adding a third-party device that had been listed as “unknown” inInventory Manager, then after updating the type library, you must log out of Ridgeline,then log back in again, in order for the device to be shown correctly in InventoryManager.A setting that specifies how devices are identified in the Component Trees and inselected other locations. You can choose to have the component tree show the devicename only, the device name followed by the IP address in parentheses, or the deviceIP address followed by the device name in parentheses. The default is device namefollowed by the device IP address.A setting that specifies how ports are identified in the component trees and in selectedother locations. You can choose to have the component tree show the port numberonly, or the port number followed by the port name in parentheses (if a name ordisplay string has been associated with the port). The default is port number only.A setting that informs the server how long to wait before querying a switch for anetlogin or a permanent IP address from an 802.1x client. The default is 20 seconds.Enables correlation between link up and link down traps on a port. When this isenabled, a Link Down trap that is followed quickly (within 20 seconds) by a Link Uptrap on the same port, will be marked in the Alarm Manager to be ignored. This featureis disabled by default.The number of columns available on the screen for the Telnet application. The defaultnumber of columns is 80. The range is between 40 and 180 columns.Ridgeline <strong>Reference</strong> <strong>Guide</strong>481
Administering RidgelineConfigure Upload FileNameShow device-imagenavigation by defaultThe default file name format for files used to store your uploaded configuration files.This setting changes the global default name format.Type a space to invoke a list of elements you can include. These include the systemname (SysName), IP address, Date, and Time. You can specify the system defaultformat (_) by choosing DEFAULT from the list. You can selectthese elements in any order, but you must include both the IP address and the Timesomewhere in your filename format. Each element you choose is separated from itsneighboring elements by an underscore.You can also include text of your own in the filename format; it will then appear inevery file name Ridgeline creates (until you change the format).This setting can be enabled or disabled.Distributed Server AdministrationNOTEThe Distributed Server functionality is part of the Gold Upgrade, a separately licensed feature of theRidgeline software. If you do not have a Distributed Server license, only Single Server mode and Distributed GroupMember modes are enabled.If your user role is Administrator, if you have a Distributed Server license, and you have multipleRidgeline servers installed on your network, you can configure these servers to operate in a distributedserver mode.Distributed Server mode allows multiple Ridgeline servers, each managing their own sets of devices, tobe designated as a server group, and to communicate status between the servers in the group. Oneserver acts as a Server Group Manager, and the other servers act as server group members.Each server in the server group is updated at regular intervals with a list of other servers, and withnetwork summary and status information from the other servers in the group. In distributed servermode, the Ridgeline home page contains a status information from the other servers in the group inaddition to the standard Network Summary report.To configure the server to operate in distributed server mode, complete the following steps:1 Click the Distributed Server tab at the top of the page.The Distributed Server Administration page appears, as shown in Figure 335.482Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 23Figure 335: Distributed Server Administration pageInitially, the Ridgeline server is configured as a single server. In single server mode, the server does notcommunicate with any other Ridgeline servers. If you have a Distributed Server license, you can changeits configuration to act as a server group member or as the server group master.Configuring a Server Group MemberTo configure your Ridgeline server as a server group member:1 Click the Server Group Member button in the Server Group Type panel at the top of the page.This enables the fields in the Server Group Member panel.2 Enter the host name or IP address of the server that acts as the group manager in the Server GroupManager field.3 Enter the port number to be used to communicate with the Server Group Manager. This port shouldmatch the HTTP port configured for the Ridgeline server acting as the server group manager. Thedefault is port 8080.4 Enter the shared secret in the Secret field.This string is a shared key by which the cooperating Ridgeline servers recognize each other, andwhich they use for secure transmission of server data. The default shared secret is the string secret.NOTEIf you change the secret for one Ridgeline server, you must also change it for all of the other servers inthe group.Ridgeline <strong>Reference</strong> <strong>Guide</strong>483
Administering Ridgeline5 Click Apply to have the configuration changes take effect.Configuring a Server Group ManagerTo function as the Ridgeline Server Group Manager, the server must have a host name that isconfigured through DNS.To enable this Ridgeline server as a server Group Manager, complete the following steps:1 Click the Server Group Manager button in the Server Group Type panel at the top of the page.This enables the fields in the Server Group Manager panel.2 Enter the shared secret in the Secret field.This string is a shared key by which the cooperating Ridgeline servers recognize each other, andwhich they use for secure transmission of server data. The default shared secret is the string secret.NOTEIf you change the secret in one Ridgeline server, you must also change it in all of the other servers inthe group.3 Enter the Poll Interval in minutes. This determines the frequency with which the Server Managercommunicates information to the other server members of the Ridgeline server group. The default is10 minutes.4 Add the other members of the server group to the server list:a Click Add to open the Add Server dialog box.bcEnter the host name or IP address of the member server in the server field. A server memberdoes not need to have a DNS-translatable host name.Enter the port used to communicate with the server member. This must match the HTTP portconfigured for the member serverd Click OK to add this server to the list, or Cancel to cancel the operation.Servers added to this list must be configured as server group members with this server as theServer Group Manager.5 To delete a member server from the list, select the server and click Delete.6 Click Apply to have the configuration changes take effect.484Ridgeline <strong>Reference</strong> <strong>Guide</strong>
24CHAPTERUsing the Universal PortManagerThis chapter describes how to use the Universal Port Manager. In Ridgeline, the Universal Port Manageris known as the Profile Manager.This chapter contains the following sections:● “Overview of the Universal Port Manager” on page 485● “Network Profiles View” on page 488● “Managed Profiles View” on page 502● “Creating and Editing UPM Profiles” on page 508● “Profile Trigger Events” on page 522● “Universal Port Event Variables” on page 522Overview of the Universal Port ManagerThe Ridgeline Universal Port Manager (UPM) provides tools for managing and creating <strong>Extreme</strong>XOSProfiles in Ridgeline and deploying them on the network.Ridgeline UPM provides:● A user-friendly profile editor for rapid profile authoring●●●●●●●●●Centralized monitoring and management of network-wide profilesA repository for storing your profiles and templatesPrepackaged profile templates and the ability to easily import external profilesAbility to deploy profile scripts onto multiple devices in a single deploymentInteractive, real-time profile testing and debugging by event simulationManual and/or periodic network synchronization to track profile changes on the networkDetailed audit log for all profile change activities done by this Ridgeline server to the networkImport profiles from your local machineDiff tool to find out the network profile changes carried out by users manually or using 3rd partytoolsTo start UPM, expand the Network Administration folder and click Profile Manager.Ridgeline <strong>Reference</strong> <strong>Guide</strong>485
Using the Universal Port ManagerUsers with Admin privileges can create, modify, and deploy profiles. All other users can view theprofiles and details but cannot modify, run, or test them.<strong>Extreme</strong>XOS Software RequirementsThe Universal Port Manager manages profiles from switches with <strong>Extreme</strong>XOS version 12.0 or later.Before you start using Ridgeline UPM:●●Make sure that SNMP is enabled on switches, so that you can add devices into Ridgeline's inventory.Enable HTTP or HTTPS on the devices to be managed by the UPM.●●To enable HTTP on the device use the command: enable web httpTo enable HTTPS on the device use the command: enable web httpsUPM FunctionsRidgeline UPM is organized into two functional areas:●●The Network Profiles view, where you can view, enable, disable, edit configuration, run, and deletethe profiles deployed on the <strong>Extreme</strong> devices. You can also change the profile event binding or portbinding configuration on switches.The Managed Profiles view, where you can import, export, create, view, edit, save, delete, test, anddeploy profiles.In addition, you can use the Ridgeline Audit Log to view the profile actions done on the networkdevices by Ridgeline, and redeploy profiles to devices where you had deployed them earlier.You can access the views using the related tabs at the top of the UPM window.For ease of profile management with a large network of devices, use device groups and port groupswhenever possible to facilitate the profile deployment.There are several methods to invoke the functions provided by Ridgeline UPM:● Using the menus at the top of each tabbed window. The available menu items depend on whetheryou have read-only access or read/write access in Ridgeline. Certain menu items are enabled ordisabled depending on what you select in the profiles table in the selected view.●●●Using the function buttons shown directly below the menus in each tabbed window.Using the table cell links displayed in blue with an underline and activated by a single mouse click.Double clicking a table row to open an item.The menu for each functional area changes according to the task you can perform using that view.You can collapse and expand the Filter and Quick Filter panes using the chevron buttons, or by clickingthe title bar of the pane.You can sort the contents in the table by clicking the table column header. An arrow is displayed for thesort direction and a number with the relative sort order. If no arrow is displayed, the table column isunsorted. Click the table column header with the Ctrl key pressed down to perform extended sortingon multiple columns.486Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Figure 336: Universal Port Manager WindowUnderstanding UPM TerminologyThe following table describes the terminology used by Ridgeline UPM.Table 13: UPM TerminologyTermProfilesStatic profileDynamic profileDevice profileUser ProfileRidgeline profileNon-Ridgeline profileDescriptionFiles with commands or scripts that can be run on a switch.A profile that is bound to a USER-REQUEST event. A static profile is an<strong>Extreme</strong>XOS term for a profile not bound to any <strong>Extreme</strong>XOS event.The changes made to a switch using a static-profile or USER-REQUEST triggeredprofile is persistent. If you execute the save config command, the configurationchanges remain even if you reboot the switch.A profile that is bound to events other than a USER-REQUEST event. The scriptsare run only when an event occurs, or when a timer triggers; for example, when anew IP phone is detected on the network.The changes made to a switch by a dynamic profile are not persistent. Thechanges are lost if you restart the switch.A profile that can be triggered by an LLDP DEVICE-DETECT or DEVICE-UNDETECT event.A profile that can be triggered by a USER-AUTHENTICATED or USER-UNAUTHENTICATED event.A switch profile that is saved in Ridgeline.A switch profile that is not saved in Ridgeline.Ridgeline <strong>Reference</strong> <strong>Guide</strong>487
Using the Universal Port ManagerTable 13: UPM TerminologyTermDeployed profileRidgeline Profile StatusTrigger EventEvent BindingPort BindingProfile environmentvariablesSystem variablesScriptingDevice GroupsPort GroupsDescriptionA profile saved in Ridgeline locally and that is deployed on a device on thenetwork. Ridgeline allows you to create a profile and deploy it to devices or toimport profiles already existing on a device into Ridgeline.Status of the Ridgeline Profile on a switch. The status can be:• Same as Deployed – The profile on the switch is the same as the one inRidgeline.• Missing – A profile managed by Ridgeline that was deployed to a device ismissing from the device.• Different than Deployed – The profile on the switch is different from the one inRidgeline records.• N/A – The profile is not saved in Ridgeline. This is a non-Ridgeline profile, soRidgeline status is not applicable.Event that causes a profile to run. For example, when a user is authenticated, adevice is detected, or a timer is triggered.The link between an event and what needs to be executed.The link between the port and the profile execution on the port.Variables (or parameters) used in the profile commands, such as $VLAN or $portsVariables that <strong>Extreme</strong>XOS provides during runtime. Profiles can use them withoutdefining them first.A capability of the <strong>Extreme</strong>XOS CLI to execute a set of commands, with values forcertain command parameters being automatically substituted by the system, othersbeing user-defined (system and user-defined variables). Scripting also providescontrol structures such as IF/THEN/ELSE and data manipulation functions. Any CLIcommand can be used in a script.In addition, a script may have extensions that are needed for and only relevant tothe Universal Port and its profiles, such as persistent/non-persistent mode.A set of network devices that have something in common, and that can bemanaged in Ridgeline as a group. For example, devices might be grouped byphysical location (Building 1, Building 2, first floor, second floor) or by functionalgrouping (Engineering, Marketing, Finance) or by any other criteria that makesense within the managed network environment.You can also organize ports into groups. The ports in a group can be a mix of porttypes and can come from many different devices. For example, a port group thatcan be used to connect VoIP phones might contain one port from each of manydifferent devices.Network Profiles ViewThe Network Profiles view provides you details on the profiles deployed on your network.488Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Figure 337: Universal Port Manager Network Profiles ViewThe buttons on the Network Profiles view provide the following functions:NOTEAll icons, except the View icon, are active only when the device is HTTP-reachable.Table 14: UPM Network Profiles View Function ButtonsViewView DiffSave AsDelete ProfileViews a selected profile.Select a profile from the Filtered Profiles on HTTP-Reachable Devicestable, and click this button to view the profile.This button is not active when the profile is unknown.Invokes the difference viewer to view the differences between profiles.This button is active only if you have selected only one profile, theprofile you have selected is saved in Ridgeline, and the profile on thedevice is different from the one you have saved in Ridgeline.Saves a selected profile under a new nameSelect one profile from the Filtered Profiles on HTTP-ReachableDevices table, then click this button to save the profile with a differentname. The Save Profile As window appears.This button is active only when you select one profile.Deletes a selected profileSelect one or more profiles from the Filtered Profiles on HTTP-Reachable Devices table, then click this button to delete the selectedprofile.Ridgeline <strong>Reference</strong> <strong>Guide</strong>489
Using the Universal Port ManagerTable 14: UPM Network Profiles View Function Buttons (continued)Enable ProfileDisable ProfileEdit Configuration on thedeviceRunUpdate Device ViewDisplay Update ResultsEnables a profile on a device.Select one or more profiles from the Filtered Profiles on HTTP-Reachable Devices table, then click this button to enable the profile onthe device.This button is active only if one or more disabled profiles are selected.Disables a profile on a device.Select one or more profile from the Filtered Profiles on HTTP-Reachable Devices table, then click this button to disable the profileon the device.This button is enabled only if one or more enabled profiles areselected.Allows you to change settings for the profile.Select a profile from the Filtered Profiles on HTTP-Reachable Devicestable, then click this button to edit the profile configuration, such as,event-port bindings.This button is active only if you select one enabled or disabled profile.The profile should not be missing from the device.Runs a profile on a device.Select one profile from the Filtered Profiles on HTTP-ReachableDevices table, then click this button to run the profile manually byevent simulation.This button is active only when one enabled profile is selected fromthe table.Synchronizes profiles between the network and Ridgeline.Select one or more profiles from the Filtered Profiles on HTTP-Reachable Devices table, then click this button to synchronize theprofile details between Ridgeline and the network.Display the results of the last Update Device View or Update AllDevices action.This icon is visible only after you run the Update Device View afteryou login. The results are saved until you logout.Filters and Quick FiltersYou can search for profiles deployed to a specific device in a specific device group. The device groupsdefined in Ridgeline are displayed in the Device group drop-down list. Select All to display the profilesin all devices in all device groups. The device group list does not include device groups that have nodevices in them.You can refine the search for a specific profile using the Filtered Profiles drop-down list.The following definitions are available for Filtered Profiles drop-down list:Table 15: Filtered Profiles Search DefinitionsSearch ParameterAllDevice NameIP AddressDescriptionSearches the entire database.Lists profiles for a specific device name.Lists profiles for a specific IP address.490Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Table 15: Filtered Profiles Search DefinitionsSearch ParameterProfile NameProfile StateTrigger EventDevice Last ReachedLast Attempt to ReachDeviceProfile TypeRidgeline Profile StatusAbility to Reach DeviceCase SensitiveCase InsensitiveUse wild cardsMatch from startMatch anywhereDescriptionLists profiles with a specific name.Lists profiles with a specific profile state.Lists profiles with a specific Trigger Event.Lists profiles with a specific Device Last Reached time.Lists profiles with a specific Last Attempt to Reach Devices time.Lists profiles with a specific profile type.Lists profiles with a specific Ridgeline Profile Status.Lists profiles with a specific Ability to Reach Devices status.Specifies a case-sensitive search.Specifies a case-insensitive search.Allows you to use * in place of a string of characters or ? in place of a singlecharacter in the searchSearches from the start of the keyword.Searches anywhere in the keyword.The following columns appears in the Quick Filter section of the window:Table 16: Quick Filter DefinitionsSearch ParameterDevice NameIP AddressProfile NameTrigger EventDescriptionSearches for profiles on the selected deviceSearches for profiles on devices that have the selected IP addressSearches for the selected profile nameSearches for the selected trigger event associated with the profiles.The Filtered Profiles On HTTP-Reachable Devices table displays the following information about theprofile on the network:NOTEAn HTTP-reachable device that does not have any profile will not be shown in this table. A device that isnot HTTP reachable, and Ridgeline is not sure about any profile existing on the device or not, is shown in this tablewith profile “Unknown”.Table 17: Filtered Profiles On HTTP-Reachable Devices TableColumnProfile NameDescriptionName of the profile on the device. Click on the profile name link to open theprofile details.A profile on a switch may show up multiple times in the table. For example, ifa profile is bound to a DEVICE-DETECT and DEVICE-UNDETECT event ona switch, the profile will appear twice.Ridgeline <strong>Reference</strong> <strong>Guide</strong>491
Using the Universal Port ManagerTable 17: Filtered Profiles On HTTP-Reachable Devices TableColumnProfile StateTrigger EventEMS Filter NamePortsDevice NameIP AddressDevice Last ReachedLast Attempt to Reach DeviceProfile TypeProfile StatusProfile StateAbility to Reach DeviceProfile Validity StateUpm Switch Validity StateDescriptionIn <strong>Extreme</strong>XOS, the state of the profile. Enabled or Disabled.Event that triggers the profile to run.The EMS filter associated with the profile, if the Trigger Event for the profileis a log message. If the profile is not triggered by a log message, then N/A isdisplayed in this column.Ports on which the profile was configured to run on or is bound to.Name of the device to which the profile was deployed.IP Address of the device to which the profile was deployed.The time at which the UPM information was last updated.The time at which the UPM last attempted to update information.The type of profile.• Non-Ridgeline—The profile was not deployed by Ridgeline.• Ridgeline—The profile was deployed by Ridgeline or imported toRidgeline.Status of the Ridgeline profile on the device.• Missing—The profile deployed by Ridgeline is missing from the device.• Same as Deployed—The profile in the device is same as the onedeployed by Ridgeline.• Different—The profile in the device is different from the one deployed byRidgeline.• N/A—The profile is not saved in the Ridgeline.State of the profile on the device.• Enabled—The profile will run when the appropriate conditions occur.• Disabled—The profile is deployed to the device but will not run.Indicates whether the device can be reached using HTTP.• Down or HTTP unreachable—The device is not operational or Ridgeline isnot able to reach the device using HTTP. To find out why Ridgeline cannot reach the device, select a profile on this device and then click UpdateDevice View. Verify the update device view results to see whether anyerror message is displayed.• HTTP reachable—Ridgeline is able to reach the device using HTTP.The following icons are used in the Filtered Profiles On HTTP-Reachable Devices table:Table 18: Icons in the Filtered Profiles on HTTP-Reachable Devices TableThe profile was deployed by Ridgeline and is same as the one in Ridgeline.The profile is different from what was deployed by Ridgeline.The profile that was deployed by Ridgeline is missing.492Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Table 18: Icons in the Filtered Profiles on HTTP-Reachable Devices TableThe status of the profile deployed by Ridgeline is unknown because the device isunreachable or has been put offline.The profile is not a Ridgeline profile.Viewing Details of a ProfileFrom the Network Profiles tab, you can view the details of a profile. The details of any timer eventbound to profiles can only be viewed from the profile detail dialog box.If a profile is managed by Ridgeline and is missing from the deployed device, profile content will alsobe missing in the Profile details dialog box. But you can find the last deployed profile content in theManaged Profiles View. The profile details are read-only.The Profile Name in the Filtered Profiles On HTTP-Reachable Devices table acts as a link to the profiledetails. Click on a profile name in the table to open the Profile details window.Figure 338: Profile Details Dialog BoxRidgeline <strong>Reference</strong> <strong>Guide</strong>493
Using the Universal Port ManagerThe Profile Details dialog box provides the following details:Table 19: Information in the Profile Details Dialog BoxSection/FieldProfileNameStateProfile TypeLast Modified on deviceRidgeline StatusDescriptionDeviceNameAbility to reach deviceIP addressProfile Configuration on DeviceTrigger EventsPortsTime when Universal PortManager Information was lastupdatedDevice last reachedLast Attempt to reach deviceDescriptionName of the profile.State of the profile on the device. Shows whether the profile is enabled ordisabled.Indicates whether the profile is a Ridgeline profile or not.Shows the time on which the profile was last modified on the device.Shows the Ridgeline status of the profile.This is the description you have added in the script for this profile.Name of the device to which the profile was deployed.Shows whether the device is reachable using HTTP.Shows the IP address of the device.Shows the trigger events configured in the profile.If the event is bound to a timer, the details are displayed here.If the trigger event for the profile is a log message, the EMS filter associatedwith the profile is displayed here.Shows the ports to which the trigger events are bound.Shows the time at which Ridgeline reached the device last time.Shows the time at which Ridgeline tried to reach the device.NOTEIn Ridgeline, the Timer details always show the time interval and the time at which the profile was firstexecuted. However, on the switch, the show upm timer command shows the time interval and the time when theprofile is scheduled to be executed next.Use the Overview and Script view tabs to switch between the script variables and the script. Click SaveAs... to save the profile in Ridgeline. The View Diff button is active only if the deployed profile isdifferent from the one saved in Ridgeline. The Run button is active only when the profile is enabled onthe device. Use the search bar at the end of the script view to find or highlight text in the script.If information is unavailable in the Profile Details dialog box, click the Update Device View button andthen try viewing the information again.Viewing Differences Between ProfilesIf the deployed profile is different from the profile with the same name that is saved in Ridgeline, youcan find the differences between the two profiles.494Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24To view the differences, select a profile from the Filtered Profiles On HTTP-Reachable Devices tableand click View Diff button.The Diff function requires an external Difference viewer. A difference viewer displays the twoconfiguration files simultaneously and indicate the places where they differ. You cannot use the Difffunction until you have configured a viewer. You can use any Difference viewer you have installed onyour local system.●●For Windows, WinMerge, an open source viewer, is assumed as the default.For Linux or Solaris, sdiff (in /usr/bin/sdiff) is assumed as the default.To configure either of these viewers, select Difference viewer from the main Ridgeline Tools menu.Saving a Profile from the Network to RidgelineTo save a profile from the Network to Ridgeline:1 From the Network Profiles view, find the profile using the filters.2 Select the profile from the Filtered Profiles On HTTP-Reachable Devices table, then click the Save AsButton or select Save As... from the File menu. The following window appears:Figure 339: Save Profile As Window3 Enter the profile version information, then click Save.The profile is saved in Ridgeline and is available in the Managed Profiles view.NOTEThe Profile name cannot contain special characters or spaces. The Profile version can contain spaces.Ridgeline <strong>Reference</strong> <strong>Guide</strong>495
Using the Universal Port ManagerExporting a Profile from the NetworkYou can save a profile to your local drive for editing outside Ridgeline, or as a backup. To export aprofile from the Network to your local drive:1 From the Network Profiles view, find the profile using the filters.2 Select the profile from the Filtered Profiles On HTTP-Reachable Devices, then click the Save asButton or select Save As... from the File menu. The Save Profile As window appears.Figure 340: Exporting a Profile3 Click the Export to: button.4 Enter the location of the directory or browse to the directory in which you wish to save the profile,then click Save.The profile is saved to the directory you have selected.Running a Profile on a Device ManuallyYou can manually run a profile that is deployed and enabled on a device.NOTEThe running time of a profile cannot exceed the switch run profile timeout value (30 seconds).To run a profile:1 From the Network Profiles view, find the profile using the filters.2 Select the profile from the Filtered Profiles On HTTP-Reachable Devices, then click the Run Buttonor select Run from the Tools menu. The Run Profile window appears.496Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24You can use the Overview and ScriptView tabs to review the profile, but you cannot edit the profile.Figure 341: Run Profile Window3 In the Testing Events pane, Select the Trigger Events from the Trigger Events list. You can review theprofile using the Overview and ScriptView tabs.4 If needed, enter the Values for the variables. Ridgeline will list any variables that are used in theprofile and are meaningful for the selected event.5 Click Run.The Test Results section displays the result.NOTEWhen a profile is run on the selected device, all operations in the profile script are executed on the testdevice. No rollback is performed at the end of the session or when the Run Profile dialog box is closed.Ridgeline <strong>Reference</strong> <strong>Guide</strong>497
Using the Universal Port ManagerThe following figure shows the results of a successful run:Figure 342: Run Profile Window with a Successful RunThe following figure shows the results of a failed run attempt:Figure 343: Run Profile Window with a Failed Run Attempt498Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Updating UPM Information From the NetworkThe Network Profiles view is usually kept up-to-date automatically without user intervention using theresponse to network events and a periodic poll. If you suspect that the Network Profiles view is out ofdate, you can manually update the view for all devices or for a specific device.To manually update the UPM with the network, from the Network Profiles view select a row in theFiltered Profiles table, then click the Update Device View button. The Ridgeline server obtains theprofiles on the network to update the Ridgeline database. After you start the manual update, browsingto other functions in Ridgeline will not stop the update action. You can see the update result from theUpdate View Results dialog box, even if you browse elsewhere and then return to the Profile Manager.The results are stored until you log off from Ridgeline or overwritten by another update device action.Click the Display Update Results button to view the Update View Results.Figure 344: The Update View Results WindowThe Update View Results window contains the following details:Table 20: Columns in the Update View Results WindowColumnTypeDateDeviceIP AddressMessageDescriptionThe type of message (Alert, Warning, Informational).The date and time at which the update occurred.The name of the device being updated.The IP Address of the device being updated.Details and results of the update.Using the Edit Profile Configuration WizardYou can edit the configuration details of a profile deployed on the network, unbind previous events,and bind new events using this wizard.To edit the profile configuration:1 Find the profile using the filters in Network Profiles View.2 Select the profile from the Filtered Profiles on HTTP Reachable Devices table, then click the EditConfiguration button or select Edit Profile Configuration from the Tools menu. The Edit ProfileConfiguration wizard appears with the select trigger events page.Ridgeline <strong>Reference</strong> <strong>Guide</strong>499
Using the Universal Port ManagerFigure 345: Edit Profile Configuration: Select Trigger Events PageThe trigger events configured for the profile are preselected.If you bind a profile to a USER-REQUEST event:●●If the profile is disabled, the profile is not executed at the time of deployment.If the profile is enabled, the profile will be executed at the time of deployment.NOTEIf a profile is bound to a user request event, and the profile is disabled, you should enable the profilefrom the Network Profiles view and then click the Run button to run the script. The button is active only if theswitch is HTTP reachable, and the profile is available on the switch.If you select User Request or a timer event as the trigger event, the Deployment Information pageappears.See “Profile Trigger Events” on page 522 for critical details on timer events.3 If needed, modify the trigger events, then click Next. The Select Port Page appears with the ports onwhich the profile is already deployed.500Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Figure 346: Edit Profile Configuration: Select Ports page4 If needed, select new ports on which you want to deploy the profile. The Selected Ports tabledisplays the updated ports list.5 Click Next. The Deployment Information page appears.Figure 347: Edit Profile Configuration: Deployment Information Page6 Review the deployment details and click Validate. The profile validation page appears with thevalidation results. See the “Using the Profile Deployment Wizard” validation page for the details onprofile validation.Ridgeline <strong>Reference</strong> <strong>Guide</strong>501
Using the Universal Port ManagerFigure 348: Edit Profile Configuration: Profile Validation Page7 Review the validation results, then click Deploy to change the profile bindings. The Deploy Profilespage appears with the results.Figure 349: Edit Profile Configuration: Deploy Profiles Page8 Click Finish to close the Edit Profile Configuration wizard.Managed Profiles ViewClick the Managed Profiles tab to open the Managed Profiles window. The Managed Profiles windowprovides details of the profiles saved in Ridgeline.502Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Figure 350: Universal Port Manager Managed Profiles ViewManaged Profiles Function ButtonsThe buttons at the top of the Managed Profiles view provide the following functions.Table 21: UPM Managed Profiles Function ButtonsNewCreates a new profile in Ridgeline.OpenSave AsImportOpens a profile. By default, the button is disabled until you select a profilefrom the Filtered Profiles table.Saves a profile in Ridgeline with a different name, a different version, orexports the profile to your hard disk. By default, the button is disabled untilyou select a profile from the Filtered Profiles table.Imports a profile from the local drive.DeleteTestDeletes a profile saved in Ridgeline. By default, the button is disabled untilyou select a profile from the Filtered Profiles table.You cannot delete a profile that has already been deployed. To delete adeployed profile, you need to delete the profile from the switch using thenetwork profile view, then return to this view and then delete the profile.Tests the profile on a device.DeployInitiates deployment of the profile. By default, the button is disabled untilyou select a profile from the Filtered Profiles table.These functions can also be accessed through the File and Tools menu above the function buttons.Ridgeline <strong>Reference</strong> <strong>Guide</strong>503
Using the Universal Port ManagerThe Managed Profiles ViewThe Managed Profile view displays all the profiles saved in Ridgeline. The Filtered Profiles tabledisplays all the profiles that match the selected filter.Table 22: Filter Definitions in Managed Profiles WindowSearch ParameterAllProfile NameProfile <strong>Version</strong>Date ModifiedModified ByDeployedCase SensitiveCase InsensitiveUse wild cardsMatch from startMatch anywhereMatch exactlyDescriptionSearches the entire database.Lists profiles with a specific name.Lists profiles with a specific profile version.Lists profiles with a specific modification date.Lists profiles modified by a specific Ridgeline user.Lists profiles with a specified deployment status: Deployed or Not DeployedSpecifies a case-sensitive search.Specifies a case-insensitive search.Allows you to use * in place of a string of characters or ? in place of a singlecharacter in the searchSearches from the start of the keyword.Searches anywhere in the keyword.Searches for an exact match to the keyword.The Filtered Profiles table displays the following information based on the search criteria you entered:Table 23: Columns in the Filtered Profiles TableColumnProfile NameProfile <strong>Version</strong>Date ModifiedModified ByDeployedDescriptionName of the profile as saved in Ridgeline. Click on the profile name to openthe profile.<strong>Version</strong> of the profile; for example, default or version12.Date on which the profile was last modified.The last Ridgeline user who modified the profile.Whether the profile is deployed.Click a profile name from the Filtered Profiles Table. The Devices Deployed to table displays thefollowing details:Table 24: Columns in the Devices Deployed To tableColumnDevice NameIP AddressProfile NameDescriptionName of the device to which the profile was deployed.IP address of the device to which the profile was deployed.Name of the profile. The icon indicates the Ridgeline status of the profile onthe device.504Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Table 24: Columns in the Devices Deployed To table (continued)ColumnRidgeline Profile StatusAbility to Reach DeviceDescriptionStatus of the Ridgeline profile on the device.• Different than deployed—The profile on the device is different from theone deployed by Ridgeline.• Same as deployed—The profile on the device is same as the onedeployed by Ridgeline.• Missing—The profile deployed by Ridgeline is missing from the device.Indicates whether the device is reachable using HTTP.Last Attempt to Reach Device The time at which Ridgeline tried to reach the device. For example: Mar 12,2007 03:24 PM PDT.Device Last Reached The time at which the device was last reached. For example: Mar 12, 200703:24 PM PDT.This may be different from the Last Attempt to Reach Device.Icons indicate the status of the profiles.Table 25: Icons in Filtered Profiles TableThe Ridgeline Profile is not deployed.The Ridgeline Profile is deployed to one or more devices.Renaming Profiles or Saving Profiles as a New <strong>Version</strong>You can rename a managed profile or save a profile as a new version. To do this:1 From the Managed Profile view, filter the managed profiles and find the profile you want torename.2 Select the profile from the Filtered Profiles table.3 Click the Save As button or select Save As from the File menu. The Save Profile As windowappears.Ridgeline <strong>Reference</strong> <strong>Guide</strong>505
Using the Universal Port ManagerFigure 351: Renaming a Profile Using the Save Profile As Window4 To rename the profile, change the Profile Name.To save the profile as a new version, change the version details.5 Click the Save button.The profile is saved with the new name or version.NOTEThe Profile name should not contain special characters or spaces. The Profile version may contain spaces.506Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Importing a Profile from a Local Drive Into RidgelineTo import a profile from a local drive into Ridgeline:1 From the Managed Profiles view, click the Import button or select Import. from the File menu. TheImport Profile window appears.Figure 352: Import Profile WindowThe profiles imported from the local drive will be managed by Ridgeline. You can display informationabout the imported profile using the Managed Profiles view.NOTEThe Profile name should not contain special characters or spaces. The Profile version may contain spaces.Ridgeline <strong>Reference</strong> <strong>Guide</strong>507
Using the Universal Port ManagerExporting a Ridgeline Profile to a Local DriveTo export a profile from Ridgeline to a local drive:1 From the Managed Profiles view, click the Save As button or select Save As from the File menu.The Save Profile As window appears.Figure 353: Save Profile As Window with Export To selected2 Select Export To check box, then enter the location of the directory, or browse to the directory inwhich you wish to save the profile.3 Click Save. The Profile is exported from Ridgeline and saved in the directory you specified.Creating and Editing UPM ProfilesRidgeline users with admin privileges can create and modify profiles, while other users can view them.A UPM profile contains <strong>Extreme</strong>XOS Script and UPM metadata. You can use any of the CLI commandsavailable in <strong>Extreme</strong>XOS in the script. By adding UPM metadata, you can create a convenient dialog forupdating variables.For details on <strong>Extreme</strong>XOS Universal Port and CLI Scripting, see the <strong>Extreme</strong>XOS Concepts <strong>Guide</strong>.508Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Creating UPM ProfilesThe following example illustrates how to create a UPM profile:1 In the Profile Manager, click the Managed Profiles tab.2 Click New. The New profile dialog box appears.3 Click the Script View tab to open the script editor. By default, the script editor contains the followingmetadata content:# @MetaDataStart# @ScriptDescription Default profile description.# @MetaDataEnd4 Enter the <strong>Extreme</strong>XOS commands after the metadata. A simple profile can even contain a single<strong>Extreme</strong>XOS command, such as:create vlan voiceWhen a new profile is created, it does not have any name or version. Click Save Changes to assign aname and version to the new profile.5 Define a variable and use it to make the command easier to use. For example:set var vlanName voice-gen_telcreate vlan $vlanNameNOTEThe vlanName variable in the set variable line does not contain “$”. But, when you use the variable, youneed to add “$” before it.The script has become more usable now. Because, if you use the vlanName elsewhere in the script,and you refer to your newly defined variable $vlanName, the same script can be used for creatingother VLANs by simply changing the variable value voice-gen_tel to your new VLAN, like voicegen_tel2;for example, if you also add ports to VLAN voice-gen_tel.set var vlanName voice-gen_telcreate vlan $vlanNameconf vlan $vlanName tag $vlanTagconf vlan $vlanName ipaddress $vlanIPconf vlan $vlanName add ports $portsValueIf you want to change the VLAN voice-gen_tel to voice-gen_tel2, you only need to change the lineset var vlanName voice-gen_tel to set var vlanName voice-gen_tel2, without changing itanywhere else.6 Move the vlanName variable definition to Ridgeline UPM metadata section and provide a userfriendly description. This section starts with # @ MetaDataStart and ends with # @MetaDataEnd.By default, this section is created when you open a new profile dialog box.# @MetaDataStart# @ScriptDescription "Creation of VLAN for VOIP Installation"# @VariableFieldLabel "The VLAN name to create"set var vlanName voice-gen_tel# @MetaDataEndcreate vlan $vlanNameconf vlan $vlanName tag $vlanTagconf vlan $vlanName ipaddress $vlanIPconf vlan $vlanName add ports $portsValueRidgeline <strong>Reference</strong> <strong>Guide</strong>509
Using the Universal Port ManagerUPM metadata provides a dialog box to make the script useful for those who are not familiar withthe script.Figure 354: Script Dialog BoxThe following profile contains the full content of the profile that can be used to create VLAN forprovisioning switches for using the VoIP script pre-packaged with Ridgeline.NOTEevent.Since this profile is intended to be run on a switch only once, it should be bound to a USER-REQUEST510Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24# @MetaDataStart# @ScriptDescription "Creation of VLAN for VOIP Installation"# @VariableFieldLabel "The VLAN name to create"set var vlanName voice-gen_tel# @VariableFieldLabel "IP Address of the VLAN/NetMask"set var vlanIP xxx.xxx.xxx.xxx/xx# @VariableFieldLabel "The Ports to add to this vlan. Use 1, 2, 3, 5-6 format"set var portsValue xx# @VariableFieldLabel "VLAN Tag"set var vlanTag xx# @VariableFieldLabel "DHCP Address Range - Starting IP to allocate"set var dhcpStartAddr xxx.xxx.xxx.xxx# @VariableFieldLabel "DHCP Address Range - Ending IP to allocate"set var dhcpEndAddr xxx.xxx.xxx.xxx# @VariableFieldLabel "Lease Timer (secs) - Default 7200 seconds"set var dhcpLeaseTimer 7200# @VariableFieldLabel "DHCP Gateway"set var gateway xxx.xxx.xxx.xxx# @MetaDataEndenable lldp ports $portsValuecreate vlan $vlanNameconf vlan $vlanName tag $vlanTagconf vlan $vlanName ipaddress $vlanIPconf vlan $vlanName add ports $portsValueconf vlan $vlanName dhcp-address-range $dhcpStartAddr - $dhcpEndAddrconf vlan $vlanName dhcp-lease-timer $dhcpLeaseTimerconf vlan $vlanName dhcp-options default-gateway $gatewayenable dhcp ports $portsValue vlan $vlannameYou can copy and paste the above script to the profile editor script view.Click the Overview tab to see the user interface for the variables defined in the script.Ridgeline <strong>Reference</strong> <strong>Guide</strong>511
Using the Universal Port ManagerFigure 355: Overview TabYou can also save the script as a text file to your hard disk and import it into Ridgeline. Use the SaveChanges button to save the profile.You can change the parameters in the Overview tab; the parameters are updated in the scriptautomatically.Modifying or Editing ProfilesYou can edit deployed and undeployed profiles using Ridgeline. To edit a profile deployed to one ormore devices, you need to save the profile in Ridgeline with a different name or version and then editthe saved copy of the profile.NOTEIf two users edit the same profile at the same time, the last saved version of the profile will be saved inRidgeline. The changes will not be merged.To modify or edit a profile:1 From the Managed Profiles view, select the profile from the Filtered Profiles table and click Openbutton. The Profile Edit window appears.You can update the variables using the Overview. To edit the script or add metadata, use the ScriptView.2 Click Save Changes to save the modifications. Click the Save As button to save the profile with adifferent name or version.512Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Ridgeline UPM MetadataThe Ridgeline UPM editor uses metadata to present the profile in a more usable way. The followingtable describes the metadata tokens.Table 26: Ridgeline UPM MetadataMetadata TokenDescription# @MetaDataStart Indicates the beginning of the metadata section. This should be the first line in theprofile# @MetaDataEnd Indicates the end of the metadata section.# @ScriptDescription Description or the purpose of the profile. The description should not contain newline character.# @VariableFieldLabel Long description of the variables. This will be the title for the field. Should notcontain new line character# @SeparatorLine Indicates a section divide.The metadata is case insensitive. You can use # @MetaDataStart or # @METADATASTART. Do not leavespace between @ and the metadata tags.NOTEThe metadata information is commented out using # mark and will not be recognized by the <strong>Extreme</strong>XOS.Ridgeline can manage a profile without metadata. If you do not use the metadata, UPM will not createthe page where you can modify the variables.Profile TemplatesRidgeline includes some pre-defined profile templates. You can use the profile templates as baseline forcreating new profiles. You can find the pre-defined profiles in Ridgeline indeploy/user.war/upm_profiles.Ridgeline <strong>Reference</strong> <strong>Guide</strong>513
Using the Universal Port ManagerProfile Testing WizardThe profile testing wizard helps you test a profile on a device before actually deploying it on thenetwork. The wizard allows you to edit and run the profile onto a test device.As a part of profile testing, the profile is deployed onto the selected device and run. When you closeTest Profile dialog box, the profile is not removed (undeployed) from the device. If you wish to deleteprofile from the device, select the profile from the profiles from the Network Profile View, then click theDelete button.To test a profile, select the profile from the Filtered Profiles table in the Managed Profiles view andthen click the Test button.NOTEWhen the profile is run onto the selected device, all operations in the profile script are executed againstthe test device. No rollback is performed at the end of the test session or when Test Profile dialog box is closed.Using the Profile Deployment WizardTo deploy the profile, select the profile from the Filtered Profiles table in the Managed Profiles viewand then click the Deploy button.You can also open the deployment wizard from the New Profile Create window.The deployment wizard opens with the Select Trigger Events page. Use this page to configure thetrigger events that would run the profile after it is deployed to the devices.514Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Figure 356: Trigger Events PageThis page contains the following configuration items:●●●User request—Select this to deploy the profile now. The User-request will not allow you bind theevent to a port and the port selection page will not be displayed.If you bind a profile to a USER-REQUEST event, the profile is executed at the time of deployment,even if the profile is disabled in Ridgeline.If a network profile is bound to a user request event and the profile is disabled, if you want to runthe profile again, you should enable the profile from the Network Profiles view and then click theRun button to run the script.Scheduled time—Select this to set the time at which the profile should be run. This is the time for<strong>Extreme</strong>XOS Timer-AT event. See “Profile Trigger Events” on page 522 for critical details on timerevents. The scheduled time event does not allow port binding. If you select this event, the portselection page will not be displayed.Other trigger events—Select the other trigger events you want to configure for the profile.NOTEIf (required) is shown next to a trigger event, it indicates that this event is referred in the profile script. Theevent selection is, however, not enforced.Click Next to open the search devices page.Ridgeline <strong>Reference</strong> <strong>Guide</strong>515
Using the Universal Port ManagerFigure 357: Search for Devices PageThe search devices page offers the following search types:●●●Devices—Select this to search individual devices on the network.Device groups—Select this to search the devices based on the device groups you have defined inRidgeline.Port groups—Select this to search the devices based on the port groups you have defined inRidgeline.Click Next to open the Device Selection page.The device selection page:● Lists devices, if you have selected Devices in the previous page.● Lists device groups and devices, if you have selected Device groups in the previous page.● Lists port groups and devices, if you have selected Port Groups in the previous page. All ports in theselected port group will be preselected.Incompatible devices are grayed out. Incompatible devices are devices that are running <strong>Extreme</strong>Ware or<strong>Extreme</strong>XOS versions earlier than 12.0, or Summit X150series devices.You can select the devices that are down, offline, or unreachable at the time of device selection. But youwill not be able to deploy to these devices at the time of validation; unless these devices are online andreachable.516Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Figure 358: Device Selection PageSelect the devices and click Next to open the Ports Selection page.The ports selection page contains two tables. The Deploy to Ports lists the devices and ports. After youselect the ports from this table, it is displayed in the Selected Ports table. You can select all ports in thedevice by selecting the check box near the device. To select individual ports, select the device checkbox,expand the port list tree and then select individual ports from the tree. You can also use the Select Allbutton to select all ports on the devices.Ridgeline <strong>Reference</strong> <strong>Guide</strong>517
Using the Universal Port ManagerFigure 359: Ports Selection PageIf you select port groups, the ports in the selected ports groups will be preselected. For the USER-REQUEST event and timer event, the ports as shown as N/A.After you select the ports, click Next to review the deployment information. The DeploymentInformation review page appears.Figure 360: Deployment Information Review PageThe page provides details of the Devices, IP address of the devices and the ports you have selected todeploy the profile.518Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24If the information is correct, click Validate to validate the profile on the selected ports. The validationresults page appears.During validation, the following things are done:● Ridgeline will update the details with selected device.●●Ridgeline checks whether a profile with the same name is already on the switch. If the profile isalready on the switch, Ridgeline gives you an option to proceed with the selection. If you choose toproceed, Ridgeline will delete the profile on the switch first, then push the profile to the switch withthe new bindings.Ridgeline will make sure that no two profiles are bound to the same device events on the same port.For example: If Profile A is bound to port 1 for the event DEVICE-DETECTED, then you cannot bindProfile B to port 1 for the event DEVICE-DETECTED. But you can bind profile B to port 1 foranother event DEVICE-UNDETECTED.Figure 361: Validation Results PageThe results page displays the validation status and validation results.The following details appears in the Validation Results Table:NameIP AddressPortsValidation ResultsName of the device on which the profile was validated.IP Address of the device on which the profile was validated.Ports on which the profile was validated.Displays the result of the validation.Ridgeline <strong>Reference</strong> <strong>Guide</strong>519
Using the Universal Port ManagerReplace Existing ProfileIf the device already contains a profile with the same name, a check boxappears in this column. Select the check box if you want to replace the profile.If Validation have issues, you can see the details in the Details field. Select a row in the table to view thedetails of the validation.If validation have issues, and you need to replace profile in the device, checkbox will appear in theReplace Existing Profiles column. Use Select All to select all the checkbox and use clear all to clear allthe checkbox.Deployment Information section allows you to configure whether the profile should be enabled ordisabled after the deployment. Select Enable profile on all devices to enable the profile on all thedevices on which the profile is being deployed.You can also enter comments that appear in the Audit Log.Click Deploy to deploy the profile to the selected devices. The deployment results page appears withthe status and result of the deployment.Figure 362: Deployment ResultsThis page provides the following details:NameIP AddressPortsName of the device on which the profile was deployed.IP address of the device on which the profile was deployed.Ports on which the profile was deployed.520Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Deployment ResultsDeploy AgainDetailsDisplays the status and result of the deployment.If the deployment fails on a device, a check box appears in this column. Todeploy again, select the check box and click the deploy again button.You can use the Select All and Clear All buttons to select multiple devices todeploy the profile again.Select the device from the table to view the details of the deployment.If you have issues with the deployment, you can see the details in this field.Click the Finish button to complete deploying the profile.If you have issues with the deployment, select the devices using the check boxes in the Deploy Againcolumn and then click Deploy Again. If you need to deploy to more than one device, use Select Allbutton to select all the check boxes. You will be taken to the Deployment Information Review Page.The following image shows the validation results page with errors:Figure 363: Validation Results Page with ErrorIn this example, two devices contain profiles with the same name. Select the check boxes using theSelect All button, then click the Deploy button to continue. The Details field shows the reason for thevalidation failure on the two devices.Ridgeline <strong>Reference</strong> <strong>Guide</strong>521
Using the Universal Port ManagerProfile Trigger EventsThe following table shows the system triggers that can lead to the execution of a particular profile.Table 27: Profile Trigger EventsTriggerDEVICE-DETECTDEVICE-UNDETECTUSER-AUTHENTICATEDUSER-UNAUTHENTICATEDTIMER-ATUSER-REQUESTLOG-MESSAGEConditionA specific device was detected by the system.You can use this event to automatically configure the LLDP settings when an LLDPenabled device is connected to an LLDP enabled port on an <strong>Extreme</strong> switch. UPMexecutes the profile that has been configured for that event on that port.A specific device is no longer present. This could also be triggered by a timeout.This allows the restoration of port properties to a known state.You can use this event to trigger a profile when an LLDP device that waspreviously detected on the port is removed from the port.This event help to return aport back to its original configuration and ready to accept another UPM event.A specified user was authenticated.Authentication can be configured on the port for security with <strong>Extreme</strong>’s netloginfeature. Netlogin enabled ports can authenticate devices in two ways:MAC address based authentication—requires no interaction from the user.802.1x authentication—requires the user to login through an 802.1x client on a PC.A user-authenticated event is triggered when a device or user authenticatessuccessfully through Netlogin and RADIUS.A specified authenticated user has been unauthenticated.This event is triggered when a previously authenticated device or user disconnectsfrom the switch either by logging off the PC or disconnected the device from theport.The specified time for a profile to be triggered has arrived.If the Ridgeline client and the switch are not in the same time zone, then the timethat you schedule from the Ridgeline client for a profile to be executed will bedifferent from the time that will be configured on the switch. For example, if theclient machine is set to PDT time zone and if the switch is set to use default GMTtime zone, an event create to be executed at 12:00:00 p.m. PDT will be scheduledto be executed at 19:00:00 p.m. GMT.In Ridgeline, Timer details will always show the time interval and the time at whichthe profile was first executed. But on the switch, show upm timer command willshow time interval and the time when profile is scheduled to be executed next.The profile is bound to a USER-REQUEST event.Static profile is an <strong>Extreme</strong>XOS concept for any profile not bound to any EXOSevent. The USER-REQUEST event is a Ridgeline concept, for a static profile inEXOS.The profile is triggered by a specific EMS message encountered on the device.In the current release, profiles triggered by LOG-MESSAGE events can only beviewed in Ridgeline. You cannot run or edit these kinds of profiles in Ridgeline, norcan you save them as managed profiles.Universal Port Event VariablesThis section describes the information available to any profile on execution, based on the event thattriggered the profile.522Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 24Common VariablesTable 28 the variables that are always available for use by any script. These variables are set up for usebefore a script or profile is executed.Table 28: Common VariablesVariable Syntax$STATUS$CLI.USER$CLI.SESSION_TYPE$EVENT.NAME$EVENT.TIME$EVENT.TIMER_TYPE$EVENT.TIMER_NAME$EVENT.TIMER_DELTA$EVENT.PROFILEDefinitionStatus of last command execution.User Name who is executing this CLI.Type of session of the user.This is the event that triggered this profile. See Table 27 for a list of triggers.Time this event occurred. The time will be in seconds since epoch.PERIODIC or NON_PERIODIC.Name of the timer that the Universal Port is invoking.Time difference when the timer fired and when the actual shell was run in seconds.Name of the profile that is being run currently.User Profile VariablesTable 29 shows the variables available to user profiles.Table 29: User Profile VariablesVariable Syntax$EVENT.USERNAME$EVENT.NUMUSERS$EVENT.USER_MAC$EVENT.USER_PORT$EVENT.USER_VLAN$EVENT.USER_IPDefinitionName of user authenticated. This would be a string with the MAC address for MACbaseduser-loginAuthenticated supplicants on this port after this event occurredMAC address of the userPort associated with this eventVLAN associated with this eventIP address of the user if applicable, else blankDevice Profile VariablesTable 30 shows the variables available to device profiles.Table 30: Device Profile VariablesVariable Syntax$EVENT.DEVICE$EVENT.DEVICE_IPDefinitionDevice identification stringPossible values for EVENT.DEVICE are: GEN_TEL_PHONE, ROUTER, BRIDGE,REPEATER, WLAN_ACCESS_PT, DOCSIS_CABLE_SER, STATION_ONLY and OTHER.These strings correspond to the devices that the LLDP application recognizes andreports to the Universal Port management application.The IP address of the device (if available). Blank if not available.Ridgeline <strong>Reference</strong> <strong>Guide</strong>523
Using the Universal Port ManagerTable 30: Device Profile VariablesVariable Syntax$EVENT.DEVICE_MAC$EVENT.DEVICE_POWER$EVENT.DEVICE_MANUFACTURER_NAME$EVENT.DEVICE_MODEL_NAMEDefinitionThe MAC address of the device (if available). Blank if not available.The power of the device in watts (if available). Blank if not available.The manufacturer of the device.Model name of the device524Ridgeline <strong>Reference</strong> <strong>Guide</strong>
25CHAPTERUsing Identity ManagementThis chapter describes how to use Ridgeline to monitor the logon and network usage of LLDP devicesand users connected to managed switches in your network. This information is obtained using the<strong>Extreme</strong>XOS Identity Management feature.The Ridgeline Identity Manager provides network-wide viewing and reporting of identities and helpsadministrators manage network-wide, role-based policies for both users and devices. It applies policiesconsistently across the network to enable seamless mobility and on-demand access to applications,maintaining business continuity.Using Ridgeline, network managers can:●●●●●●Enable or disable Identity monitoringMonitor active and inactive identitiesDefine, modify, and delete network-wide policiesCreate, modify, and delete network-wide roles and apply policies to rolesAdd, edit, and delete active directory serversDisplay identity management reportsThis chapter contains the following sections:● “Identity Management Software License” on page 526● “Overview” on page 526● “Role-Based Access Control” on page 526● “Enabling Monitoring on Switches and Ports” on page 530● “Editing Monitored Device Ports” on page 535● “Enabling Role-based Access Control on New Devices” on page 538● “Creating Roles” on page 541● “Attaching Policies to Roles” on page 562● “Attaching Policies to Roles” on page 562● “Error and Results Handling” on page 564● “Managing Global Settings” on page 571● “Viewing Network User Information” on page 575● “Displaying Network User Details” on page 579● “Displaying Identity Management Reports” on page 580Ridgeline <strong>Reference</strong> <strong>Guide</strong>525
Using Identity ManagementIdentity Management Software LicenseYour software license determines the level of Identity Management available on Ridgeline. If a validSecurity FP License is installed, you are allowed to use all the Identity Management features supportedby Ridgeline.OverviewRidgeline’s Identity Management feature identifies network users and authorizes them to access devicesfor specific network services and information. Ridgeline provides role-based user access control tomanage this authentication mechanism.The Identity Management feature monitors users that connect to ports on a switch. Ridgeline providesthe tools to define users’ roles, policies, and rules and the necessary components that set the user apartfrom other network users. These roles, policies, and rules are the criteria that allow access to theinformation and services the network user needs. The switch identifies the user login and searches for amatch on Active Directory, where the match criteria is configured for that user. Figure 364 illustrates thisconcept.Figure 364: User Matched to a Defined Role“rrodgers”“sharpster”Activedirectoryuser login: sharpster rrodgers“rrodgers”Company = “EXTR”State = “CA”Department = “NMS”MatchcriteriaRole = “US Engineer”EX_idm_0004Role-Based Access ControlYou enable role-based access control on the switches and ports where user login data is identified. Thenyou define user roles that include conditions to match the user who has logged into the network.Ridgeline also supports context-based roles, where identities can play different roles at differentlocations.Roles, Policies, and RulesRolesRidgeline’s role-based access control supports two default roles:526Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25●●AuthenticatedUnauthenticatedAuthenticated identities are those detected through netlogin (using any of the netlogin methods) orthrough Kerberos snooping.When a query is sent to Active Directory, it searches user attributes. Based on the LDAP attributes theswitch receives, Identity Management places these attributes under a configured role. If they matchthose on the server, they are classified under the authenticated role.Identity Management classifies role attributes that cannot be identified as unauthenticated userconfiguredroles.Figure 365: Roles and PoliciesRolesPoliciesEmployeeCompany = “<strong>Extreme</strong>”Priority 3Can accessintranetEngineerCompany = “<strong>Extreme</strong>”Department = “Eng”Priority 2SalesCompany = “<strong>Extreme</strong>”Department = “Sales”Priority 1Can accessdevelopment subnetCan accesscustomer informationEngineers will inherit“Can access intranet” andwill be able to also accessthe development subnet.The Sales role does notautomatically inherit theCompany match conditionfrom Employee.EX_idm_0003PoliciesRouting protocol applications use policies to control the use of routing information on a switch. WithRidgeline you create policies which you can attach to roles. When you define policies, you canselectively permit (or deny) a set of routes based on their attributes for advertisements of the routingdomain. The routing protocol application can modify routing information attributes based on policystatements.You attach a policy to a VM where you can enable tracking on a switch on which Identity Managementis enabled.Ridgeline supports two policy types:●●Identity ManagementVM mobilityRidgeline <strong>Reference</strong> <strong>Guide</strong>527
Using Identity ManagementRole HierarchyYou can create roles in a hierarchy to reflect different organizational and functional structures.Figure 366 illustrates a typical role hierarchy.Figure 366: Hierarchical Role Management ExampleEmployeesPolicy 1: Allow common file sharesPolicy 2: Allow access to time-sheet application(Company == XYZCORP)SalesPolicy 3: Allow CRM applicationsPolicy 4: Deny Engineering resources(Company == XYZCORP AND Department == Sales)ManagersPolicy 5: Allow access to Finance applicationsPolicy 6: Allow access to HR tools(Company == XYZCORP AND Department == Sales AND Title contains Manager)EngineersPolicy 7: Allow access to partner tools(Company == XYZCORP AND Department == Sales AND Title contains Engineer)EX_idm_0002To create a role hierarchy, you define one or more roles as child roles derived from a parent role.Ridgeline supports a maximum of five levels. A parent role can have up to eight children but a childcannot have more than one parent. Multiple inheritances are not allowed. In a hierarchy, only policiesare inherited, not the match criteria from parent roles. Figure 367 is a diagram of the role hierarchy.528Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Figure 367: Role HierarchyParent roleChildren rolesSupportsfive levelsEX_roles_01Role InheritanceChild roles inherit the policies of the parent role in the hierarchy. When an identity is assigned to a role,the policies and rules defined by that role and all higher roles in the hierarchy are applied.When the parent role is deleted or when the parent-child relationship is deleted, the child role no longerinherits the parent’s role policies and policies are immediately removed from all identities mapped tothe child role.Since the maximum role hierarchy depth allowed is five levels, the maximum number of policies anddynamic ACLs that can be applied to a role is 40 (five role levels x eight policies/rules per role).NOTEThe LDAP query can be disabled for specific types of netlogin users.When the software makes the final determination of which default or user-configured role applies to theidentity, the policies and rules configured for that role are applied to the port to which the identity isattached. This feature supports up to eight policies and dynamic ACL rules per role.The identity's IP address is used to apply the dynamic ACLs and policies. The dynamic ACLs orpolicies that are associated to roles should not have any source IP address specified because the IdentityManagement feature will dynamically insert the identity's IP address as the source IP address. When adynamic ACL or policy is added to a role, it is immediately installed for all identities mapped to thatrole. Effective configuration of the dynamic ACLs and policies ensures that intruders are avoided at theport of entry on the edge switch, thereby increasing security and reducing noise in the network.Ridgeline <strong>Reference</strong> <strong>Guide</strong>529
Using Identity ManagementLDAP Attributes and Server SelectionActive Directory provides lightweight directory access protocol (LDAP) service to Ridgeline.The following lists LDAP role match criteria you can assign to the switch:● Location● Company● Country● Department● Employee ID● State● Title● EmailIf the Active Directory fails to respond when queried, the next configured Active Directory server iscontacted. If successful, all further LDAP queries are sent to this LDAP server. All LDAP servers shouldbe configured to synchronize the user information available in each of them.Enabling Monitoring on Switches and PortsTo enable monitoring on devices, complete the following steps:1 Click Ridgeline Administration > ID management: Network users. Click the Network-Usersdevices tab. Ridgeline lists the available devices, switches and ports.2 On the menu bar, click File > Enable monitoring of > Network-user information.The Enable Monitoring of Network-user information on new devices, the wizard starts and asks:How do you want to search for devices? (See Figure 368)530Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Figure 368: Enable Monitoring —Choose Devices3 Choose Devices or a Device group.4 Click the checkbox to choose each device on the list. Click Select all to choose all the availableswitches or Clear all to deselect all the devices.5 Click Next. If you choose Devices, the dialog box opens and asks: Enable monitoring on whichdevices? See Figure 369. Skip steps 6 and 8.Ridgeline <strong>Reference</strong> <strong>Guide</strong>531
Using Identity ManagementFigure 369: Enable Monitoring—Device Selection6 If you have chosen Device groups to monitor, the next dialog box opens and asks: Monitor Identitieson which device groups?The dialog box shows the device groups you can monitor. You can expand each device to view thedevices in the group. See Figure 370.7 Select the device groups you want to monitor.If you want specific devices in a device group, expand the device group you want to monitor; thenselect the devices you want to monitor.8 Click Next. The dialog box opens and asks: Enable monitoring on which ports? See Figure 371.532Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Figure 370: Enable Monitoring—Device GroupsFigure 371: Enable Monitoring—Port SelectionRidgeline <strong>Reference</strong> <strong>Guide</strong>533
Using Identity Management9 Choose the device whose ports you want to be monitored on the selected devices list. See Figure 371.The Available ports list shows the available ports for the device.NOTEYou must choose a minimum of one port on each device.10 Click Add> to move the Available ports to the Selected ports list.11 If you have chosen Device groups, select a device in Selected devices and then choose the ports youwant to be monitored. After choosing the ports for the first device, choose ports for the additionaldevices on the list by repeating steps 9 and 10.12 The Results dialog box opens and shows a summary of the ports. See Figure 372.NOTEYou can edit the virtual router (VR) names in this dialog box. It uses only VR-mgmt by default.Figure 372: Enable Monitoring Wizard—Results534Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 2513 Click Finish. This begins the port configuration process. When this process completes, the dialog boxopens and shows the results. See Figure 373.Figure 373: Enable Monitoring Wizard—Successful/Unsuccessful Results14 To view the details of the script run, choose an item on the list. The details are displayed in the fieldbelow.If Ridgeline cannot enable monitoring on a device, the list indicates: Unsuccessful. Select theunsuccessful item and the details are displayed in the field below.Editing Monitored Device PortsTo edit ports that are being monitored on a device, complete the following steps:1 Click Ridgeline Administration > ID management: Network users.2 On the Network-users devices tab, select a device.3 Right-click on the device. The menu opens (see Figure 374).Ridgeline <strong>Reference</strong> <strong>Guide</strong>535
Using Identity ManagementFigure 374: Edit Ports of Network Users devices4 Choose Edit Ports. Or, from the menu bar, click Edit > Ports > of network-users devices.The Edit Ports of Network Users devices dialog box opens and asks you to: “Add and remove portson which to monitor network-users information?” The device you selected on the Network userstable shows on the Selected devices list. The available ports for the device are shown.5 Add or remove ports for monitoring on the Selected ports list (see Figure 375).6 Click Save changes to modify the ports being monitored. Or, click Edit Notification to changeadditional port information such as:● Connection type● Virtual router (VR) name.536Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Figure 375: Add or Remove Ports for Monitoring7 Click Save changes. Ridgeline validates the changes and returns the results of the modification assuccessful or unsuccessful.8 Click Close.Disabling MonitoringYou can disable monitoring on selected edge switches. When you do this, all identity relatedconfigurations are removed, including roles, LDAP settings, attached roles-policies, and Black List andWhite List entries that exist.Disabling monitoring on a switch does not remove the settings from the Ridgeline database; this allowsyou to reapply them in the future, if needed.To disable monitoring on a switch, complete the following steps:Ridgeline <strong>Reference</strong> <strong>Guide</strong>537
Using Identity Management1 On the Network-users devices list, select the devices on which you want to disable monitoring.2 On the menu bar, click Edit > Disable monitoring of. Or, select the devices and right-click to openthe menu. See Figure 376.Figure 376: Choosing Disable Monitoring3 A dialog box asks you to confirm your selection. See Figure 377.Figure 377: Disable Monitoring Confirmation4 Click Yes to disable monitoring. Click No to continue monitoring on the switch. A dialog boxconfirms that monitoring is disabled on the devices you chose. See Figure 378.Figure 378: Disable Monitoring—Results Dialog BoxEnabling Role-based Access Control on New DevicesTo enable role-based access control on new devices, complete the following steps:1 In the Folder List, click Ridgeline Administration > ID Management: Network users and click theRole-based access control tab.2 Click File > Enable role-based access control. A dialog box appears asking you to select either IP orMAC ACL type. Select the appropriate ACL type if it is not already set.538Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25The Enable access control on new devices wizard launches and opens a dialog box. See Figure 379.In addition to using the menu bar, an Enable role-based-access-control link is provided through whichthe enable access control on new devices wizard can be launched.Figure 379: Enabling Role-Based Access Control Choice on the File Menu and Choose Devices3 Select the network user devices on which you want to enable the role-based access control feature asinstructed in the dialog box.The dialog box shows all the devices enabled with ID monitoring. It also lists all devices currentlyenabled with role-based access control which are grayed out.4 Choose the devices you want.5 Click Finish. The device shows on the Role-based access devices tab. See Figure 381.6 If there are directory servers already configured, you can edit the Client attribute settings. as shownbelow. See Figure 380.Ridgeline <strong>Reference</strong> <strong>Guide</strong>539
Using Identity ManagementFigure 380: Editing Role-Based Access Control Client Attribute SettingsBlac88Figure 381: Role-based-Access-Control Devices Tab540Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Disabling Role-based Access ControlTo disable role-based access control, complete the following steps:1 On the menu bar, click Edit > Disable role-based access control. Or, right-click on the device on theDevices enabled for role-based access control list. A menu opens. See Figure 382.Figure 382: Disable Role-based Access Control on Ports Menus2 Choose Disable role-based access control. A confirmation dialog box opens which asks you toconfirm: Are you sure you want to disable role-based access control on the selected devices?Figure 383: Disable Role-based Access Control on Devices Confirmation Dialog Box3 Click Yes to disable this feature or No to leave the feature configured as it is. When you click Yes, allthe Role, LDAP, and Role-Policy associations are removed from the switches.Creating RolesRidgeline provides the interface to configure role-based access control. You start by defining a networkuser role, which includes defining match criteria for users and groups of users that need to accessinformation on the network. You also set priorities for these roles.Ridgeline <strong>Reference</strong> <strong>Guide</strong>541
Using Identity ManagementA role can:●●●Be independent of a parent or a childHave childrenHave only one parentCreating a New RoleYou can define network-wide roles and specify the match criteria for assigning a device to that role aswell as define the role priority. You can create roles in a hierarchy to place a user under a role.To create a role hierarchy, define one or more roles as child roles of what becomes parent role. Ridgelinesupports a maximum of five children levels. A parent role can have up to eight children, but a childcannot have more than one parent. Multiple inheritances are not allowed. In a hierarchy, only policiesare inherited, and the match criteria from parent roles is not inherited. Ridgeline allows a maximum of64 roles and each role name can have a maximum of 32 characters.Priorities can have values from 1 to 255. One (1) is the highest priority The priority of the roledetermines the role to which a user is mapped. The default priority is 255. A device is assigned thelesser priority role value whenever there is a conflict. If both roles have equal priority or the defaultpriority, the last role created is assigned the higher priority.To add a new role, complete the following steps:1 On the menu bar, click File > New >Role, or right-click on the Roles list to open the menu. Existingroles are shown on Tree View and Table View. See Figure 384. The Create new role dialog box opens.Figure 384: Choose a New Role From the Menu2 Enter the role name, an optional description, and its priority. See Figure 385.542Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Use the following role naming conventions:A role name can:● Have a maximum of 32 characters.● Contain only alphabetic characters, numerals, hyphens, and underscores. All other specialcharacters are invalid.A role name cannot:● Have any spaces.● Begin with a number.● Be assigned an preexisting name.● Be authenticated and unauthenticated.If you do not use these conventions, the Invalid input dialog box opens. To review the rules fornaming, click Details.Figure 385: Create a New Role—Match Criteria3 To establish match criteria for a role, choose a condition from the drop-down list in the dialog box.The conditions listed are:Match CriteriaLocationCompanyCountryDepartmentEmployee IDRole TypeLDAPLDAPLDAPLDAPLDAPRidgeline <strong>Reference</strong> <strong>Guide</strong>543
Using Identity ManagementMatch CriteriaStateTitleE-mailDevice ModelDevice Capability4 Choose the operators in the middle column:● Equal to ==● Not equal to !=LDAPLDAPLDAPLLDP—Requires EXOS version 12.7.1 or later on target switchLLDP—Requires EXOS version 12.7.1 or later on target switchDevice Manufacture Name LLDP—Requires EXOS version 12.7.1 or later on target switchMACMAC OUIIP AddressUser NameRole TypeUser-defined—Requires EXOS version 12.7.1 or later on target switchUser-defined—Requires EXOS version 12.7.1 or later on target switchUser-defined—Requires EXOS version 12.7.1 or later on target switchUser-defined—Requires EXOS version 12.7.1 or later on target switch● ContainsType the values for the match criteria in the text entry field in the right column.5 After entering the first condition, click New condition to add multiple conditions. A New conditionfield shows. See Figure 386.You can add a maximum of 16 conditions.Figure 386: Create a New Role—Multiple Match Criteria Conditions544Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 256 Click OK. The Tree and Table views list the new role. Refer to “Viewing Roles” on page 558,Figure 403 and Figure 404.Creating a Child Role with Conditions Inherited from Its ParentChild roles with conditions inherited from its parent places a new child in the Parent role hierarchy.To create a new child role with conditions inherited from a parent, complete the following steps:1 Select a role name on the Roles tab list.2 On the menu bar, click File > New > Child role. The Create child role dialog box opens. The parentrole name shows in the dialog box. See Figure 387.You can also right-click on Role > New > Child Role to create a child role.Figure 387: Child Role Match Criteria Conditions3 Enter the role name. You can also enter a description and set its priority. If you do not change thedefault priority, 255, the most recently created role receives the highest priority. See Figure 388.4 Select Inherit parent criteria next to the Parent role name. The Match criteria area is populated withthe match criteria of the Parent.Ridgeline <strong>Reference</strong> <strong>Guide</strong>545
Using Identity ManagementFigure 388: Create Child Role—Inherit Parent Match Criteria5 Add more match conditions if you want to further distinguish the user.6 Click OK when you are satisfied with the match criteria.The criteria is copied from the parent, but the switch does not inherit parent criteria. The inheritedcriteria adds to the total maximum number of conditions of 16 allowed in the parent role. SeeFigure 389.In Figure 389 the roles have been inherited from the parent, then the title was edited from Dr toRegistered Nurse title match condition.A blank location field shows as the first condition when a child inherits conditions from a parent. Ifthe role does not require an additional condition, click the trash can on the right.546Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Figure 389: Create Child Role—Match CriteriaTree View shows the new child role in the hierarchy. The Table View lists roles by name andfunction. Refer to “Viewing Roles” on page 558.Creating a Child Role with Conditions Inherited from a Different RoleA child role does not need to inherit match conditions from its parent. It can inherit conditions fromanother parent, but the child role can only have one parent. Only the conditions are inherited. To dothis, follow these steps:1 Create a child role from another role as described in “Creating a Child Role with ConditionsInherited from Its Parent” step 1 through step 3 on page 545.2 After you assign a role name, click the Copy conditions drop-down list at the bottom of the dialogbox and choose the Parent role name from which you want to inherit conditions. See Figure 390. Thedialog box shows parent conditions.Ridgeline <strong>Reference</strong> <strong>Guide</strong>547
Using Identity ManagementFigure 390: Inherit a Role from a Different Parent—Drop Down list3 Choose the parent with the match conditions you want for the child role criteria. The conditions fillthe match criteria fields when you do this.The criteria is copied from the parent. This inherited criteria is a condition which adds to the totalmaximum number of conditions of 16 included in the parent role.4 Click OK.The results are shown on (see Figure 403) the Roles > Tree View and the Roles > Table View.Creating LLDP RolesThe creation of LLDP roles feature requires that the target switches to be upgraded to EXOS 12.7.1 orlater. Be sure that the switches you have selected for role-based access control are running EXOS 12.7.1or later. You can define Link Layer Discovery Protocol (LLDP) roles with the following LLDP attributes:●●Device-capabilityDevice-model● Device-manufacturer-nameLLDP attributes are mapped to devices as identities. The following table (Table 31) shows the validattributes and descriptions of the LLDP match-criteria attributes.Table 31: Identity Management LLDP AttributesAttribute Name Attribute Value Value Typedevice-capabilitybridgeStringdocsis cable deviceotherrepeaterreservedroutertelephonestation onlyWLAN access pointdevice-model model name Stringdevice-manufacturer-name manufacturer’s name String548Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25To create an LLDP role, complete the following steps:1 In the Folder List navigation tree, click Network Administration > ID Management: Roles.2 Click the Roles tab.3 Click File > New > Role....See Figure 391. You can also right-click on Role > New > LLDP Role to create an LLDP role.Figure 391: Select a New LLDP Role4 Enter the required information about the role.Remember to use the following role naming conventions:A role name can:● Have a maximum of 32 characters.● Contain only alphabetic characters, numerals, hyphens, and underscores. All other specialcharacters are invalid.A role name cannot:● Have any spaces.● Begin with a number.● Be assigned an preexisting name.● Be authenticated and unauthenticated.If you do not use these conventions, the Invalid input dialog box opens. To review the rules fornaming, click Details.5 Select one or more of the LLDP attributes in the match-criteria drop-down menu listed in Table 31.After for each LLDP attribute selected, type in the text string of the attribute that you want to assignin the text field. See Figure 392.Ridgeline <strong>Reference</strong> <strong>Guide</strong>549
Using Identity ManagementFigure 392: Assign a New LLDP Role to Meet the Match Criteria Options6 Click OK.Creating User-Defined RolesThe creation of user-defined roles feature requires that the target switches to be upgraded to EXOS12.7.1 or later. You can define roles based on predefined attributes. The following table (Table 32) showsthe valid predefined attributes and descriptions of the user-defined match-criteria attributes.Table 32: Identity Management User-Defined Role AttributesAttribute Name Attribute Value Value Typemac mac-addr Stringmac-oui mac-addr Stringip-address ip-addr Stringusername user-name StringIdentity management checks with the directory server to verify that the username attribute is a validUser Name.To create a user-defined role, complete the following steps:1 In the Folder List navigation tree, click Network Administration > ID Management: Roles.2 Select the Roles tab.3 Click File > New > Role…. See Figure 391.4 Enter the required information about the role.550Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Remember to use the following role naming conventions:A role name can:● Have a maximum of 32 characters.● Contain only alphabetic characters, numerals, hyphens, and underscores. All other specialcharacters are invalid.A role name cannot:● Have any spaces.● Begin with a number.● Be assigned an preexisting name.● Be authenticated and unauthenticated.If you do not use these conventions, the Invalid input dialog box opens. To review the rules fornaming, click Details.5 Select the one or more of the user-defined attributes in the match-criteria shown in Table 32 and foreach attribute type in the text string corresponding to the attribute value.6 Select one or more of the user-defined attributes in the match-criteria drop-down menu listed inTable 32. After for each LLDP attribute selected, type in the text string of the attribute that you wantto assign in the text field. See Figure 393.Figure 393: Assign a New User-Defined Role to Meet the Match Criteria Options7 Click OK.Refreshing Users and RolesYou can refresh the role of a user in all of its active locations, refresh the roles of all active users, orrefresh all active users under a given role. The refresh users and roles feature requires that the targetswitches be upgraded to EXOS 12.7.1 (or later), and switches must be enabled for role-based accesscontrol.Ridgeline <strong>Reference</strong> <strong>Guide</strong>551
Using Identity ManagementTo refresh selected users for all locations, complete the following steps:1 In the Folder List navigation tree, click Network Users > User.2 Select the Active users and threats tab.3 Select users listed in the Active users and threats table that you want to refresh. To refresh selectedusers, click View > Refresh role for > Selected user(s). See Figure 394.You can also select the user from the Active users and threats table you want to refresh and rightclickRefresh role for > Selected users in the pop-up menu. See Figure 396.Figure 394: Refresh role for Active and Inactive UsersAdditionally, you can refresh all active users of a selected role by selecting Refresh role for > Allactive users of the selected role or Refresh role for > All active users menu item. See Figure 395.You can also select the user from the Active users and threats table and right-click Refresh Role for> All active users under a role. See Figure 396.552Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Figure 395: Select user(s), All active users of selected role(s), or All active users MenuFigure 396: Right-Click to Refresh All Active Users Under a Role4 The refresh confirmation dialog box pops up (see Figure 397). Click Yes to continue or click No todiscontinue the refresh operation.Ridgeline <strong>Reference</strong> <strong>Guide</strong>553
Using Identity ManagementFigure 397: Refresh Active Users Dialog BoxTo refresh the selected users, complete the following steps:1 In the Folder List navigation tree, click Network Administration > ID Management: Roles.2 Select the Roles tab.3 Select the roles listed in the table that you want to refresh. To refresh the selected roles, click View >Refresh all active users. See Figure 398.You can also select the role you want to refresh by right-clicking on the role listed in the Table Viewand clicking Refresh all active users... in the pop-up menu.NOTEThe menu choice of Refresh all active users... is disabled for White List and Black List roles.Figure 398: Refresh Roles554Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Refreshing users and roles can also be activated from the Inactive and active users table by selecting theappropriate menu items.Error messages appear if the an attempt is made to refresh users when the selection includes acombination of role-based access enabled or disabled and active or inactive users. You can view theRidgeline Audit Log to display the successfully refreshed users list. For example, see Figure 399. Clickon the Details >> button to view the error message details.Figure 399: Error Message: Unable to refresh.Configuring White List and Black List EntriesA maximum of 512 entries are allowed in each list. Child roles cannot be created under the White orBlack List roles. The configuration of White Lists and Black Lists requires that the target switches beupgraded to EXOS 12.7.1 or later.To configure White List entries, complete the following steps:1 In the Folder List navigation tree, click Network Administration > ID Management: Roles.2 Select the Whitelist tab.3 Click the Configure Entries button at the bottom right of the screen.The Add/Edit/Delete dialog box appears.4 Click Add and select MAC Address, IP Address, subnet, or User Name from the drop-down list andenter the properly formatted value for MAC address, IP address, or User Name (see Figure 400).Ridgeline <strong>Reference</strong> <strong>Guide</strong>555
Using Identity ManagementFigure 400: Whitelist Tab and Configure Entries Options5 Click the Add Entry button.You can also edit or delete existing MAC addresses, IP addresses, subnet, or User Names by clickingon the Edit or Delete button as appropriate.6 Click Save Changes.To configure Black List entries, complete the following steps:1 In the Folder List navigation tree, click Network Administration > ID Management: Roles.2 Select the Blacklist tab.3 Click the Configure Entries button at the bottom right of the screen.The Add/Edit/Delete dialog box appears.4 Click Add and select MAC Address, IP Address, subnet, or User Name from the drop-down list andenter the properly formatted value for MAC address, IP address, subnet, or User Name (seeFigure 401).556Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Figure 401: Blacklist Tab and Configure Entries Options5 Click the Add Entry button.You can also edit or delete existing MAC addresses, IP addresses, subnet, or User Names by clickingon the Edit or Delete button as appropriate.6 Click Save Changes.Blacklist and whitelist entries can also be created from Network users > users > Active users andthreats, or from Network users > users > Inactive and active users. SeeRidgeline <strong>Reference</strong> <strong>Guide</strong>557
Using Identity ManagementFigure 402: Creating Black List and White List Entries from Users ListsViewing RolesTo view created roles, complete the following steps”1 In the Folder list, click IDmanagement: Roles. The ID Management: Roles tab lists the currentauthenticated and unauthenticated parent and child roles.2 Click the ID Management tab. The Roles tab shows the Tree View tab and the Table View tab. SeeFigure 403 and Figure 404.Figure 403: Configured Roles Tree View558Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Figure 404: Configured Roles Table ViewViewing Role DetailsDetails about the role are displayed on the right of the window, including role name, description,priority, and children names. The Match criteria tab below shows the conditions for the role. ThePolicies tab shows the attached role policies in the order that they apply.To view details about the created roles, complete the following steps:1 On the ID management: Roles tab, select the role for which you want to view details. Scroll to theright of the window.Figure 405: Role Details Definition and Match Criteria Tab2 To view the created policies, click the Policies tab. See Figure 406.Ridgeline <strong>Reference</strong> <strong>Guide</strong>559
Using Identity ManagementFigure 406: Role Details Definition and Policies TabEditing RolesYou can edit role parameters and priority for parent-child relationships. Editing a role automaticallyattaches it to the corresponding updated roles for all the switches that are enabled with IdentityManagement. You can change a parent role to that of a child role or move an existing child role to adifferent existing parent role.To edit a role, complete the following steps,1 Select a role in Tree View or Table View and double-click.The Edit role dialog box opens. If you are editing a child role, double-click the child on the Roles list.2 Select a Parent role from the drop-down list if you are editing a parent role. If you are editing a childrole, select a child role from the drop-down list of Children roles. See Figure 407.560Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Figure 407: Edit Roles Dialog3 Click OK.Deleting RolesWhen you delete a role definition, the changes are attached on all switches enabled with IdentityManagement.To delete a role, complete the following steps:1 Select a role on Tree View or Table View.2 On the menu bar, click Edit > Delete. A confirmation dialog asks if you are sure want to delete therole and indicates child roles, if they exist. See Figure 408.Figure 408: Information and Confirmation Dialog Box3 Click Yes.Ridgeline <strong>Reference</strong> <strong>Guide</strong>561
Using Identity ManagementAttaching Policies to RolesYou must attach policies to roles before you can attach roles to switches.To attach roles with policies, complete the following steps:1 On the menu bar, click Edit > Attach Roles and Policies. See Figure 410. The Attach Role andPolicies dialog box opens.Figure 409: Attach Roles and Policies MenuFigure 410: Attach Policies to Roles Dialog Box562Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 252 Choose a role from the Roles list. See Figure 410.3 Choose a policy from the Available Policies column and move it to the Selected Policies column byclicking the arrow buttons.4 Click Save Changes. The Association Modifications Page Summary opens. See Figure 411.Figure 411: Attach Roles and Policies Summary Page5 Click Finish. The Roles list shows the role is attached to a policy. See Figure 412.Figure 412: Role Attached to Policy Shows on Roles ListRidgeline <strong>Reference</strong> <strong>Guide</strong>563
Using Identity ManagementDetaching a Role from a PolicyRidgeline does not allow you to delete a policy if it is attached to a role or VM. To detach a policy froma role refer to “Detaching a VPP from a Policy” on page 235. The detachment procedure is the same forroles and VMs.Deleting a Policy Attached to a RoleAfter you have detached a policy from a role, you can delete the policy. To delete a policy, complete thefollowing steps:1 Click Policies to view the list of created policies.2 Select the policy you want to delete.3 Click Edit on the menu bar and choose delete. A dialog box opens to confirm you want to delete thepolicy.Error and Results HandlingError and Results status conditions are displayed in the:● Role-based access control device tab in the Network Users tab displays the current status andconfiguration state of each identity managed device, indicating whether the device is In Sync or Outof Sync. See Figure 413.●Audit log repository displays detailed deployment status of each deployment action, whethertriggered through user action or through automatic device restoration.Configuration errors that occur during deployment are automatically corrected through the devicerestoration mechanism. The device restoration mechanism is activated whenever the HTTP status on theswitch changes (for example, switch reboot).If you want to activate device restoration immediately, run “Update Device” from the device table.Figure 413: Current Composite Status for Enabled Role-based Access Control Devices564Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Configuring Directory ServersYou can specify LDAP server settings for up to eight servers. Ridgeline maintains network wide LDAPconfigurations that ensure all Identity Management enabled edge switches have the same configurationsettings.The following LDAP Client configurations are optional on the switch:●●Client IP address—VLAN IP address through which the switch can connect to LDAP serversClient VR—Virtual routers through which the switch can connect to an LDAP serverAlthough these settings are optional, you can override them.With multiple LDAP server configurations, EXOS selects the active LDAP server based on the followinglogic:●●The first configured server is initially contacted and marked as the Active server. If this server timesout, the second server is contacted.If the connection succeeds, the second server is marked Active and all further LDAP requests aresent to the second server and so on.Configuring LDAP server settings internally, deploys the settings to all Identity Management enabledswitches. If you add LDAP server settings without Identity Management enabled switches, later whenyou enable Identity Management, Ridgeline uses the configured server settings for deployment.Viewing the Server DirectoryTo view configured servers and directory credentials, complete the following step:1 Go to the Folder List and click Ridgeline Administration > ID Management: Network Users >Directory servers tab.Adding an Existing or Configuring a New Directory ServerTo add a directory server from servers discovered in the network, complete the following steps:1 From the menu bar, click File > New > Directory Server.A dialog box appears asking how you would like to add servers: select from servers discovered inthe network or provide the server details yourself.a To add an existing server as a directory server, click the “I want to select from servers discoveredin the network” button.b To configure a new directory server, click the “I want to provide the server details” button. SeeFigure 414.2 Click Next.Ridgeline <strong>Reference</strong> <strong>Guide</strong>565
Using Identity ManagementFigure 414: Directory Server Add Menu3 If you want to provide server details for an existing server, enter the details of the server, includingthe server name, IP address or DNS name, Port number, and security mechanism from the dropdownlist. See Figure 415.The port number and default security mechanism Simple Authentication Security Layer, MD5Message-Digest Algorithm (SASLDigestMD5) are shown in the dialog box. The other choice thePlain text security mechanism, which is not encrypted.4 Click the Save new server button.Figure 415: Directory Server Configuration and Edit Dialog Box566Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 255 Select an Identity Management enabled device from the list.NOTETo change the client IP address and VR-Name, you must select a VLAN.6 Change Directory Server Client Attributes.7 Click Finish.The Verification results window (see Figure 416) opens to show a new directory server has beensuccessfully added or has not been added because of an error.Figure 416: Directory Server Verification Window8 Optionally you can click the checkbox “Take me to Advanced Setting page” (for client Attributes) ifyou want to make changes to the advanced settings window (see Figure 417). If you make changesto the advanced settings, click the Save new server button to save your changes.Ridgeline <strong>Reference</strong> <strong>Guide</strong>567
Using Identity ManagementFigure 417: Directory Server Advanced Client Attributes Settings WindowEditing LDAP Client PropertiesTo edit LDAP client properties, complete the following steps:1 Click Ridgeline Administration > ID Management: Network Users > Directory Servers to list thedirectory servers.2 Select the server by right-clicking on the server and then selecting Properties from the drop-downmenu. the Server Edit Client Attributes window opens (see Figure 418).568Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Figure 418: Directory Server Edit Client Attributes Window3 When the Directory Server Properties windows appears, click Edit client IP addresses of devices...The client attributes edit windows appears (see Figure 419).Figure 419: Client Attributes Edit Window4 Edit the client properties you want to modify.5 Click Save changes to table then click Finish to return to the LDAP Server Configuration dialog6 Click Save changes.Ridgeline <strong>Reference</strong> <strong>Guide</strong>569
Using Identity Management7 Click Finish. The new configuration deploys to the switch.Deleting a Directory ServerTo delete a directory Server, complete the following steps:1 From the Folder List, click Ridgeline Administration > ID management: Network Users.2 Click the Directory servers tab.The list of servers appears in the Directory servers table.3 Select the server from the Directory servers table that you want to delete.4 From the menu bar, select Edit > Delete. A warning dialog box appears (see Figure 420), asking thatyou confirm that you want to delete the selected directory server.5 Click Yes.Figure 420: Delete Directory Server Dialog BoxNOTEIf role-based access control is enabled on any switch, Ridgeline will not allow you to delete all the LDAPservers. At least one server needs to be present.570Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Managing Global SettingsRidgeline’s global settings let you change:● Directory server settings● ACL-source-address type for role-based-access-control devices●Kerberos age out timesAccess Global settings from the Ridgeline Administration > ID management: Network users folder listand then click on the Global settings tab (see Figure 421). The default settings are shown under eachitem.Figure 421: Global Settings TabChanging Directory Server SettingsTo customize your username and password to access all directory servers, complete the following steps:1 From the Ridgeline Administration > ID management: Network users folders list, click the Globalsettings tab.2 Click Change directory-server settings....The dialog box opens shown in Figure 422.Ridgeline <strong>Reference</strong> <strong>Guide</strong>571
Using Identity ManagementFigure 422: Change Global Settings for Directory Servers3 Enter the User Name.4 Enter the new password and re-enter the password to confirm it.5 Click Save changes to apply them to the directory server and automatically close the dialog box.The Directory Server verification results dialog box opens showing the verification activity forReachable and Credentials.As the activity continues, successful verification is shown in the columns for each server as Yes.The final results show which servers were reachable and credentials verified.Other results can be:Credentials: Failed - Invalid credentials (See Figure 423).Credentials: SkippedReachable: NoBase DN Validation Status: Not VerifiedFigure 423: Directory Server Credentials Failed572Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25To reset settings to their default values:1 Click Reset. The default values are:●●User Name: anonymousPassword: leave blank andChanging ACL-Source-Address TypeTo change the ACL-source-address type as an IP address or a MAC address, complete the followingsteps:1 On the ID management: Network users tab > Global settings tab, click ACL-source-address type....The ACL-Source-Address Type dialog box opens.Figure 424: ACL-Source-Address Type Dialog Box2 Choose IP if you have devices running EXOS 12.5, or 12.6, or both.Choose MAC if all role-based-access-control devices are running EXOS 12.6. If the devices do notmeet the criterium, this option is grayed out.3 Click Save Changes. A progress dialog box opens. When the process is successful, the progressscreen automatically closes.If an error occurs, a dialog box displays the details.Ridgeline <strong>Reference</strong> <strong>Guide</strong>573
Using Identity ManagementFigure 425: ACL-source-address Type Save Error Dialog BoxChanging Kerberos-Age-Out-Time SettingsKerberos is a configuration on the device to control the life cycle of network identities that are identifiedthrough Kerberos authentication mechanism. Kerberos-age-out-time settings let you make changes tothe amount of time after which inactive or active Kerberos users are deleted from the device.To set the Kerberos-age-out-time, complete the following steps:1 On the ID management: Network users tab > Global settings tab, click Kerberos-age-out-time. Thedialog box opens.Figure 426: Changing Kerberos-Age-Out-Time Settings2 Choose one of the following:●●Kerberos aging timeThe amount of time after which all Kerberos inactive users are deleted from the device. Thedefault time is 480 minutes.Kerberos force aging timeThe amount of time after which all Kerberos users, active and inactive, are deleted from thedevice. The default is Never.The range for both aging time and force aging time is 1 to 65535 minutes.574Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Viewing Network User InformationAfter Identity Management is enabled on the switches you want to monitor, and you have configuredRidgeline to monitor them, you can view user and device information in Ridgeline dashboards, theUsers table, and in Ridgeline reports. From the Users table you can display detailed information about aselected user or device.Network User Dashboard ReportsYou can configure Ridgeline to display dashboard reports summarizing user information for the last 24hours on the Ridgeline home page. The following dashboard reports are available:●●●●●●Most logons by usernameMost logon failures by usernameMost logons by device IP addressMost logon failures by device IP addressMost logon by user’s MAC addressMost logon failures by user’s MAC addressFigure 427: Network User Dashboard Reports on the Ridgeline Home PageTo place a dashboard on the Ridgeline home page, click the Home folder and select Show DashboardPalette from the View menu. Drag the dashboard reports you want to view from the palette to theRidgeline <strong>Reference</strong> <strong>Guide</strong>575
Using Identity Managementviewing area. When you are done, select Show Dashboard Palette from the View menu again todismiss the Dashboard Palette.See Chapter 2 “Getting Started with Ridgeline” on page 27 for more information about working withdashboards.Users TableThe Users table lists all of the users and devices connected to the switches that have IdentityManagement enabled and are being monitored by Ridgeline. To view the Users table, click Users underthe Network Users folder.The Users table has two tabs, one listing the currently active users, and one listing the inactive users,the users that have disconnected from the monitored switches, and users who failed authorization.In the Users table, you can right-click on a row, and display a menu of options that allow you to loginto the switch where the user or device is connected, or show port or inventory information for theswitch.Active Users and Threats TabFigure 428 shows the Active users and threats tab of the Users table.Figure 428: Users Table – Active Users TabThe Users table of the Active users and threats tab has the following columns. You can filter thecontents of the table by expanding the Filter box, and entering text and search criteria, or by expandingthe Quick Filter box and selecting an available quick filter.576Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25Worst ThreatUser NameRoleLog on timePort numberUser's MAC addressDevice IP addressUser's IP addressHost NameAuthentication methodStatusDevice nameUser TypePort nameMember ofLast updatedLast attempt to updateShows the worst threat state that corresponds to the identity. Threats are indicatedas protection unsuccessful, protection successful, or undo protection successful, theidentity threat icon changes to reflect the new threat state.The login name of the human user, or “None” if it is a device user, along with anicon indicating the status of the user. The status icon can be one of the following:or or The user is active.or or The last known status of the user is active.or or The user was unable to log into the network.or or The user is inactive.or or Ridgeline has stopped monitoring the switch where the user isconnected.Role to which the user is attached. For XOS devices running 12.4 or earlier, theRole shows Unknown.Date and time the user logged on to the network. If the switch is running<strong>Extreme</strong>XOS 12.3 or earlier, no information is shown and the switch cannot beadded to the monitoring list.The port number on the switch where the user connected to the network.The MAC address of the user.The IP address of the switch where the user connected to the network.The IP address assigned to the user.NetBIOS host name. This information is filled only for users identified throughKerberos. For others, it will display N/A.Date and time the user attempted to log in and encountered an authenticationfailure. If authentication did not fail for the user, this is N/A.Status of the user. This can be one of the following: active, inactive, last known:active, failed log on, inactive user, or stopped monitoring.The name and status of the switch where the user connected to the network. If theswitch is running <strong>Extreme</strong>XOS 12.3 or earlier, this is shown as Unavailable.Type of user, either Human or Device.The name of the port where the user connected to the network.The device groups the user belongs to, if any.Date and time when information about the user was last received by Ridgeline.The last time Ridgeline polled for information about the user, whether successful ornot.Inactive and Active Users TabFigure 429 shows the Inactive and Active Users tab of the Users table.Ridgeline <strong>Reference</strong> <strong>Guide</strong>577
Using Identity ManagementFigure 429: Users Table – Inactive and Active Users TabThe Users table of the Inactive and Active Users tab shows the users and devices that are currentlylogged on, as well as historical information about users and devices that are no longer connected.You can refine the contents of the table by expanding the Filter by time period box, or the Filter bycolumn name box, and entering text and search criteria, or by expanding the Quick Filter box andselecting an available quick filter. You must enter time criteria for the entries that you want to see in thetable.Worst ThreatUser NameRoleLog on timePort numberUser's MAC addressDevice IP addressUser's IP addressHost NameShows the worst threat state that corresponds to the identity. Threats are indicatedas protection unsuccessful, protection successful, or undo protection successful, theidentity threat icon changes to reflect the new threat state.The login name of the human user, or “None” if it is a device user, along with anicon indicating the status of the user. The status icon can be one of the following:or or The user is active.or or The last known status of the user is active.or or The user was unable to log into the network.or or The user is inactive.or or Ridgeline has stopped monitoring the switch where the user isconnected.Role to which the user is attached. For XOS devices running 12.4 or earlier, theRole shows Unknown.Date and time the user logged on to the network. If the switch is running<strong>Extreme</strong>XOS 12.3 or earlier, this is shown as Unavailable.Port number on the switch where the user connected to the network.MAC address of the user.IP address of the switch where the user connected to the network.IP address assigned to the user.NetBIOS host name. This information is filled only for users identified throughKerberos. For others, it will display N/A.578Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25StatusAuthentication failedLog off timeUser TypeAuthentication methodDetected by KerberosDomain nameDevice namePort nameLast attempt to updateMember ofLast updatedStatus of the user. This can be one of the following: active, inactive, last known:active, failed log on, inactive user, or stopped monitoring.Date and time the user attempted to log in and encountered an authenticationfailure. If authentication did not fail for the user, this is N/A.Date and time the user logged off.Type of user, either Human or Device.Authentication method used to gain access to the network.Whether Kerberos snooping was used to obtain information about the user.The domain of the user. If the user was detected by Kerberos, then this is N/A.Name and status of the switch where the user connected to the network. If theswitch is running <strong>Extreme</strong>XOS 12.3 or earlier, this is shown as Unavailable.Name of the port where the user connected to the network.Last time Ridgeline polled for information about the user, whether successful or not.The device groups the user belongs to, if any.Date and time when information about the user was last received by Ridgeline.Displaying Network User DetailsTo display details about a specific user or device, click on a row in the Users table. Information aboutthe selected user or device appears in the details window. If you double-click on the row, the user ordevice details are displayed in a separate window, as shown in Figure 430.Figure 430: Network User Details WindowThe Network User details window has the following fields:Ridgeline <strong>Reference</strong> <strong>Guide</strong>579
Using Identity ManagementUser NameTypeRoleLog on timeAuthentication failedLog off timeUser's MAC addressAuthentication methodDetected by KerberosDomain nameDevice nameDevice IP addressPort numberPort nameLast updatedThe login name of the human user, or “None” if it is a device user, along with anicon indicating the status of the user. The status icon can be one of the following:or or The user is active.or or The last known status of the user is active.or or The user was unable to log into the network.or or The user is inactive.or or Ridgeline has stopped monitoring the switch where the user isconnected.Information about the user type (Human or Device) and status. This can be one ofthe following: active, inactive, last known: active, failed log on, inactive user, orstopped monitoring.Role to which the user is attached. For XOS devices running 12.4 or earlier, theRole shows Unknown.Date and time the user logged on to the network.Date and time the user attempted to log in and encountered an authenticationfailure. If authentication did not fail for the user, this is N/A.Date and time the user logged out of the network. If the user is currently logged in,this is N/A. If Ridgeline was not monitoring the switch when the user logged out,then this is Unknown.The MAC address of the user.The authentication method used to gain access to the network.Whether Kerberos snooping was used to obtain information about the user.The domain of the user. If the user was detected by Kerberos, then this is N/A.The name and status of the switch where the user connected to the network.The IP address of the switch where the user connected to the network.The port number on the switch where the user connected to the network.The name of the port where the user connected to the network.Date and time when information about the user was last received by Ridgeline.Last attempt to update: The last time Ridgeline polled for information about the user, whether successful ornot.Member ofThe device groups the user belongs to, if any.LLDP capabilityThe LLDP capability of the device user. This can be one of the following: Avayaphone, General telephone, Router, Bridge, Repeater, WLAN access point, DOCSIScable service, Station only, or Other.The window also includes the following information about the VLAN(s) that the user is part of.VLAN TagThe VLAN tag value (if any) or “Untagged”VLAN NameThe VLAN name.User’s IP address The IP address assigned to the user on the VLAN.Displaying Identity Management ReportsUsing information gathered from Identity Management records, Ridgeline can generate the followingreports:●●Most logons by usernameMost logon failure by username580Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 25●●●●●Most logons by device IP addressMost logon failures by device IP addressMost logon by user’s MAC addressMost logon failures by user’s MAC addressAll logins, authorization failures, and logouts in the last 24 hoursTo view reports, click Network Administration > Reports > Network users and click on the individualreports.Figure 431: Ridgeline ReportsFor additional information about reports, refer to Chapter 27 “Ridgeline Reports”.Ridgeline <strong>Reference</strong> <strong>Guide</strong>581
Using Identity Management582Ridgeline <strong>Reference</strong> <strong>Guide</strong>
26CHAPTERManaging Network SecurityThis chapter describes how you can use the features of Ridgeline to help you ensure the security ofyour network. It covers the following topics:● “Security Overview” on page 583 on page 583● “Management Access Security” on page 583● “Monitoring Switch Configuration Changes” on page 595● “Using the MAC Address Finder” on page 595 on page 595● “Using Alarms to Monitor Potential Security Issues” on page 596● “Device Syslog History” on page 597● “Network Access Security with VLANs” on page 598Security OverviewNetwork security is one of the most important aspects of any enterprise-class network. Securityprovides authentication and authorization for both access to the network and management access to thenetwork devices. Network administrators must protect their networks from unauthorized externalaccess as well as from internal access to sensitive company information. <strong>Extreme</strong> <strong>Networks</strong> productsincorporate multiple security features, such as IP access control lists (ACLs) and virtual LANs (VLANs),to protect enterprise networks from unauthorized access.Ridgeline provides multiple features that control and monitor the security features on <strong>Extreme</strong><strong>Networks</strong> products. Using Ridgeline, you can set up VLANs, and monitor security aspects of yournetwork.Management Access SecurityAlong with securing the traffic on your network, you must set up your network switches to allow onlyauthorized access to the switch configuration and traffic monitoring capabilities. This requires securingthe switch to allow only authenticated, authorized access, and securing the management traffic betweenthe switch and the administrator’s host to ensure confidentiality.Ridgeline provides authentication and authorization for login to Ridgeline itself, so you can control whocan access Ridgeline and what functions they are allowed to perform. You can provide read-only accessRidgeline <strong>Reference</strong> <strong>Guide</strong>583
Managing Network Securityto selected functions for some users, so they can monitor the network but not make any configurationchanges, while allowing other users to make changes to device configurations, policy settings, and soon.By default, Ridgeline communicates with devices for configuration changes using Telnet and TFTP. Youcan optionally configure Ridgeline to use Secure Telnet (SSH) and Secure FTP to execute configurationcommands and to upload and download configuration files on your <strong>Extreme</strong> <strong>Networks</strong> switches.Finally, you can secure the communication between Ridgeline clients and the Ridgeline server itself byusing SSH (HTTPS) instead of the standard HTTP protocol, which is the default.Using the Network Security ManagerRidgeline’s Network Security Manager identifies security violations in the network, finds the applicableinformation about the malicious user from the Identity Manager; and carries out the required protectiveactions. Identity management displays the interface that displays threat icons that alert the networkadministrator of a threat and provides threat information. Currently, Ridgeline uses McAfee NetworkSecurity Manager platform to handle threat traps.Network Security Manager RequirementsTo use this feature, a switch must be managed by Ridgeline and must be chosen for the Security FeaturePack license, which is part of the Identity Management Role-based license.Ridgeline’s Network Security Manager requires its Identity Management feature to:●●●●●●●●Provide the switch IP address to Ridgeline’s Network Security Manager that uses it to perform aswitch eligibility check.Add an icon to the Identity Management users’ table that shows the affected user.Performs the predefined actions based on the Threat type.Display detailed information about the threat.Display the top ten identities correlated to threats received from network security managers (NSMs).Clear a threat from the Identity Management users’ table.Undo protection of an identity—raises a new threat cleared alarm.Correlate security events, threats, and information received from network service providers (NSPs) toidentities and display them in the Identity Management table.Threat Types and Corresponding Pre-defined AlarmsRidgeline has pre-defined alarms that support the following traps:Trap NamePre-defined Ridgeline AlarmsivSignatureAlert • Exploit attack• DoS attack• Reconnaissance attack• Policy violation - based on the value of the VARBIND ivAlertCategoryivPortScanAlertPort scan alertivHostSweepAlertHost sweep alert584Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 26ivSignatureAlertIPPairBased • Exploit attack• DoS attack• Reconnaissance attack• Policy violation - based on the value of the VARBIND ivAlertCategoryivFileAVAlertVirus AttackPredefined Alarms in RidgelineThe following predefined alarms are supported by Ridgeline:S number Alarm NamePurpose1 Port Scan Alert To indicates a port scan attack.2 Port Scan Alert Cleared Alarm indicates port scan attack cleared.3 Host Sweep Alert To indicate host sweep attack.4 Host Sweep Alert Cleared Alarm indicates host sweep attack cleared.5 Exploit Alert To indicate Exploit attack.6 Exploit Alert Cleared Alarm indicates Exploit alert cleared.7 DoSandDDoS Alert To indicate DoS and DDoS Attack.8 DoSandDDoS Alert Cleared DoS and DDoS Attack cleared.9 Reconnaissance Alert Alarm for Reconnaissance attack.10 Reconnaissance Alert Cleared Reconnaissance attack cleared.11 Policy Violation Alert Policy violation attack.12 Policy Violation Alert Cleared Policy violation attack is cleared.13 Virus Alert Virus attack related alert.14 Virus Alert Cleared Virus alert cleared.Enabling and Disabling Threat TrapsYou enable and disable threat traps by using Ridgeline’s Alarm Manager, see “The Ridgeline AlarmManager”.Ridgeline Protective ActionsThe Alarm Manager triggers the execution of predefined scripts to take protective action and notify theSecurity Manager.Protective action also records inactive users. If an inactive user has more than one record, the latestrecord is valid.Recognizing Network Security ThreatsAnytime an identity is associated with a threat, Ridgeline’s Identity Management Users table displaysicons that indicate the severity of the threat, rogue users, port number, IP addresses, and other pertinentinformation. To access information about threats, click Network Users > Users > Users tab > Activeusers and threats. (See Figure 432.)Ridgeline <strong>Reference</strong> <strong>Guide</strong>585
Managing Network SecurityAn identity associated with a threat state is shown in the threat column of the Active users and threatstable. Threat icons are different colors that indicate the state of the threat.The threat state can be:● Cleared● No threat● New threat● Protection unsuccessful● Undo protection unsuccessful● Protection successfulThe threat column shows the security threat state that corresponds to the identity. When threats areindicated as protection unsuccessful, protection successful, or undo protection successful, the IdentityManagement Users table identity threat icon changes to reflect the new state. The state undo protectionsuccessful will automatically change to cleared state when undo protection is successful. The clearedstate is represented by a different icon.Ridgeline monitors the network service providers to retrieve current threat status. If errors occur duringenforcement or during conditions where the threat no longer exists, but continues to be reported by theNetwork Security Manager, you can remove actions by the undo protection action of by clearing thethreat.Figure 432: Active Users and Threats TableYou can also view the inactive and active users table by clicking Network Users > Users > Users tab >Inactive and active users. (See Figure 433.)586Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 26Figure 433: Inactive and Active Users TableTriggering the Undo Protection ActionNOTEUndo protection is only available for threats in the Protection successful state.You can manually undo protection, complete the following steps:1 On the Network Users > Identity Management > Active users and threats table, double click theidentity management entry you want. See Figure 432. The threat information table opens. The threatinformation table can also be opened from Active users and threats table by selecting a record withvalid threat state, right-clicking to display a pop-up menu, and then clicking open threats in the popupmenu.Similarly it can be done by selecting a record with valid threat state, selecting the File menu frommenu bar, and then clicking the open threat menu.NOTEThis menu will be disabled if the threat is in the No threat or Cleared state.2 See Figure 434. It shows all the threats detected for the selection and the details about the threats.3 Select a threat record from the table at the bottom of the window and right-click to open the menu.Or, click Edit on the menu bar.4 Choose Undo protection. This raises a new threat cleared alarm, changing the threat state to Cleared.Ridgeline <strong>Reference</strong> <strong>Guide</strong>587
Managing Network SecurityIf undo protection action is unsuccessful, you need to manually remove the deployed ACLs from theswitch. Ridgeline does not automatically remove the deployed ACLs.Clearing a ThreatYou can manually clear a threat only if it is in the Undo protection unsuccessful state. To clear a threatin this state, complete the following steps:1 In the Network Users > Identity Management > Active users and threats table, double click theidentity management entry you want that is in the Undo protection unsuccessful state. SeeFigure 432. The threat user details table opens. See Figure 434. It shows all the threats detected forthe selection and the details about those threats.2 Select a threat record from the table at the bottom of the window and right-click to open the menu.Or, click Edit on the menu bar.3 Choose Clear. The threat icon for the identity is removed indicating there is no longer a threat.Figure 434: Threat User DetailsViewing Threat Information on the DashboardThe Ridgeline dashboard displays icons at the bottom that indicate threats are detected. See Figure 435.Both dashboard views, one based on the threat type and the other is based on username, show thenumber of threat occurrences in the last 24 hours.588Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 26To view threat occurrences for the Top 10 Threat Types or Top 10 Users that caused the threats in thepast 24 hours, complete the following steps:1 Click Home in the Folder List.2 Select View menu and check the Customize home page checkbox.A series of Icons are displayed at the bottom of window.3 Click either the Threats/Type or Threats/User Name icon to view the graph.4 Double click the Dashboard component.The dashboard shows the icons at the bottom of the page. Double clicking on the bar graph opensthe Report in HTML format for the corresponding selection.Figure 435: Top 10 Threats by User Name (upper graph) and by Type (bottom graph) in Past 24HoursUsing RADIUS for Ridgeline User AuthenticationFundamental to the security of your network is controlling who has access to Ridgeline itself, and whatactions different Ridgeline users can perform. Ridgeline provides a built-in authentication andauthorization mechanism through the use of user IDs and passwords, and user roles.By default, Ridgeline authenticates users using its own internal mechanism, based on the usernamesand passwords configured in Ridgeline Administration. However, for more robust authentication, or toRidgeline <strong>Reference</strong> <strong>Guide</strong>589
Managing Network Securityavoid maintaining multiple sets of authentication information, Ridgeline can function as a RADIUSclient, or, for demonstration purposes, Ridgeline can function as a RADIUS server.Enabling Ridgeline as a RADIUS client lets Ridgeline use an external RADIUS server to authenticate usersattempting to login to the Ridgeline server. At a minimum, the RADIUS server’s “Service type” attributemust be configured to specify the type of user to be authenticated. A more useful implementation is toconfigure the external RADIUS server to return user role information along with the user authentication.Enabling Ridgeline as a RADIUS server means that Ridgeline can act as an authentication service for<strong>Extreme</strong> switches or other devices acting as RADIUS clients. This feature may be useful in demonstrationor test environments where a more robust authentication service is not needed. However, Ridgeline’sRADIUS server is not sufficiently robust to serve as a primary RADIUS server in a productionenvironment. If RADIUS authentication is needed, an external RADIUS server should be used, andRidgeline should be configured as a RADIUS client.Configuring an External RADIUS Server for Ridgeline User AuthenticationRidgeline uses administrator roles to determine who can access and control your <strong>Extreme</strong> <strong>Networks</strong>network equipment through Ridgeline. A user’s role determines what actions the administrative user isallowed to perform, through Ridgeline or directly on the switch. When users are authenticated throughRidgeline’s built-in login process, Ridgeline knows what role each user is assigned, and grant accessaccordingly.If users are going to be authenticated by an external RADIUS authentication service, then that serviceneeds to provide role information along with the user’s authentication status. In the simplest case,which is that users will always use one of the pre-defined roles that are built into Ridgeline, you canconfigure the RADIUS server with a Service Type attribute to specify one of the built-in administratorroles.If you have created your own custom roles, you can set a Vendor-Specific Attribute (VSA) to send theappropriate role information along with the authentication status of the user.There are a number of steps required to set up your RADIUS server to provide authentication andauthorization for Ridgeline users. The following provides an overview of the process. A detailedexample can be found in “Configuring RADIUS for Ridgeline Authentication”.●●●Configure Ridgeline (using Ridgeline Administration) to act as a RADIUS client.In your authentication database, create a Group for each administrative role you plan to use inRidgeline, and then configure the appropriate users with the appropriate group membership. Forexample, if you want to authenticate both Ridgeline admin and manager users, you must create agroup for each one.Within the RADIUS server, complete the following steps:- Add Ridgeline as a RADIUS client- Create Remote Access Policies for each Ridgeline role, and associate each policy with theappropriate Active Directory group. For example, if you plan to have both Ridgeline adminand manager users, you must create a Remote Access Policy for each one, then associate eachpolicy with the appropriate group.- Edit each Remote Access Policy to configure it with the appropriate Service Type attributevalue or VSA for the appropriate Ridgeline role.The following examples briefly explain how to configure a remote access policy so that the RADIUSserver will pass role information to Ridgeline. If you have created custom roles for Ridgeline users, you590Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 26must use a VSA to handle that role information. If you are just using the predefined (built-in) roles inRidgeline, you can use either a Service Type setting, or a VSA. Examples of both are provided here.See “Configuring RADIUS for Ridgeline Authentication” for a detailed example of configuringRidgeline and your RADIUS server to accomplish user authentication.Example: Setting up a VSA to Return Ridgeline Role InformationThe following is an example of how to set up the VSA in Windows 2000 for a custom (user-defined) rolenamed “AlarmsOnly”. Note that you must have an Administrator Role in Ridgeline to perform thesesteps.This assumes that Ridgeline has been configured as a RADIUS client in Ridgeline Administration, andon the RADIUS server. (See “Configuring RADIUS for Ridgeline Authentication” for a detailed walkthroughexample of how to configure and external RADIUS server for Ridgeline authentication.)1 In Ridgeline Administration, create a role named “AlarmsOnly”.2 From the Internet Authentication Service (IAS), add or edit a Remote Access Policy.Setup the policy conditions as appropriate.Remote access policies are a set of conditions and connection parameters that are used to grant usersremote access permissions and connection usage.3 Click “Edit Profile” to edit the remote access policy. Click the “Advanced” tab and add a “Vendor-Specific” attribute.Setup the attribute with the following values:Vendor code: 1916Vendor-assigned attribute number: 210Attribute format: StringAttribute value: AlarmsOnlyOnce this has been set up, for all users logging into Ridgeline who match the conditions defined in theremote access policy, a VSA with value “AlarmsOnly” will be passed to Ridgeline. Ridgeline then willapply the user role “AlarmsOnly” to those users to provide feature access as defined by that role.Example: Setting the Service Type for a Built-in Ridgeline RoleIf you plan use an external RADIUS server to authenticate Ridgeline users, but you do not want toconfigure your RADIUS server with a VSA to pass role information, then you must configure yourRADIUS server’s “Service type” attribute (in the Remote Access Policy for the users who will shouldhave access to Ridgeline) to specify the type of Ridgeline user to be authenticated, as follows:● For users with an Admin role, set the Service type = 6● For users with a Manager role, set the Service type = 5● For users with a Monitor role, set the Service type = 1● To disable authentication, set the Service type to “Disabled”If you do not change from the default (which is to disable authentication), no Ridgeline users will beable to authenticate.If you set this Service Type in your standard Remote Access Policy, only one type of user can beauthenticated using this method. To allow the authentication of multiple types of Ridgeline users,Ridgeline <strong>Reference</strong> <strong>Guide</strong>591
Managing Network Securityfollow the instructions in the previous section, “Example: Setting up a VSA to Return Ridgeline RoleInformation” or see the detailed example in “Configuring RADIUS for Ridgeline Authentication”.Securing Management TrafficManagement traffic between a management application like Ridgeline and the managed networkdevices can reveal confidential information about your network if this traffic is transmitted in the clear.Two approaches to encrypting this traffic is managing the network products using SNMPv3, oraccessing the network product directly using SSH.Using SNMPv3 for Secure ManagementSNMPv3 is a series RFCs (RFC 2273 through RFC 2275) defined by IETF to provide managementcapabilities that guarantee authentication, message integrity, and confidentiality of management traffic.SNMPv3 includes the option to encrypt traffic between the agent (residing on the network device) andthe management application (Ridgeline). This prevents unauthorized eavesdropping on sensitivemanagement data.Ridgeline can discover SNMPv3 devices in your enterprise network. In the Discover Device window(Select New > Discover Device from the File menu), select the Enable SNMPv3 discovery checkbox toadd SNMPv3-enabled devices to your inventory.You can also add a device to Ridgeline, manually entering the SNMPv3 settings for the device. Thisincludes the authentication and privacy settings for SNMPv3 and the passwords.Figure 436 shows an example of adding an SNMPv3 device that uses CBC DES privacy and SHAauthentication protocols.Figure 436: Adding an SNMPv3 Device to RidgelineIf you change the contact password or SNMP community string, Ridgeline will ask if you want tochange these settings on the device as well as in the Ridgeline database. If you choose not to change thesettings on the device, you will need to configure them manually on each device before Ridgeline will592Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 26be able to access them. If you change the SNMPv3 settings, you will also need to Telnet to the deviceand change those settings locally.If you have both SNMPv1 and SNMPv3 on a device, Ridgeline makes it very easy to switch betweenone and the other. This means that if you have enabled SNMPv3 on your devices, and then find itnecessary to return to SNMPv1 for any reason, you can do so with minimal effort.Using SSHv2 to Access Network Devices<strong>Extreme</strong> <strong>Networks</strong> products support the secure shell 2 (SSHv2) protocol to encrypt traffic between theswitch management port and the network management application (Ridgeline). This protects sensitivedata from being intercepted or altered by unauthorized access. You configure SSHv2 for Ridgeline inRidgeline Administration, using the Server Properties section. When SSH is enabled for a device,Ridgeline will also use Secure FTP (SFTP) for file transfers to and from that device.To enable SSH on a device from Ridgeline, follow these steps:1 The device must be running a version of <strong>Extreme</strong>Ware or <strong>Extreme</strong>XOS that supports SSH. Thisrequires a special license due to export restrictions. Refer to the appropriate <strong>Extreme</strong> or <strong>Extreme</strong>XOSdocumentation for licensing information.2 Install the Ridgeline SSH Enabling Module. This is an SSH enabling key that can be obtained from<strong>Extreme</strong>.a To receive the Ridgeline SSH enabler key, fill out the End-User Certification Form at:bchttp://www.extremenetworks.com/apps/Ridgeline/ssh.aspAfter the form is submitted, <strong>Extreme</strong> <strong>Networks</strong> will review the request and respond within twobusiness days.If your request is approved, an email will be sent with the information needed to obtain the “sshenabler”key file.d Place the “ssh-enabler” key file in your existing Ridgeline installation directory. This will unlockthe Ridgeline SSH-2 features.3 Enable SSH on the devices for which you want Ridgeline to communicate using SSH rather thanTelnet:a In Ridgeline, select Modify communications settings from the Device menu.b Select the devices you want to configure for SSH. You can select multiple devices to configure atthe same time.Ridgeline <strong>Reference</strong> <strong>Guide</strong>593
Managing Network SecurityFigure 437: Configuring devices to Use SSH for communicationcdCheck the SSH box, and select SSH Enabled from the drop-down menu.Click Modify to have this setting take effect.NOTEIf the SSH enabler module is not installed, you cannot configure SSH on any devices—the SSH setting willbe disabled.Ridgeline will now use SSH instead of regular Telnet for direct communications with the device,including Netlogin and polling for the FDB from the <strong>Extreme</strong> <strong>Networks</strong> switches. It will also use SFTPfor file transfers such as uploading or downloading configuration files to the device.Securing Ridgeline Client-Server TrafficBy default, Ridgeline server communication to its clients is unencrypted. You can secure thiscommunication through SSH tunneling. This requires installing and running an SSH client (PuTTY isrecommended) on the same system as the Ridgeline client, and installing and running an SSH server(OpenSSH is recommended) on the same system where the Ridgeline server resides.Tunneled communication is accomplished through port forwarding.To configure SSH tunneling between the Ridgeline server and client, you must to complete thefollowing steps:1 Install PuTTY on the Ridgeline client system2 Configure the PuTTY client with an Ridgeline session connecting to the Ridgeline server host3 Install an SSH server on the system with the Ridgeline server (if it is not already installed)4 Configure any firewall software to allow SSH connects5 Initiate Ridgeline server/client communication:594Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 26abcMake sure the SSH server is running on the server systemStart the SSH client on the client systemLog into the Ridgeline client with the URL http://localhost:8080/ (not the host where theRidgeline server is actually located)PuTTY is now set up to port forward all traffic going to the local host on port 8080. When PuTTY sees aconnection request to the local host on port 8080, PuTTY encrypts the information and sends it acrossthe encrypted tunnel to the server.Appendix B, “Using SSH for Secure Communication” contains a detailed walk-through example ofdoing these steps in the Windows environment.Monitoring Switch Configuration ChangesFundamental to securing your network is verifying that no configuration changes have occurred thatmay have a detrimental effect on network security. Something as simple as changing passwords canintroduce a weakness in your security design for the network.The Ridgeline Configuration Manager provides several features you can use to monitor the integrity ofyour device configurations:● You can save baseline configurations for each of your devices. Not only do these provide a knowngoodbackup if needed, but Ridgeline can then compare these to your regularly-scheduledconfiguration archive files to determine if any configuration changes have been made. If it detectschanges, Ridgeline will inspect the Syslog file for the device to identify any entries that are related tothe configuration changes observed in the archived configuration file.● Regularly archiving your device configuration files provides a backup in case a configuration isaccidentally or intentionally changed.● The Configuration Manager’s Diff feature lets you compare two saved configuration files, orcompare a saved configuration file against the baseline configuration for the device to see thedifferences between the two files. You must have a Differences viewer installed on the system whereyou Ridgeline server is installed. You can configure the Diff Viewer using the Difference Vieweroption from the Tools menu.See Chapter 26 “Managing Network Device Configurations and Updates” for more information onusing these features of the Configuration Manager.Using the MAC Address FinderYou may need to track down a specific host on your enterprise network. This host may be involved inmalicious activity, be a compromised source for virus infections, be using excessive bandwidth, or havenetwork problems. Ridgeline provides the IP/MAC Address Finder tool to locate any MAC address onyour network.Ridgeline provides two ways to find a MAC address in your enterprise network.If you have MAC Address Polling enabled, you can use a database search that searches the MAC FDBinformation learned by Ridgeline's MAC Address Poller. The MAC Address Poller maintains a databaseon the Ridgeline server of all MAC addresses associated with edge ports. An edge port is identified bythe absence of <strong>Extreme</strong> Discovery Protocol (EDP) or Link Layer Discovery Protocol (LLDP) packets on aRidgeline <strong>Reference</strong> <strong>Guide</strong>595
Managing Network Securityport. You can additionally disable MAC Address Polling on specific ports and switches. This is usefulfor disabling polling on trunk ports on third-party switches (which Ridgeline will identify as edge ports,as they do not use EDP or LLDP).The MAC Address Poller determines the set of MAC address on the edge ports via the FDB database onthe switch. It also keeps track of the IP address(es) associated with the MAC address using the IP ARPcache on the switch. The database search is faster than the network search, although the database maybe less up to date, as a full MAC address poll cycle can take a reasonably long time. However, if youwant to identify the switch port where the host is connecting to the network, then a database search hasthe advantage of automatically ignoring trunk ports.Ridgeline also provides a full network search to search the forwarding database (FDB) and IP ARPcache on selected switches. A network search has the advantage of searching the most up to date sourceof data.However, the network search is slower because it must contact each switch directly. It also does notalways report the correct IP address associated with a MAC address/VLAN port when the MACaddress is mapped to multiple IP address on the switch.If you want to determine how a MAC address is propagating through the network aggregation layer,you should use a network search.Using Alarms to Monitor Potential Security IssuesThe Ridgeline Alarm Manager allows you to create custom alarm conditions on any supported MIBobject known to Ridgeline. Using the Alarm Manager, you can set up alarms for alerting you to criticalsecurity problems within your network. An example of this would be creating an alarm to notify you ofa potential Denial of Service (DoS) attack.A DoS attack occurs when a critical network or computing resource is overwhelmed so that legitimaterequests for service cannot succeed. In its simplest form, a DoS attack is indistinguishable from normalheavy traffic. <strong>Extreme</strong> <strong>Networks</strong> switches are not vulnerable to this simple attack because they aredesigned to process packets in hardware at wire speed. However, there are some operations in anyswitch or router that are more costly than others, and although normal traffic is not a problem,exception traffic must be handled by the switch’s CPU in software.Some packets that the switch processes in the CPU software include:● Learning new traffic● Routing and control protocols including ICMP, BGP and OSPF● Switch management traffic (switch access by Telnet, SSH, HTTP, SNMP, etc.)●Other packets directed to the switch that must be discarded by the CPUIf any one of these functions is overwhelmed, the CPU may become too busy to service other functionsand switch performance will suffer. Even with very fast CPUs, there will always be ways to overwhelmthe CPU by with packets requiring costly processing.DoS Protection is designed to help prevent this degraded performance by attempting to characterize theproblem and filter out the offending traffic so that other functions can continue. When a flood ofpackets is received from the switch, DoS Protection will count these packets. When the packet countnears the alert threshold, packets headers are saved. If the threshold is reached, then these headers areanalyzed, and a hardware access control list (ACL) is created to limit the flow of these packets to the596Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 26CPU. With the ACL in place, the CPU will have the cycles to process legitimate traffic and continueother services.Once DoS Protection is setup on the switches, you could define an Alarm for the traps “DOS Thresholdcleared” and “DOS Threshold reached”, and have it take an action such as an Email notification orsending a page to a network administrator.Refer to the <strong>Extreme</strong>Ware Software User <strong>Guide</strong> for information on configuring DoS Protection on your<strong>Extreme</strong> switches.Another example would be to detect a TCP SYN flood as indicating a potential DoS attack. A SYN floodoccurs when a malicious entity sends a flood of TCP SYN packets to a host. For each of these SYNrequests, the host reserves system resources for the potential TCP connection. If many of these SYNpackets are received, the victim host runs out of resources, effectively denying service to any legitimateTCP connection.Using the Alarm Manager, you can detect a potential SYN flood by defining a threshold alarm, using adelta rising threshold rule on the TCP-MIB object tcpPassiveOpens. If this MIB object rises quickly in ashort delta period, the system may be under a DoS attack.See the Ridgeline <strong>Reference</strong> <strong>Guide</strong> for more information about creating alarms such as these.Device Syslog HistorySyslog messages report important information about events in your network. Each <strong>Extreme</strong> <strong>Networks</strong>products acts as a syslog client, sending syslog messages to configured syslog servers. These messagesinclude information that reveals the security status of your network. Using syslog messages, you cantrack events in your network that may affect security.Ridgeline creates a dynamic log of syslog messages in the Reports feature. Use this log to scan forcritical security events such as:Table 33: Security-based Syslog MessagesError Message Possible spoofingattackUSER: Login failed for userthrough telnetSYST: card.c 1000: Card 3(type=2) is removed. fdbCreatePermEntry:Duplicate entry found mac00:40:26:75:06:c9, vlan 4095ExplanationYou have a duplicate IP address on the network (same as anaddress on a local interface).orThe IP source address equals a local interface on the router andthe packet needs to go up the IP stack i.e., multicast/broadcast. Inthe BlackDiamond, if a multicast packet is looped back from theswitch fabric, this message appears.A login attempt failed for an administrative user attempting to connectto a device using telnet.A card has been removed from the device. This is a possible breachof physical security if this is an unauthorized removal.A duplicate MAC address appeared on the network. This is a possibleclient spoofing attempt.Ridgeline <strong>Reference</strong> <strong>Guide</strong>597
Managing Network SecurityYou must make sure the Ridgeline is configured as a Syslog server on the devices you want to monitor.The Syslog server function within Ridgeline can be enabled through Ridgeline Administration. See“Server Properties Administration” in the Ridgeline <strong>Reference</strong> <strong>Guide</strong> for more information.Network Access Security with VLANsNetwork administrators need to prevent unauthorized access to their network to protect sensitivecorporate data as well as to guarantee network availability. To achieve this, you need to combine edgesecurity features such as firewalls with network controls such as IP access lists and networksegmentation using VLANs. Unauthorized access attempts can originate from hosts external to yournetwork as well as from benign or malicious attempts from within your network that can disrupt oroverload your enterprise network. Using Ridgeline, you can configure VLANs to segment your physicalLAN into multiple isolated LANs to separate departmental or sensitive traffic within your enterprisenetwork.VLANs segment your physical LAN into independent logical LANs that can be used to isolate criticalsegments of your network or network traffic from one another. Using VLANs, you can createautonomous logical segments on your network for different business needs, such as creating aMarketing VLAN, a Finance VLAN, and a Human Resources VLAN. All the hosts for marketingpersonnel reside on the Marketing VLAN, will all the hosts for finance personnel reside on the FinanceVLAN. This isolates marketing and finance traffic and resources, preventing any unauthorized access tofinancial information from any other group.VLANs work by assigning a unique VLAN ID to each VLAN, and then assigning hosts to theappropriate VLAN. All traffic from that host is tagged with the VLAN ID, and directed through thenetwork based on that VLAN ID. In the marketing and finance example, each department can be on thesame physical LAN, but each is tagged with a different VLAN ID. Marketing traffic going through thesame physical LAN switches will not reach Finance hosts because they exist on a separate VLAN.<strong>Extreme</strong> <strong>Networks</strong> switches can support a maximum of 4095 VLANs. VLANs on <strong>Extreme</strong> <strong>Networks</strong>switches can be created according to the following criteria:● Physical port● 802.1Q tag● Protocol sensitivity using Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol filters●A combination of these criteriaFor a more detailed explanation of VLANs, see the <strong>Extreme</strong>XOS Concepts <strong>Guide</strong>.You can create VLANs in Ridgeline usingRidgeline’s network resource provisioning feature or throughscripts. You can monitor the VLANs in your network from Ridgeline Network View windows. See“Managing and Monitoring VLANs” for more information about how Ridgeline can help you manage theVLANs on your network.598Ridgeline <strong>Reference</strong> <strong>Guide</strong>
27CHAPTERRidgeline ReportsThis chapter describes the predefined reports provided by the Ridgeline Reports feature and covers thefollowing topics:● Accessing Reports from Ridgeline or from a browser● The Network Summary Report, which is also displayed on the Ridgeline Home page●●Exporting Ridgeline data for use by the <strong>Extreme</strong> <strong>Networks</strong> Technical Assistance CenterViewing predefined Ridgeline status reports from a browserIt contains the following sections:● “Reports Overview” on page 599● “Network Status Summary Report” on page 606● “Device Reports” on page 607● “Slots, Stacks and Ports Reports” on page 617● “EAPS Reports” on page 626● “Log Reports” on page 628● “Network Login Report” on page 634● “MIB Poller Tools” on page 635● “Ridgeline Server Reports” on page 635● “Adding a User-Defined Report to the Reports Menu” on page 638● “Printing and Exporting Ridgeline Reports” on page 638Reports OverviewThe Ridgeline software provides a series of HTML-based reports that present a wide variety ofinformation about your network and the devices Ridgeline is managing. These reports can be accessedfrom the Network Administration folder in Ridgeline, or they can be accessed separately from astandard web browser.The Ridgeline reports do not require Java capability, and thus can be accessed from browsers thatcannot run the full Ridgeline user interface.Ridgeline <strong>Reference</strong> <strong>Guide</strong>599
Ridgeline ReportsThese reports can be loaded quickly, even over a dial-up connection, and can also be printed. Some ofthese “reports” are actually tools to help you access information helpful for debugging problems withRidgeline or the devices it is managing.With the exception of the Network Summary Report, Ridgeline’s HTML reports are always displayed ina browser window, even if you are logged into Ridgeline. See “Browser Requirements for Reports” inthe Ridgeline Installation and Upgrade <strong>Guide</strong> or the Ridgeline Release Notes for a list of supportedbrowsers. The browser configured as the default for your system is the one that is launched.The Network Summary Report is also displayed on the Ridgeline Home page.Accessing Ridgeline ReportsYou can access the Ridgeline reporting capability in either of two ways:●●From Ridgeline, by clicking the Reports in the Network Administration folder; the Dynamic ReportsMain page appears, as shown in Figure 439 on page 603.Directly from a browser, without logging into Ridgeline.To access the Ridgeline reporting capability directly from a browser:1 Launch your Web browser, and enter the following URL:http://:/In the URL, replace with the name of the system where the Ridgeline server is running.Replace with the TCP port number that you assigned to the Ridgeline Web Server duringinstallation (by default this is port 8080).2 When the Ridgeline Welcome page appears, click Log on to Reports only in the left-hand panel. Youwill be asked to log in; use the same username and password as you use to log in to the Ridgelineserver.Reports Available in RidgelineThe Ridgeline software provides the following reports and tools:ReportCategory Report Name Description• <strong>Extreme</strong> eSupport Export Exports Ridgeline data for use by <strong>Extreme</strong> technicalMainsupport. Accessible from the Main reports page.NetworkSummary• Network Summary Report Summary status of the network, as well as versionand patch information about the Ridgeline server.Shows status of distributed servers if applicable.600Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27ReportCategory Report Name DescriptionNetwork Users • Network Users Report Information about the users logged on to Ridgeline,including:• Logons by username• Logon failures by username• Logons by device IP address• Logon failures by device IP address• Logons by user's MAC address• Logon failures by user’s MAC address• Threats by type• Threats by usernameDevices • Device Inventory Report by DeviceGroup and Device TypeBy DeviceDevice DetailsPower Over EthernetPower Over Ethernet DetailsSlots, Stacksand PortsOverview of devices known to Ridgeline, by DeviceGroup. From this report you can access the DeviceDetails report, and additional subreports such asPoE information for devices that support thosefeatures.• ReachNXT Devices Report Status of ReachNXT devices connected to switchesknown to Ridgeline.• Device Status Report by Device GroupBy DeviceAlarm DetailsStatus of devices by device group. From here youcan access status of individual devices (alarms, notresponding etc.) and can drill down to Alarm Details• Slot Inventory, by Card TypeInventory of cards (by type) installed in devices inCard Summary (by Card or All Cards)the Ridgeline database. The Card Summary Reportshows details about cards of a given type. FromDevice Detailsthere you can view details about the device hostingSlot Detailsthe card. The Empty Slots report shows empty slotsby device.Empty Slots Report• Stack InventoryInventory of stacking devices. From this report youStack Summarycan access Device Details for the stacking device, orStack Details.Device DetailsStack Details• Interface Report Inventory of all ports on devices in the database• Unused Port ReportSummary of inactive ports by device includingBy Devicelocation, with subreports (by device) showing lengthof inactivity, VLAN membership etc.EAPS • EAPS Summary Summary of EAPS domains known to Ridgeline• EAPS Log EAPS-related Trap and Syslog entries for devicesconfigured for EAPSLogs • Alarm Ridgeline alarm log (more information availablethrough Alarm Log Browser feature)• Event Ridgeline event log entries• Syslog Syslog entries• Config Mgmt Log of configuration management actions (config fileuploads/downloads) and resultsClient Reports • Network Login List of network login activity by deviceRidgeline <strong>Reference</strong> <strong>Guide</strong>601
Ridgeline ReportsReportCategory Report Name DescriptionMIB PollerToolsRidgelineServer• MIB Poller Summary Displays data in a MIB collection. Users with anAdministrator role can start or stop a collection.• MIB Query Provides an interface to query for the value ofspecific MIB variables. This is available only to userswith an Administrator role.See the chapter on “Tuning and DebuggingRidgeline” in the Ridgeline Concepts and Solutions<strong>Guide</strong> for more information.• Server State Summary Shows a variety of status information about theRidgeline server.• Debug Ridgeline Tools to aid in analyzing Ridgeline performance.These are available only to users with anAdministrator role.See the chapter on “Tuning and DebuggingRidgeline” in the Ridgeline Concepts and Solutions<strong>Guide</strong> for more information.Selecting Predefined Ridgeline Reports to ViewThe Reports browser interface initially shows the Ridgeline Reports Main page, as shown in Figure 439.The Main page includes a brief description of the predefined reports that are available; scroll down inthe page to see the complete list.Figure 438: Ridgeline Reports menu602Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Figure 439: Ridgeline Reports menuIf you have started the Reports feature from within Ridgeline, you can use the Close Window button toexit the Reports feature.If you have logged in to the Reports feature directly from a browser, the Close Window button isreplaced by a Logout button, which returns you to the Ridgeline Start-up page.From the menu at the left on the Reports Main page, you can choose a report to view. Click a category(Devices, Slots and Ports, Logs, etc.) to see the reports in that category.NOTEYou can access Online Help for reports by clicking the Help link shown at the top of the Ridgeline ReportsWelcome page. You can also access Help for Reports by selecting Ridgeline Help from the Help menu in anyRidgeline feature, and then finding the Report you want in the Table of Contents.The <strong>Extreme</strong> <strong>Networks</strong> eSupport Export ReportThis report is generated by Ridgeline on request, for use by <strong>Extreme</strong> technical support. It exportsdetailed information to a file is csv format. You can then send this report to <strong>Extreme</strong>.To create a eSupport report, select a Device Group from the pull-down menu, then click Export. You areasked to provide a filename for the file, and will be able to specify a location on your local systemwhere the file should be saved.Ridgeline <strong>Reference</strong> <strong>Guide</strong>603
Ridgeline ReportsUsing Report FilteringA number of the reports provide a filtering capability so that you can specify the information you wantin the report. Filtering lets you construct a conditional statement based on the values of relevantvariables in the Ridgeline database.To create a filter, select the values to use in the filter from the drop-down fields provided at the top ofthe report. The variables from which you can choose are based on the columns in the report, and willvary depending on the type of report you are viewing.In some reports, a field is provided for each column you can use to filter the report results; you selectthe value you want to use from the drop-down menu. In other reports, you select a column name, thena comparison operator, and then the value to be used for comparison. In these reports you may oftenconcatenate two conditional statements with a logical operator (and or or)The Alarm Log report is an example of this type of filter specification, as shown in Figure 440.Figure 440: Report filter specification for logsThe comparison operators you can use are:> (greater than)< (less than)= (less than or equal)!= (not equal)= (equal)starts withends withcontainsIf the column values are strings, the comparisons are taken to indicate alphabetic order, where “greaterthan” specifies a letter that occurs later in the alphabet (for example, the letter B is greater than A), orlater in alphabetical order (“Mary” is greater than “Joe”; “Mary” is also greater than “Many”).NOTEYou can use the browser Copy and Paste functions to copy a specific value from the current report into thecomparison field.604Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27To use a second condition to your filter, choose one of the logical operators And or Or.AndOrInclude a row in the report only if both conditions are true.Include the row if either one (or both) of the conditions are true.If you do not want to include a second condition, do not select any values for those fields.With either type of filter specification, click Submit to run the filter. Click Reset to return the filter to itsdefault values.Sorting ReportsIf a column heading in a report is shown in purple and underlined, you can click on the heading to sortthe report based on the contents of the column. Clicking once sorts the report in ascending alphabetic ornumeric order; clicking a second time reverses the sort order.Exiting ReportsTo exit the Reports feature, close the browser, or click the Close Window link in the left-hand panel. Ifyou logged in directly from a browser rather than through Ridgeline, click the Logout link to return tothe Ridgeline start-up page.If you launched the Reports feature directly from the browser, the browser may time out if there is noactivity for a period of time. To access Reports after the browser times out, log in again.Ridgeline Report StructureRidgeline reports are either generated by Tcl scripts or are Java-based. The Tcl-based reports can becustomized, and can serve as models for new reports. The Java-based reports cannot be customized.The Tcl-based reports are:● Device Inventory● Device Status● Unused Ports● EAPS reports● Network login● Client History● Spoofed Clients● Unconnected Clients● Server State Summary● Resource to Attribute● User to HostRidgeline <strong>Reference</strong> <strong>Guide</strong>605
Ridgeline ReportsNetwork Status Summary ReportThe Network Status Summary Report is an at-a-glance summary of the status of the devices that theRidgeline server is monitoring. The main report page appears when you first log into Ridgeline.The Network Status Summary Report displays information about the overall health of the network. Italso displays information on the current version of the Ridgeline software running on the Ridgelineservice and compares the current version to the latest available version.This summary shows the following statistics:● The number of devices known to the Ridgeline server that are not responding to Ridgeline queries.● The number of devices reported to be in marginal condition (such as a problem with the fan,temperature, or power).● The number of devices that are offline for planned service.● The number of critical alarms in the last 24 hours that have not been acknowledged.● The number of Syslog messages with a priority of Critical or worse that occurred in the last 24hours.● The number of Invalid Login alarms that have occurred in the last 24 hours.● The number off Authentication Failure alarms that have occurred in the last 24 hours.●For any of these items where the number is non-zero, the description becomes a link to a sub-reportthat gives you more information about the situation—a list of devices or alarms or messages.The Network Status Summary Report also provides version information about the Ridgeline softwarerunning on your machine. The information reported includes:SoftwareCurrent <strong>Version</strong>Available <strong>Version</strong>StatusThe Ridgeline software. The name is a link to the <strong>Extreme</strong> support site where you canaccess more information about the software release or service pack.The version of software currently running.The number of the most recently available version of the software.The status of the software running on this machine—whether it is up to date or is notup to the most current version available from <strong>Extreme</strong>.In order for your machine to verify the latest Ridgeline software version, it must access the <strong>Extreme</strong><strong>Networks</strong> web site at http://www.extremenetworks.com. If your network uses a firewall, you canconfigure HTTP proxy properties using the Server Properties, External Connections option of theAdmin feature.To configure an HTTP proxy device and port, see “External Connections Properties”on page 477.The Distributed Server SummaryIf you are running in a Distributed server configuration, a Distributed Server summary appears belowthe Network Summary.606Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Each row in the summary provides the status of one of the Ridgeline server group members. It providesthe following information about each server:ServerLaunch ClientDevices UpDevices DownCritical AlarmsLast UpdateServer StatusThe server name.Clicking on the server name initiates the Dynamic Reports feature for that server. You canthen run any of the available HTML reports.A link that can launch a client connection to the server.Clicking on the Client link launches a client that attempts to connect to that server.The number of devices managed by the server that are up.The number of devices managed by the server that are down.The number of critical alarms that have occurred on devices managed by the server.The date and time of the last update of the server summary information for this server.The status of the server (whether it is responding to the periodic poll).Device ReportsClick the Devices link to display links to the Device Reports. These reports provide a variety of statusinformation about the devices being managed by Ridgeline.Device Inventory ReportTo view a list of device groups and devices known to the Ridgeline software, click the Device Inventorylink in the left-hand panel. Figure 441 shows example output.Ridgeline <strong>Reference</strong> <strong>Guide</strong>607
Ridgeline ReportsFigure 441: Device Inventory ReportsThe initial display presents summaries at the Device Group and the device type level.A drill-down report, called Device Details, contains the same information you can view in theRidgeline Inventory. Information on this report is on page 609.Devices by Group TableThe Devices by Group table displays the following information:Device GroupDescriptionQuantityName of the device groupDescription of the group as kept in the Ridgeline device inventoryNumber of devices in the group608Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Devices by Type TableThe Devices by Type table displays the following information:Device TypeQuantityType of deviceNumber of devices of this type known to RidgelineSelect a Device Group, a device type, or All Devices (at the bottom of either table) to display the AllDevices Device Summary. Figure 442 shows the Device Summary report for All Devices.Figure 442: All Devices Device SummaryThe All Devices Device Summary displays the following information about each device:Device Group(s)NameIP AddressTypeLocationMACSerial NumberCurrent ImageAll Ridgeline Device groups to which it belongs (this is displayed only if you select AllDevices)Name of the device from the sysName variableIP address of the deviceClick the IP address to display a table with detailed configuration and statusinformation. This is the same information you can view in the Ridgeline Inventory.Type of deviceDevice location from the sysLocation variableMedia access control address of the deviceDevice serial numberSoftware version currently running on the device, if knownClick on the IP Address of a device to show a Device Details Report for the device.Device Details ReportThe Device Details report shows information about an individual device. If the device includes a PoEblade, you will be able to link to reports about that feature (the Additional Switch Information links atthe bottom of the details report). If the device does not support that feature, the Additional SwitchInformation links do not appear.Ridgeline <strong>Reference</strong> <strong>Guide</strong>609
Ridgeline ReportsFigure 443: Device DetailsThis report shows the following information:Serial NumberIP AddressDevice Group(s)Device TypeNameDescriptionLocationContactBoot Time (Pacific Daylight Time)Software <strong>Version</strong>Primary ImageSecondary ImageStatusDevice serial numberIP address of the deviceDevice Groups to which this device belongsThe device typeThe name given to the deviceThe description provided for the deviceThe location information for the deviceThe contact information for the deviceTime of the most recent boot.The version of software currently running on the deviceThe version of software saved as the Primary ImageThe version of software saved as the Secondary ImageDevice Status: OK, or marginalFan StatusPower StatusStatus of fans: OK, marginal, or If there are multiple fans, each is listed(fan 1, fan 2 etc.)Status of power supply modules: OK, marginal, or If there are multiplemodules, each is listed (power 1, power 2 etc.)610Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27If the device supports Power over Ethernet (PoE), you can view reports on PoE status.Click Power Over Ethernet to view the Power over Ethernet Report.Power over Ethernet ReportThe Power Over Ethernet report shows information about the PoE configuration of the device.Figure 444 shows an example of this report.Figure 444: Power over Ethernet ReportThe report shows the following information about the PoE configuration:Device-level information:ConfigurationPower Supply ModeDisconnect PrecedenceUsage Threshold (%)Whether PoE is enabled for the switch. (Enabled or Disabled)The configured power-supply mode: Redundant, Load-Sharing, or N/A (if onlyone power supply is installed).The method used to determine which port to disconnect when power drainexceeds the power budget:• lowest-priority (next port connected causes a shutdown of the lowest priorityport)• deny-port (next port that attempts to connect is denied power, regardless ofpriority)The threshold for power utilization compared to the configured maximum foreither the allocated power budget per slot, or for system level allocation.PoE Power Source:Group IndexMaximum Power (Watts)The index for the specific power sourceThe maximum power available from the sourceRidgeline <strong>Reference</strong> <strong>Guide</strong>611
Ridgeline ReportsMeasured Power (Watts)Operational StatusThe current measured power from the sourceOperational Status of the power supply (on, off, faulty)PoE Slot Information:Slot NumberGroup IndexMax Available Power (Watts)Measured Power (Watts)Configured Power Limit (Watts)ConfigurationStatusPower SourceBackup Power SourceThe slot number where this module residesThe index of the power source supplying inline power to this slotThe maximum power available to this slotThe current measured power on the slotThe configured maximum amount of inline power available to this slotIndicates whether PoE is enabled or notStatus of the slot: (initializing, operational, download fail, calibration required,invalid firmware, mismatch version, updating, invalid device, not operational,or other)PoE supply source: external, internal, or nonePoE backup power source: External, internal, none, or not applicableAt the bottom of the page is a link to a detailed report on PoE ports. Click the link to access the Powerover Ethernet Details report.Power Over Ethernet Details ReportThis report shows power details for each port on the device. Figure 445 shows an example of thisreport.Figure 445: Power over Ethernet Details Report (partial)612Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27This report shows the following information:Port NumMeasured Power (mW)Operational Max Power (mW)Reserved Power (mW)Port TypePoE statusOperation StatusTo view device status information, click the Device Status link in the left-hand panel. You can use thisreport and its sub-reports to determine status and failure log information for the devices known toRidgeline.Initially, this report displays summary status at the Device Group level. Figure 448 shows exampleoutput.Figure 446: Device StatusPort numberMeasured power on this portMaximum power limit on this portReserved power limit on this portThe user-defined port typeWhether power is enabled on this port (Enabled or Disabled)Status of the port (disabled, searching, delivering power, fault, test, other fault)Classification Class association for this port (0,1,2,3,4)PriorityViolation PrecedencePort priority for purposes of power managementThe limit used to determine power level violation (advertised class, operatorlimit, max advertised operator, or none)The information displayed at Device Group level includes the following:GroupDescriptionAlarms in last 24 hoursDevices Not RespondingDevices MarginalDevices OfflineDevices UpName of the device groupDescription of the group as kept in the Ridgeline device inventoryTotal alarms for all devices in the device groupNumber of devices in the group that are not respondingNumber of devices in the group whose operation is marginalNumber of devices in the group that are offlineNumber of devices in the group that are upRidgeline <strong>Reference</strong> <strong>Guide</strong>613
Ridgeline ReportsClick a Device Group name in the Group column to display the Device Status Report for the devices inthe group. Figure 449 shows example output.ReachNXT DevicesThe ReachNXT Devices report provides information about the ReachNXT devices connected to ports onswitches managed by Ridgeline.Figure 447: ReachNXT Devices Reporthe ReachNXT report displays the following information:Device nameDevice IP addressPort NumberModel numberSerial numberMAC addressSoftware versionDescriptionUplink PortThe name of the switch where the ReachNXT device is connected.The IP address of the switch where the ReachNXT device is connected.The number of the port connected to the ReachNXT device.The model number of the ReachNXT device.The serial number of the ReachNXT device.The MAC address of the ReachNXT device.The version of software the ReachNXT device is running.Description of the ReachNXT device, if configured.The uplink port used by the ReachNXT device to connect to the switchDevice Status ReportTo view device status information, click the Device Status link in the left-hand panel. You can use thisreport and its sub-reports to determine status and failure log information for the devices known toRidgeline.Initially, this report displays summary status at the Device Group level. Figure 448 shows exampleoutput.614Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Figure 448: Device StatusThe information displayed at Device Group level includes the following:GroupDescriptionAlarms in last 24 hoursDevices Not RespondingDevices MarginalDevices OfflineDevices UpName of the device groupDescription of the group as kept in the Ridgeline device inventoryTotal alarms for all devices in the device groupNumber of devices in the group that are not respondingNumber of devices in the group whose operation is marginalNumber of devices in the group that are offlineNumber of devices in the group that are upClick a Device Group name in the Group column to display the Device Status Report for the devices inthe group. Figure 449 shows example output.Ridgeline <strong>Reference</strong> <strong>Guide</strong>615
Ridgeline ReportsFigure 449: Device Status (Group detail)The information shown is as follows:Device GroupDevice NameIPStatusLast Failure (Local TimeZone)Down Period (d:h:m:s)Boot Time (Local TimeZone)Alarms in last 24 hoursName of the device groupName of the device from the sysName variableIP address of the deviceThe status of the device: operational, offline, marginal, and not respondingTime at which the most recent device failure occurred, expressed in the local time zoneof the Ridgeline serverLength of time the device was unreachable, reported in days:hours:minutes:secondsTime when the device was last booted, expressed in the local time zone of theRidgeline serverNumber of alarms in the last 24 hours from this deviceIf the number of alarms is greater than zero, you can click on the number in that field to display asummary of the alarms. This displays the Alarm Details sub-report.Alarm Details ReportThe Alarm Details report shows a summary of the alarms for the specific device. Figure 450 showsexample output.616Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Figure 450: Device Status: Alarm DetailsThe information presented in this report is as follows:NameCategoryTime (Local Time Zone)SeverityMessageName of the device from the sysName variableThe device groupTime at which the most recent device failure occurred, expressed in the local time zoneof the Ridgeline serverSeverity level of the failureError message displayed in the Alarm LogSlots, Stacks and Ports ReportsThe following reports show information about the slots (module cards) installed in the <strong>Extreme</strong> devicesmanaged by Ridgeline, or about stacking devices known to Ridgeline. These reports also provideinformation about the ports on those devices or modules.Slot InventoryClick the Slot Inventory link in the left-hand panel to view the Slot Inventory Reports list showing aninventory of the slots and module cards known to Ridgeline. Figure 451 shows example output. Click aCard Type link to view a Card Summary Report for an individual card type. Click All Cards (at thebottom of the list) to view a Card Summary Report showing all cards known to Ridgeline. Click EmptySlots (also at the bottom of the list) to view a report on the empty slots detected by Ridgeline.Ridgeline <strong>Reference</strong> <strong>Guide</strong>617
Ridgeline ReportsFigure 451: Slot Inventory ReportThe initial display summarizes module card types and empty slots:Card TypesQuantityType of module cards and empty slots known to RidgelineNumber of modules of a given type. For All Cards, this is the total number of cards inall modular devices known to Ridgeline. For Empty Slots, this is the total number ofempty slots detected among the modular devices known to Ridgeline.Card Summary ReportSelect a Card Type or All Cards to display the Card Summary report for the modules known toRidgeline. Figure 452 shows an example of output that appears if you select All Cards. The informationshown for an individual card type is the same, except that the Card Type column is not included.618Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Figure 452: All Cards Card SummaryEach Card Summary displays the following information about each module:Device Group(s)Device NameDevice AddressDevice LocationCard TypeSlot NameCard Serial NumberName of all the device groups of which the device is a memberName of the device (where the card resides) from the sysName variableIP address of the deviceDevice location from the sysLocation variableType of module card (this is displayed only if you select All Cards)Number or letter of the slot where the module card is installedModule card serial numberClick the heading of a column to sort on the contents of that column.If you have selected an individual card type, this report shows only modules of the selected type. If youhave selected All Cards, the report shows all cards in any of the devices known to Ridgeline.Empty Slots ReportSelect Empty Slots to display the Empty Slots summary report for the empty slots known to Ridgeline.Ridgeline <strong>Reference</strong> <strong>Guide</strong>619
Ridgeline ReportsFigure 453: Empty Slots SummaryThe Empty Slots summary report displays the following information about the empty slots:Device GroupDevice NameDevice AddressDevice LocationEmpty SlotsName of the device groupName of the device from the sysName variableIP address of the deviceDevice location from the sysLocation variableNumber or letter of the empty slot(s) on the deviceStack Inventory ReportsClick the Stack Inventory link in the left-hand panel to view the basic Stack Inventory Reports listshowing an inventory of the stacking devices known to Ridgeline. Figure 454 shows example output.Click a Stack Device link to view a Stack Summary Report for an individual stack device. Click AllStacks (at the bottom of the list) to view a Stack Summary Report showing all stack devices known toRidgeline.620Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Figure 454: Stack InventoryThe initial display summarizes module card types and empty slots:Stack DevicesQuantityType of stacking deviceNumber of devices of a certain type. All Stacks shows total number of stacking devicesknown to Ridgeline.Stack Summary ReportSelect a Stack Device type or All Stacks to display the Stack Summary report for the stack devicesknown to Ridgeline. Figure 452 shows an example of output that appears if you select All Stacks. Theinformation shown for an individual stack device type is the same, except that the Card Type column isnot displayed.Figure 455: All Stacks Card SummaryRidgeline <strong>Reference</strong> <strong>Guide</strong>621
Ridgeline ReportsEach Stack Summary displays the following information about the device:Device Group(s)Device NameDevice AddressDevice LocationCard TypeSlot NameCard Serial NumberName of all the device groups of which the device (stack master) is a member.Name of the device from the sysName variableIP address of the device (link to the Device Details report)Device location from the sysLocation variableType of stack device (this is displayed only if you select All Stacks)Name of the stacking device, linked to the Stack Details report for the deviceStack Device serial numberClick the heading of a column to sort on the contents of that column.If you have selected an individual stack device type, this report shows only modules of the selectedtype. If you have selected All Stacks, the report shows all stacking devices known to Ridgeline.Stack Details ReportClick on a slot name to display the Stack Details report for the selected device. Figure 456 shows anexample of output.Figure 456: Stack Details ReportEach Stack Details report displays the following information about the stack device:Device Group(s)Device NameDevice AddressDevice LocationDevice Current ImageSlot TypeSlot NameName of all the device groups of which the device (stack master) is a member.Name of the device from the sysName variableIP address of the stack master deviceDevice location from the sysLocation variable<strong>Version</strong> of image running on the master deviceType of module card (this is displayed only if you select All Cards)Name of the stacking device, linked to the Stack Details report for the device622Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Slot Serial NumberSlot Primary ImageSlot Secondary ImageSlot Current ImageSlot BootROMStack Device serial numberThe version of software saved as the Primary Image in the stack deviceThe version of software saved as the Secondary Image in the stack deviceThe version of software currently running in the stack deviceThe BootROM version in the stack device.Interface ReportTo view a report on the status of every port known to the Ridgeline software, click the Interface Reportlink in the left-hand panel. Figure 457 shows a portion of an example output.Figure 457: Interface ReportThe information reported for each interface includes:IP AddressPortPort NameAdminStatusOperStatusConfigured Speed/TypeActual Speed/TypeFDB PollingIP address of the interfacePort number of the interfacePort name of the interfaceInterface administrative status (enabled/disabled)Operational status of the interface (ready/active)Nominal (configured) speed of the interfaceActual speed of the interfaceWhether the port is being actively polled as an edge port, or is not being polled. If theport is not polled, the reason is included (Device Not Supported, Inactive Port, NotSupported, Polling Disabled For Port, or Uplink Port)Ridgeline <strong>Reference</strong> <strong>Guide</strong>623
Ridgeline ReportsBecause the Ridgeline server may be aware of many hundreds of ports, the interface information isdisplayed in groups of 25 ports per page. You can navigate among the pages using any of the followingmethods:● Clicking the Previous and Next links●●Selecting a page number from the at the top of the reportClicking the First or Last links to display the first or last page in the reportThe list of ports is sorted initially by IP address. Click the heading of a column to sort the report basedon the contents of that column; for example, to sort by operational status, click on the OperStatusheading.You can filter the ports that are displayed by constructing a conditional filter using the fields at the topof the page. This lets you construct a two-clause filter statement; Figure 458 shows an example.Figure 458: Device Ports filter specificationFor more information on the filtering choices, see “Using Report Filtering” on page 604 and followingpages.Unused Ports ReportTo see inactive ports for a particular device, click the Unused Ports link in the left-hand panel.Figure 459 shows example output.624Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Figure 459: Unused Ports ReportYou can filter the report by selecting the following:VLANDevice GroupInactive DaysInactive HoursSelect all VLANs or the name of a particular VLANSelect all groups or the name of a particular device groupEnter the number of days of inactivity for the requested port(s)Enter the number of hours of inactivity for the requested port(s)When you complete your selections, click Submit. The report can be saved in csv or xml format, orshown in a single page. It displays the following:Device NameIP AddressInactive PortsTotal Inactive PortsGroupsName of the device on which the port residesIP Address of the device on which the port residesInactive ports on the deviceThe total number of inactive ports on the device. The total number of inactive ports forall devices in the report is displayed at the bottom of the report.Device groups to which this device belongsClick on an entry in the Inactive Ports column to open the Unused Port Reports detail; Figure 460shows a portion of example output.Ridgeline <strong>Reference</strong> <strong>Guide</strong>625
Ridgeline ReportsFigure 460: Unused Ports Report: detailAgain, you can filter the report by specifying the VLAN, the device group, and the time frame (inactivedays, inactive hours). The Unused Port Reports detail displays the following:Port NumberPort NameInactive TimeVlan NamePhysical TypeNumber of the unused portAn optional name (text string) configured for the portLength of time this port has been inactiveName of the VLAN to which this port belongsType of portEAPS ReportsThere are two reports available under EAPS: the EAPS Summary report, and the EAPS Log report. Bothof these reports are also accessible from within the EAPS Monitor.EAPS SummaryThe EAPS Summary report provides a brief overview of the status of the EAPS domains known toRidgeline. This report can also be viewed from the Tools menu in the EAPS Monitor.The report shows:● The total number of EAPS domains known to Ridgeline● The number of Domains currently in an error state● The number of domain failures that have occurred in the last 24 hours.626Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Figure 461: The EAPS Summary ReportEAPS Log ReportThe EAPS log report shows the EAPS traps or EAPS-related syslog entries that have occurred fordevices that meet the specified filter criteria. By default, all devices, traps and syslog entries are shown.You can filter for the following:● A specific device by IP address (must be exact, wildcards are not supported).● The type of event (trap or syslog entries): you can enter any keywords that may appear under theType column as part of the description of the trap or syslog entry.●●Specific varbinds (enter a keyword that matches the varbind you want to find, such asextremeEapsLastStatusChange.)Events that occurred within a certain timeframe.Figure 462: EAPS Log ReportRidgeline <strong>Reference</strong> <strong>Guide</strong>627
Ridgeline ReportsThe EAPS Log report displays the following information:TimeSourceTypeVarbindsTime the event occurred, expressed in the local time zone of the Ridgeline serverIP address of the device and port number (if applicable) that generated the eventEvent type (for example, SNMP Trap)Variable data transmitted with a trapLog ReportsFour reports are provided under Logs: the Alarm, Event, Syslog, and Configuration ManagementActivity reports.Alarm Log ReportTo see all the entries in the Ridgeline Alarm Log, click the Alarm Log link in the left-hand panel.Figure 463 shows a portion of an example output.Figure 463: Alarm Log ReportThe log can be saved in csv or xml format, or the entire report can be shown in a new page by clickingthe show all link.NOTEIf the Ridgeline database has a large number of alarms, the show all option can take a very long time tocomplete.628Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27The Alarm Log report displays the following information:TimeNameSeveritySourceCategoryAck’edEvent #MessageTime the alarm occurred, expressed in the local time zone of the Ridgeline server)Name of the alarmSeverity level of the alarmIP address of the device that generated the alarmCategory that the alarm is classified underWhether the alarm has been acknowledged (0 is acknowledged, 1 is notacknowledged)Event ID of the alarm (assigned by the Ridgeline server when the alarm is received)Message associated with the alarmThe alarm information is displayed in groups of 20 alarm events per page. You can navigate among thepages using any of the following methods:● Clicking the Previous and Next links.●●Selecting a page number from the at the top of the report.Clicking on the First or Last links to display the first or last page in the report.The report is sorted initially by the Time that the alarm occurred. Click the heading of a column to sorton the contents of that column.You can filter the alarms that are displayed by constructing a conditional filter using the fields at the topof the page. You can construct a two-clause filter statement as shown in Figure 464.Figure 464: Alarm Log filter specificationFor further information on filtering, see “Using Report Filtering” on page 604. You can filter on any ofthe variables shown in the report.Event LogTo view all the entries in the Ridgeline Event Log, click the Event Log link in the left-hand panel.Figure 465 shows a portion of example output.Ridgeline <strong>Reference</strong> <strong>Guide</strong>629
Ridgeline ReportsFigure 465: Event Log ReportThe log can be saved in csv or xml format, or shown in a new page.The information reported includes:Event #TimeSourceTypeVarbindsCountEvent ID of the event (assigned by the Ridgeline server when the event is received)Time the event occurred, expressed in the local time zone of the Ridgeline serverIP address of the device and port number (if applicable) that generated the eventEvent type (for example, SNMP Trap)Variable data transmitted with a trapNumber of consecutive events (if the same trap occurs at the same time and isreceived multiple times, only one event is created and the count displays the number oftraps)The event information is displayed in groups of 20 events per page. You can navigate among the pagesusing any of the following methods:● Clicking the Previous and Next links●●Selecting a page number from the at the top of the reportClicking the First or Last links to display the first or last page in the reportYou can filter the events that are displayed by constructing a conditional filter using the fields at the topof the page, as shown in Figure 466. You can construct a two-clause filter statement.630Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Figure 466: Event Log Filter SpecificationFor further information on filtering, see “Using Report Filtering” on page 604. You can filter on any ofthe variables shown in the report.You can use the browser’s Copy and Paste functions to copy a specific value from the current reportinto the comparison field. This technique is particularly useful if you want to filter on a specificVarbinds value.Ridgeline <strong>Reference</strong> <strong>Guide</strong>631
Ridgeline ReportsSyslog (System Log)To see all the entries in the system log, click the Syslog link in the left-hand panel. Figure 467 shows aportion of example output.Figure 467: Syslog (portion)The log can be saved in csv or xml format, or shown in a new page.The information displayed includes the following:Event #TimeSourceFacilitySeverityMessageEvent ID of the syslog entry (assigned by the Ridgeline server when the syslog isreceived)Time the syslog is received by Ridgeline, expressed in the local time zone of theRidgeline serverIP address of the device that generated the syslog entrySyslog facilitySyslog severity levelError message textThe event information is displayed in groups of 25 events per page. You can navigate among the pagesusing any of the following methods:● Clicking the Previous and Next links632Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27●●Selecting a page number from the at the top of the reportClicking the First or Last links to display the first or last page in the reportYou can filter the events that are displayed by constructing a conditional filter using the fields at the topof the page, as shown in Figure 468. You can construct a two-clause filter statement.Figure 468: System Log filter specificationFor further information on filtering, see “Using Report Filtering”on page 604.The Configuration Management Activity LogThis log tracks all the configuration operations performed through Ridgeline — uploading anddownloading of configuration files. To see all the entries in the Configuration Management Activity log,click the Config Mgmt link in the left-hand panel. Figure 467 shows a portion of example output.Figure 469: Configuration Management Activity Log (portion)The log can be saved in csv or xml format, or shown in a new page.Ridgeline <strong>Reference</strong> <strong>Guide</strong>633
Ridgeline ReportsThe information displayed includes the following:TimeDeviceActivityStatusDescrFileTime at which the configuration activity occurred, expressed in the local time zone ofthe Ridgeline serverIP address of the device on which the action was takenThe action that was attemptedWhether the action was successful or notA message describing the reason for the status (the error message if the action couldnot be completedThe configuration file involved in the action, if appropriate.The event information is displayed in groups of 25 events per page. You can navigate among the pagesusing any of the following methods:● Clicking the Previous and Next links●●Selecting a page number from the at the top of the reportClicking the First or Last links to display the first or last page in the reportYou can filter the events that are displayed by constructing a conditional filter using the fields at the topof the page, as shown in Figure 468. You can construct a two-clause filter statement.Figure 470: Configuration Management Activity Log filter specificationFor further information on filtering, see “Using Report Filtering” on page 604.Network Login ReportThe Network Login Report provides information about 802.1x and HTTP login activity. The HTTPnetwork log is <strong>Extreme</strong> specific. To view a Network Login Report, click the Network Login link in theleft-hand panel; Figure 471 shows example output.634Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27Figure 471: Network Login ReportThe report displays the following information:Device NameIP AddressNetwork Login ActivityName of the deviceIP address of the device802.1x network login activity that has occurred on this deviceClick the heading of a column to sort on the contents of that column.MIB Poller ToolsThe MIB Poller Tools are advanced Administrator Tools you can use to collect history for MIB variablesof interest, or to do a one-time “get” of specific MIB variables. The MIB Poller can be used to collectMIB variable data periodically. That data can later be exported to a text file that can be imported intoprograms like Microsoft Excel for historical trending analysis.Users who do not have an Administrator role can view the MIB Collection Poller Summary, and canview detailed information about any MIB collections which have been implemented by a RidgelineAdministrator. However, only users with an Administrator role can Start or Stop the Collection process,or can load an XML file to define a Collection.The MIB Poller Tools are described in the Chapter 27 “Enhancing Ridgeline Performance”.Ridgeline Server ReportsThis category includes both the Server State Summary report, which provides a large amount ofinformation about the Ridgeline server and its activity, and a set of administrator tools, available only tousers with an Administrator role, that may be useful in analyzing Ridgeline performance or activityquestions.If you do not have an Administrator role, the Ridgeline debugging tools will not be available.Ridgeline <strong>Reference</strong> <strong>Guide</strong>635
Ridgeline ReportsServer State Summary ReportThe Server State Summary Report displays statistics about configured servers, SNMP activity, threadand SNMP session pools, database activity, the ports used by the Ridgeline server, and Ridgelinelicenses. Figure 472 shows an example.Figure 472: Server State Summary Report (top half)The report presents information in multiple tables.The first table in the report shows the status of the various Ridgeline subsystems:Ridgeline SubsystemConfigurationCurrent StatusThe name of the subsystem (TFTP Server, Internal Syslog Server, InternalRADIUS Server, MAC Poller)Whether the subsystem is enabled or disabledWhether the subsystem is running or stoppedThe second table shows statistics about the MAC/FDB Poller:Last Poll CompletedLast Poll DurationAverage DurationThe time at which the last complete polling cycle finishedThe length of time it took to perform the last complete FDB polling cycleThe average length of time it has taken to perform a complete FDB polling cycleThe third table in the report provides the number of operations that have occurred in the last minute,the last hour, and the last day (24 hours) for the following operations:SNMP QueriesDatabase CommitsClient RequestsTrap RequestsSyslog MessagesNumber of SNMP queries performed by the Ridgeline serverNumber of database commits performed by the Ridgeline serverNumber of data requests to the Ridgeline server by all connected clientsNumber of trap PDUs received by the Ridgeline serverNumber of syslog messages received by the Ridgeline server636Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27The fourth table in the report shows scalability statistics for the thread pool and the SNMP session pool:Thread Pool Statistics column• Pool Size Thread pool size for the threads that are used to perform server operations (forexample, reading data from a device or configuring the devices)• Default Allocation Size Number of threads used to perform a single operation (for example, running aRidgeline script across a number of devices)• Currently In Use Number of threads currently in use• Maximum In Use at Once Maximum number of threads that are in use at one time• Total # of Requests Total number of times a thread is requested to perform an operation in the server• Total # of Wait For Thread Total number of times the server has to wait for a thread to become available• Percentage Wait per Percentage of total wait versus total request for threadsRequestSNMP Session Pool Statistics column• Pool Size Maximum number of allowed SNMP access sessions to the devices• Default Allocation Size Not applicable• Currently In Use Number of SNMP access sessions currently in use• Maximum In Use at Once Not applicable• Total # of Requests Total number of times an SNMP object is requested to perform an operation in theserver• Total # of Wait For Thread Total number of times the server has to wait for an SNMP object to becomeavailable• Percentage Wait perRequestPercentage of total wait versus total number of requests for SNMP objectsThe fifth table in the report shows the ports currently in use by the Ridgeline server:Web ServerTrap ReceiverRadius ServerTelnetDatabasePort currently used by the Ridgeline web serverPort currently used by the Ridgeline server to receive trapsPort currently used by the RADIUS serverPort currently used for TelnetPort currently used for Ridgeline database communicationThe last table shows the Ridgeline licenses currently installed, along with their Access Keys (which canbe used to obtain a license key from <strong>Extreme</strong>):LicenseStatusAccess KeyThe type of license (Ridgeline Base license, Gold Upgrade, or SSH)Whether this license category is enabled or disabled.The access key for the license (used to obtain a license key from <strong>Extreme</strong>).See the Ridgeline Release Notes or the Ridgeline Installation and Upgrade Notefor instructions on requesting and installing a license key.If you have administrator-level access to Ridgeline, you can use Ridgeline Administration to change theweb server, trap receiver, RADIUS and telnet ports used by Ridgeline. See Chapter 23, “AdministeringRidgeline” for more information.To change the database (and other) ports, see “Reconfiguring Ridgeline Ports” on page 469.Ridgeline <strong>Reference</strong> <strong>Guide</strong>637
Ridgeline ReportsDebug RidgelineThese are not reports, but rather tools to allow a user with an Administrator role to set certain optionsfor the purpose of analyzing Ridgeline performance.If you do not have an Administrator role, you will not see this link in the left-hand panel of the Reportsfeature.The tools for debugging Ridgeline are described in the chapter on “Tuning and Debugging Ridgeline”in the Ridgeline Concepts and Solutions <strong>Guide</strong>.Adding a User-Defined Report to the Reports MenuTo add a new user-defined report to the report menu, simply place the HTML file into the/user/reports/html/userdefined directory. The Ridgeline serverautomatically creates a link on the Reports menu for files in the userdefined directory. It will use thereport file names as the report names. They will appear below the heading User Defined Reports at thebottom of the left-hand panel of the Reports page.The file names must conform to two restrictions:●●They must use .html as the extension. .htm is not supported.The file name may not contain spaces.If you want to create a set of hierarchical reports, you can create a subdirectory under the userdefineddirectory to contain subordinate HTML files that should not have a direct link from the Reports menu.If you put files into the userdefined directory that were originally in the /user/reports/html directory, be sure you also copy the report stylesheet (reportstylesheet.css) into theuserdefined directory.Printing and Exporting Ridgeline ReportsThis section explains how to print or export reports.Printing ReportsUnlike the other Ridgeline features, Ridgeline reports can be printed with your browser’s print function.To print a report, place the cursor in the pane where the report is displayed, and use the browser’s Printbutton, or the Print command from the File menu, to initiate the print.You can also use the show all link to print all data from a large .html page.Exporting ReportsYou can export certain Ridgeline reports to either .csv or .xml format. Exporting reports allows you touse various software applications to manipulate the data. The following reports can be exported:●Device Reports (Device Inventory)638Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 27●●●●●●●●●Card Report (Slot Inventory)EAPS Log ReportReport on Device Ports (Interface Reports)Unused PortsNetwork Login ReportAlarm LogEvent Log ReportSyslog ReportConfig Management Log ReportFrom the Reports Main page, you can generate a report to be used by <strong>Extreme</strong> <strong>Networks</strong> eSupportusing by selecting the Device Group and clicking Export.Ridgeline <strong>Reference</strong> <strong>Guide</strong>639
Ridgeline Reports640Ridgeline <strong>Reference</strong> <strong>Guide</strong>
28CHAPTEREnhancing RidgelinePerformanceThis chapter describes how to tune Ridgeline performance and features to more effectively manage yournetwork. It also describes some advanced features that are available to an Ridgeline administrator (auser with an Administrator role) to help analyze Ridgeline or <strong>Extreme</strong> device operation. These include:●●●●●●●Monitoring and tuning Ridgeline performanceTuning the alarm systemUsing Device Groups to facilitate workflowUsing the Ridgeline MIB Poller tools to maintain MIB variable historyReconfiguring Ridgeline portsUsing the Ridgeline debugging toolsReconfiguring the FreeRadius serverIt contains the following sections:● “Monitoring and Tuning Ridgeline Performance” on page 641● “Tuning the Alarm System” on page 644● “Using the MIB Poller Tools” on page 647● “Reconfiguring Ridgeline Ports” on page 654● “Using the Ridgeline Debugging Tools” on page 655Monitoring and Tuning Ridgeline PerformanceIf you are using Ridgeline to manage a very large number of devices in a large network, you may canencounter times when the performance of the system can seem slow. There are a large number of factorsthat can affect the performance of Ridgeline. Some of these you can affect with various settings inRidgeline. In other cases, you may be able to affect the overall performance of the system byconsidering how you manage specific devices in your network.There are a number of factors that can affect Ridgeline performance:●●●The amount of alarm processing the system is attempting to handle. This is discussed in some detailin the section “Tuning the Alarm System” on page 644.The frequency and timeouts for SNMP polling and MAC polling (if you have it enabled)The processor power and amount of memory available on the system running the Ridgeline server.Ridgeline <strong>Reference</strong> <strong>Guide</strong>641
Enhancing Ridgeline Performance●The size of the worker thread and the maximum number of SNMP sessions that can be running.Disabling Ridgeline Management for a DeviceIf a device is scheduled to be taken down for maintenance, you can disable Ridgeline management forthe device. Ridgeline will not attempt to poll or sync with the device and will ignore all traps from thedevice while it is unmanaged by Ridgeline. This means that any events caused by the maintenanceactivities will not cause alarms in Ridgeline.●●To disable Ridgeline management for a device, select the device in a Network Views window, andselect Managing > Disable from the Device menu. Note that this does not physically change thedevice; it just sets Ridgeline to ignore the device as if it were offline.To re-enable Ridgeline management for the device when it is again reachable, select it, and selectManaging > Enable from the Device menu.For devices that simply take a long time to sync or to poll on a Detail poll cycle, you can reduce theimpact by reducing the Detail Poll frequency (lengthening the time between polls) for those devices.The default Detail polling frequency is 30 minutes for core devices and 90 minutes for edge devices.Polling Types and FrequenciesWhen you log in to Ridgeline, it by default attempts to sync all the devices it is managing, to bring itsdatabase up to date. For devices that are down (and not marked offline in Ridgeline) Ridgeline willattempt to sync the device and will have to wait until the device times out. Further, a sync does a DetailPoll, so a large network with many devices with very complex configurations (for example, a largenumber of VLANs) the sync operation can take a significant amount of time.Ridgeline does several types of polling, using SNMP or Telnet, for the information it needs.SNMP PollingRidgeline does two types of polls for device information using SNMP.●●A global “heartbeat” poll that gets basic information about device reachability. The poll frequencyfor this is 5 minutes, for all devices regardless of type.A device-specific Detail poll, that polls for more detailed information about the device configuration,such as software version, BootROM version, VLANs configured on the device, and so on. This pollcan take much longer to complete, so this type of polling is done less frequently, and is configurableon each device individually in Ridgeline. The default poll interval for this type of polling is every 60minutes for core (chassis) devices and every 90 minutes for edge devices.The global poll frequency can be changed through the Ridgeline Administration, under the SNMPServer Properties. Any changes will affect all devices in the Ridgeline database. You can also change thetimeout and number of retries.Increasing the global SNMP polling interval can reduce the load on your server and your network, atthe expense of the timeliness of device state information.The Detail Device Poll interval can be changed in the Modify Communications Settings window (or inthe Add Devices dialog box). Changes here affect only the devices selected for modification.642Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 28MAC Address PollingRidgeline provides an option for doing Telnet-based polling of switch FDBs to gather MAC addressinformation about edge ports. This feature is disabled by default. If enabled, its frequency can bemodified to reduce the load on the overall system and the network.MAC address polling is enabled or disabled globally through the MAC Polling Server Properties inRidgeline Administration. If enabled, MAC address polling can then be enabled on a per-device basis.Through the MAC Polling Server Properties, you set the amount of load, which determines the amountof elapsed time between sets of FDB polling requests. A complete MAC address polling cycle consists ofmultiple groups of requests, until all devices with MAC address polling enabled have been polled.A setting of Light (recommended) means the elapsed time between groups of MAC address pollingrequests will be calculated to place a lighter load on the Ridgeline server. As a result, it will take longerfor the server to accomplish a complete polling cycle. Moving the load indicator towards Heavy willshorten the elapsed time between groups of MAC address polling requests, at the cost of a heavier loadon the Ridgeline server.You can use the Ridgeline Server State Summary Report to see the MAC address polling frequencybased on the current setting of the MAC Polling server properties. The Server State Summary reporttells you how long it took to complete the most recent polling cycle, as well as the average time it hastaken to perform a complete polling cycle. Based on this data you can determine if you need to adjustthe MAC Polling System Load factor.Telnet PollingTelnet polling is used for MAC address polling, for retrieving Netlogin information, and for retrievingAlpine power supply IDs. You cannot modify its frequency other than as discussed for MAC polling inthe previous section. You can disable Telnet polling entirely, however, in the Devices area of ServerProperties in the Ridgeline Administration.If you disable Telnet Polling, MAC address polling is also disabled.Performance of the Ridgeline ServerPerformance of the Ridgeline server itself is affected by the number of devices you are managing aswell as the resources of the system on which the Ridgeline server is running.You can use the Windows Task Manager or a tool such as top in Solaris (available as downloadableFreeware) to determine how much memory and processor the Ridgeline server is consuming. The largerthe set of devices Ridgeline tries to manage, the more resources it will require. You should ensure thatyou have adequate processing power and enough memory to allow Ridgeline to run without extensiveswapping.The Ridgeline Release Notes provide information on the system requirements for the Ridgeline server.If Ridgeline server performance is slow, you can look at the Thread Pool Statistics using the RidgelineServer State Summary Report. Specifically, if the Percentage Wait per Request statistic is high (greaterthan 20%) you can consider increasing the maximum thread pool size.To do this, go to Ridgeline Administration, and select Scalability under the Server Properties tab. Thenincrease the Thread Pool Size by between 25% to 50%. It should not be increased beyond 100 as anupper limit.Ridgeline <strong>Reference</strong> <strong>Guide</strong>643
Enhancing Ridgeline PerformanceTuning the Alarm SystemAlarm activity (processing traps and executing alarm actions) can consume a fairly significant amountof system resources if you have a large number of devices in your network, with many alarms enabledand scoped on all devices. Therefore, tuning the alarm system can have a significant impact on theoverall performance of the Ridgeline server.The steps you can take to help tune your Ridgeline server’s alarm system involve the following types ofactions:●●●Disabling alarms you don’t care aboutScoping alarms so they only function on for devices you care aboutIdentifying individual devices that generate a lot of alarm activity, and either correcting the situationthat may be producing these alarms, or removing the device from the scope of alarms that aren’tnecessary for the device.Disabling Unnecessary AlarmsThere are several situations where you may want to disable alarms that are unnecessary and areconsuming system resources.One immediate place to look is at the alarms that are predefined in the Ridgeline database. Some alarmsare set in the Ridgeline database These alarms are enabled by default, scoped for all devices and portsIf there are any alarms that you know are not of interest, you can disable the alarm as a whole throughthe Alarm Log Browser. For example, if you are not concerned about SNMP security you can disable theAuthentication Failure alarm. If your network connectivity tends to be problematic or you have veryslow devices, you may want to disable the SNMP unreachable alarm.To disable an alarm you must modify its alarm definition:1 Open Alarm Manager, and click the Alarm Definition tab.2 Click the Modify button to open the Modify Alarm Definition window with the selected alarmdefinition displayed.3 Uncheck the Enabled checkbox to disable the alarm, then click OK.Note that disabling alarms that are not likely to occur will not have much performance impact. Forexample, if you do not use ESRP, the disabling the ESRP State Change alarm is not likely to have animpact, as those alarms should never occur. However, if you do use ESRP but do not want to knowabout state changes, disabling that alarm could have some performance impact.One way to determine which alarms could be disabled for maximum performance impact is to look atthe alarms that actually do occur within your network. You can use the Alarm Log Browser to showyou which alarms occur in your network:1 > 2 Sort the alarm list by the Name column. This groups all occurrences of a given alarm together. Usingthis list you can see which alarms occur in your network, and the volume of alarms generated foreach type of event.3 If this list shows a large number of alarm instances for an alarm that you don’t care about, disablingthat alarm could potentially have a beneficial impact on Ridgeline system performance.644Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 28Another possibility is that a specific device is generating a large number of alarms. If this is the case,you may be able to eliminate some of this load by either reconfiguring, maintaining, or repairing thedevice to eliminate the fault, or by changing the scope of one or more alarms to remove the problematicdevice from the alarm scope. By removing a device from the alarm scope, Ridgeline will ignore traps forthe device, and will not trigger an alarm even though the device itself may still generate those trapevents.Limiting the Scope of AlarmsOne way to potentially reduce the load created by alarm processing is to use the Alarm scope to limitan Alarm to only selected devices. For example, you may want to create link down and link up alarmsto monitor the status of certain critical links in your network, but ignore such events on non-criticallinks.When you create an alarm, the default scope is to all devices and all ports. The Scope tab of the AddAlarm Definition or Modify Alarm Definition dialog boxes let you specify a scope for the alarm(Figure 473).Figure 473: Defining the scope of an alarmYou can scope an alarm to Device Groups and Port Groups as well as individual devices and ports.To change the alarm scope for an existing alarm:1 Open Alarm Manager, and click the Alarm Definition tab.2 Select the alarm you want to scope, and click Modify.Ridgeline <strong>Reference</strong> <strong>Guide</strong>645
Enhancing Ridgeline Performance3 Select the Scope tab4 Uncheck the Scope on all devices and ports checkbox. This enables the Source Type and SelectGroup fields.5 The Source Types you can select are Device, Device Group, Port, and Port Group.If you select either Device Group or Port Group, the area below (labeled Devices in the example) willdisplay a list of all the Device Groups or Port Groups defined in Ridgeline. When you select one ormore of these, it puts the group(s) as a whole into the Selection list at the right.If you select Device or Port, then the Select Group field lets you select a Device Group to display thedevices in the group in the field below.● If the Source Type is Devices, individual devices in the selected Device Group can be added tothe selection list● If the Source Type is Ports, individual port ifindex values can be added to the selection list.Using Device Groups and Port Groups for Alarm ScopesSpecial-purpose Device Groups and Port Groups are very useful for purposes of alarm scoping. SinceRidgeline allows you to put the same devices or ports into multiple top-level groups, you can createspecial purpose groups that simplify the configuration of alarm scopes.For example, you might create a port group for the critical links on your core devices, another for edgeport links or for wireless interfaces.A major benefit of using Device and Port Groups for alarm scoping, rather than configuring the scopewith individual devices and ports, is that you can then change the scope of an alarm by simplychanging the membership of the relevant groups. You can add or remove ports from a Port Group, oradd or remove devices from a Device Group, and the scope of the alarm will automatically reflect thechanged group membership. You do not need to modify the alarm definition every time you add orchange devices or ports on your network.The Alarm and Event Log ArchivesThe Ridgeline server stores a maximum of 50,000 events in the event log, and a maximum of 12,000alarms in the alarm log. Both are stored as tables in the server database. Excess data from the event logand alarm log are archived to files when the logs reach 115% of their maximum size.The event log archive is made up of two 30MB rotating archive files and includes all traps and Syslogmessages. The event log is stored in a file called event_log.txt and the archive file is calledevent_log.old.The alarm log archive is made up of two 6 MB rotating files and includes all alarms associated withtraps and Syslog messages. The alarm log is stored in a file called alarm_log.txt and the archive file iscalled alarm_log.old.An archiving check is performed once an hour. If you need to store additional historical data beyondthe two 30 MB file limit for events and the 6 MB file limit for alarms, you can periodically make backupcopies of the archive files to a separate location. Refer to “Ridgeline Backup” in the Ridgeline <strong>Reference</strong><strong>Guide</strong> for more information about alarm log backups.646Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 28Using the MIB Poller ToolsThe MIB Poller Tools, found in the Reports module, can be used to collect and inspect data from anyMIB variables supported by the devices on your network. These tools allow you to retrieve data that isnot available through Ridgeline’s reports or other status displays, and to accumulate historical data forMIB variables of interest. The collected data can then be exported as a comma-separated text file whichcan be imported into another application such as a spreadsheet for analysis.You must have an Administrator role to set up and initiate MIB collection or query actions, However,users with other roles can view the results of a collection that has been initiated by an Administrator.There are two separate tool available for retrieving MIB variable data:●●The MIB Poller Summary displays a MIB collection, or allows an Administrator to load a MIBcollection XML file to initiate MIB collection activity. A MIB collection is a historical log of MIBvalues as defined in the collections.xml file. In a running collection, Ridgeline polls specifieddevices, retrieves the values of specified MIB variables and saves them in the Ridgeline database.The OIDs and devices to be polled, the poll interval, number of polling cycles and the amount ofpolled data to be stored is all defined in the Administrator-created collections.xml file.The MIB Query tool allows an Administrator to create a one-time MIB query request to retrieve thevalue of specific variables from a set of specified devices. This is a one-shot query, and does not pollrepeatedly or store the data it retrieves.The MIB Query tool is accessible only to users who have an Administrator role.Defining a MIB CollectionA MIB Collection is defined in an XML file named collections.xml that is stored in the Ridgelineuser/collections directory of the Ridgeline installation. You can specify both scalar and tabular OIDs.You must also specify the set of devices (by IP address) that should be polled for this data, and providesome additional properties such as the polling interval.The collections.xml file must have the following format:Ridgeline <strong>Reference</strong> <strong>Guide</strong>647
Enhancing Ridgeline PerformanceWithin the outermost collections statement, you can define multiple individual collections, eachbracketed with The collection properties must be defined in the collection statement at the beginning of each collectiondefinition:Table 34: Control properties for a MIB collection specificationnamepollingIntervalInSecsinitialStatesaveDatamaxPollsPerDevicedeletePercentageA name for the collection, between 1 – 255 characters.The interval at which Ridgeline should poll for the variables defined in this collection,between 1 – 2147483 seconds.Whether this collection should start running immediately upon loading (values are“running” and “stopped”)Whether the collected data should be saved to the Ridgeline database (“yes” or “no”)The maximum number of poll result sets that should be saved in the database,between 1 – 2147483647 polls.The percentage of the saved data that should be deleted when the file reaches itsspecified limit.Table OIDs are defined in statements, included between and statements.OIDs from different tables must be put in separate statements. The label portion of thestatement appears in the MIB Collections Detail report, and as a heading in the exported data file.Scalar OIDs are defined in statements included between a and statement.The devices that should be polled are specified by IP address in statements,one for each IP address.The completed file must be named collections.xml, and placed in the user/collections directory. TheReload button in the MIB Poller Summary report will load the collections.xml specification, and beginthe collection process if the initialState property specifies “running.”Figure 477 on page 652 shows an example of an actual collections.xml file.The MIB Poller SummaryIf a collection.xml file has been loaded, the MIB Poller Summary shows the names of the collectionsdefined in the xml file, along with their status (running or stopped). Figure 474 shows the summary fora a set of three collections.648Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 28Figure 474: The MIB Poller Collection SummaryFrom this page, any user can view the details of the collection, view information about the devices onwhich data is being collected, view the xml file that defines the collections, and export the currentresults of the collection.An Ridgeline Administrator can start or stop polling for any or all of the collections, and can reload thecollections.xml file.Loading, Starting and Stopping a CollectionIf a file named collections.xml exists in the Ridgeline server’s user/collections directory when theRidgeline server is started, the collection definitions in the file are loaded automatically. Polling for thecollections will be started if the initialState property specifies that the collection should be running.If the Ridgeline server is already running when the collections.xml file is placed in the collectionsdirectory, then you must click the Reload button to load the collection definitions.Once you have loaded the collections.xml file, the collections defined in that file will continue to bemaintained, either running or stopped, until they are replaced by reloading the collections.xml filewhich has been modified to specify a different set of collections, or until the collections.xml file isremoved from the collections directory.You can stop the polling process for a running collection by placing a check in the checkbox in the firstcolumn next to the collection name, and clicking Stop. To start a stopped collection, check the box in thefirst column and click Start. You can select all the collections in the table by checking the box in thecolumn heading.The MIB Collection Detail ReportTo view the details of a collection, click the collection name, which links to the MIB Collection Detailreport for the collection. Figure 475 is an example of a Collection Detail Report.Ridgeline <strong>Reference</strong> <strong>Guide</strong>649
Enhancing Ridgeline PerformanceFigure 475: MIB Collection Detail ReportThe top area of the MIB Collection Detail Report shows the properties of the collection, as defined in thecollections.xml file:Collection NamePolling IntervalSave Polled DataScopeStatusStartup StatePoll Saving LimitPoll LimitThe name of the collectionThe polling interval, in secondsWhether the polled data is being saved in the database (Yes or No)The devices on which polling for this data is being conductedThe status of the collection (running or stopped)Whether the poll should be started automatically when it is loaded (running) or should beleft in the stopped stateThe lower boundary of the number of poll results that will be saved in the database. Thisvalue is calculated by taking the maximum number of saved polls multiplied by the deletepercentage. The actual number of poll data sets in the database at any given time will besomewhere between this value and the maximum poll saving limit.A limit on the number of polls that should be performed. Currently this is always None, thenumber of polling cycles cannot be limited at this time.The two tables below show the scalar and tabular MIB variables (OIDs) for which polling will be done.Each variable is identified by its OID and the data label that was provided in the xml file.650Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 28The MIB Poller Detail ReportThe Poller Detail report simply shows the status of the collection for each device in the collection scope.Figure 476: MIB Collection Detail ReportThis report shows the following information:DeviceStatusMessageThe name of the device. This is also functions as a link to the Device Details report for thedeviceThe status of the collection on this device (running, stopped, or error)A message, if appropriate, explaining the status (such as an error message).The last column provides checkboxes that can be used to select devices for which to export thecollection results.To export results for a device, click to check the appropriate box, then click the Export button below thetable. You can select all devices by checking the box in the table header.Viewing the XML Collection DefinitionTo view the collection definitions, click the Show XML button in the MIB Collection Poller Summary.This displays the XML that defines the currently loaded collections. Figure 477 shows an example of theXML for a collection definition.Ridgeline <strong>Reference</strong> <strong>Guide</strong>651
Enhancing Ridgeline PerformanceFigure 477: A MIB Collection definition shown in XMLExporting the Collected DataOne of the main purposes for collecting historical MIB data over time is to allow analysis to identifytrends or patterns that may provide insights into your network usage. In order to do this, you need toexport the collected MIB data so it can be used by other analysis tools.The MIB Poller Tool allows you to export data as comma separated text and save it to a file. You canexport the data from either the MIB Collection Poller Summary report, or from the MIB POller PolingDEtail Report.●●From the MIB Poller Summary report, you can export the results for an entire collection— click theExport link in the row for the collection whose data you want to export. This exports the results forall devices in the collection into a single text file, and places the text file into a archive (zip) file.From the MIB Poller Polling Detail report you can export the results for individual devices in acollection. Check the checkboxes in the last column, then click the Export button. This exports theresults for the selected devices into a single text file, and places the text file into a archive (zip) file.Once exported, the text file can be imported into another application, such as a spreadsheet, foranalysis.The MIB Query ToolThe MIB Query Tool lets you retrieve the values of MIB variables on a one-time basis. It does not doany repeated polling, and does not store the results.652Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 28Figure 478: A MIB Query exampleTo perform a MIB query, you enter the required data into the appropriate fields:●●●Enter into the first field the IP addresses of the devices from which you want to get data.Enter any scalar MIB OIDs you want to retrieve into the second field.Enter any Table-based MIB OIDs into the third field.Entries must be one item per line.Click Submit to execute the query. The results are returned in XML format in the reports window.Figure 479: The results of a MIB QueryRidgeline <strong>Reference</strong> <strong>Guide</strong>653
Enhancing Ridgeline PerformanceReconfiguring Ridgeline PortsYou can change the default ports used by Ridgeline if they conflict with ports already used by otherprograms on your system.NOTEThe Port Configuration Utility (in Ridgeline 3.0) used to change default ports for the database and webservers is no longer available. Use the procedure below to change default ports.The ridgeline-ports.properties file shows Ridgeline’s default ports and the location of all files that set eachdefault port. The ports shown in this file, and their default settings, are:jboss.database.port=10553radius.port=10559bindingservice.beans.boss.port.1–11=10560–10567, 10569–10571jboss.remoting.port=10555epicenter.web.port=8080jboss.webserver.port=8443agent.port=10556tcp.port=56983trap.receiver.port=10550syslog.port=514NOTEUse the Ridgeline client to set the default ports for the trap receiver and syslog sever. See “ServerProperties Administration” on page 469.To change a default port:1 Stop Ridgeline services (server and database engine). See the Ridgeline Installation and Upgrade <strong>Guide</strong>.2 Find the port number in the ridgeline-ports.properties file. The ridgeline-ports.properties file islocated at:● Windows: \Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline<strong>3.1</strong>● Solaris: \opt\<strong>Extreme</strong><strong>Networks</strong>\Ridgeline<strong>3.1</strong>3 For each file listed under “locations” for that port:a Open the file in a text editor.b Search for the port number and change it.c Save and close the file.NOTEDo not add any extra spaces when editing these files.4 Restart Ridgeline services (server and database engine). See the Ridgeline Installation and Upgrade<strong>Guide</strong>.654Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 28ExamplePort=8443 is conflicting with other programs. The ridgeline-ports.properties file shows:# locations:# jboss/server/deploy/jbossweb.sar/server.xml# jboss/server/ridgeline/deploy/epicenter.ear/xos.war/WEB-INF/wsdl/event.wsdl# jboss/server/ridgeline/deploy/epicenter.ear/nms.war/WEB-INF/wsdl/nms.wsdlhttps.port=8443Open each of the three files indicated (server.xml, event.wsdl, nms.wsdl), search for port “8443”, changeit, and then save each file.If this procedure does not solve your problems, call your <strong>Extreme</strong> <strong>Networks</strong> Technical Supportrepresentative for help.Using the Ridgeline Debugging ToolsThe Ridgeline debugging tools are available through the Reports modules for users with anadministrator role. You should not attempt to use any of these tools except under the direction of<strong>Extreme</strong> Technical Assistance Center personnel.This “report” provides links to the following tools:●●●Set logging level: lets you set the Server Side Client Debug Level, and the Server Debug Level. Thispage also shows you the debug Telnet port number.Check server internals: This creates a report of server internal status.Query Database: Lets you enter an SQL query against the Ridgeline database. This is for use only atthe direction of <strong>Extreme</strong> Technical Assistance Center personnel.Ridgeline <strong>Reference</strong> <strong>Guide</strong>655
Enhancing Ridgeline Performance656Ridgeline <strong>Reference</strong> <strong>Guide</strong>
29CHAPTERManaging Network DeviceConfigurations and UpdatesThis chapter describes how to use Ridgeline to manage your <strong>Extreme</strong> device configurations. Topicsinclude:● Archiving device configuration files● Creating and using Baseline configurations● Monitoring configuration changes with baselines and the Diff function●●Managing Firmware upgradesPer-device change log audit of device configuration eventsIt contains the following sections:● “Archiving Device Configurations” on page 657● “Baseline Configurations” on page 659● “Device Configuration Management Log” on page 660● “Managing Firmware Upgrades” on page 661In a large network, the task of maintaining and backing up the configurations of your network devices,and ensuring that your devices are running the correct versions of the <strong>Extreme</strong>Ware or <strong>Extreme</strong>XOSsoftware images, can be a difficult exercise. Ridgeline’s features for archiving the configuration filesfrom your network devices, for monitoring configuration changes, and for managing the firmwareversions on your devices can help you get this under control and significantly reduce the amount ofadministrator intervention required to keep you configurations backed up or the device firmware up todate. Further, Ridgeline’s ability to identify the changes to the configurations on your devices, and tomaintain an audit trail of configuration updates, can help you troubleshoot when configurationproblems arise.Archiving Device ConfigurationsYou can use Ridgeline to upload and store the configuration files from all your <strong>Extreme</strong> devices. Youcan do this on an as needed basis, but you can also have Ridgeline perform archival uploads on aregular schedule without requiring administrator intervention. Thus, you can ensure that you alwayshave back ups for your configurations in case problems arise on your devices.To schedule regular archival uploads of the configuration files from your devices, select Configuration> Tasks > Schedule archive from the Tools menu. You can also schedule archiving for an individualRidgeline <strong>Reference</strong> <strong>Guide</strong>657
Managing Network Device Configurations and Updatesdevice, or for the devices in a device group, by selecting the devices or group in the ConfigurationManager window and then selecting Schedule archive from the Config menu.You can create archive schedules for individual devices or for device groups, and you can create aglobal archive schedule for all devices that do not have individual schedules.Figure 480 shows the Schedule Upload window for scheduling device schedules. You can selectindividual devices or all members of a device group for archival uploading.Figure 480: Scheduling archival configuration file uploadsYou can schedule daily or weekly uploads, and specify the time of day (and day of the week) at whichthey should be done. This lets you schedule uploads at times when it will have the least impact on yournetwork load. You can create different schedules for each individual device, if that suits your needs.Archival uploads are saved in subdirectories by the year, month and day that the archive was done. Thefile is named based on the device IP address and timestamp, and is in ASCII text format.You can manage your historical archives by limiting the number of archived configurations Ridgelinesaves, especially if you have a large number of devices on your network or choose to do frequentarchiving, You can limit either the number of files Ridgeline saves for each device, or limit the length oftime Ridgeline keeps a file. In either case, when the limit is reached, the oldest files are deleted first.If you don’t want to schedule all your devices individually, you can set the Global Schedule, which willthen archive all other devices (those not individually scheduled) based on the global schedule.To upload configuration files from your <strong>Extreme</strong> devices to Ridgeline on a one-time basis, selectConfiguration > Tasks > Upload from device from the Tools menu. You can also initiate an upload foran individual device by selecting the device in the Configuration Manager window and then selectingUpload from device from the Config menu. When you upload a device configuration on demand, youcan save it at a location and under a filename of your choice, rather than being restricted to the defaultnaming scheme that Ridgeline uses.658Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 29Baseline ConfigurationsBy creating baseline configuration files for your devices, you can establish a set of configurations thatact as a reference configuration for the device. You can use the baseline configuration as a “knowngood” configuration in case of configuration problems, and you can use it as a reference to compareagainst archived configuration files to identify any configuration changes that have been made.When you view information about the configuration files that have been uploaded for a device in themain Configuration Manager window, the display indicates whether a baseline file exists for the device.The Configuration Manager enables you to create baseline configurations in several ways:●●●You can upload a configuration file from a device using the Upload feature, but specify that itshould be saved as a baseline fileYou can select a saved configuration file and designate it as a baselineYou can schedule an upload of files to be used as the baseline. This is a one-time schedule, not arepeating schedule as is done for archival uploads. This enables you to have the baseline uploadperformed at a time that will minimize the impact on your network load, without requiringadministrator intervention.The baseline functions are accessible from the Config menu of the Configuration Manager, as well as byselecting Configuration > Tasks > Baseline from the Tools menu. If a baseline file exists for a device,you will be able to view the baseline file using the configuration file Viewer. If both a baseline file andanother configuration file exists for the device, you will be able to compare the two files using aDifference Viewer, if you have one installed on your system and have configured Ridgeline to use it.Identifying Changes in Configuration FilesIf you suspect there have been changes to a device’s configuration, or if you know there have been andwant to identify them, you can compare two uploaded configuration files, or to compare a configurationfile with the baseline file for the device. using a Difference viewer through Ridgeline’s Diff command.For example, if you suspect malicious changes, you could perform a configuration upload for the deviceand then compare that file with the last archived configuration.In order to use this feature you must have a Difference Viewer, such as WinMerge for Windows, or sdifffor Solaris, installed on your system. You must also specify the location of the Difference Viewer usingthe Difference Viewer command, available from the Tools menu. You cannot view differences with astandard text editor.Automatic Differences DetectionOne powerful feature of Ridgeline is available through the combination of baseline files and thescheduled archive feature. If a baseline file exists on the Ridgeline server for a device, then whenRidgeline uploads an archive configuration file for the device, it will automatically compare the newarchive configuration with the baseline configuration, and create a report on those differences. Inaddition, if differences are detected, Ridgeline will then upload the log file from the switch, and searchfor log entries that could explain or be related to the configuration change. Ridgeline includes those logentries in the report. Based on the log entries it may be possible to identify not only when the changeswere made, but also the identity of the user that made the changes.Ridgeline <strong>Reference</strong> <strong>Guide</strong>659
Managing Network Device Configurations and UpdatesFigure 481 shows an example of a report generated when Ridgeline detects a difference between anarchived configuration and the baseline configuration for a device. The report is created as a PDF file,and you can configure Ridgeline to automatically email the file to recipients you designate.Figure 481: Configuration change report for changes detected in an archived configurationRidgeline will combine into one report any differences detected in archive operations that occur withina 10 hour time frame, to avoid generating many small reports. If you have a large number of devicesthat you are archiving, you may want to schedule them in groups with a time lapse in between that issufficient for Ridgeline to save and email a completed report.Configuration files that are larger than 1 megabyte cannot be analyzed with the automatic changedetection feature.Device Configuration Management LogIn the Configuration Manager, you can view the status of the most recent configuration managementactivity and its status—the date and time and result of the last activity (upload or download) for eachdevice. However, there may be times when you want to view a history of the configurationmanagement activities for a device, or for all devices.Through the Ridgeline Configuration Management Activity Report, you can view a historical log of allthe configuration management activities performed through Ridgeline, showing the status of theoperation (whether it succeeded or failed) with additional information about the reason for the failure,if appropriate.660Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Chapter 29Managing Firmware UpgradesManaging the versions of firmware on your devices can be a significant task, since there are a numberof different versions for different device types and modules, and versions of the software and thebootROM images must be compatible as well. Ridgeline can help you manage this is several ways:● Ridgeline’s Firmware Manager can query the <strong>Extreme</strong> web site to determine whether new versionsof software are available, and can download those versions, at your option, to the Ridgeline serverso that you will have them available locally to use in upgrading your <strong>Extreme</strong> switches.● The Firmware Manager can compare the available software versions with the versions running inyour devices and indicate whether your devices are up to date.●The Firmware Manager can manage the upgrade process through its Upgrade Wizard, to ensure thatan image or BootROM that you plan to download to a device is compatible with that device andwith the BootROM on the device. The Upgrade Wizard guides you through the steps of the upgradeprocess, and will warn you if it detects problems.If multiple steps are required to accomplish the desired upgrade (i.e. you need to perform anintermediate upgrade before you can upgrade a device to the final version you want to use) theFirmware manager will inform you of the steps required and the order in which they must beperformed.Automated Retrieval of Firmware Updates from <strong>Extreme</strong>Ridgeline can connect you automatically to the <strong>Extreme</strong> web site to check for new versions of softwareimages. If it detects that new versions are available it indicates which those are, and you can select themfor download from the <strong>Extreme</strong> web site to your Ridgeline server.You must have a support contract with <strong>Extreme</strong> in order to download software; you will need to enteryour <strong>Extreme</strong> support username and password in order to login to the <strong>Extreme</strong> remote server.The Software Image Update process does not download any software to your network devices. Rather,it stores them on the Ridgeline server so that you can upgrade your devices as you see necessary, basedon your own schedule and needs.Detection of Firmware Obsolescence for Network ComponentsIf you have downloaded and saved software and BootROM images on the Ridgeline server, theFirmware Manager will compare the current device image against the most recent image available onthe Ridgeline server, and will inform you if the device is out of date. This is indicated in the deviceinformation presented in the Firmware Manager window.Ridgeline <strong>Reference</strong> <strong>Guide</strong>661
Managing Network Device Configurations and UpdatesFigure 482: Firmware Manager Window662Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AConfiguringAPPENDIXDevices for UseWith RidgelineConfiguring devices for use with Ridgeline describes:● Configuring certain features on <strong>Extreme</strong> and third-party devices to enable Ridgeline features relativeto those devices.● Configuring an external RADIUS server for use with Ridgeline.This appendix contains the following sections:● “Configuring Ridgeline as a Syslog Receiver” on page 663● “Setting Ridgeline as a Trap Receiver” on page 664● “The Ridgeline Third-party Device Integration Framework” on page 664Configuring Ridgeline as a Syslog ReceiverTo receive Syslog messages, the Syslog receiver function of Ridgeline must be enabled, and remotelogging must be enabled with Ridgeline configured as a Syslog receiver on the devices from which youwant to receive Syslog messages.The Syslog server function within Ridgeline can be enabled through Ridgeline Administration. See“Server Properties Administration” in the Ridgeline <strong>Reference</strong> <strong>Guide</strong> for more information.On the device side, remote logging must be enabled, and the switch must be configured to log to theRidgeline server. The default on <strong>Extreme</strong> switches is for logging to be disabled. You must use the CLI toconfigure logging on your switches. To enable remote logging on an <strong>Extreme</strong> switch, enter thecommand:enable syslogTo configure the Ridgeline server as a Syslog server, enter the <strong>Extreme</strong>Ware command:config syslog You must enter the IP address of the Ridgeline server, and a facility level, which can be local0 throughlocal7. See the <strong>Extreme</strong>Ware or <strong>Extreme</strong>XOS documentation for more information on these commands.You can also include a severity in the config syslog command, which will filter log messages beforethey are sent to the Ridgeline Syslog server. The Ridgeline Syslog server will in turn filter the incomingRidgeline <strong>Reference</strong> <strong>Guide</strong>663
Configuring Devices for Use With Ridgelinemessages based on the severity you set using the Accept SysLog messages with Min Severity propertysetting in Ridgeline Administration.Setting Ridgeline as a Trap ReceiverWhen <strong>Extreme</strong> devices are added to the Ridgeline inventory, they are automatically configured to sendtraps to the Ridgeline server. However, third-party devices are not automatically configured to do so.If you want alarms to function for third-party devices, you must manually configure the devices to sendtraps to the Ridgeline server.The information required to set up Ridgeline as a trap receiver is the following:● The IP address of the system where the Ridgeline server is running.●●The Ridgeline server trap port. By default this is 10550. (This is set in the properties fileextreme.properties, found in the deploy/extreme.war subdirectory).The Ridgeline server community string. This is a string in the form:ST..The value of the IP address is the decimal equivalent of the hex value of the IP address.For example, if the IP address of the Ridgeline server is 10.0.4.1, you would calculate the decimalequivalent by doing the following:a Convert each quad of the IP address to its hex equivalent:b Convert the hex value a000401 into a decimal value, in this case 167773185cDecimal10 aHex0 004 041 01Put the three components together to form the community string:ST.167773185.10550You can find and verify the value of the community string by using Telnet to log into an <strong>Extreme</strong><strong>Networks</strong> device that is being managed by Ridgeline, and using the <strong>Extreme</strong>Ware CLI commandshow management to display the list of trap receivers configured for that device. The Ridgelineserver, and its community string, should be included in this list.To receive RMON traps, you need to ensure that RMON is enabled on the device. For <strong>Extreme</strong> devices,you can do this through the <strong>Extreme</strong>Ware CLI with the command enable rmon.The Ridgeline Third-party Device IntegrationFrameworkRidgeline’s third-party device integration framework provides a generic mechanism for adding thirdpartydevice support with a minimum of configuration changes. While Ridgeline has always been ableto discover any device running an agent that supports MIB-2, the functionality provided was minimal.664Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixThe Ridgeline integration framework enables more extensive support:●●●Basic feature support, including front and back panel views if availableThird-party device trap supportLaunching of third-party proprietary device-related toolsThrough this framework, integration of third-party devices can be accomplished independently ofRidgeline product releases. The integration is achieved by adding or editing XML, text and images filesto accomplish different levels of integration.Each aspect of device integration can be performed independently; that is, you can integrate a deviceinto Ridgeline but may elect not to integrate trap support in the Alarm System, for example.CAUTIONThe device integration process may require editing of certain Ridgeline files that can affect the functionalityof the Ridgeline server. In some cases, editing these files incorrectly may prevent the Ridgeline server from running.It is strongly recommended that device integration be undertaken only under the supervision of <strong>Extreme</strong> <strong>Networks</strong>support personnel.Ridgeline Inventory IntegrationThe basic features of Ridgeline inventory integration include:●●●●The ability to discover the device when the MIB-2 option in Discovery is selectedThe device image can be viewed (front panel, and back panel if appropriate)Device information like OID, device name, IP address, MAC address, device type, device groupshould be presentedShould be able to modify the device contact username and password from Ridgeline.To accomplish this integration, there are three basic steps:1 Create an Abstract Library Type (ATL) file (an XML file) and save it in thedeploy/extreme.war/ATL/Device Types directory.2 Create a folder in the deploy/extreme.war/gifs directory which is named with theOID of the new Device Type.3 Create gif-format (Compuserve Graphics Interchange Format) images for the device, and place thesein the OID folder created under the deploy/extreme.war/gifs directory.4 Create a “deviceInfo.txt” file for the device and place this in the OID folder created under thedeploy/extreme.war/gifs directory.5 If it does not already exist, create a device icon gif file, named to match the file name provided in theimageIconsFileName tag in the ATL XML file, and add this to the dpsimages.zip file (found in thedeploy/extreme.war/gifs directory.The Abstract Type Library XML fileThe Abstract Type Library is a repository for information about the types of devices Ridgeline canrecognize. For each device type, an XML file is placed in the deploy/extreme.war/ATL/Device Typesdirectory. (There are also ATL subdiretories for Interface Types and Slot Types).Ridgeline <strong>Reference</strong> <strong>Guide</strong>665
Configuring Devices for Use With RidgelineXML files in the ATL are organized in a hierarchy, with properties of the device types and devicesspecified at various levels in this hierarchy. Figure 483 shows portions of the general hierarchy. WhenRidgeline discovers a device, it navigates this hierarchy searching for a match that will provide theproperties for the device.XML files for third-party devices extend and further specify properties unique to each device type anddevice. <strong>Extreme</strong> <strong>Networks</strong> devices are also recognized through this same ATL mechanism. WhenRidgeline discovers a device, it searches this hierarchy for a match to the device or device type that willprovide the properties for the device.Figure 483: ATL XML file hierarchyAll Devices<strong>Extreme</strong>.xml3rd Party.xmletc.<strong>Extreme</strong>Summit<strong>Extreme</strong>Unmanaged3Com.xmletc.Summit_48.xmlSummit_WM.xmletc. etc.3Com_SuperStackerII_1100.xmlSummit_WM_100.xmlSummit_WM_1000.xmlThe 3COM SuperStacker II 1000 is an example of how a third-party device is integrated into Ridgelinefor Telnet functionality.There are actually three 3COM devices integrated into Ridgeline, all of which share a number ofproperties. Therefore, these properties are specified in the 3com.xml file, which is referenced as theparent in the 3Com_SuperstackerII_1100.xml file.The key attributes in an ATL XML file are the following:Table 35: Attributes Used in an ATL FileTAG Attribute ValueDevice Type Name The name of the device type of the device. This is the main Tagin the file.<strong>Version</strong> Must be specified as “1”666Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixTable 35: Attributes Used in an ATL File (continued)TAG Attribute ValueIdentitySysobjectIDAttributesImageIconsFilenameVendorParentProtocolThe parent XML file. For an individual device model, this may bethe device type XML file (e.g. in the3Com_SuperstackerII_1100.xml file, the parent is “3Com.xml”).For a device type XML file, such as the 3COM.xml file, theparent is “3rdParty.xml”.Contains the sysObjectId tagThe OID value of the device, or the enterprise OID (if a devicetype)Use SNMP as the default valueThis contains the properties that define the features andcapabilities of the third-party device, such as enabling Telnet.These are described later in this section.Provides the name of the image that is displayed in thenavigation frame for the device. This image must be present inthe dpsimages.zip file found in the deploy/extreme.war/gifsdirectory.Device vendor name.The following are examples of the 3Com_SuperstackerII_1100.xml file and its parent, 3Com.xml.The 3Com.xml file:433Com3comicons.gif login: password: [#>$] Press|to continue or|to quit: The 3Com_SuperstackerII_1100.xml file:4<strong>3.1</strong>0.27.4.1.2.1 true Ridgeline <strong>Reference</strong> <strong>Guide</strong>667
Configuring Devices for Use With RidgelineNote that in the 3Com.xml file, the sysObjectID is the enterprise OID for 3COM; in the3Com_SuperstackerII_1100.xml file, it is the OID of the specific 3Com device. Many of the attributesin the 3Com.xml file are related to integration into Telnet. These are discussed in “Telnet Integration”onpage 669.The OID folderDevice images used for display in inventory and on topology maps, are kept in the deploy/extreme.war/gifs directory, under directories named by the OID of the device.There are typically three files in these subdirectories:●●●DeviceView.gif, the image (front panel or front and back panel) displayed in the Inventorywindow.MapView.gif, the small image that appears in the topology maps.DeviceInfo.txt, a file that defines the device type, fallback OID (the OID of the next higher level),and other information.The DeviceInfo.txt file must always be present. The two gif files may or may not be present; if theyare not, the gif file specified for the parent OID is used. In fact, for the 3Com SuperStacker II 1100(directory OID_4<strong>3.1</strong>0.27.4.1.2.1), only the DeviceView image is provided. For the MapView image,the generic 3COM image provided in the parent OID directory (OID_43).The DeviceInfo.txt must contain at a minimum the following tags: Parent SysOID Device Name For the 3Com SuperStacker II 1100 (OID_4<strong>3.1</strong>0.27.4.1.2.1) the DeviceInfo.txt file contains theseentries:433Com Super Stack II Switch 1100 24-portThe DeviceInfo.txt file for the parent, OID_43 contains the following entries:UnknownDeviceGeneric 3ComDepending on the type of device, other information may also be included. In general, features like PortLocation (the ability to click on a port to view port statistics) are not supported for third-party devices.The dpsimages.zip FileThe dpsimages.zip file contains the images used in Ridgeline inventory windows.668Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixIf you are adding a completely new device or device type with its own unique image, you must addthat image to this file.The image itself can be the same as the MapView.gif image you added into the OID folder (see “TheOID folder” on page 668) but it must be named to match the name specified in theimageIconsFileName tag in the XML file for the device or device type (see Table 35, “TelnetIntegration” on page 669).For example, the dpsimages.zip file included the file 3comicons.gif, which matches the name specifiedin the 3Com.xml file:3comicons.gifIf individual devices do not require unique icons, this can be specified in the parent XML file (for thedevice type) and can be left out of the XML files for individual devices of that type.Telnet IntegrationRidgeline’s third-party integration framework can be used to provide auto-login when a user (with theappropriate role/permissions) connects to the device from the Ridgeline Telnet window.Telnet integration involves adding some additional tags to the ATL XML file for the device or devicetype. The following tags may be used to specify Telnet features:Table 36: Tags used for Telnet IntegrationTAG Value CommentsCLI.LOGIN_PROMPT A value (string) to bedisplayed as the promptduring login to the device.If the device normally displays a specific loginprompt, you can enter it here to provide the sameinterface when logging in from Ridgeline. This tagis required if the device supports Telnet.CLI.PASSWORD_PROMPTCLI.SHELL_PROMPTCLI.MORE_PROMPTA value (string) to bedisplayed as the passwordprompt during login to thedevice.Provide the pattern thatmatches the CLI prompt, forexample: summit450#Provide the pattern thatmatches the prompt used bythe device to prompt whenpaging is enabled on thedevice.Similar to the login prompt; you can enter thesame prompt used by the device. This tag isoptional.Specify the format of the device CLI prompt. Youcan specify multiple patterns, such as\S[ ][#>] [Test] [Ridgeline] $This tag is required for Telnet support.This tag is optional.The 3Com.xml file provides an example of the prompts used for Telnet integration:43Ridgeline <strong>Reference</strong> <strong>Guide</strong>669
Configuring Devices for Use With Ridgeline3Com3comicons.gif login: password: [#>$] Press|to continue or|to quit: Note that in the case of 3COM, the Telnet integration is handled at the device type level, since it is thesame for all the 3COM devices. Therefore, it is not duplicated in each device ATL XML file, buthandled one at the device type (enterprise) level.Alarm IntegrationAlarm Integration for a third-party device will enable Ridgeline users to create Alarms based on trapevents from the third-party device. There are five steps to integrating third-party alarms:1 The trap OID for each event must be added to the events.xml file2 The necessary MIBs must be placed in the deploy/extreme.war/thirdPartyMibs directory3 The third-party MIB filenames must be specified in the miblist.txt file in the extreme.wardirectory4 Restart the Ridgeline server5 Each third-party device must be configured to send traps to Ridgeline. See “Setting Ridgeline as aTrap Receiver” on page 664 for information on how to accomplish this.Once this is done, the third-party event(s) should be selectable from the Event Name drop down list onthe Basic tab of the Alarm Definition Window (in the Alarm Manager). Alarms can then be defined totake actions upon the occurrence of these events.Editing the Events.xml fileCAUTIONMake a backup copy of this file before you start, and edit carefully. Do not edit the existing entries in thisfile. Errors in this file may prevent the Ridgeline server from starting up.The Events.xml file is located in the extreme.war directory. Each event entry in the Events.xml file iscomposed of the Type, SubType, TypeName and SubTypeName, followed by a SNMP V1 or V2Mapping OID.670Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixTable 37: Components of the an Events.xml event entryAttribute Value(s) CommentsTypeA non-negative number for aSNMP v1 trap (same as thegeneric type value of the v1 trap)SubType-2 for an SNMP v2 trap-3 for a syslog event-1 for an Ridgeline eventFor v1 traps, this should be thesame as the specific type valueFor syslog events, this should bethe same as the priority value ofthe syslog message.Identifies the type of event (SNMP v1 or v2 trap orand Ridgeline or syslog event.A trap that can be sent as either a v1 or v2 trapshould be represented as v1 trap.Together with the Type, uniquely identifies an event.TypeName SNMP trap, Ridgeline, or syslog The type of the event. For third-party integration thiswould be SNMP trap.SubTypeNameThe name of the specific event,e.g. “link down”Together with the Type name, it forms the eventname e.g. “SNMP trap link down”The following is a sample entry for an SNMP V1 trap:Adding the MIB(s) to RidgelineTo incorporate the MIBs into Ridgeline:1 Place the MIB file(s) into the deploy/extreme.war/thirdPartyMibs directory.The MIB file name must match the MIB definition name.The MIB file names do not need to include file extensions. If they do not have file extensions, .mibwill be appended to the file name internally. However, if you do provide an extension, it must be.mib or .MIB.2 Add the MIB file names to the miblist.txt file found in the extreme.war directory.●●●Add any new entries to the end of the file only, do not add them in between existing entries.Make sure each entry is uniqueMake sure each MIB file name matches the MIB definition name.You must restart the Ridgeline server to have these changes take effect.Launching Third Party ApplicationsRidgeline can launch an external application for a third-party device under the following conditions:●●●Ridgeline and the third-party application client and server are installed on the same systemRidgeline and the third-party client are installed on the same systemRidgeline is installed on one system, and a remote (web-based) third-party client and server isinstalled on a different system.Ridgeline <strong>Reference</strong> <strong>Guide</strong>671
Configuring Devices for Use With RidgelineThe third-party application must be added to the Tool.xml file found in the extreme.war/ATL/DeviceTypes directory. The format of the entry in the XML file is as follows (using the Summit WM as anexample):https://$deviceIP:5825Once this integration has been accomplished, you can launch the third-party application from Ridgelineby selecting Third party applications from the Tools menu.672Ridgeline <strong>Reference</strong> <strong>Guide</strong>
BUsingAPPENDIXSSH for SecureCommunicationThis appendix describes in detail how to set up secure tunneling between the Ridgeline server andRidgeline clients.It describes the following steps:● “Tunneling Setup Example” on page 673● “Step 1: Install PuTTY on the Ridgeline Client” on page 674● “Step 2: Configure the PuTTY Client” on page 674● “Step 3: Installing OpenSSH Server” on page 678● “Step 4: Configure Microsoft Firewall to Allow SSH Connects” on page 683● “Step 5: Initiate Ridgeline Server/Client Communication” on page 685By default, communication between the Ridgeline server and its clients is unencrypted. This means thetraffic between client and server could easily be captured, including passwords, statistics, and deviceconfigurations.PuTTY is used in conjunction with Ridgeline to encrypt (tunnel) communication between an Ridgelineserver and clients. PuTTY is a free implementation of an SSH application. PuTTY uses “portforwarding” to tunnel this traffic. Port forwarding allows data from unsecured applications to beencrypted over a secured tunnel.This appendix describes in detail a step-by-step example of setting up a PuTTY client on a WindowbasedRidgeline client system. It also describes the installation and configuration of the OpenSSH serveron a Windows-based server system where the Ridgeline server is installed.Tunneling Setup ExampleIn this example, it is assumed that an SSH server needs to be installed on the same machine as theRidgeline server. If an SSH server is already installed on the system where the Ridgeline server resides,you can skip steps 3 and 4 of the following procedure.The Ridgeline client uses two main ports, 8080 and 1063, when communicating with the server. Theseports will be configured for port forwarding.Ridgeline <strong>Reference</strong> <strong>Guide</strong>673
Using SSH for Secure CommunicationTo configure SSH tunneling between the Ridgeline server and client, you will need to complete thefollowing steps:1 Install PuTTY on the Ridgeline client system2 Configure the PuTTY client3 Install an SSH server on the system with the Ridgeline server4 Configure Microsoft Firewall to allow SSH connects5 Initiate Ridgeline server/client communicationThese steps are described in detail in the following sections.Step 1: Install PuTTY on the Ridgeline ClientPuTTY is a free SSH application that can be downloaded from the following URL:http://www.chiark.greenend.org.uk/~sgtatham/putty/download.htmlDownload the file putty.exe. This program is not compressed (zipped) and does not require installation.You must download this application to each Ridgeline client for which you want to secure your clientservercommunication.Step 2: Configure the PuTTY Client1 Configure the Session settings:Click on the Session category in the left column tree, as shown in Figure 484. Use the followingsettings:● Saved Sessions = a name for the session, such as Network Manager.●●Host Name = the Host name or IP address of the Ridgeline server (192.168.10.199 in theexample).Protocol = SSH● Port = 22674Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixFigure 484: The Session Settings2 Next, configure the PuTTY SSH options.Click on SSH in the left column tree, then select 2 for Preferred SSH protocol version, as shown inFigure 485.Ridgeline <strong>Reference</strong> <strong>Guide</strong>675
Using SSH for Secure CommunicationFigure 485: The Basic SSH Settings3 Under SSH, click on X11 to display the dialog box shown in Figure 486. For X display location typelocalhost:0.Figure 486: SSH X11 Forwarding4 Under SSH, click on Tunnels, as shown in Figure 487.676Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixFigure 487: SSH Tunneling Settings5 Click the Local radio button.6 For the Source port type the HTTP port number you configured when you installed Ridgeline (bydefault, this is port 8080).7 For the Destination type localhost: where is the HTTP port you configured atinstallation (8080 by default).8 Click Add. Doing so adds the source and destination HTTP ports to the Forwarded ports box.9 Click Local again.10 For the Source port type the port number Ridgeline uses as its Telnet port. To determine the portRidgeline is using as its Telnet port, complete the following steps:a Go to Ridgeline Reports, either from the Ridgeline client or from a browser.b Select the Ridgeline Server category, then select Debug Ridgeline. (You must have Ridgelineadministrator rights to do this).c Click the Set Logging Level link. The Debug Configuration page appears, and the Telnet port isdisplayed below the two selection fields. This is the port you should configure in PuTTY.11 For the Destination type localhost: where is the Ridgeline Telnet port.12 Click Add. The two port forwarding entries configure PuTTY to monitor and tunnel the RidgelineHTTP and Telnet ports to the Ridgeline server.13 Next save the Ridgeline session profile. Click Session in the left column and then click Save (seeFigure 488).Ridgeline <strong>Reference</strong> <strong>Guide</strong>677
Using SSH for Secure CommunicationFigure 488: Saving the Session ProfileClick Save.Step 3: Installing OpenSSH ServerThe following section demonstrates the installation of the OpenSSH server on the Ridgeline server. Ifthere is an SSH server already running on the Ridgeline server, skip this step.1 Create a folder c:\cygwin.2 Next, download the file setup.exe from http://www.cygwin.com/ and store it in the folder c:\cygwin.3 Double click the setup.exe file in the c:\cygwin directory. The first Cygwin Setup dialog box(choose Installation Type) appears, as shown in Figure 489.678Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixFigure 489: Choose Installation Type4 Click the Install from Internet radio button, then click Next.The Choose Installation Directory dialog box appears.Figure 490: Choose Installation Directory5 In the Root Directory field type C:\cygwin, which is where the OpenSSH will be installed.Select the All Users radio button so all users will have access the SSH server.Click Next. The Select Local Package Directory dialog box appears.Ridgeline <strong>Reference</strong> <strong>Guide</strong>679
Using SSH for Secure CommunicationFigure 491: Select Local Package Directory6 In the Local Package Directory field type C:\cygwin, then click Next.7 When the Select Packages window appears (see Figure 492), click the View button for a full view.Figure 492: Select Packages8 Locate the line OpenSSH, click on the word skip so that an X appears in Column B.680Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Appendix9 Find the line cygrunsrv, click on the word skip so that an X appears in Column B.10 Click Next to begin the installation.11 Next, right-click My Computer and click Properties.12 Select the Advanced tab and click Environment Variables. This displays the Environment Variableswindow, as shown inFigure 493: Adding a System Variable for Cygwin13 In the bottom section of the window under System variables, click the New button to add a newentry to the system variables:● Variable name: = CYGWIN● Variable value: = ntsec ttyClick OK.The new entry will appear in the Systems variables table, as shown in Figure 494.Ridgeline <strong>Reference</strong> <strong>Guide</strong>681
Using SSH for Secure CommunicationFigure 494: System Variable for Cygwin Successfully Added14 From the Environment Variables window, scroll the System variables list, select the Path variable,and click the Edit button.Figure 495: Path Variable15 Append “;c:\cygwin\bin” to the end of the existing variable string.682Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixFigure 496: Modifying the PathClick OK.16 Next, open a cygwin window (by double clicking the Cygwin icon ). A black window appears.Figure 497: Configuring the SSH Server Through Cygwin17 At the prompt, enter ssh-host-config.●●●When the script asks about privilege separation be used, answer yes.When the script asks about local user, answer yes.When the script asks about install sshd as a service, answer yes● When the script asks for CYGWIN=, answer ntsec tty18 When the script has finished, while in the (black) cygwin window, start the sshd service by typingnet start sshd.Step 4: Configure Microsoft Firewall to Allow SSH ConnectsBy default the Windows firewall will block incoming SSH (port 22) connections. This section providessteps to permit port 22 through the Windows firewall on the Ridgeline server machine.If there is an SSH server already running on your server, you may be able to skip this step.To configure the Windows Firewall to allow SSH connects, complete the following steps:1 Open the Windows Control Panel and double click the Windows Firewall icon.The Windows Firewall window opens.Ridgeline <strong>Reference</strong> <strong>Guide</strong>683
Using SSH for Secure CommunicationFigure 498: Configuring the Windows Firewall to Allow Port 22 Connections2 Click on the Exceptions tab and click on Add Port….The Add a Port window opens.Figure 499: Add a Port Window3 In the Name field, type SSH, and type and 22 for the Port number.Click the TCP radio button, then click OK.The Windows firewall is now configured to allow SSH connections.684Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixStep 5: Initiate Ridgeline Server/Client CommunicationTo establish an encrypted tunnel between the Ridgeline server and client, complete the following steps:1 Run the Putty application (putty.exe) and select the Ridgeline session.2 Enter your SSH username and password.This creates an SSH session between the client and server.Figure 500: Creating an SSH session for Ridgeline3 Log on to Ridgeline using the following URL:http://localhost:8080/4 Click the Log on to Ridgeline link, enter your Ridgeline username and password, click Log on.PuTTY is now set up to port forward all traffic going to the local host on port 8080. When PuTTY sees aconnection request to the local host on port 8080, PuTTY encrypts the information and sends it acrossthe encrypted tunnel to the server.Ridgeline <strong>Reference</strong> <strong>Guide</strong>685
Using SSH for Secure Communication686Ridgeline <strong>Reference</strong> <strong>Guide</strong>
CEventAPPENDIXTypes for AlarmsThis appendix describes the events that can be detected through the Ridgeline Alarm System andcontains the following sections:● “SNMP Trap Events” on page 687● “Configuring SNMP Trap Events” on page 695● “RMON Rising and Falling Trap Events” on page 696● “Ridgeline Events” on page 696Many of the events defined below are standard traps applicable to all MIB-2 devices managed by theRidgeline server. <strong>Extreme</strong> <strong>Networks</strong> proprietary traps are identified as such. For <strong>Extreme</strong> <strong>Networks</strong>devices, the level of support in <strong>Extreme</strong>Ware and <strong>Extreme</strong>XOS is also indicated.SNMP Trap EventsTable 38: SNMP Trap EventsEventAuthentication FailedBGP BackwardTransitionBGP EstablishedBGP M2 MaxExceededBGP M2 ThresholdReachedBGP Prefix MaxExceededDefinitionThis trap indicates that a SNMP request with an invalidcommunity string is issued to the device.This event is generated when the BGP FSM moves from ahigher numbered state to a lower numbered state.This event is generated when the BGP FSM enters theESTABLISHED state.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the numberof prefixes received over this peer session has reached themaximum configured limit. (BGP4-V2)<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the numberof prefixes received over this peer session has reached thethreshold limit. (BGP4-V2)<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the numberof prefixes received over this peer session has reached themaximum configured limit.<strong>Extreme</strong>Ware/<strong>Extreme</strong>XOS<strong>Version</strong><strong>Extreme</strong>Ware All/<strong>Extreme</strong>XOS 11.2<strong>Extreme</strong>Ware 6.1.5Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 6.1.5Not supported in<strong>Extreme</strong>XOSEXOS 10.1EXOS 10.1<strong>Extreme</strong>Ware 6.2.2Not supported in<strong>Extreme</strong>XOSRidgeline <strong>Reference</strong> <strong>Guide</strong>687
Event Types for AlarmsTable 38: SNMP Trap Events (continued)EventBGP Prefix ReachedThresholdCPU Health CheckFailedCPU Utilization FallingThresholdCPU Utilization RisingThresholdCold StartDOS ThresholdClearedDOS ThresholdReachedDsx1 Line StatusChangeDsx1 Loss of MasterClockDsx1 No Loss ofMaster ClockDsx3 Line StatusChangeDsx3 Loss of MasterClockDsx3 No Loss ofMaster ClockEAPS ConfigurationchangeEAPS Last statuschangeDefinition<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the numberof prefixes received over this peer session has reached thethreshold limit.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the CPUHealth Check has failed.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. CPU UtilizationFalling Trap is generated when theextremeCpuAggregateUtilization falls below 80% of theextremeCpuUtilRisingThreshold.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. CPU UtilizationsRising trap is generated when the value ofextremeCpuAggregateUtilization touches/crossesextremeCpuUtilRisingThreshold.This trap indicates that the device is rebooted by powerrecycling. <strong>Extreme</strong> switches always send out this trap after areboot.
AppendixTable 38: SNMP Trap Events (continued)EventEAPS Primary orsecondary port statuschangeEAPS Root blockerstatus changeEAPS Fail TimerExpired Flag ClearedEAPS Fail TimerExpired Flag SetEAPS Link Down RingCompleteEAPS State ChangeEDP Neighbor AddedEDP NeighborRemovedEGPNbrLossELRP VLAN LoopDetectedESRP Master ReelectionAfter MSMFailoverESRP State ChangeESRP State Changefor <strong>Extreme</strong>XOSEnhanced DOSThreshold ClearedEnhanced DOSThreshold ReachedEntity MIB Changed<strong>Extreme</strong> SentriantAGalarm<strong>Extreme</strong> SentriantNGalarmDefinition<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the status ofthe primary or secondary ring port in an EAPS domain haschanged.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the EAPSroot blocker state has changed.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when the EAPSdomain’s fail timer is cleared.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when the EAPSdomain’s fail timer expires for the first time, while its state isNOT the failed state.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that a transit thatis in a Link Down state has received a Health-Check-Pdu fromthe Master indicating that the link is complete. This indicates aproblem with the transit switch that has issued this trap.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when an EAPSdomain has a state change.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. A new neighbor has beendiscovered through the <strong>Extreme</strong> Discovery Protocol (EDP).<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. No EDP updates havebeen received from this neighbor within the configured time-outperiod, and this neighbor entry has been aged out by thedevice.An EGP neighbor, for which the device is an EGP peer, isdown and the peer relationship no longer exists. An <strong>Extreme</strong><strong>Networks</strong> switch never sends out this trap.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when the ELRPclient detects a loop in the VLAN.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates this device waselected master when the previous master node failed toresume normal operation within the reelect timeout afterperforming a hitless MSM failover.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the ESRPstate (master or slave) of a VLAN has changed on the device.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the ESRPstate (master or slave) of a VLAN has changed on the device.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when the DOSthreshold is cleared (if enhanced DOS protection is enabled).<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when the DOSthreshold is crossed for any of the ports (if enhanced DOSprotection is enabled).Indicates a change has been made to a row in a table in theEntity MIB (a row has been added, deleted, or modified).<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that aSentriantAG Network Access Control (NAC) device generatedan alarm.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that aSentriantNG network security device generated an alarm.<strong>Extreme</strong>Ware/<strong>Extreme</strong>XOS<strong>Version</strong><strong>Extreme</strong>XOS<strong>Extreme</strong>XOS<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1<strong>Extreme</strong>XOS 10.1None<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOSNot supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 6.0Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3<strong>Extreme</strong>XOS<strong>Extreme</strong>XOSRidgeline <strong>Reference</strong> <strong>Guide</strong>689
Event Types for AlarmsTable 38: SNMP Trap Events (continued)EventFan FailedFan OKHealth Check FailedId Manager MemoryUsage Level CriticalId Manager MemoryUsage Level NormalId Manager MemoryUsage Level HighId Manager MemoryUsage Level MaximumInvalid LoginLink DownLink UpMAC AddressDetected On LockedPortMAC AddressDetected OnUnauthorized PortMAC AddressLearning LimitExceededMSM FailoverOccurredMain Power Usage OffDefinition<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. This trap indicates one ormore of the cooling fans inside the device has failed. A fan OKtrap will be sent once the fan has attained normal operation.This trap is sent repetitively every 30 seconds until all the fansare back to normal condition.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. This trap indicates that afan has transitioned out of a failure state and is now operatingcorrectly.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. The CPU HealthCheck hasfailed.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. The amount of memoryused by the Identity Management feature has reached a criticallevel.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. The amount of memoryused by the Identity Management feature has reached anormal level.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. The amount of memoryused by the Identity Management feature has reached a highlevel.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. The amount of memoryused by the Identity Management feature has reached amaximum level.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. This trap indicates that auser attempted to login to console or by Telnet but was refusedaccess due to incorrect username or password. The trap isissued after three consecutive failure of log in.Indicates that a link is transitioning to the down state from aprevious active state.Indicates that a port is transitioning from the down state toanother (active) state.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated on a port forwhich lock-learning has been configured, when a new MACaddress is learned on that port.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when a MACaddress is learned on a port on which it is not authorized. Thishappens when the MAC address is statically configured as a'secure mac' on some other port(s).<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when a newMAC address exceeding the limit is learned on a port on whichlimit-learning has been configured.AllAll<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>XOS 12.4<strong>Extreme</strong>XOS 12.4<strong>Extreme</strong>XOS 12.4<strong>Extreme</strong>XOS 12.4AllAllAll<strong>Extreme</strong>Ware 7.0SR1Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.0SR1Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.0SR1Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. An MSM Failover occurred. <strong>Extreme</strong>XOS 10.1Indicates the PSE Threshold usage indication off, the usagepower is below the threshold. At least 500 msec must elapsebetween notifications being emitted by the same objectinstance.<strong>Extreme</strong>Ware/<strong>Extreme</strong>XOS<strong>Version</strong><strong>Extreme</strong>XOS 11.1690Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixTable 38: SNMP Trap Events (continued)EventMain Power Usage OnNetlogin AuthenticationFailureNetlogin User LoginNetlogin User LogoutOSPF InterfaceAuthentication FailureOSPF Interface ConfigErrorOSPF InterfaceReceive Bad PacketOSPF Interface StateChangeOSPF LSDBApproaching OverflowOSPF LSDB OverflowOSPF Max_Age LSAOSPF Neighbor StateChangeOSPF Originate LSADefinitionIndicates the PSE threshold usage indication is on, and theusage power is above the threshold. At least 500 msec mustelapse between notifications being emitted by the same objectinstance.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated uponauthentication failure for a netlogin supplicant.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when a netloginsupplicant passes authentication and logs in successfully intothe network.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when anauthenticated and logged in netlogin supplicant logs out.An ospfIfAuthFailure trap signifies that a packet has beenreceived on a non-virtual interface from a router whoseauthentication key or authentication type conflicts with thisrouter’s authentication key or authentication type.An ospfIfConfigError trap signifies that a packet has beenreceived on a non-virtual interface from a router whoseconfiguration parameters conflict with this router’s configurationparameters. Note that the event optionMismatch should causea trap only if it prevents an adjacency from forming.An ospfIfRxBadPacket trap signifies that an OSPF packet hasbeen received on a non-virtual interface that cannot be parsed.An ospfIfStateChange trap signifies that there has been achange in the state of a non-virtual OSPF interface. This trapshould be generated when the interface state regresses (e.g.,goes from Dr to Down) or progresses to a terminal state (i.e.,Point-to-Point, DR Other, Dr, or Backup).An ospfLsdbApproachingOverflow trap signifies that thenumber of LSAs in the router’s link-state database hasexceeded ninety percent of ospfExtLsdbLimit.An ospfLsdbOverflow trap signifies that the number of LSAs inthe router’s link-state database has exceededospfExtLsdbLimit.An ospfMaxAgeLsa trap signifies that one of the LSA in therouter’s link-state database has aged to MaxAge.An ospfNbrStateChange trap signifies that there has been achange in the state of a non- virtual OSPF neighbor. This trapshould be generated when the neighbor state regresses (e.g.,goes from Attempt or Full to 1-Way or Down) or progresses toa terminal state (e.g., 2-Way or Full). When an neighbortransitions from or to Full on non-broadcast multi-access andbroadcast networks, the trap should be generated by thedesignated router. A designated router transitioned to Downwill be noted by ospfIfStateChange.An ospfOriginateLsa trap signifies that a new LSA has beenoriginated by this router. This trap should not be invoked forsimple refreshes of LSAs (which happens every 30 minutes),but instead will only be invoked when an LSA is (re)originateddue to a topology change. Additionally, this trap does notinclude LSAs that are being flushed because they havereached MaxAge.<strong>Extreme</strong>Ware/<strong>Extreme</strong>XOS<strong>Version</strong><strong>Extreme</strong>XOS 11.1Not supported in<strong>Extreme</strong>XOSNot supported in<strong>Extreme</strong>XOSNot supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1Ridgeline <strong>Reference</strong> <strong>Guide</strong>691
Event Types for AlarmsTable 38: SNMP Trap Events (continued)EventOSPF TX_RetransmitOSPF Virtual InterfaceAuthentication FailureOSPF Virtual InterfaceConfig ErrorOSPF Virtual InterfaceReceive Bad PacketOSPF Virtual InterfaceState ChangeOSPF Virtual InterfaceTX RetransmitOSPF Virtual NeighborState ChangeOverheatPing Probe FailedPing Test CompletedDefinitionAn ospfTxRetransmit trap signifies than an OSPF packet hasbeen retransmitted on a non- virtual interface. All packets thatmay be retransmitted are associated with an LSDB entry. TheLS type, LS ID, and Router ID are used to identify the LSDBentry.An ospfVirtIfAuthFailure trap signifies that a packet has beenreceived on a virtual interface from a router whoseauthentication key or authentication type conflicts with thisrouter’s authentication key or authentication type.An ospfVirtIfConfigError trap signifies that a packet has beenreceived on a virtual interface from a router whoseconfiguration parameters conflict with this router’s configurationparameters. Note that the event optionMismatch should causea trap only if it prevents an adjacency from forming.An ospfVirtIfRxBadPacket trap signifies that an OSPF packethas been received on a virtual interface that cannot be parsed.An ospfVirtIfStateChange trap signifies that there has been achange in the state of an OSPF virtual interface. This trapshould be generated when the interface state regresses (e.g.,goes from Point- to-Point to Down) or progresses to a terminalstate (i.e., Point-to-Point).An ospfVirtIfTxRetransmit trap signifies than an OSPF packethas been retransmitted on a virtual interface. All packets thatmay be retransmitted are associated with an LSDB entry. TheLS type, LS ID, and Router ID are used to identify the LSDBentry.An ospfVirtNbrStateChange trap signifies that there has been achange in the state of an OSPF virtual neighbor. This trapshould be generated when the neighbor state regresses (e.g.,goes from Attempt or Full to 1-Way or Down) or progresses toa terminal state (e.g., Full).<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates the on boardtemperature sensor has reported an overheat condition. Thisindicates the temperature has reached the Overheat threshold.The switch will continue to function until it reaches its shutdownthreshold. The system will then shutdown until the unit hassufficiently cooled such that operation may begin again. A coldstart trap will be issued when the unit has come back on line.This trap is sent repetitively every 30 seconds until thetemperature goes back to normal.Generated when a probe failure is detected when thecorresponding pingCtlTrapGeneration object is set toprobeFailure(0) subject to the value ofpingCtlTrapProbeFailureFilter. The objectpingCtlTrapProbeFailureFilter can be used to specify thenumber of successive probe failures that are required beforethis notification can be generated.Generated at the completion of a ping test when thecorresponding pingCtlTrapGeneration object is set totestCompletion(4).<strong>Extreme</strong>Ware/<strong>Extreme</strong>XOS<strong>Version</strong><strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.1.9<strong>Extreme</strong>XOS 10.1All<strong>Extreme</strong>Ware 6.1.9Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 6.1.9Not supported in<strong>Extreme</strong>XOS692Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixTable 38: SNMP Trap Events (continued)EventPing Test FailedPoE PSU StatusChangedPort DiagnosticsPower Supply FailedPower Supply OKProcessor StateChange TrapPse Port On/OffRedundant PowerSupply FailedRedundant PowerSupply OKSLB Unit AddedSLB Unit RemovedSTP New RootSTP Topology ChangeDefinitionGenerated when a ping test is determined to have failed whenthe corresponding pingCtlTrapGeneration object is set totestFailure(1). In this instance pingCtlTrapTestFailureFiltershould specify the number of probes in a test required to havefailed in order to consider the test as failed.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates a change in thePoE PSU for the slot.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates the status ofDiagnostics for a port. The status indicates whetherDiagnostics for a particular port failed.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. This trap indicates that oneor more sources of power have failed. Presumably a redundantpower-supply has taken over. This trap is sent repetitivelyevery 30 seconds until all the power supplies are back tonormal condition.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. This trap indicates that oneor more previously bad sources of power have come back tolife without causing the device to restart.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. This trap indicated a failedprocessor on a module is detected.Indicates a change in the power delivery status of the PSE port(whether the port is delivering power or not. This notificationshould be sent on every status change except in the searchingmode. At least 500 msec must elapse between notificationsemitted by the same object instance.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. This trap indicates that theattached redundant power supply device is indicating an alarmcondition. This trap is sent repetitively every 30 seconds untilthe redundant power supply is back to normal condition.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. This trap indicates that theattached redundant power supply device is no longer indicatingan alarm condition.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the serverload balancer has activated a group of virtual servers that itnormally would not activate. This may be due to the failure ofanother server load balancer.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the serverload balancer has deactivated a group of virtual servers that itnormally has active. This indicates that something is wrong inthe server load balancer; for example, its ping check may befailing.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the sendingagent has become the new root of the Spanning Tree; the trapis sent by a bridge soon after its election as the new root, e.g.,upon expiration of the Topology Change Timer immediatelysubsequent to its election.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. A topologyChange trap issent by a bridge when any of its configured ports transitionsfrom the Learning state to the Forwarding state, or from theForwarding state to the Blocking state. The trap is not sent if anewRoot trap is sent for the same transition.<strong>Extreme</strong>Ware/<strong>Extreme</strong>XOS<strong>Version</strong><strong>Extreme</strong>Ware 6.1.9Not supported in<strong>Extreme</strong>XOSNot supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOSAllAll<strong>Extreme</strong>XOS 11.1<strong>Extreme</strong>Ware All/Not supported inEXOS<strong>Extreme</strong>Ware All/Not supported inEXOS<strong>Extreme</strong>Ware 6.1Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 6.1Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 6.2.2<strong>Extreme</strong>XOS 10.1<strong>Extreme</strong>Ware 6.2.2<strong>Extreme</strong>XOS 10.1Ridgeline <strong>Reference</strong> <strong>Guide</strong>693
Event Types for AlarmsTable 38: SNMP Trap Events (continued)EventSlot ChangeSmarttrapStack MemberOverheatStack Member StatusChangedStacking Port StatusChangedSummitWM AltitudeTunnel AlarmSummitWM LogChangeUPM Profile ExecutionWarm StartWireless AP AddedWireless AP RemovedWireless AP UpdatedWireless ClientNetlogin ClientAssociatedWireless Client StationAged OutWireless CounterMeasure StartedWireless CounterMeasure StoppedDefinition<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. This trap indicates that thevalue of the extremeSlotModuleState for the specifiedextremeSlotNumber has changed.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. This trap indicates that thevalue of one of the object identifiers (or the value of an objectbelow that in the MIB tree) defined in theextremeSmartTrapRulesTable has changed, and hence a newentry has been created in the extremeSmartTrapInstanceTable.Such a trap is sent at most once every thirty seconds if one ormore entry was created in the last thirty seconds.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates the on boardtemperature sensor for a stacking member has reported anoverheat condition. This indicates the temperature has reachedthe Overheat threshold.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when theoperational status of the stacking member changes.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when theoperational status of the stacking port changes.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that an alarm wasgenerated based on the state of the tunnel connection betweena SummitWM device and an Altitude AP.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Indicates that the log file ona SummitWM device has changed.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when a UPMprofile is executed on an <strong>Extreme</strong> <strong>Networks</strong> device.Trap indicates that the device has been rebooted withoutpower recycling. An <strong>Extreme</strong> switch never sends out this trap.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when a new APis added to the scan results table. Generated only if the valueof extremeWirelessScanSendAPAddedTrap is true.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when an AP isremoved from the scan results table. Generated only if thevalue of extremeWirelessScanSendAPRemovededTrap is true.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when the IEsrecorded for an AP in the scan results table change.Generated only if the value ofextremeWirelessScanSendAPUpdatedTrap is true.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when a clientassociates to an interface that is web based network loginenabled.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when a client isaged out of the table.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when countermeasures are started on a wireless interface.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when countermeasures are stopped on a wireless interface.<strong>Extreme</strong>Ware/<strong>Extreme</strong>XOS<strong>Version</strong><strong>Extreme</strong>Ware All/<strong>Extreme</strong>XOS 11.1All<strong>Extreme</strong>Ware 7.4<strong>Extreme</strong>XOS 12.0<strong>Extreme</strong>Ware 7.4<strong>Extreme</strong>XOS 12.0<strong>Extreme</strong>Ware 7.4<strong>Extreme</strong>XOS 12.0<strong>Extreme</strong>XOS<strong>Extreme</strong>XOS<strong>Extreme</strong>XOSAll<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS694Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixTable 38: SNMP Trap Events (continued)EventWireless Off ChannelScan FinishedWireless Off ChannelScan StartedWireless Port BootFailedWireless Port StateChangedWireless Probe InfoAddedWireless Probe InfoRemovedlldp Remote TableChangedDefinition<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when an offchannelscan finishes running.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when an offchannelscan starts running.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Sent by the platform if awireless port fails to boot too many times.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when a wirelessport moves into enabled, disabled, or online state.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when a newstation is added to the probe info table. Generated only if thevalue of extremeWirelessProbeInfoSendAddedTrap is true.<strong>Extreme</strong> <strong>Networks</strong> proprietary trap. Generated when a stationis removed from the probe info table. Generated only if thevalue of extremeWirelessProbeInfoSendRemovedTrap is true.A lldpRemTablesChange notification is sent when the value oflldpStatsRemTableLastChangeTime changes. It can be utilizedby an NMS to trigger LLDP remote systems table maintenancepolls.Note that transmission of lldpRemTablesChange notificationsare throttled by the agent, as specified by the'lldpNotificationInterval' object.<strong>Extreme</strong>Ware/<strong>Extreme</strong>XOS<strong>Version</strong><strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>Ware 7.3Not supported in<strong>Extreme</strong>XOS<strong>Extreme</strong>XOS 11.4Configuring SNMP Trap EventsThere are a number of SNMP events that require configuration on the switch before they can be used inRidgeline alarm definitions. If the configuration is not done on the switch, no trap events are generated,and no Ridgeline alarms for those events can occur. The Ping and OSPF traps fall into this category.To configure the switch to send one of these traps, you must use a tool that allows you to set the valueof the appropriate SNMP variable. Tools such as SNMPc can be used to perform this function. Thefollowing information assumes that you have a thorough understanding of SNMP and an appropriateSNMP utility.Refer to the appropriate MIBs for details of the variable settings:● Ping MIB: pingmib.mib (RFC 2925)●OSPF v2 MIB: RFC 1850 or RFC 1850tTable 39: Trap Variable ConfigurationTrapPing Probe FailedVariablesset pingCtlTrapGeneration bit 0 ON to enable trap.set pingCtlTrapProbeFailureFilter to specify the number ofsuccessive probe failures that must occur to generate a ProbeFailed trap.Ridgeline <strong>Reference</strong> <strong>Guide</strong>695
Event Types for AlarmsTable 39: Trap Variable Configuration (continued)TrapPing Test FailedPing Test CompletedOSPF Virtual Interface State ChangeOSPF Neighbor State ChangeOSPF Virtual Neighbor State ChangeOSPF Interface Config ErrorOSPF Virtual Interface Config ErrorOSPF Interface Authentication FailureOSPF Virtual Interface AuthenticationFailureOSPF Interface Receive Bad PacketOSPF Virtual Interface Receive Bad PacketOSPF TX_RetransmitOSPF Virtual Interface TX RetransmitOSPF Originate LSAOSPF Max_Age LSAOSPF LSDB OverflowOSPF LSDB Approaching OverflowOSPF Interface State ChangeVariablesset pingCtlTrapGeneration bit 1 ON to enable trap.set pingCtlTrapTestFailureFilter to specify the number ofsuccessive test failures that must occur to generate a TestFailed trap.set pingCtlTrapGeneration bit 2 ON to enable the trap.set ospfSetTrap bit 1 ONset ospfSetTrap bit 2 ONset ospfSetTrap bit 3 ONset ospfSetTrap bit 4 ONset ospfSetTrap bit 5 ONset ospfSetTrap bit 6 ONset ospfSetTrap bit 7 ONset ospfSetTrap bit 8 ONset ospfSetTrap bit 9 ONset ospfSetTrap bit 10 ONset ospfSetTrap bit 11 ONset ospfSetTrap bit 12 ONset ospfSetTrap bit 13 ONset ospfSetTrap bit 14 ONset ospfSetTrap bit 15 ONset ospfSetTrap bit 16 ONRMON Rising and Falling Trap EventsAn RMON rising trap indicates that the value of the monitored variable has risen to or above the risingthreshold value. RMON rules need to be configured on a device for it to send out this trap. An RMONfalling trap indicates that the value of the monitored variable has fallen to or below the falling thresholdvalue. RMON rules need to be configured on a device for it to send out this trap. See “ThresholdConfiguration” on page 327 for more information.Ridgeline EventsA Ridgeline event is generated by the Ridgeline server based on the results of its periodic polling. Insome cases, a Ridgeline event may result from the same condition that could generate an SNMP orother trap. A Ridgeline event has the advantage that it guarantees that the condition will be detected(by polling) even if the corresponding trap is missed.696Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixTable 40: Ridgeline Events, Detected Through PollingEventConfiguration Upload FailedConfiguration Upload OKDevice Policy ConfigurationDevice RebootDevice Warning from RidgelineFan FailedHigh Trap CountHTTP ReachableHTTP UnreachableOne-Shot Event No Longer ValidOverheatPower Supply FailedRogue Access Point FoundSNMP ReachableDefinitionThe Ridgeline server generates this event when it fails to uploadconfiguration information from a device. This event occurs ONLY whenthe upload is attempted from Ridgeline, not if it was attempted fromTelnet, <strong>Extreme</strong>Ware Vista or any other method.The Ridgeline server generates this event when it successfully uploadsconfiguration from a device. This event occurs ONLY when the upload isdone from Ridgeline, not from Telnet, <strong>Extreme</strong>Ware Vista or any othermethod.The Ridgeline server generates this event when it encounters a problemconfiguring policies on a device using ACL and QoS.The Ridgeline server generates this event for a device when it detects adevice reboot (cold start or warm start). Unlike the cold start or warm startSNMP trap, Ridgeline generates this event by polling the device.For <strong>Extreme</strong> <strong>Networks</strong> devices only. The Ridgeline server generates thisevent in one of two situations:• If the server detects an infinite loop while walking the device’s SNMPMIB (may occur with <strong>Extreme</strong>Ware 4.1.19b2).• If the device has a bad serial number reported through SNMP (mayoccur with <strong>Extreme</strong>Ware 6.2.1 on the BlackDiamond 6816).For <strong>Extreme</strong> <strong>Networks</strong> devices only. The Ridgeline server generates thisevent for an <strong>Extreme</strong> device when it detects, via polling, a transition fromfan OK to fan failed condition on the device. Unlike the SNMP Fan Failedtrap event, this event is generated only once, based on a state transition.As an alternative, you can detect a Fan Failed condition by using theSNMP Fan Failed trap, which will be generated every 30 seconds until thecondition is corrected.The Ridgeline server generates this event when the number of trapsreceived from managed devices exceeds the threshold set in theScalability properties page in Ridgeline Administration.The Ridgeline server generates this event when the state ofcommunication with the device transitions from unreachable to reachable.The Ridgeline server generates this event when it fails to communicatewith a device following a previously successful communication. In otherwords, this event is generated when the state of communication with thedevice transitions from reachable to unreachable.For <strong>Extreme</strong> <strong>Networks</strong> devices only. The Ridgeline server generates thisevent for an <strong>Extreme</strong> device when it detects that a one-time ELRP packettransmission is no longer valid for the VLAN on which it was sent.For <strong>Extreme</strong> <strong>Networks</strong> devices only. The Ridgeline server generates thisevent for an <strong>Extreme</strong> device when it detects a transition from normaltemperature to overheat condition on the device. Unlike the SNMPoverheat trap event, this event is based on a state transition, and will begenerated only once. As an alternative, you can detect an Overheatcondition by using the SNMP Overheat trap, which will be generatedevery 30 seconds until the condition is corrected.For <strong>Extreme</strong> <strong>Networks</strong> devices only. The Ridgeline server generates thisevent if the device reports a power supply failure.The Ridgeline server generates this event when an access point has beendetected that is not in the Safe list.The Ridgeline server generates this event when the state ofcommunication with the device transitions from unreachable to reachable.Ridgeline <strong>Reference</strong> <strong>Guide</strong>697
Event Types for AlarmsTable 40: Ridgeline Events, Detected Through Polling (continued)EventSNMP UnreachableStack Member DownStacking Link DownSyslog FloodDefinitionThe Ridgeline server generates this event when it fails to communicatewith a device following a previously successful communication. In otherwords, this event is generated when the state of communication with thedevice transitions from reachable to unreachable.The Ridgeline server generates this event when it has detected that astack member is down.The Ridgeline server generates this event when it has detected that astack link is down.The Ridgeline server generates this event if the server receives syslogmessages at a rate that exceeds the user-defined limit set in RidgelineAdministration via the Scalability Properties. See “Server PropertiesAdministration” on page 469 for more information.698Ridgeline <strong>Reference</strong> <strong>Guide</strong>
DRidgelineCHAPTERBackupThis appendix:●●Describes the Ridgeline Alarm Log and Event Log backup files.Describes the Ridgeline database utilities.It contains the following sections:● “Ridgeline Log Backups” on page 699● “Database Utilities” on page 700● “Validation Utility” on page 700● “Backup Utility” on page 701● “The Password Utility” on page 701● “Installing a Backup Database” on page 702Ridgeline Log BackupsBoth the Ridgeline Event Log and Alarm Log files are kept in tables in the Ridgeline database. Thesetables can contain approximately 50,000 and 12,000 entries, respectively.When the Ridgeline server starts, it checks once an hour to determine if either of these logs has reachedits maximum size. When one reaches 115% of its maximum, Ridgeline moves the oldest 10% of theentries to a backup file, and clears those entries from the table.In the Windows environment, the backup files are created in the directory /user, where is the root directory of the Ridgeline install, by default c:\Program Files\<strong>Extreme</strong><strong>Networks</strong>\Ridgeline3.0. For Solaris, the backup files are created in the directory /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/deploy/user.war, where /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0 isthe .●●The Alarm Log is backed up to the file Alarm_Log.txtThe Event Log is backed up to the file Event_Log.txtEach primary backup file is in turn backed up to a secondary file when it reaches its maximum size ofapproximately 30 MB for Event_Log.txt and 6 MB for Alarm_Log.txt.●Alarm_Log.txt is backed up to the file Alarm_Log.oldRidgeline <strong>Reference</strong> <strong>Guide</strong>699
Ridgeline Backup●Event_Log.txt is backed up to the file Event_Log.oldThe primary file is then emptied.When the primary file becomes full for the second time, the secondary backup file will be overwrittenwith the new contents of the primary backup file.If you want to maintain a complete set of log file backups over time, you should save the *_Log.txtand *_Log.old files periodically.Database UtilitiesSybase database validation and backup utilities, namely DBValidatorTool and DBBackupTool, wereshipped with the Ridgeline software. A new utility, named DBAPasswordTool, is also included, whichhas a provision for the user to change the password of database administrator user [dba account].DBValidatorTool—The validation utility validates all indexes and keys on some or all of the tables inthe database. The Validation utility scans the entire table and looks up each record in every index andkey defined in the table. This utility can be used in combination with regular backups to give youconfidence that data is secure in your database.DBBackupTool—The backup utility makes a backup copy of all data in the database. Backing up yourdatabase regularly ensures that you will not need to re-enter or recreate all the switch, VLAN, Topology,and Alarm information in the event that the database is corrupted or destroyed.DBAPasswordTool—The password tool allows you to change the password of the databaseadministrator account [dba account]. The user can change the password of dba user by specifying thecurrent password details. The default password for the user account dba is ridgeline.Database utilities are found in the \database\bin directory. The is thedirectory where you installed the Ridgeline software. Substitute the name of the actual directory for when you run these commands.In the Solaris operating system, you must ensure that the Ridgeline database path is set in theLD_LIBRARY_PATH environment variable. This should be set to /database/bin, where is the root directory of the Ridgeline installation, for example, /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline<strong>3.1</strong>.Validation UtilityThe validation utility verifies all indexes and keys on some or all of the tables in the database. Accessthe validation utility from the MS DOS or Solaris command line by executing DBValidatorTool.exefile.To validate the Ridgeline database running in the Windows environment, use the following command:\database\bin\DBValidatorTool.exeUnder Solaris and Linux, use the following command:/database/bin/DBValidatorTool700Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixWhere, is the directory where the Ridgeline software is installed. Substitute the actual directoryname in the command.Backup UtilityThe backup utility makes a backup copy of all data in the database. Access the Backup utility from theMS-DOS or Solaris/Linux command line using the DBBackupTool.exe file or DBBackupTool,respectively.To back up the Ridgeline database running in the Windows environment, use the following command:\database\bin\DBBackupTool.exe To back up the Ridgeline database running in the Solaris and Linux, use the following command:/database/bin/DBBackupTool Where , is the directory where the Ridgeline software is installed. Substitute the actual directoryname in the command. is the directory where the backup copy of the database is stored. The canbe specified as a directory and one or more subdirectories (for example,C:\Ridgeline71backups\Jan12\1340hrs).If you specify a with more than one subdirectory, then make sure the directories abovethe last subdirectory already exist prior to running the backup utility.For example, to back up the database to C:\Ridgeline71backups\Jan12\1340hrs, you must havealready created a C:\Ridgeline71backups\Jan12 directory. When you run the backup utility, it createsa 1340hrs subdirectory under C:\Ridgeline71backups\Jan12 and places the database backup files inthat subdirectory.This command generates a backup of the database in the specified backup directory. The databasebackup consists of four files: basecamp.db, basecamp.log, epicenter.db, and epicenter.log. Everydatabase file is backed up. These files should be saved so they can be used to replace the original files inthe event a backup is needed.NOTEDo not stop the Ridgeline server to perform daily backups of the database. This action is not necessaryand will prevent the alarm and event logs from truncating.The Password UtilityThe DBAPasswordTool allows you to change the password of the database administrator account [dbaaccount]. You can change the password of dba user by specifying the current password details.Ridgeline <strong>Reference</strong> <strong>Guide</strong>701
Ridgeline BackupAccess the DBAPasswordTool from the MS-DOS or Solaris and Linux command line using theDBAPasswordTool.exe file or DBAPasswordTool, respectively.To change the password of the dba user in the Ridgeline database running in the Windowsenvironment, use the following command:\database\bin\DBAPasswordTool.exe To change the password of the dba user in the Ridgeline database running Solaris and Linux, use thefollowing command:/database/bin/DBAPasswordTool Where, is the directory where the Ridgeline software is installed. Substitute the actual directoryname in the command. is the current password of the user account dba. is the desired new password of the user account dba.NOTEThe default password for the user account dba is ridgeline.Installing a Backup DatabaseThe backup database is named basecamp.db and epicenter.db, and is kept in the directory youspecified when you ran the DBBackupTool.exe or DBBackupTool file.To replace a damaged database with the backup copy, complete the following steps:1 Follow the instructions for your operating system in the Ridgeline Installation and Upgrade <strong>Guide</strong> toshut down the Ridgeline software.2 Move or delete the old copy of basecamp.db, basecamp.log, epicenter.db, and epicenter.logfound in the Ridgeline installation directory.3 Copy the backup copy of basecamp.db, basecamp.log, epicenter.db, and epicenter.log to theRidgeline installation directory.4 Follow the instructions in the Ridgeline Installation and Upgrade <strong>Guide</strong> for your operating system torestart the Ridgeline software.702Ridgeline <strong>Reference</strong> <strong>Guide</strong>
ERidgelineAPPENDIXUtilitiesThis appendix describes several utilities and scripts, commands shipped with the Ridgeline softwareand installed on the Ridgeline server:● “Package Debug Info Utility” on page 703 that collects the various log files and other systeminformation into an archive file (zip-format file) that can be sent to <strong>Extreme</strong> <strong>Networks</strong> technicalsupport organization to help troubleshoot problems with Ridgeline.●●●●●●“The DevCLI Utility” on page 704 that can be used to add, modify, delete, and sync devices anddevice groups; and can be used to modify device configuration information from the Ridgelinedatabase using the devcli command“Inventory Export Scripts” on page 707 that can be used to extract information from the Ridgelineinventory and output it to the console or to a file“The AlarmMgr Utility” on page 709 that is used to display alarm information from the Ridgelinedatabase. Results can be output to a file.“The FindAddr Utility” on page 712 that is used to find IP or MAC addresses within a set of devicesor ports (specified individually or as device or port groups). Results can be output to a file.“The TransferMgr Utility” on page 714 that is used to upload or download device configurations, orto download new software versions.“The ImportResources Utility” on page 717 that is used to import resources into Ridgeline from anexternal source such as an LDAP or Windows Domain Controller directory.Package Debug Info UtilityThe Package Debug Info function collects information about the Ridgeline server that can be used tohelp debug problems with the server. It is run from the command line (or from the Start Menu inWindows) and can be used while the Ridgeline server is running as well as when the server is stopped.The Package Debug Info command create a zip file that contains copies of the various log files,properties files, and other server debug information. By default the resulting file is namedRidgeline_debug_info_.zip and is placed in the top-level Ridgeline server installationdirectory.To run the Package Debug Info command, go to/jboss/bin and run PackageDebugInfo.exe (PackageDebugInfo.bin inLinux or Solaris).Ridgeline <strong>Reference</strong> <strong>Guide</strong>703
Ridgeline UtilitiesYou can specify a directory and a base file name as arguments to the PackageDebugInfo command:●●●Use -output-file to change the name of the file. (If you specify your own file name,no timestamp is appended.Use -output-dir to change the name of the directory where the file will beplaced.Use -help for command help.When the command has finished, a message in the command window will indicate where the resultingzip file has been placed (by default, it will be placed in the Ridgeline installation directory.) The Packagefile is named Ridgeline_Debug_Info__.zip. For example, an Ridgeline Info file createdon October 1, 2010 at 3:00 pm would be named Ridgeline_Debug_Info_20101001_1500.zip.A log file containing details of the packaging process, PackageDebugInfo.log is placed in the/logs directory.If you open the zip file, you will see that it contains copies of the existing log, property and debug filesfor the Ridgeline server as well as information the server keeps about any connected clients. Thisinformation can help <strong>Extreme</strong> <strong>Networks</strong>’ technical support staff debug problems you may beexperiencing with your Ridgeline server.The DevCLI UtilityThe DevCLI utility allows you to add, modify, and remove devices from an Ridgeline database using acommand line statement, rather than through the Ridgeline user interface. You can add devicesindividually or in groups, and you can specify arguments such as community strings and login andpasswords for both the Ridgeline server and the devices. You can modify device settings as well asdevice configurations. You can specify a list of devices in a file and have them added in a singleoperation.The DevCLI is useful for updating the Ridgeline inventory database quickly when large numbers ofdevices are added, modified or removed, or if changes occur frequently. It can also be useful when youwant to duplicate the device inventory and device configurations across multiple installations of theRidgeline server.Using the DevCLI CommandsThe utility is located in the client\bin subdirectory under the Ridgeline install directory, by default\Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\client\bin in the Windows environment, or/opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/client/bin in a Linux or Solaris environment.The DevCLI utility supports the following four commands:●●devcli add to add a device.To add device 10.205.0.99 to the Ridgeline database on the local host, using the default deviceusername and password, enter the following command at the prompt:devcli add -u admin -a 10.205.0.99devcli mod to modify a device.To modify the password on device 10.205.1.51 to use an empty string, enter the command :devcli mod -u admin -a 10.205.1.51 -d ““704Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixNOTEIf you are running the DevCLI in the Windows environment, enter forward slashes to separate emptydouble quotes to ensure the command executes correctly. For example, to use the previous command in theWindows environment, enter the command: devcli mod -u admin -a 10.205.1.51 -d \"\"●●devcli del to remove a device.To remove device 10.205.0.99 from the Ridgeline database, enter the command:devcli del -u admin -a 10.205.0.99devcli sync to manually update device configurations.To manually update the device configurations for device 10.205.0.99, enter the command:devcli sync -u admin -a 10.205.0.99To manually update the configurations for all devices, enter the command:devcli sync -u adminNOTEYou can type either sync or syn when you use the devcli sync command.These commands support a set of options for specifying device information such as passwords andcommunity strings, as well as information about the Ridgeline server, such as host name or IP address,port, and username and password. You can also specify multiple IP addresses in a file to have themadded or removed as a group, as long as they all use the same username, password, and communitystrings.You can use the following options with these commands in Table 41:Table 41: DevCLI command optionsOption Value Default-a Device IP address. This option can be specified more than once. None-b SNMP version 3 username. initialmd5-d Device password. “”-f Input file name for IP addresses. This specifies an ascii file that contains a list of IPaddresses, one per line. No other information can be included in this file.This option can be specified more than once.None-i Device poll interval, in minutes 0-j SNMP version 3 privacy password “”-l (Letter l) username to use for device login admin-n Ridgeline server port number 8080-o SNMP version 3 authentication password initialmd5-p Ridgeline user password “”-r Read community string (only needed for adding devices; not needed for deleting them). public-s Ridgeline server hostname or IP address localhost-t SNMP version 3 authentication protocol (none, MD5, SNA) md5-u Ridgeline username NoneRidgeline <strong>Reference</strong> <strong>Guide</strong>705
Ridgeline UtilitiesTable 41: DevCLI command options(continued)Option Value Default-v SNMP version (1, 3)-w Write community string (only needed for adding devices; not needed for deleting them). “private”-x Modify device setting (ssh, nussh, offline, online) None-y SNMP version 3 privacy protocol (none, crc) none-z Record filename (for recording) NoneOptions such as the user login names and passwords and community strings, apply to all devicesspecified in the command. You can specify multiple devices in one command as long as they use thesame options. If you have devices with different access parameters, you must add or delete them inseparate commands. The exception is when removing devices, you do not need to specify communitystrings, so you can remove multiple devices in a single command even it their community strings aredifferent.Most options default to the values equivalent to those used by default on <strong>Extreme</strong> <strong>Networks</strong> devices orin the Ridgeline software.You can specify only one Ridgeline server (database) in a command. If you want to add the samedevices to multiple Ridgeline databases, you must use a separate command for each server. Thecommand by default adds or removes devices from the Ridgeline database running on the local host atport 80.DevCLI ExamplesThe following examples illustrate the usage of these commands.●●●●To add a device with IP address 10.205.0.99 to the Ridgeline database running on server snoopy onport 81, with Ridgeline login “master” and password “king,” enter the following command:devcli add -u master -p king -a 10.205.0.99 -s snoopy -n 81To add two devices (10.205.0.98 and 10.205.0.99) to the Ridgeline database on the local host, withread community string “read” and write community string “write,” enter the following command:devcli add -u admin -a 10.205.0.98 -a 10.205.0.99 -r read -w writeTo delete a set of devices specified in the file “devList.txt” with device login “admin2” and password“purple,” enter the following command:devcli del -u admin -f devList.txt -l admin2 -d purpleThe file devList.txt must be a plain ASCII text file containing only IP addresses and only one IPaddress per line, such as:10.205.0.9510.205.0.9610.205.0.97If more than one IP address is specified per line, only the first IP address is used.To manually update the configurations of two devices (10.205.0.91 and 10.205.0.93), enter thecommand:devcli sync -u admin -a 10.205.0.91 -a 10.205.0.93706Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixInventory Export ScriptsThere are three scripts you can run to export information about the devices or occupied slots known tothe Ridgeline inventory. The scripts let you export information on devices known to a single Ridgelineinstallation, on slots known to a single Ridgeline installation, or on devices known to multiple Ridgelineservers. The information will be output in comma-separated (CSV) format suitable for importing into aspreadsheet.● For a device report, the information reported includes the device name and type, IP address,location, serial and board numbers. If you use the Distributed server version of this report, the nameof the Ridgeline server that manages the device will also be included.● For a slot report, it includes the device name and IP Address, slot number, slot name and slot type,and the serial number of the blade in the slot.Using the Inventory Export ScriptsThe three scripts are located in the Ridgeline deploy\user.war\scripts\bin directory under theRidgeline install directory (by default c:\Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0 in theWindows environment, or /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0 under Linux or Solaris). You musthave the deploy/user.war\scripts\bin directory as your current directory in order to run thesescripts.There are three inventory export scripts you can use:● inv.bat (Windows), or inv.sh (Linux or Solaris) exports deviceinformation from the Ridgeline database.To export device information to file devinfo.csv in the Windows environment, enter the command:cd “\Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\deploy\user.war\scripts\bin”inv.bat -o devinfo.csvUnder Linux or Solaris, enter the command:cd /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/deploy/user.war/scripts/bininv.sh -o devinfo.csv● slots.bat (Windows), or slots.sh (Linux or Solaris) exports slotinformation from the Ridgeline database.To run the command as user “user1,” and export slot information to file slotinfo.csv in theWindows environment, enter the command:cd “\Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\deploy\user.war\scripts\bin”slots.bat -u user1 -o slotinfo.csvUnder Linux or Solaris, enter the command:cd /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/deploy/user.war/scripts/binslots.sh -u user1 -o slotinfo.csv● msinv.bat (Windows), or msinv.sh (Linux or Solaris) exports deviceinformation from the databases of multiple Ridgeline servers. You must provide a list of Ridgelineservers in a file.To export device information from the databases of Ridgeline servers listed in file servers.txt (in thescripts\config directory) to file alldevinfo.csv, without prompting for a password in theWindows environment, enter the command:cd “\Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\deploy\user.war\scripts\bin”msinv.bat -d -o alldevinfo.csv -s ..\config\servers.txtRidgeline <strong>Reference</strong> <strong>Guide</strong>707
Ridgeline UtilitiesUnder Linux or Solaris, enter the command:cd /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/deploy/user.war/scripts/binmsinv.sh -d -o alldevinfo.csv -s ../config/servers.txtThe server file defaults to the file servers.txt in the user\scripts\config directory. You can editthis file to include the names or IP addresses of the servers where the Ridgeline server and databasesare running. You can also provide your own file. The format of the file entries are::For example:iceberg:808010.2.3.4:81You can use the following options with these commands in Table 42:Table 42: Inventory script command optionsOption Value Default-d NoneIf present, the command will use the default Ridgelinepassword (“”) and will not prompt for a password.If -p option not present, prompts forpassword-n Ridgeline server port number 8080-o Name of file to receive output. If you don’t specify a path,the file will be placed in the current directory(user\scripts\bin).output written to console (stdout)-p Ridgeline user password “”-u Ridgeline username admin-s For the msinv.bat and msinv.sh commands only: Name(and path) of file containing Ridgeline server list\user\scripts\config\servers.txt under Windows,/user/scripts/config/servrs.txt under Linux or SolarisNOTEThe inv.bat, inv.sh, slot.bat, and slot.sh scripts retrieve information only from an Ridgeline server that runson the same machine as the scripts.Inventory Export ExamplesThe following examples illustrate the usage of these commands.●To export slot information to the file slotinventory.csv from the Ridgeline database whose login is“admin123” and password is “sesame” in the Windows environment, enter the following command:slots.bat -u admin123 -p sesame -o slotinventory.csvUnder Linux or Solaris, enter the following command:slots.sh -u admin123 -p sesame -o slotinventory.csvThis will not prompt for a password, and will output the results to the specified file.708Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Appendix●●●To export device information to the console, after prompting for a password in the Windowsenvironment, enter the following command:inv.batUnder Linux or Solaris, enter the following command:inv.shThis command will login with the default username (admin), will prompt for the password, and willoutput the results to the console.To export device information to the console, using the default login and default password in theWindows environment, enter the following command:inv.bat -d -o output.csvUnder Linux or Solaris, enter the following command:inv.sh -d -o output.csvThis command will login using the default username (admin) and the default password, and willoutput the results to the file output.csv in the user\scripts\bin directory.To export device information from the Ridgeline databases on the multiple servers in the Windowsenvironment, edit the servers.txt file in the user\scripts\config directory, then enter thefollowing command:msinv.bat -d -o devices.csv -s serverlist2.txtUnder Linux or Solaris, edit the servers.txt file in the user/scripts/config directory, then enterthe following command:msinv.sh -d -o devices.csv -s serverlist2.txtThis command logs in to each of the Ridgeline servers specified in the file serverlist2.txt, usingthe default login and password, and output the device information from these servers to the filedevices.csv. The devices.scv file is created in the user\scripts\bin directory.The AlarmMgr UtilityThe Alarm Manager utility (AlarmMgr) enables you to access Ridgeline alarm information and outputthe results to a command window or to a file. This command provides a command-line version of partof the functionality available in the Ridgeline Alarm Manager.Using the AlarmMgr CommandThe AlarmMgr utility is located in the Ridgeline bin directory, /client/bin. By default this is \Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\client\bin in theWindows environment, or /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/client/bin in a UNIXenvironment.This command includes options for specifying Ridgeline server access information and alarm filteringparameters.The syntax of the command is as follows:AlarmMgr -user The Ridgeline username is required. All other parameters are optional.Ridgeline <strong>Reference</strong> <strong>Guide</strong>709
Ridgeline UtilitiesThe basic command displays information about the last 300 alarms in the Ridgeline database. By usingfiltering options, you can display information about selected alarms. You can specify a time period ofinterest as well as characteristics of the alarms you want to include.You can select alarms based on criteria such as the alarm name, severity, category, source (the IP addressor IP address and port that generated the alarm) and whether the alarm has been acknowledged. Youcan combine many of these criteria so that only alarms that meet all your criteria will be included in theresults. For example, you may want to display only critical alarms from a specific device, or all alarmsin a specific category that are not acknowledged.You can use the following options with this command in Table 43:Table 43: AlarmMgr command optionsOption Value Default-user Ridgeline username. This option is required. None-password -host Ridgeline user password. If the password is blank, do not includethis argument.Ridgeline server hostname or IP addressNopasswordlocalhost-port Ridgeline server port number 80-h Display alarms that occurred within the last Nhours-d Display alarms that occurred N days ago-y Display alarms that occurred yesterday-c Display alarms that occur for a specificcategory. Category specification is caseinsensitive. Must be quoted if category nameincludes spaces or other delimiters.-s Display alarms that occur for a specificseverity. Severity specification is caseinsensitive.-dip Display alarms that occur for a specific deviceas specified by IP address.-p Display alarms that occur for a specific port onthe device specified with the -dip option.These options aremutually exclusiveand may not becombinedWhen theseoptions arecombined, analarm must meetall criteria to beincluded in theresults.Each of theseoptions may bespecified onlyonce.Last 300alarmsAllcategoriesAllseveritylevelsAlldevicesAll ports-an Display alarms that occur for a specific alarm.Alarm name specification is case insensitive.Must be quoted if alarm name includes spacesor other delimiters.Allalarms-a Display all acknowledged alarms. Allalarms-u Display all unacknowledged alarms.-f Name of file to receive output. If you do not specify a path, the file isplaced in the current directory. If the file already exists, it isoverwritten.Command window(stdout).-help Displays syntax for this command None710Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Appendix●●●●●●You can specify only one Ridgeline server (database) in a command. If you want to display alarmsfrom multiple Ridgeline databases, you must use a separate command for each server.The options for specifying the relevant time period (-h, -d, and -y) are mutually exclusive andcannot be combined.You can specify filter options such as an alarm name or device (IP address) only once per command.If you want to display information for a several values of a filter option, such as several alarmnames, devices, severity levels, etc., you must execute an AlarmMgr command for each value of thefilter option. For example, to display alarms for two different devices, you must execute twoAlarmMgr commands.If you specify multiple filter options, they are combined in the manner of a logical AND. This meansthat an alarm entry must meet all the specified criteria to be included in the command results.The options for specifying the relevant time period are mutually exclusive and cannot be combined.You should not combine the -a and -u options (for acknowledged and unacknowledged alarms).This combination indicates you want to display alarms that are both acknowledged andunacknowledged. However, there are no alarms that meet this criteria since an alarm cannot be both.To display both alarms that are acknowledged and alarms that are unacknowledged, do not specifyeither option.AlarmMgr OutputThe output from the AlarmMgr command is displayed as tab-delimited ascii text, one line per alarm.Each line contains the following information:IDNameCategoryEvent ID of the alarm (assigned by the Ridgeline server when the alarm is received)Name of the alarmCategory that the alarm is classified underSeverity Severity level of the alarmSourceTimeMessageAckedIP address of the device that generated the alarmTime the alarm occurred, reported as Greenwich Mean TimeMessage associated with the alarmWhether the alarm has been acknowledged (true or false)AlarmMgr ExamplesThe following examples illustrate the usage of these commands.● To display the last 300 alarm log entries in the Ridgeline database running on the local server, asuser admin with the default password, enter the following command:AlarmMgr -user admin● To display the last 300 alarm log entries in the Ridgeline database running on server snoopy on port81, with Ridgeline login “master” and password “king,” enter the following command:AlarmMgr -host snoopy -port 81 -user master -password king● To display all alarm log entries for the alarm named FanFailed in the local Ridgeline database thatoccurred yesterday and are unacknowledged, enter the following command:AlarmMgr -user admin -y -u -an “Fan Failed”● To find all alarm log entries that were generated from port 12 on device 10.2.3.4, and place theresults in the file device1.txt enter the following command:Ridgeline <strong>Reference</strong> <strong>Guide</strong>711
Ridgeline UtilitiesAlarmMgr -user admin -dip 10.2.3.4 -p 12 -f device1.txtThe FindAddr UtilityUsing the Find Address command (FindAddr) you can specify a Media Access Control (MAC) orInternet Protocol (IP) network address, and a set of network devices (or ports on a device) to query forthose addresses. The command returns a list of the devices and ports associated with those addresses,and output the results to the command window or to a file.This command provides a command-line version of the functionality available in the Ridgeline IP/MACAddress Finder.Using the FindAddr CommandThe FindAddr utility is located in the Ridgeline bin directory, /client/bin.By default this is \Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\client\bin in the Windowsenvironment, or /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/client/bin in a UNIX environment.This command includes options for specifying Ridgeline server access information, the address to belocated, and a search domain (an individual device and ports, or a device or port group).The syntax of the command is as follows:FindAddr -user The Ridgeline username is required. You must also include at least one search address specification, anda search domain specification.The FindAddr command returns a list of MAC and IP addresses and the devices and ports associatedwith those addresses.You can use the following options with this command:Table 44: FindAddr command optionsOption Value Default-user Ridgeline username. This option is required. None-password -host -port Ridgeline user password. If the password is blank, do not includethis argument.Ridgeline server hostname or IP address.Ridgeline server port number.Do not specify this after the -dip option or it will be taken as a searchdomain specification.Nopasswordlocalhost80-f Name of file to receive output. If you do not specify a path, the file isplaced in the current directory. If the file already exists, it isoverwritten.Command window(stdout)712Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixTable 44: FindAddr command options (continued)Option Value Default-help Displays syntax for this command. NoneSearch address options:-all-mac Display all addresses located in the searchdomain.Locate the specified MAC address. Theaddress must be specified as six two-digithexadecimal values separated by colons(xx:xx:xx:xx:xx:xx). You can specify a wildcardaddress by specifying asterisks instead of thelast three values (for example, 21:14:18:*:*:*).This option may be repeated.At least one ofthese options isrequired.The -mac and -ipoptions may becombined.None-ip Locate the specified IP address.This option may be repeated.Search domain options:-dg -pg -dip Defines the search domain to include thespecified device group.Defines the search domain to include thespecified port group.Defines the search domain to include thedevice specified by the IP address.At least one of -dip, -dg, or -pgmust be provided.These optionsmay be repeatedand combined.None-port Defines the search domain to include one or more ports on thedevice specified by the -dip option. Multiple ports can be specifiedseparated by commas. Slot and port are specified as slot:port. Forexample, 1:2,2:3Important: If used, this option must immediately follow the -dip optionto which it applies.All portson thedevice●●●You can specify only one Ridgeline server (database) in a command. If you want to search devicesfrom the inventory databases of multiple Ridgeline servers, you must use a separate command foreach server.You can specify multiple IP and MAC addresses as search items by repeating the -ip or -macoptions.- For MAC addresses, you can specify a wildcard for the last three values in the address (such as10:11:12:*:*:*).- Wildcards are not supported for IP addresses. To search for multiple IP addresses, you can usethe -all option, or include multiple -ip options.- You can specify both an IP address and a MAC address as search addresses in one command.You can specify each search domain option multiple times.- Wildcards are not supported for device IP addresses. To include multiple devices in the searchdomain, you can specify a device group that contains the devices, or specify multiple -dipoptions.- To restrict the search domain to one or more ports on a device, specify the -port optionimmediately after the -dip option. If you place it anywhere else in the command, it will be taken asthe server port specification.Ridgeline <strong>Reference</strong> <strong>Guide</strong>713
Ridgeline Utilities- You can specify individual devices, device groups, and port groups in a single command.FindAddr OutputThe output from the FindAddr command is displayed as tab-delimited text, one line per address. Eachline contains the following information:● Both the MAC address and the corresponding IP address.● The switch and port to which the address is connected.● The user (name) currently logged in at that address, if applicable.The output also tells you the total number of addresses found, and lists any switches in the searchdomain that were unreachable.FindAddr ExamplesThe following examples illustrate the usage of these commands.● To display all addresses that can be accessed through devices in the Default device group, from thelocal Ridgeline database (with default user, password and port), enter the following command:●●FindAddr -user admin -all -dg DefaultTo display all addresses that can be accessed through device 10.20.30.40, ports 5,6,7,8, in theRidgeline database running on server snoopy on port 81, with Ridgeline login “master” andpassword “king,” enter the following command:FindAddr -host snoopy -port 81 -user master -password king -dip 10.20.30.40 -port5,6,7,8 -allNote that the second -port option immediately follows the -dip option. It must be placed in thisposition to specify ports as the search domain.To search for MAC addresses beginning with 00-01-03, and write the results to the file “info.txt,”with the Default device group as the search domain, enter the following command:FindAddr -user admin -mac 00:01:03:*:*:* -dg Default -f info.txtIf the file does not already exist, it will be created, by default in the Ridgeline bin directory.The TransferMgr UtilityThe Transfer Manager utility (TransferMgr) allows you to upload configuration information from adevice to a file, and to download configuration information and <strong>Extreme</strong>Ware software images to<strong>Extreme</strong> devices.This command provides a command-line version of some of the functionality available in the RidgelineConfiguration Manager.Using the TransferMgr CommandThe TransferMgr utility is located in the Ridgeline bin directory, /client/bin.By default this is \Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\client\bin in the Windowsenvironment, or /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/client/bin in a UNIX environment.714Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixThis command includes options for specifying Ridgeline server access information, the transfer functionto be performed (upload, download, incremental download, or <strong>Extreme</strong>Ware image download), thedevice on which to perform the operation on, and the file location on the server.The syntax of the command is as follows:TransferMgr -user -upload -dip TransferMgr -user -download -dip TransferMgr -user -incremental -dip TransferMgr -user -software -dip {primary | secondary}The Ridgeline username, one of the four transfer options, and a device IP address are required. Otheroptions are optional.You can use the following options with this command:Table 45: TransferMgr command optionsOption Value Default-user Ridgeline username. This option is required. None-password -host Ridgeline user password. If the password is blank, do notinclude this argument.Ridgeline server hostname or IP addressNo passwordlocalhost-port Ridgeline server port number 80-help Displays syntax for this command NoneUpload configuration:-upload-dip -ft -fl Upload configuration from the device specified with the -dipoption.IP address of device from which configuration should beuploaded. This option is required, and may be repeated.Text string to be appended to device IP address to create afile name (in the format xx_xx_xx_xx.string).Directory or path below the configs directory where theupload file should be placed. is the location ofyour TFTP server. By default, is\user\tftp.NoneNone.txt(xx_xx_xx_xx.txt)\configs-a Place upload file into the archive directory(\configs\\\\_.txtThis option may not be combined with the -fl and -ft options.\configs\.txtRidgeline <strong>Reference</strong> <strong>Guide</strong>715
Ridgeline UtilitiesTable 45: TransferMgr command options (continued)Option Value DefaultDownload configuration:-download -dip Download configuration from the specified file to the devicespecified with the -dip option. The specified file must belocated in or below the \configs directory. Bydefault, is \user\tftp.IP address of device to which configuration should bedownloaded. This option is required. It may not be repeated.NoneNoneDownload Incremental configuration:-incremental -dip Download an incremental configuration from the specified fileto the device specified with the -dip option. The specified filemust be located in the \baselines directory. Bydefault, is \user\tftp.IP address of device to which configuration should bedownloaded. This option is required. It may not be repeated.NoneNoneDownload <strong>Extreme</strong>Ware software image:-software -dip Download a software image from the specified file to thedevice specified with the -dip option. The specified file mustbe located in the \images directory. By default, is \user\tftp.Important: Make sure the software version is compatible withthe switch to which you are downloading.IP address of device to which the image should bedownloaded. This option is required. It may not be repeated.NoneNone-primary Download to the primary image location. Current location-secondaryDownload to the secondary image location.●●●You can specify only one Ridgeline server (database) in a command. If you want to upload ordownload to or from devices managed by multiple Ridgeline servers, you must use a separatecommand for each server.Configuration and image files are all stored in subdirectories of the Ridgeline TFTP root directory,which is by default deploy\user.war\tftp. You can change the locationof the TFTP root directory by using the Server function of the Ridgeline Configuration Manager.Standard <strong>Extreme</strong>Ware software images as shipped by <strong>Extreme</strong> <strong>Networks</strong> are provided in thedirectory \deploy\user.war\tftp\images directory (by default\Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\deploy\user.war\tftp\images in theWindows operating environment, or /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/deploy/user.war/tftp/images on a Linux or Solaris system).NOTEMake sure the software version you download is compatible with the switch. If you download anincompatible version, the switch may not function properly.716Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Appendix● For uploading, you can specify multiple devices in one command. For the download options (-download, -incremental, and -software) you can specify only one device per command. If youwant to download to multiple devices, you must execute multiple TransferMgr commands.TransferMgr ExamplesThe following examples illustrate the usage of these commands.● To upload configuration information from device 10.20.30.40, enter the following command:●●TransferMgr -user admin -upload -dip 10.20.30.40This will place the device configuration information in the file 10_20_30_40.txt in the configsdirectory under the TFTP root directory (by default\Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\deploy\user.war\tftp\configs).To upload and archive configuration information from device 10.20.30.40 managed by the Ridgelineserver running on host snoopy on port 81, with Ridgeline login “master” and password “king,” enterthe following command:TransferMgr -host snoopy -port 81 -user master -password king -upload -a -dip10.20.30.40Assuming the default location for the TFTP root directory, and assuming that this command wasexecuted on July 24, 2010 at 10:02 AM, this will place the device configuration information in the file\Program Files\<strong>Extreme</strong><strong>Networks</strong>\Ridgeline3.0\deploy\user.war\tftp\configs\2010\07\24\10_20_30_40_1002.txt.To download version 6.1.8 b11 of the <strong>Extreme</strong>Ware to an i-series device, enter the followingcommand:TransferMgr -user admin -software v618b11.xtr -dip 10.20.30.40The ImportResources UtilityThe ImportResources utility allows you to import user and host resource definitions, and groupscontaining those resources, from a source external to the Ridgeline system. You can import from anWindows Domain server, an NIS server, or an LDAP directory. You can also import host and userresource definitions from a tab-delimited text file.Using the ImportResources CommandThe ImportResources utility is located in the Ridgeline bin directory, /client/bin. By default this is \Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\client\bin in theWindows environment, or /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/client/bin in a UNIXenvironment.This command includes options for specifying Ridgeline server access information, the operation to beperformed (create, modify or delete), the name of the VLAN, and the devices in the VLAN with theirconfiguration options.Importing from a File. To import data from a text file, you define the resources you want to import ina tab-delimited text file. See “Importing from a File” in Chapter 8 of the Ridgeline <strong>Reference</strong> <strong>Guide</strong> fordetails.Ridgeline <strong>Reference</strong> <strong>Guide</strong>717
Ridgeline UtilitiesImporting from an LDAP Directory. Importing from an LDAP directory uses an import specificationfile that defines the following:● The information you want to extract from the directory.● How to map that data to groups, resources, and attributes in the Ridgeline Grouping module.The specification file must be named LDAPConfig.txt, and must reside in the Ridgeline user.war/import directory. See “Importing from an LDAP Directory” in Chapter 8 of the Ridgeline <strong>Reference</strong> <strong>Guide</strong>for details.Importing from an Windows Domain Controller or NIS Server. Importing from an WindowsDomain Controller or NIS server is always done from the Domain Controller or NIS server that isserving the domain for the system running the Ridgeline server. The type of system you are runningwill determine where the Ridgeline server looks for the information. See “Importing from an WindowsDomain Controller or NIS Server” in Chapter 8 of the Ridgeline <strong>Reference</strong> <strong>Guide</strong> for details.The syntax of the ImportResources command is as follows:ImportResources -user -s [-f | -ldap | -domain ]The Ridgeline username and one of the import type options (-f, -ldap, or -domain) are required.Table 46 specifies the options you can use with this command:Table 46: ImportResources command optionsOption Value Default-user Ridgeline username. This option is required. None-password Ridgeline user password. If the password is blank, do notinclude this argument.No password-host Ridgeline server hostname or IP address localhost-port Ridgeline server port number 80-help Displays syntax for this command None-s A name that will identify the source of the importedresources. This name is used to create a group under whichall the resources imported in this operation are placed.-f The name of a tab-delimited text file that contains the datato be imported. See “Importing from a File” in Chapter 8 ofthe Ridgeline <strong>Reference</strong> <strong>Guide</strong> for details.NoneNone-ldap-domainSpecifies that the information to be imported is from anLDAP directory. Requires a specification file namedLDAPConfig.txt, that resides in the Ridgeline /deployuser.war/import directory. See “Importing from an LDAPDirectory” in the Ridgeline <strong>Reference</strong> <strong>Guide</strong> for details.Specifies that the information to be imported is from anWindows Domain Controller server or a Linux or Solaris NISserver. See “Importing from an Windows Domain Controlleror NIS Server” in the Ridgeline <strong>Reference</strong> <strong>Guide</strong> for details.NoneNone718Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixImportResources ExamplesThe following examples illustrate the usage of these commands.● To import resources from a tab-delimited file named importdata.txt into a source group namedImportedUsers in the Ridgeline database running the local server with the default administrator nameand password, enter the following command:ImportResources -user admin -s ImportedUsers -f importdata.txt● To import resources from an LDAP directory from a LDAP server into a source group namedCorpUsers in the Ridgeline database running on host snoopy on port 81, with Ridgeline login“master” and password “king,” enter the following command:●ImportResources -host snoopy -port 81 -user master -password king-s CorpUsers -ldapThis requires a configuration file named LDAPConfig.txt to be present in the Ridgeline deploy/user.war/import directory.To import resources from an Windows Domain server into a source group named NewUsers in theRidgeline database running the local server with the default administrator name and password,enter the following command:ImportResources -user admin -s NewUsers -domainThis imports user data from the Windows Domain Controller that is serving the domain where theRidgeline server resides.Ridgeline <strong>Reference</strong> <strong>Guide</strong>719
Ridgeline Utilities720Ridgeline <strong>Reference</strong> <strong>Guide</strong>
FConfiguringAPPENDIXRADIUS forRidgeline AuthenticationThis appendix describes in detail how to set up an external RADIUS server to provide authenticationservices for Ridgeline users when Ridgeline is configured to act as a RADIUS client.It describes the following steps:● “Step 1. Create an Active Directory User Group for Ridgeline Users” on page 721● “Step 2. Associate Users with the Ridgeline Group” on page 722● “Step 3. Enable Ridgeline as a RADIUS Client” on page 725● “Step 4. Create a Remote Access Policy for Ridgeline Users” on page 726● “Step 5. Edit the Remote Access Policy to add a VSA” on page 731● “Step 6. Configure Ridgeline as a RADIUS Client” on page 736External RADIUS Server SetupThe following example is a step-by-step walk-through example using Microsoft Active Directory andInternet Authentication Service. This example also leads you through the process of setting up a VSAfor passing role information.Step 1. Create an Active Directory User Group for Ridgeline UsersWithin Active Directory, create one or more User Groups. If you have multiple roles within Ridgeline,and you want to authenticate users for any of those roles, you will need a Group for each Ridgelinerole.Ridgeline <strong>Reference</strong> <strong>Guide</strong>721
Configuring RADIUS for Ridgeline Authentication1 To add a group, select the appropriate domain under Active Directory Users and Computers, thenclick Users, then New> GroupFigure 501: Adding a Group2 Type the same group name in each of the two group name fields. Scope should be Global, typeshould be Security. Click OK.3 If you want to authenticate Ridgeline users with more than one role, repeat these steps to create agroup that corresponds to each Ridgeline role you use. For example, if you want to authenticateusers with an Admin role and users with a Monitor role, you would create a group for each roletype—such as NMS-Admin and NMS-Monitor.Step 2. Associate Users with the Ridgeline GroupIf necessary, create one or more new users.●To add a new user, click Users, the New>User. Follow the steps to enter the user information andpassword.Associate each user with the appropriate Ridgeline-related group, based on the role you want that userto have within Ridgeline.722Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Appendix1 In the Users list right-click on a User Name and display the Properties dialog box.Figure 502: The Properties Dialog Box for a User Name2 Click the Member Of tab, then click Add...Ridgeline <strong>Reference</strong> <strong>Guide</strong>723
Configuring RADIUS for Ridgeline AuthenticationFigure 503: The Member Of tab3 In the Enter the object names to select field, type the name of the Ridgeline-related group this usershould be associated with (see Figure 504).Click OK to continue.Figure 504: Adding a group for the user4 Click the Dial-in tab and select the Allow access and the No Callback radio buttons (seeFigure 505).Click OK to continue.724Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixFigure 505: The Dial-in tab configurationStep 3. Enable Ridgeline as a RADIUS ClientWithin the Internet Authentication Service, enable Ridgeline as a RADIUS client.1 Under the Internet Authentication Service click RADIUS Clients, then New> RADIUS Client.2 Type a Friendly Name for the RADIUS client and type the IP address or host name of the Ridgelineserver. Click Next to continue.Figure 506: Adding a RADIUS Client to IASRidgeline <strong>Reference</strong> <strong>Guide</strong>725
Configuring RADIUS for Ridgeline Authentication3 Select RADIUS Standard from the Client-Vendor drop-down menu, and type the shared secrettwice. You must use this same shared secret when you configure Ridgeline as a RADIUS client.Figure 507: Setting the shared secret for a RADIUS client4 Click Finish. The new Ridgeline client should now appear in the list of RADIUS Clients under theInternet Authentication Service, as shown in Figure 508.Figure 508: Verify the RADIUS client in IASStep 4. Create a Remote Access Policy for Ridgeline UsersCreate a Microsoft Internet Authentication Remote Access Policy for each type of Ridgeline role thatyou plan to use within Ridgeline. For each different role (predefined roles such as Admin or Manager,or user-defined roles) a Remote Access Policy is needed, configured with the role information that mustbe transmitted to Ridgeline along with the user’s authentication status.To create a Remote Access Policy:1 Under the Internet Authentication Service, right-click the Remote Access Policies folder, select Newand then Remote Access Policy.The New Remote Access Policy Wizard will start. Click New to continue.726Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Appendix2 Type a name for the Policy Name (see Figure 509, where Ridgeline is used as an example), then clickNext.If you need to create multiple policies, each must have a unique name, such as NMS-Admin andNMS-Monitor.Figure 509: Configuring a Remote Access Policy using the wizard3 To configure the Access Method (Figure 510), click the Ethernet radio button, then click Next tocontinue.Ridgeline <strong>Reference</strong> <strong>Guide</strong>727
Configuring RADIUS for Ridgeline AuthenticationFigure 510: Selecting the Access Method for network access4 The User or Group Access window appears. This is where you associate a group with this policy.Figure 511: The User or Group Access selection5 Select the Group radio button, then click Add.... The Select Group pop-up window appears, asshown in Figure 512.728Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixFigure 512: The Select Groups Window6 Click on Locations.... The Locations pop-up appears, as shown in Figure 513.Figure 513: The Locations Window7 Select the appropriate domain (the ebcdemo.com domain in this example) where your Ridgelinegroups were created. Click OK to continue. This returns you to the Select Groups window, with theselected domain displayed (see Figure 514).Ridgeline <strong>Reference</strong> <strong>Guide</strong>729
Configuring RADIUS for Ridgeline AuthenticationFigure 514: The Select Groups Window After Setting the Location8 Type the name of the group you want to associate with this remote access policy. Click OK tocontinue.The User or Group Access window re-appears, with the domain and group you specified shown inthe Group name list.Click Next to continue.Figure 515: The User or Group Access Window After Selecting the Domain and Group9 Next, select the Authentication Method to be used. From the EAPS Type drop-down menu, selectMD5-Challenge, then click Next.730Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixFigure 516: Setting the Authentication Method for the Policy10 Click Finish in the final window to complete your configuration of the remote access policy.Step 5. Edit the Remote Access Policy to add a VSAEdit each new Remote Access Policy to add a Vendor Specific Attribute (VSA) or to set the Service Typeattribute value.If you are using just the standard Ridgeline built-in roles (Admin, Manager, Monitor) you can simplyset the service type attribute.If you have added administrator roles in Ridgeline, and want to authorize users with those you want touse, create a VSA to pass the role information to Ridgeline. This example shows how to create a VSA topass role information.To create a VSA, complete the following steps:1 Select the Remote Access Policy you want to edit. Right-click on the policy name and selectProperties.Ridgeline <strong>Reference</strong> <strong>Guide</strong>731
Configuring RADIUS for Ridgeline AuthenticationFigure 517: Selecting a Remote Access Policy to editThe Properties window appears (Figure 518).Figure 518: The Properties Window for a Remote Access Policy2 Remove the NAS-Port-Type matches Ethernet policy: select NAS-Port-Type matches Ethernet andclick Remove.732Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Appendix3 Next, select the Windows-Group matches “EBCDEMO\Ridgeline” policy and click Edit Profile.The Edit Dial-in Profile window appears.Figure 519: The Edit Profile Window, Authentication Tab4 Select the Authentication tab, and check Unencrypted authentication (PAP,SPAP). Then click theEAPS Methods button. The Select EAPS Providers pop-up window appears (Figure 520).Figure 520: The Select EAPS Providers Window5 Remove the MD-5 Challenge method: select MD5-Challenge and click Remove. Then click OK.This returns you to the Edit Dial-in Profile window.6 Select the Advanced Tab, and click Add... The Add Attribute window appears.Ridgeline <strong>Reference</strong> <strong>Guide</strong>733
Configuring RADIUS for Ridgeline AuthenticationFigure 521: The Edit Profile Window, Advanced Tab7 Select Vendor-Specific and click Add.The Multivalued Attribute Information window appears.Figure 522: The Multivalued Attribute Information Window8 Click Add again. The Vendor-Specific Attribute Information window appears. This is where you addthe Ridgeline VSA settings.734Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixFigure 523: The Vendor-Specific Attribute Information Window9 Select the Enter Vendor Code radio button, and type 1916 as the vendor code.Select the Yes. It conforms radio button.Click Configure Attribute...The Configure VSA pop-up appears.Figure 524: Configuring the VSARidgeline <strong>Reference</strong> <strong>Guide</strong>735
Configuring RADIUS for Ridgeline Authentication10 In the next window, provide the following:Enter 210 for the Vendor-assigned attribute number.Select String from the Attribute format drop-down menu.Type an Attribute value that matches one of the Ridgeline role names; either a predefines role name,such as Administrator or Monitor, or a user-defined role name. If the Attribute value does not matcha role, the user will default to the Monitor role only.Ridgeline roles can be found in the Ridgeline Administration under the Roles tab.Click OK to continue.11 The new attribute will appear in the Multivalued Attribute Information window asVendor code: 1916 with the value set to the role name you entered (Administrator in thisexample).Click OK to continue.12 In the Edit Dial-in Profile window, click OK again.A warning will appear, as shown in Figure 525. Click No.Figure 525: Warning after editing the Remote Access Policy profileThe VSA is now configured for this remote access policy.Step 6. Configure Ridgeline as a RADIUS ClientOnce Ridgeline is configured in IAS as a RADIUS client, you must configure it as a RADIUS clientthrough Ridgeline Administration.1 In Ridgeline Administration, select the RADIUS tab, as shown in Figure 526.736Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixFigure 526: Configuring Ridgeline as a RADIUS client2 Click the Enable system as a RADIUS client button.The Client Configuration section of the page will become available.3 Enter the host name or IP address of your RADIUS server, and enter the shared secret you usedwhen you set Ridgeline as a RADIUS client in IAS (see Step 3. Enable Ridgeline as a RADIUS Clienton page 725).If you have a secondary RADIUS server, enter that information here also.4 Click Apply to have this take effect.Ridgeline <strong>Reference</strong> <strong>Guide</strong>737
Configuring RADIUS for Ridgeline Authentication738Ridgeline <strong>Reference</strong> <strong>Guide</strong>
G TroubleshootingAPPENDIXThis appendix describes how to resolve problems you may encounter with Ridgeline.It contains the following sections:● “Troubleshooting Aids” on page 739● “Ridgeline Client Issues” on page 740● “Ridgeline Database” on page 741● “Ridgeline Server Issues” on page 742● “VLAN Management” on page 745● “Alarm System” on page 745● “Ridgeline Inventory” on page 747● “Printing” on page 748● “Reports” on page 748● “Configuration Manager” on page 748Troubleshooting AidsIf you are having problems with Ridgeline, there are several things you can do to help prevent ordiagnose problems.One of the first things you should do is run the Package Debug Info command. This commandpackages the various log, property, syslog and other debugging information files and archives them intoa zip file. You can email this file to <strong>Extreme</strong> <strong>Networks</strong> technical support to provide them with detailedinformation on the state of the Ridgeline server.You can run this command while the server is running, or while the server is stopped.To run the Package Debug Info command, go to/jboss/bin and run PackageDebugInfo.exe (PackageDebugInfo.bin inLinux or Solaris).You can also run the Package Debug Info command from the Windows Programs menu on theRidgeline server: Start > Programs > <strong>Extreme</strong> <strong>Networks</strong> > Ridgeline <strong>3.1</strong> > Package Debug Info. In thiscase, a DOS window appears that will display the progress of the commands as they are executed.Ridgeline <strong>Reference</strong> <strong>Guide</strong>739
TroubleshootingSee “Package Debug Info Utility” on page 703 for details about using this command.About Ridgeline WindowAt any time while logged into Ridgeline, you can capture debugging information by going to the“About Ridgeline” window:● From the Help menu, select About Ridgeline, then click Details.You can then copy and paste the output information into a text file to send to <strong>Extreme</strong> <strong>Networks</strong>Technical Support, if necessary.Enabling the Java ConsoleTo facilitate problem diagnosis, you can attempt to duplicate the problem with the Java Consoleenabled.To enable the Java Console on Windows systems, complete the following steps:1 Go to the Windows Control Panel.2 Click the Java icon to launch the Java Control Panel.3 Click the Advanced tab4 Expand the Java console setting5 Click the Show console button6 Click Apply.On Linux and Solaris systems, launch the Java Control Panel (run ControlPanel, located at/jre/bin) and follow the procedure above.The next time you launch the Ridgeline client, the Java Console will start automatically.NOTERunning with the Java Console displayed may reduce the performance of the Ridgeline client.There is limited space for Java Console messages; once the console log file is filled, no more messageswill be recorded. If you are trying to duplicate a problem, clear the Java Console log file periodically byclicking the Clear button at the bottom of the window.You can close the Java Console by clicking the Close button at the bottom of the window. However,once it is closed, it can only be restarted by closing and restarting the browser.Ridgeline Client IssuesProblem: Unable to connect to the Ridgeline server.Verify that the Ridgeline Server process is running.740Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixVerify that the server is running on the specified port. If the server is running and you are using thecorrect port, the Ridgeline Welcome page appears.If you are running Ridgeline on Windows and connecting to Ridgeline from the same system as theRidgeline server, you can also use the server setup utility to determine the port on which the Ridgelineserver is running. Click Start > All Programs > <strong>Extreme</strong> <strong>Networks</strong> > Ridgeline <strong>3.1</strong> > Server setuputility. The Ridgeline’s HTTP port box shows the current server port.Problem: Colors in client interface are incorrect (Windows 2003, Windows XP).The Color Palette must be set for 65536 colors (or True Color). If your display is set for only 256 colors,the colors in Ridgeline may be incorrect.To change the color palette, double-click the Display icon in the Control Panel, select the Settings tab,and use the drop-down list in the Color Palette field to select the appropriate setting.Problem: Browser does not bring up the Ridgeline Welcome page.Verify the version of the browser you are using. See the system requirements in the Ridgeline Installationand Upgrade <strong>Guide</strong> or see the Ridgeline Release Notes shipped with the software.Problem: Browser client software loads and allows login, but data is missing or other problems arise.Remove the Ridgeline application from the Java Cache. Go to the Java Console. Under the General tab,in the Temporary Internet Files section, click the View button. Select the Ridgeline application in theJava Cache Viewer, and delete it.Ridgeline DatabaseProblem: DBBACKUP utility will not run (in Solaris) if LD_LIBRARY_PATH variable is not setcorrectlyIn order for DBBACKUP to run, the LD_LIBRARY_PATH environment variable must include the path/database/bin (by default, /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/database/bin).There are some needed .so files in that directory. (10051)Problem: Database server will not restart after incorrect shut downIf the Ridgeline server is shut down incorrectly, the database may be left in an invalid state. In this case,an “Assertion failed” error may occur when attempting to restart the server.To recover the database in Windows XP or Windows 2003 Server, complete the following steps:1 Open a DOS command window.The following commands assume you have accepted the default installation location,c:\Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0. If you have installed Ridgeline in adifferent location, substitute the correct installation directory in the commands below.2 Go to the Ridgeline install directory:cd c:\Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\database\bin3 Add the Ridgeline database directory to your path:set path=c:\Program Files\<strong>Extreme</strong> <strong>Networks</strong>\Ridgeline3.0\database\bin;%path%4 Execute the following commands:Ridgeline <strong>Reference</strong> <strong>Guide</strong>741
Troubleshootingdatabase\bin\dbeng9.exe -f ..\database\data\basecamp.dbdatabase\bin\dbeng9.exe -f ..\database\data\epicenter.db5 Watch the output from this command. If the database program indicates it cannot recover thedatabase, delete the database log:del basecamp.logand try executing the previous commands again:database\bin\dbeng9.exe -f ..\database\data\basecamp.dbdatabase\bin\dbeng9.exe -f ..\database\data\epicenter.db6 If the database is successfully recovered, restart the server.If the database cannot be recovered, you will need to restore the database from a backup. See theRidgeline <strong>Reference</strong> <strong>Guide</strong> for instructions on restoring the database from a backup.To recover the database in Solaris, complete the following steps:1 Open a shell window (csh is used for the following example).The following commands assume you have accepted the default installation location, /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0. If you have installed Ridgeline in a different location, substitutethe correct installation directory in the commands below.2 Go to the Ridgeline install directory:cd /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.03 Make sure the LD_LIBRARY_PATH environment variable is set to the Ridgeline directory installationdirectory:setenv LD_LIBRARY_PATH /opt/<strong>Extreme</strong><strong>Networks</strong>/Ridgeline3.0/database/bin4 Execute the following commands:database/bin/dbeng9.exe -f ../database/data/basecamp.dbdatabase/bin/dbeng9.exe -f ../database/data/epicenter.db5 Watch the output from this command. If the database program indicates it cannot recover thedatabase, delete the database log:rm basecamp.logand try executing the previous commands again:database/bin/dbeng9.exe -f ../database/data/basecamp.dbdatabase/bin/dbeng9.exe -f ../database/data/epicenter.db6 If the database is successfully recovered, restart the server.If the database cannot be recovered, you will need to restore the database from a backup. See theRidgeline <strong>Reference</strong> <strong>Guide</strong> for instructions on restoring the database from a backup.Ridgeline Server IssuesProblem: Cannot communicate with a specific switchVerify that the switch is running <strong>Extreme</strong>Ware software version 6.2 or later.Ping the switch's IP address to verify availability of a route. Use the ping command from a MS DOS orSolaris command shell.742Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixIf the switch is using SNMPv1, verify that the read and write community strings used in Ridgelinematch those configured on the switch. If the switch is using SNMPv3, verify that the SNMPv3parameters configured in Ridgeline match those on the switch.Problem: Need to change SNMP polling interval, SNMP request time-out, or number of SNMPrequest retriesYou can change the default values for the SNMP polling interval, the SNMP request time-out, or thenumber of SNMP request retries, through the Ridgeline Administration Server Properties page. See“Polling Types and Frequencies” on page 642 for more information about modifying these properties.Problem: Need to change the Telnet or HTTP port numbers used to communicate with manageddevicesYou can change the port numbers for all managed switches through the Ridgeline AdministrationServer Properties page.See “Administering Ridgeline” in the Ridgeline <strong>Reference</strong> <strong>Guide</strong> for information on RidgelineAdministration.Problem: Telnet polling messages can fill up a device’s syslog fileThe Ridgeline server uses Telnet polling to retrieve certain switch information such as Netlogins, FDBdata (if FDB polling is enabled) and power supply information. By default, Ridgeline does status pollsevery five minutes and detailed polls once every 90 minutes. Each telnet login and logout message islogged to the switch’s log file, and will eventually fill up the log.In addition, in some cases Ridgeline needs to disable CLI paging so the poller can retrieve the fullresults of some CLI commands. An entry is created in the switch log for each disable clipagingcommand, which can also contribute to filling up the log.There are several things you can do to alleviate this problem:● Periodically clear the switch’s log file using the <strong>Extreme</strong>Ware CLI clear log command. Telnet loginand logout messages are Informational level messages.● Disable device Telnet polling by clearing the Poll Devices Using Telnet property in the Devices liston the Server Properties page of Ridgeline Administration. However, if you do this, Ridgeline willnot be able to do edge port polling through the MAC Address Poller, and will not be able to getNetlogin information, or Alpine power supply IDs.●●Increase the polling interval for all Ridgeline polling by changing the value of the SNMP PollInterval property in the SNMP list on the Server Properties page of Ridgeline Administration. Notethat this will change the interval for all SNMP polling as well as Telnet polling.See the Ridgeline <strong>Reference</strong> <strong>Guide</strong> for more information about setting server properties.You can set up event filtering to exclude login/logout events or clipaging enable/disable eventsfrom the log. See the following discussion for more details.With <strong>Extreme</strong>XOS 11.2 and higher you can set up filters to suppress the log entries generated byRidgeline login and logout of the switch. Use of these filters is based on the assumption that one cantrust a login from the system on which Ridgeline is installed, and from the account Ridgeline uses tologin to the device.To set up this filter you would use the following four commands, where is the accountname used by Ridgeline to login to the switch, and is the IP address of the systemwhere the Ridgeline server is installed:Ridgeline <strong>Reference</strong> <strong>Guide</strong>743
Troubleshootingconfigure log filter DefaultFilter add exclude event aaa.authPass strict-match string “”configure log filter DefaultFilter add exclude event aaa.authPass strict-match string “”configure log filter DefaultFilter add exclude event aaa.logout strict-match string “”configure log filter DefaultFilter add exclude event aaa.logout strict-match string “”For example, to set up the filter for an Ridgeline server with IP address 10.255.48.40, and using accountname “admin” to login to the switch, you would enter the following:configure log filter DefaultFilter add exclude event aaa.authPass strict-match string “admin”configure log filter DefaultFilter add exclude event aaa.authPass strict-match string “10.255.48.40”configure log filter DefaultFilter add exclude event aaa.logout strict-match string “admin”configure log filter DefaultFilter add exclude event aaa.logout strict-match string “10.255.48.40”You can also create a filter to exclude the clipaging commands from the log. An example of such acommand in <strong>Extreme</strong>Ware 7.3.3 or <strong>Extreme</strong>Ware 7.5 is the following:configure log filter DefaultFilter add exclude events All match string “ :disable clipaging session”For example, to set up the filter for an Ridgeline server with IP address 10.255.48.40, and using accountname “admin” to login to the switch, you would enter the following:configure log filter DefaultFilter add exclude events All match string “10.255.48.40 admin: disableclipaging session”Problem: Traps may be dropped during a trap ‘storm'The Ridgeline server limits its processing of traps in order to be able to reliably handle trap storms froma single or multiple devices. Ridgeline limits its trap processing to 20 traps every 28 seconds from anindividual device, and a total of 275 traps every 55 seconds system-wide. Any traps that occur beyondthese limits will be discarded, but will be noted in the epicenter_server.log file.Exceeding the first limit (>20 traps in 28 seconds) is rare, and should be considered abnormal behaviorin the managed device. If you are managing a large number of devices, you may reach the total (275)limit in normal circumstances. If you are managing more than 1000 devices, it is recommended that youincrease the total number of traps to 500.The trap processing limits can be changed through server properties in Ridgeline Administration. Seethe Ridgeline <strong>Reference</strong> <strong>Guide</strong> for more information on setting Ridgeline server properties.Problem: Under Solaris, an error occurs when attempting to enable the Ridgeline Syslog serverfunctionBy default, Solaris runs its own Syslog server. This may cause an error “Syslog Server unable to start:Address already in use” when you attempt to enable the Ridgeline syslog server. You must first stop theSolaris syslog server in order to have Ridgeline act as a Syslog receiver. To stop the Solaris Syslogserver, use the command:/etc/init.d/syslog stopProblem: Ridgeline is not receiving trapsIf the IP address of an Ridgeline host is changed via DHCP while Ridgeline is running, the system willnot receive traps. To fix the problem, you can do a manual sync on all devices, or restart the Ridgelineserver.744Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixProblem: On a Windows system with multiple NICs, Ridgeline may not receive traps or be able toupload or download configuration files or imagesIn Windows, in a multiple NIC cards environment, the IP address that Ridgeline gets as the primary IPaddress is determined by the order in which the network connection is listed in the 'Adapters andBindings' tab in Advanced Settings, and may not be the NIC that is actually connected to themanagement network. There is no guarantee that the primary IP address that gets registered as a trapreceiver on a switch is the IP address of the NIC that Ridgeline actually uses to communicate.You may be able to work around this by changing the order of the IP addresses in the Adapters andBindings tab in the select the primary IP address for Ridgeline to use:1 From the Start menu select Settings, then select Network and Dial-up Connections. You can alsoopen the Network and Dial-up Connections window from the control Panel.2 From the Advanced menu, select Advanced Settings...3 Select the Adapters and Bindings tab, which shows the connections listed in order.4 Select the connection you want Ridgeline to use, use the up and down arrow buttons at the right tomove it to the top of the list, then click OK.5 Restart the Ridgeline server.VLAN ManagementProblem: Multiple VLANs have the same name.A VLAN is defined by the name, its tag value, and its protocol filter definition. Ridgeline allowsmultiple VLANs of the same name if one of the defining characteristics of one VLAN is different fromthe other.Problem: Multiple protocols have the same name.Ridgeline allows multiple protocols of the same name if one of the defining characteristics of oneprotocol is different from the other.Problem: Can only access one of the IP addresses on a VLAN configured with a secondary IPaddress.Ridgeline does not currently support secondary IP addressing for a VLAN.Alarm SystemProblem: Device is in a fault state that should generate a trap or syslog message, and an alarm isdefined to detect it, but the alarm does not appear in the Ridgeline Alarm Log.There are several possible reasons this can occur. Check the following:● Make sure that the alarm is defined and enabled.● Check that the device is in the alarm scope.● Check that SNMP traps are enabled on the device.Ridgeline <strong>Reference</strong> <strong>Guide</strong>745
Troubleshooting●●●●For a non-<strong>Extreme</strong> device, make sure you have set Ridgeline as a trap receiver on the device (seeAppendix G “Configuring Devices for Use With Ridgeline”).For an RMON alarm, make sure you have RMON enabled on the device.For Syslog messages, make sure that you have the Ridgeline Syslog server enabled, and that remotelogging is enabled on the device with Ridgeline set as a Syslog receiver.The number of traps being received by the Ridgeline server may exceed the number of traps it canhandle in a given time period, resulting in some traps being dropped (see “Traps may be droppedduring a trap ‘storm'”on page 744). You can change the limits for the number of traps the servershould accept (per minute and per 1/2 minute) in the Ridgeline Administration. See “AdministeringRidgeline” in the Ridgeline <strong>Reference</strong> <strong>Guide</strong> for more information on setting Ridgeline serverproperties.Problem: The “Email to:” and “Short email to:” fields are greyed-out in the Actions tab of the NewAlarm Definition dialog box.You need to specify an e-mail server in order to send e-mail. Click the Settings... button next to theEmail to field to set up your mail server.Problem: An RMON rule is defined to monitor a counter variable, and to cause an alarm when thecounter exceeds a certain value. The counter has exceeded the threshold value but no alarm hasoccurred.There are several things to check:● Make sure the RMON rule and the alarm definition are set up correctly● If the value of the counter was already above the threshold value when you set up the RMON rule,and you have the Sample Type set to Absolute, no alarm will ever be generated. This because thevalue must fall below the Falling Threshold value before the before another Rising Threshold trapwill be sent, and this will never occur. You should consider using the Delta Sample Type instead.Problem: When creating an RMON rule in the RMON Rule Configuration window, the MIB variableI want to use is missing from the list of variables displayed when I click “Lookup...”The MIB Variable list displays only the MIBs shipped with the Ridgeline software. In addition, withinthose MIBs the variable list will not display variables that are indexed by an index other than (or inaddition to) ifIndex. You can still use variables that do not appear in the Lookup... list, but you musttype the complete OID into the MIB Variable field, in numeric notation. If the variable is a tablevariable, you will need to append the specific index and apply the variable to each target device, one ata time.Problem: A program specified as an action for an alarm (in the Run Program field) does not getexecuted. It includes output to the desktop among its functions.You must specifically tell it to allow output to the desktop. To do this you must stop and restart theRidgeline server, as follows:1 In the Windows Services window, select Ridgeline <strong>3.1</strong> Server and click Stop. (To find the Serviceswindow, from the Start menu select Settings, then Control Panel, the double-click the Services icon).2 When the Ridgeline <strong>3.1</strong> Server service has be stopped, select it again and click Startup.... Thisdisplays a pop-up window where you can specify start-up options.3 In the lower part of the window, in the Log On As: area, click the box labeled Allow Service toInteract with Desktop. Then click OK.746Ridgeline <strong>Reference</strong> <strong>Guide</strong>
AppendixAfter the Ridgeline server restarts, the program you have specified as an alarm action should executecorrectly.To specify a batch file that does output to the desktop, you must specify the “.bat” file within a DOS“cmd” command, as follows:cmd /c start where is the batch file you want to run.Problem: Email alarm actions generate too much text for a text pager.You can use the “Short email to:” option to send an abbreviated message appropriate for a text pager orcell phone. The short email provides only very basic alarm information. See Chapter 28 “EnhancingRidgeline Performance” for more details on using the email options as an alarm action.Ridgeline InventoryProblem: Multiple switches have the same name.This is because the sysName of those switches is the same. Typically, <strong>Extreme</strong> <strong>Networks</strong> switches areshipped with the sysName set to the type of the switch “Summit48,” “Summit1i,” “Alpine3808,” and soon, depending on the type of switch.You can change the way names are displayed through a server property in the RidgelineAdministration. You can display devices by name or by IP address and name. See “AdministeringRidgeline” in the Ridgeline <strong>Reference</strong> <strong>Guide</strong> for more information on setting Ridgeline server properties.Problem: Discovery does not display the MAC address for some devices in discovery results list. Inaddition, may not add the device to inventory (primarily happens with workstations).If the MAC address is not found in the first instance of ifPhysAddress, it is not displayed in thediscovery results table. However, when the device is selected to be added to the Ridgeline inventory,Ridgeline searches all the ifPhysAddress entries for the device, and will use the MAC address found inthis manner. If no MAC address is found in any ifPhysAddress entry, the device will not be added tothe Ridgeline database.Problem: Attempted to add a switch to Ridgeline after rebooting the switch, and received an “SNMPnot responding” error.If a switch has recently been powered on, it may take some time (a number of minutes) before thedevice is completely initialized. This will be especially true of chassis devices with many blades, ordevices with a large number of VLANs configured on the device. It the device has not completed itsinitialization, Ridgeline may return an error when adding the device. You can simply wait until thedevice has finished initializing and adding it again.Problem: The Device Inventory panel shows incorrect information, and the device image is notdisplayed correctly.This can be caused by a device IP address that is in conflict with another device on the network (aduplicate IP address). Remove the problem device from the Ridgeline inventory, and add it in againwith the correct IP address.Ridgeline <strong>Reference</strong> <strong>Guide</strong>747
TroubleshootingPrintingProblem: When printing a topology map from the browser client, or a printing report, the browsercan appear to freeze.Printing a report or a topology map can cause the browser utilization to become very high (approaching100%) and can spool a very large amount of memory. There is no current solution other than to wait,and the process will eventually finish.ReportsProblem: After viewing reports, added a user-defined report, but it doesn’t appear in the list ofreports on the main reports page.The Reports page updates the list of reports when the page is loaded. To update the list, Refresh thepage.Problem: Reports cannot be launched.Due to a problem with Windows, sometimes reports cannot be launched from the Ridgeline client. Towork around this problem, you can either set your browser home page to blank, or you can run theReports feature directly from the browser:1 Point the browser to the URL of the Ridgeline server:http://:/In the URL, replace with the name of the system where the Ridgeline server is running.Replace with the TCP port number that you assigned to the Ridgeline server duringinstallation. Do not use localhost as the .2 Click the Log on to Reports only link.3 Login to the Reports feature.Configuration ManagerProblem: “Failed to connect to device communicator session” message displayed when attempting todeploy a configuration to a managed device.This message is displayed when Ridgeline cannot gain Telnet/SSH access to the device with theusername/password it has been configured to use. Select Modify communication settings from theDevice menu and check the Device Login and Device Contact Password settings to make sure that theymatch what is actually configured on the device.748Ridgeline <strong>Reference</strong> <strong>Guide</strong>
IndexNumerics802.1Q tag, 155, 598AAbout Ridgeline window, 740access roles, 458, 465Administrator, 458, 465Disabled, 458, 465Manager, 458, 465Monitor, 458, 465Ack button, 302ACL-source-address type, 571Actions tab, 318active userslisting, 578Active users tabTabactive users, 576Add buttonin Alarm Category, 326in Alarm Definition, 311in Discovery, 58in IP/MAC Address Finder, 439, 440in Threshold Configuration, 330Add/Modify Condition button, 307Add/Modify Filter button, 309addingalarm category, 326alarm definition, 311CPU Utilization rule, 330devices, 62RMON rule, 330user accounts, 462Adding a new directory server, 565address rangein IP/MAC Address Finder, 438adminpredefined administrator user, 459Administration page, 461Administratoradding users, 462deleting a user account, 463, 467distributed server configuration, 482<strong>Extreme</strong>Ware access, 459modifying users, 462server properties configuration, 469Administrator accessEPICenter, 458, 465<strong>Extreme</strong>Ware, 459alarm actionsE-mail, 319forward trap, 319run program, 319sound alert, 319Alarm Browser, 301Alarm button, 301Alarm Definition tab, 310alarm events<strong>Extreme</strong> proprietary traps, 301from EPICenter, 301, 314RMON falling threshold, 314RMON rising threshold, 314SNMP traps, 300, 313Syslog messages, 314Alarm Loghistory, 646Alarm Log Browser, 301Alarm Log Detail View, 303, 304Alarm Log report, 601, 628alarm propagation, 37Alarm Systemtroubleshooting, 745AlarmMgr utility, 709alarmsacknowledging, 302categories, 326configuring Ridgeline as Syslog receiver, 663CPU utilization rule display, 329CPU utilization threshold configuration, 328creating a display filter, 304, 306creating a filter, 307, 309current filter, 301Default category, 326defining, 310defining scope, 316delete saved display filters, 304deleting, 303detail view, 303, 304E-mail alarm action, 319EPICenter event type, 314Event Type definition, 313falling threshold configuration, 329, 332falling threshold for CPU utilization rules, 334falling threshold, predefined RMON rules, 335filtering, 303forward trap action, 319Ridgeline <strong>Reference</strong> <strong>Guide</strong>749
history, 646pause processing, 304Port Utilization rule, 335predefined, 300, 310predefined RMON event configuration, 335resume processing, 304rising threshold configuration, 329, 332rising threshold for CPU utilization rules, 334rising threshold, predefined RMON rules, 335RMON event types, 314RMON rule definition, 332RMON rule display, 328RMON threshold configuration, 328run program action, 319saving a default filter, 302scope, 315setting up e-mail, 321sound alert action, 319startup condition for CPU utilization, 334startup condition for RMON alarms, 333startup condition for threshold alarms, 329Syslog messages, 314Temperature threshold rule, 335threshold rule target configuration, 336Topology Change rule, 335tuning, 644unacknowledging, 302Archive button (Configuration Manager), 349Archive/Baseline differences report, 353archiving configuration settings, 349Associating Roles with Policies, 562Attachinga policy to a VM, 225policy, 151Audit Log, 407Bbaseline configurationrestoring, 361scheduled upload, 359uploading, 359BootROM imagesfile locations, 382hitless upgrade, 389updating, 388BootROM upgradeHitless upgrade, 389buttonsAck, 302Add (Alarm Category), 326Add (Alarm Definition), 311Add (Discovery), 58Add (IP/MAC Address Finder), 439, 440Add (Threshold Configuration), 330Add/Modify Condition, 307Add/Modify Filter, 309Alarm, 301Archive (Configuration Manager), 349CClone (IP/MAC Address Finder), 437, 443Close Window (Reports), 603Delete (Alarm Category), 327Delete (Alarm Definition), 312Delete (Alarm System), 303Delete (IP/MAC Address Finder), 437, 443Delete (RMON Configuration), 330Delete alarms with specified conditions, 303, 308Detail, 303, 304Discover (Device Discovery dialog), 57Download (Configuration Manager), 355Export (IP/MAC Address Finder), 437, 443Export Local (IP/MAC Address Finder), 443Export Local (IP/MAC Finder), 437Find (IP/MAC Address Finder), 438Increment (Configuration Manager), 356Logout (Reports), 603Modify (Alarm Category), 326Modify (Alarm Definition), 311Modify (RMON Configuration), 330New (Discovery), 57Remove (Discovery), 57Remove (IP/MAC Address Finder), 439, 440Remove All (IP/MAC Address Finder), 440Remove Condition(s), 308Remove Filter(s), 309ReRun (IP/MAC Address Finder), 437, 443Settings... (Alarm Definition), 322Submit (IP/MAC Address Finder), 440, 441Sync (RMON Configuration), 330, 337Unack, 303Upload (Configuration Manager), 345Variables... (Alarm Definition), 319WildCard (IP/MAC Address Finder), 439categories for alarms, 326Categorizing Policies, 152changing ACL-source-address type, 573changing directory server settings, 571changing Kerberos-age-out-time, 574Clone button, 437Clone button (IP/MAC Address Finder), 443Close Window button, 603community stringin trap receiver setup, 664composite link (topology), 91Config Mgmt Log report, 601configuration archiving, 348configuration filescheduled upload, 349configuration filename format, changing, 348750Ridgeline <strong>Reference</strong> <strong>Guide</strong>
configuration filesarchiving, 349, 657baselining, 659comparing, 363detecting differences, 659download incremental, 356downloading, 355restoring baseline, 361uploading baseline, 359viewing, 362Configuration Manager, 339Archive button, 349archive/baseline differences report, 353archiving configuration files, 349baseline file upload, 359changing the filename format, 348comparing configuration files, 363configuring file viewers, 364Download button, 355download incremental configuration, 356download saved configuration, 355email notification, 354Increment button, 356restoring a baseline configuration, 361scheduled baseline upload, 359scheduled device upload, 349scheduling global archive uploads, 350setting archive limits, 352software version specification, 395Upload button, 345uploading device configuration, 345viewing configuration files, 362ConfiguringDirectory servers, 565configuring server as trap receiver, 664conventionsnotice icons, About This <strong>Guide</strong>, 20text, About This <strong>Guide</strong>, 20CPU Utilizationevent configuration rules, 328falling threshold configuration, 334Rising Threshold configuration, 329rising threshold configuration, 334rule definition, 333rule display, 329rule target configuration, 336Sample Type, 334Startup Alarm, 334creating, 509alarm definitions, 310alarm threshold event rules, 330incremental configuration file, 358search task (IP/MAC Address Finder), 438Universal Port Manager, 508creating LLDP rolesLLDP attributes, 548Creating Roles, 541creating user-defined rolesuser-defined attributes, 550DdatabaseFDB, 596Debug EPICenter, 602decorative node, 91Default alarm category, 326Default device group, 37Defining a New Role, 542Delete alarms with specified conditions button, 303,308Delete buttonin Alarm Category, 327in Alarm Definition, 312in Alarm System, 303in IP/MAC Address Finder, 437, 443in RMON Configuration, 330DeletingDirectory server, 570Policy, 150deletinga user account, 463, 467alarm category, 327alarm definition, 312alarms, 303RMON configuration, 330Deleting a policy associated with a role, 564Deleting Roles, 561deployed, 488deployment wizard, 514Detaching a policy, 151Detail button, 303, 304Detailed Task View (IP/MAC Address Finder), 441DevCLI utility, 704device, 487download incremental configuration, 356download saved configuration, 355modifying information, 64uploading configuration from, 345Device Details report, 609Device details with VM monitoring, 246Device Discovery set up window, 56device group, 488device groups, 36default, 37Device Inventory report, 601, 607device nodes (topology), 89device properties, 51Device reports, 607Device Status report, 601, 614Device tab, 52Devices and ports, editing, 221diff viewer, 494Directory serverAdding new, 565Deleting, 570Editing a configuration, 568directory server settings, 571Ridgeline <strong>Reference</strong> <strong>Guide</strong>751
Directory ServersConfiguring, 565Disabled access, 458, 465Disabling Monitoring, 537Discover button (Device Discovery dialog), 57Discovery, 55Add button, 58Discovery Results window, 58display mode, real-time statistics, 451Display Network user detailsDetailsDisplay network user, 579displaying user information reports, 575distributed server administration, 482configuring server group manager, 484configuring server group member, 483Distributed Server summary report, 606dockable windows, 32download<strong>Extreme</strong>Ware software image, device, 389incremental configuration, 356saved device configuration, 355Download button (Configuration Manager), 355dynamic, 487EEAPS configurationvalidate, 266EAPS Monitor<strong>Extreme</strong>Ware version support, 250<strong>Extreme</strong>XOS version support, 250edit profile configurationUniversal Port Manager, 499Editingdirectory server configuration, 568Policy, 149Roles, 560editing, 508list of devices and ports, 221Universal Port Manager, 512E-Line, ELAN, importing services, 126E-mailalarm action, 319setting up for alarms, 321email notification (Config Mgr), 354enable, httpUniversal Port Manager, 486enable,https, 486Enabling VMtracking, 216EPICenter, 487eSupport Export report, 600, 603event binding, 488event configuration, 328CPU utilization rule display, 329CPU utilization rules, 328RMON rules, 328rule target, 336Event Log history, 646Event Log report, 601, 629event variables, 522Export button, 437, 443Export Local button, 437, 443exporting, 508exporting profile, 496<strong>Extreme</strong>Ware imagesfile locations, 382<strong>Extreme</strong>Ware requirementsfor IP/MAC Address Finder, 436, 486<strong>Extreme</strong>Ware software imagedownloading to device, 389specifying current version, 382, 395upgrading device, 388<strong>Extreme</strong>XOS scriptsdeploying, 376Ffalling thresholdCPU utilization, 334for predefined RMON events, 335RMON events, 332FDB, 436, 441, 471database, 596edge port display, 478MAC, 595MAC, Poller, 636polling, 471, 479, 594, 623, 636, 643polling enabled, 743polling of switch, 643retrieve, 479search, 596table data, 479filter definitions, network profile view, 490Filtered Profiles table, 491filteringin reports, 604filtering alarms, 301, 303, 304, 306filters, network profiles, 490Find Address Tasks List window, 437Find buttonin IP/MAC Address Finder, 438FindAddr utility, 712firmwareautomated retrieval of updates, 661detecting obsolete images, 661Firmware Manager, 381download image to device, 389software version specification, 382summary status, 383Upgrade command, 382upgrade device image, 388Forward trap alarm action, 319forwarding database. See FDBfunctions, 486752Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Gglobal archive uploads, scheduling, 350HHitless upgrade, 389Home page, 27hyper node, 90IIdentifying VMMs and VMs, 211Identity ManagementDisable Monitoring, 537Monitoring, 537Reports, 580software license, 526Identity Monitoringenabling, 530idmEditingRoles, 560idmViewingRoles, 558image filesBootROM files location, 382file locations, 382image upgradeBootROM update, 388<strong>Extreme</strong>Ware software image, device, 388Hitless upgrade, 389import, 126import E-line or ELAN service, 126Importing E-Line and E-L AN services, 126Importing VMsVMs, importing, 213ImportResources utility, 717inactive and active userslisting, 578Increment button (Configuration Manager), 356incremental configuration file, 358individual errors graph, 446Interface, 601Interface report, 601, 623inventoryexport scripts, 707troubleshooting, 747Inventory Manageradding devices, 62Discovery, 55IP addressfinding with IP/MAC Address Finder, 435IP/MAC Address FinderAdd button, 439, 440creating a search task, 438Delete button, 437<strong>Extreme</strong>Ware requirements, 436, 486Remove All button, 440Remove button, 439, 440Search Domains list, 439search results, 442Search Type, 439Submit button, 440, 441Target Domains list, 440Task List, 438tasks list, 437Tasks List Summary, 437WildCard button, 439KKerberos age out times, 571Llink (topology), 91composite link, 91Logout button, 603MMACFDB, 595FDB Poller, 636MAC polling, 643MAC-in-MACand ACLs, 270SVLANs, 270Main page, Reports, 602Manager access, 458, 465managing global settings, 571map elements (Topology), 89composite link, 91decorative node, 91device node, 89hyper node, 90link, 91submap node, 90text node, 91map nodeslaying out, 98Messages tab, 323meta data, UPM, 513MIB poller, 647MIB Poller Summary report, 602MIB query, 652MIB Query report, 602MIB variablesin RMON rules, 332in RMON threshold configuration, 332Ridgeline <strong>Reference</strong> <strong>Guide</strong>753
Modify buttonin Alarm Category, 326in Alarm Definition, 311in RMON Configuration, 330modifying, 512alarm category, 326alarm definition, 311device information, 64RMON configuration, 330user accounts, 462Monitor access, 458, 465NNetwork Clients tab, 53Network Status Summary report, 606Network Summary Report, 600Network Summary report, 600New buttonin Discovery, 57Non-EPICenter, 487OOverview, 485PPanel View, 50pause alarm processing, 304PolicyAttaching, 151Attaching to a VM, 225Categorizing, 152Deleting, 150Detaching, 151Editing, 149Rules,categorizing, 153Poller,FDB, 636port binding, 488port group, 488port properties, 53predefined alarms, 300, 310profile, 487, 488, 508, 509, 512, 514, 522profile templates, 513profile, edit configuration, 499profile, exporting to harddiskUniversal Port Manager, 496profile, importing, 507profile, manually running, 496profile, saving to EPICenterUniversal Port Manager, 495profile, updating informationUniversal Port Manager, 499profiles, managed profiles viewUniversal Port Manager, 502profiles, renamingUniversal Port Manager, 505profiles, saving new version, 505profiles, viewing detailsUniversal Port Manager, 493PropertiesDevice tab, 52Network Clients tab, 53Syslog Messages tab, 53RRADIUS, 458, 589client configuration, 468configuring shared secret, 468disabling, 469server, 459server administration, 467server port configuration, 468RADIUS Administration tab, 467Real-Time Statistics, 445graph preferences, 451, 452individual errors graph, 446total errors graph, 446refreshing users and roles, 551related publications, About This <strong>Guide</strong>, 20Release Notes, 19Remote Authentication Dial In User Service. SeeRADIUSRemove All buttonin IP/MAC Address Finder, 440Remove buttonin Discovery, 57in IP/MAC Address Finder, 439, 440Remove Condition(s) button, 308Remove Filter(s) button, 309ReportsDisplay identity management, 580Network Summary Report, 600reports, 601, 605Alarm Log, 601Alarm Log report, 628Config Mgmt Log, 601Debug EPICenter, 602Device Details, 609Device Inventory, 607Device Inventory report, 601, 607Device reports, 607Device Status report, 601, 614Distributed Server summary, 606eSupport Export, 600, 603Event Log, 601Event Log report, 629exiting, 605exporting, 638filtering, 604Interface report, 623Main page, 602MIB Poller Summary, 602MIB Query, 602Network Status Summary report, 606Network Summary report, 600754Ridgeline <strong>Reference</strong> <strong>Guide</strong>
printing, 638Server State Summary, 602Slot Inventory report, 601, 617sorting, 605Syslog, 601System Log report, 632Unused Port, 601requirements, software, 486ReRun button, 437, 443resume alarm processing, 304Ridgeline, 664Ridgeline clienttroubleshooting, 740Ridgeline database, troubleshooting, 741Ridgeline serverperformance tuning, 643troubleshooting, 742rising thresholdCPU utilization, 334for predefined RMON events, 335RMON events, 332RMONconfiguration, 328event configuration rules, 328Falling Threshold configuration, 329, 332falling threshold, predefined events, 335MIB variables for rules, 332Port Utilization predefined rule, 335predefined rule definition, 335Rising Threshold configuration, 329, 332rising threshold for predefined events, 335rule definition, 332rule display, 328rule target configuration, 336Sample Type, 332Sample Type (predefined rule), 335Startup Alarm, 333Startup Alarm for predefined rule, 335synchronize with device rules, 337Temperature predefined rule, 335Topology change predefined rule, 335traps, 300, 301RolesAssociating with Policies, 562Creating, 541Defining new, 542Deleting, 561Deleting a policy associated with a role, 564Editing, 560Hierarchy, 528usermangement, 526viewing, 558Viewing details, 559rolesAdministrator, 458, 465Manager, 458, 465Monitor, 458, 465Roles, Policies, and Rules, 526ruleCPU utilization event configuration, 333display, CPU utilization, 329display, RMON, 328predefined RMON event configuration, 335RMON threshold configuration, 332threshold target configuration, 336Rules, categorizing policy rules, 153Run program alarm action, 319SSample TypeAbsolute (for CPU Utilization, 334Absolute (predefined RMON), 335Absolute (RMON), 332Delta (for CPU Utilization), 334Delta (RMON), 332saving profiles, 495scheduled baseline upload, 359scheduled configuration upload, 349scope for alarms, 315Scope tab, 315Search Domains list, 439search resultsDiscovery, 58IP/MAC Address Finder, 442Search Target, IP/MAC Address Finder, 438search task (IP/MAC Address Finder), 438Search Type, IP/MAC Address Finder, 439securityrelevant syslog messages (table), 597SNMPv3, 592using VLANs, 598server properties, 460administration of, 469Automatically Save Configuration, 471Client Port, 481Device HTTP Port, 471Device Telnet Port, 471Device Tree UI, 481Devices properties, 471DHCP Temporary Lease, 481DNS Lookup Timeout Period, 481Enable MAC Polling, 480Enable Syslog Server, 471EPICenter Trap Receiver Port, 477External Connections Properties, 478Features Properties, 472HTTP Proxy Device, 478HTTP Proxy Port, 478IP QoS Rule Precedence, 481Load Information from http//www.extremenetworks.com, 478MAC Polling Properties, 480Number of Retries, 477Other properties, 481Poll Devices Using Telnet, 471Ridgeline <strong>Reference</strong> <strong>Guide</strong>755
Poll Interval, 477Save Changed Configurations, 471Save Switch Password for Vista Login, 472Scalability properties, 474ServiceWatch URL, 481Session Timeout Period, 481setting, 469SNMP properties, 476SysLog Message Min Severity, 471Syslog Message per Device, 476Syslog Message per Minute, 476System Load, 480Telnet Login Timeout Period, 471Telnet Screen Width, 481Thread Default Alloc Size, 475Thread Pool Size, 475Timeout Period, 477Traps per device, 475Traps per Minute, 476Update Type Library on Server, 481Upload/Download Timeout Period, 471Use EPICenter Login for Telnet, 472Server Properties tab, 469Server State Summary report, 602Service Reconciliation, 126Service, import E-line or ELAN, 126settinggraph preferences (RT Stats), 452server properties, 460, 469setting archive limits, 352Settings... button (Alarms), 322Show Full Path checkbox, 94, 171Slot Inventory report, 601, 617SNMPalarm event type, 313default trap port number, 664MIB query, 652polling, 642SNMPv3 for security, 592total traps rate limit, 476traps, 299, 301traps per device rate limit, 475software imagechecking for version availability, 388obtaining updates, 386software imagesfile locations, 382software license, Identity Management, 526sortingreports, 605sound alert alarm action, 319SSH, 593SSH2 (Inventory Manager), 65, 69Stacking devicein Firmware Manager, 384upgrading software, 389Startup Alarmfor CPU Utilization, 334for predefined RMON rule, 335RMON, 333static, 487statisticsdisplay mode, real-time, 451graph preferences (RT Stats), 452individual port real-time, 450multi-port real-time, 448real-time, 445submap node, 90Submit button, 440, 441Sync buttonin RMON configuration, 330, 337synchronize (RMON), 337Syslogalarm event type, 314configuring Ridgeline as Syslog receiver, 663enabling EPICenter Syslog server, 471history, 53message storage, 53messages in alarms, 314restarting the server, 471setting minimum severity for message acceptance,471Syslog Messages tab, 53total messages rate limit, 476Syslog Messages tab, 53Syslog report, 601System Log report, 632TTarget Domains list, 440Target tab, 336Task Name, IP/MAC Address Finder, 438Tasks List Summary window, 437Tcl-based, 605templates, profileUniversal Port Manager, 513terminology, 487terminology, About This <strong>Guide</strong>, 19test wizard, 514text node, 91TFTP serverenabling/disabling, 365setting root directory path, 366Threshold Configuration page, 328Threshold Configuration tab, 328topologycomposite link, 91decorative node, 91device node, 89hyper node, 90link, 91map elements, 89submap node, 90text node, 91756Ridgeline <strong>Reference</strong> <strong>Guide</strong>
total errors graph, 446TransferMgr utility, 714trapsdefault trap port number, 664<strong>Extreme</strong> proprietary, 301RMON, 300, 301setting Ridgeline to receive, 664SNMP, 299, 301total traps rate limit, 476traps per device rate limit, 475trigger events, 522troubleshootingAlarm System, 745Configuration Manager, 748Printing, 748Reports, 748Ridgeline client, 740Ridgeline database, 741Ridgeline server, 742VLANs, 745UUnack button, 303Universal Port Manager, 485, 486, 487, 488, 490, 491,493, 494, 495, 496, 499, 502, 505, 507, 508, 509, 512,513, 514, 522Unused Port report, 601Unviersal Port Manager, 486updating, upm information, 499uploadbaseline, scheduled, 359device configuration, 345scheduled archive, 349Upload button (Configuration Manager), 345UPM, meta data, 513UPM, terminology, 487user, 487<strong>Extreme</strong>Ware access, 459predefined user, 459User Administration page, 461user detailsdisplaying, 579User Management, role based, 526user rolesand RADIUS authentication, 590users and deviceslisting, 576Users table, 576users, adding, 462users, modifying, 462VValidate EAPS, 266Variables... button (Alarms), 319Vendor-Specific Attribute. See VSA, 590view diff, profilesUniversal Port Manager, 494view, managed profiles, 502view, network profiles, 488Viewing role details, 559Viewing Roles, 558viewing user information, 575viewing, profile details, 493Virtual LANs. See VLANsVLAN Services, 175VLANs802.1Q tag, 155, 598definition of, 155for security, 598protocol filters, 155, 598troubleshooting, 745VMAttaching Policy, 225Details view, 245monitoring device details, 246VM tracking on a switch, 216VMMs and VMs, Identifying, 211VMs tab, viewing information, 241VSA, 590configuring, 591WWildCard button, 439wildcardsin IP/MAC Address Finder, 438ZZoom In menu selection, 95Zoom Map Out menu selection, 95Ridgeline <strong>Reference</strong> <strong>Guide</strong>757
758Ridgeline <strong>Reference</strong> <strong>Guide</strong>
Change language