VOSS 8.

2 Segmented Mgmt Stack explained

Ludovico Stevens
Technical Marketing Engineering
November 2022
VOSS Management before 8.2
VOSS IP mgmt prior to 8.2 (still applies to VSP8600)
• Switch mgmt via
• Out-of-band: OOB Ethernet port
CPU • Inband: Any IP address configured
on default GRT (vrf-0)
Control plane • CPU selects OOB vs. Inband exclusively
based on MgmtRouter and GRT routes
Data plane
• If OOB and GRT are IP routed
Mgmt together, can result in non-
OOB port IP-oob Router functional asymmetric routing
vrf-512
• Mgmt traffic initiated by switch over
inband, selection of source IP
ambiguous:
Circuitless IP IP-3 VLAN 40 • GRT IP interface corresponding to
VRF next-hop IP for destination non-ISIS
route
vrf-X
Brouter 1/2 IP-1 IP-2 VLAN 30 • GRT ISIS Source IP for ISIS route
• Need to configure fixed source IP to
use/advertise for some protocols:
Circuitless IP IP-3 VLAN 20 RADIUS, SNMP, Syslog, LLDP,
SONMP, etc..
GRT
vrf-0 • NOTE: No OOB port on XA1400,
Brouter 1/1 IP-1 IP-2 VLAN 10 VSP4850, VSP4450
• VSP4850 support up to VOSS7.1.x
3 only ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
VOSS IP mgmt prior to 8.2 (still applies to VSP8600)

CPU interface mgmtEthernet mgmt

ip address <ip>/<mask>
Control plane exit
router vrf MgmtRouter
Data plane ip route <net> <mask> <nexthop> weight <val>
exit
Mgmt
OOB port IP-oob Router
vrf-512

Circuitless IP IP-3 VLAN 40

interface loopback <id>
VRF ip address <ip>/<mask>
vrf-X exit
Brouter 1/2 IP-1 IP-2 VLAN 30
interface gigabitEthernet <port>
brouter vlan <vid> subnet <ip>/<mask>
Circuitless IP IP-3 VLAN 20 exit

GRT
vrf-0 interface vlan <vid>
ip address <ip>/<mask>
Brouter 1/1 IP-1 IP-2 VLAN 10
exit
4 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
VOSS IP mgmt prior to 8.2 – DVR Leaf
• A DVR Leaf does not actually
CPU have a full IP stack for the
DVR interfaces
Control plane • The GRT DVR interfaces
Data plane cannot be used for
Mgmt mgmt
OOB port IP-oob Router
vrf-512 DVR Leaf only
router isis
inband-mgmt-ip <ip>
exit

DVR-4 VLAN 40
VRF
vrf-X
• Instead, a Circuitless IP was
DVR-3 VLAN 30 created in GRT, but using a
new command as the
traditional “interface
Circuitless IP DVR-2 VLAN 20
loopback <n>” config context
GRT
vrf-0
is not available on a DVR Leaf
DVR-1 VLAN 10 node
5 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Pre-8.2 mgmt asymmetrical routing problems
OOB segment

Firewall

Mgmt segment

External IP router

• A mgmt initiated packet (e.g. SNMP Request, or SSH TCP Syn) destined for a VSP inband GRT IP address
• VSP sends response (SNMP Response, or SSH TCP SynAck) via OOB port, if the OOB has a valid IP route
• Communication will fail, for SNMP, SSH, Telnet; but ICMP ping works, so very confusing!
• Recommendation pre-8.2: keep OOB network separate; do not configure a default route in MgmtRouter VRF
• VOSS 8.2 however only solves this problem for TCP based protocols (i.e. not for SNMP, RADIUS, Syslog, etc..)
6 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
VOSS Management from 8.2 onwards
VOSS IP mgmt 8.2 with Segmented Mgmt Interface
mgmt oob IP • Switch mgmt via 3 unambiguous IP
Segmented interfaces:
Mgmt mgmt clip IP CPU • mgmt oob
Interface mgmt vlan IP
• mgmt clip
Control plane • mgmt vlan
Data plane • mgmt clip can be assigned to any VRF/GRT
Mgmt • mgmt vlan can be assigned to any VLAN
OOB port Router
vrf-512 • When switch responds to mgmt request,
response will now always use same mgmt
interface request arrived on
• No more problems with asymmetrical
Circuitless IP mgmt routing
IP-3 VLAN 40
VRF • No need to configure source IP for mgmt
protocols
vrf-X
Brouter 1/2 IP-1 IP-2 VLAN 30 • For which mgmt IP LLDP and SONMP
should advertise, any of the 3 mgmt
interfaces can be selected
Circuitless IP IP-3 VLAN 20 • MgmtRouter vrf-512 becomes obsolete
GRT • CLI show commands & SNMP MIB are
vrf-0 maintained and will now show
Segmented Mgmt IPs for it
Brouter 1/1 IP-1 IP-2 VLAN 10
• NOTE: No OOB port on XA1400, VSP4450
8 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
VOSS IP mgmt 8.2 with Segmented Mgmt Interface
mgmt oob
mgmt oob IP
Segmented ip address <ip>/<mask>
Mgmt mgmt clip IP CPU enable
ip route <net>/<mask> next-hop <nhop> [weight <val>]
Interface mgmt vlan IP [force-topology-ip]
Control plane exit

Data plane
mgmt clip [vrf <name>]
Mgmt ip address <ip>/32
OOB port Router enable
vrf-512 [force-topology-ip]
exit

• IPv6 also supported (except on XA1400)

mgmt vlan <vid>
Circuitless
ip address IP
<ip>/<mask> IP-3 VLAN 40 • force-topology-ip
enable VRF • Determines which mgmt IP used in LLDP
ip route <net>/<mask> next-hop <nhop> [weight <val>] advertisements
vrf-X
[force-topology-ip] • Will advertise both IPv4 and IPv6 if both
Brouter 1/2
exit IP-1 IP-2 VLAN 30 configured
• Gotchas!
• if switch booted without a config (ZTF defaults)
Circuitless IP IP-3
DVR Leaf only (new in VOSS 8.5.0.0)
VLAN 20 mgmt vlan will already be created for vlan 4048
GRT
mgmt vlan i-sid <isid> • mgmt IPs must be “enabled”
• configuring a mgmt IP does not automatically
vrf-0
ip address <ip>/<mask>
turn off mgmt dhcp-client; remember to turn
enable
Brouter 1/1 ip route IP-1 IP-2 <nhop>VLAN
<net>/<mask> next-hop
10
[weight <val>]
that off:
- no mgmt dhcp-client
[force-topology-ip]
9 exit ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Segmented Mgmt Interface - quick-config-mgmt
mgmt oob IP
Segmented
Mgmt mgmt clip IP CPU • quick-config-mgmt
Interface • Integrated interactive script
mgmt vlan IP
Control plane to configure segmented
mgmt IP interfaces
Data plane
• Useful if starting afresh with
Mgmt 8.2 or later
OOB port Router
VSP:1#% vrf-512
quick-config-mgmt
Welcome to the management interface setup utility.
You will be requested for information to initially configure the switch.
When finished the information will be applied and stored as a part of the configuration.
Once the basic parameters are configured, additional configuration can
Circuitless IP IP-3
proceed using other management interfaces. Press
VLANq 40
to abort at any time.
Management interface types:
VRF
1 - Out of band management port
vrf-X
3 - In-band port-based VLAN
Please enter management interface type or "q" to quit. [1]:
Brouter 1/2 IP-1 IP-2 VLAN 30
• IPv4 only is supported
Circuitless IP • Can setup only one interface
IP-3 VLAN 20
at a time
GRT
• Management CLIP is not
vrf-0 supported
Brouter 1/1 IP-1 IP-2 VLAN 10

10 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

 Segmented Mgmt Interface – DHCP Client
mgmt oob mgmt vlan <vid>
enable mgmt oob IP
Segmented enable
exit
Mgmt
mgmt dhcp-client oob mgmt clip IP CPU exit
mgmt dhcp-client vlan
Interface mgmt vlan IP
Control plane • New segmented mgmt interface comes
New Zero-Touch Defaults (8.2) with new DHCP Client
mgmt oob
enable
Data plane • Only for mgmt vlan and mgmt oob
exit Mgmt • Create and enable the mgmt interface type
mgmt vlanOOB4048 port Router then enable dhcp-client on it
enable vrf-512
exit • In practice this will only be used when the
dhcp-client cycle VSP boots up in the new 8.2 and 8.3 zero-
touch factory defaults, which introduce the
concepts of the onboarding Private-VLAN
Circuitless IP IP-3 VLAN 40 (4048) and ETREE I-SID (15999999) and
where all VSP ports are enabled and
VRF members of PVLAN 4048
vrf-X • This new zero-touch “default” mode
Brouter 1/2 IP-1 IP-2 VLAN 30 applies when the VSP is booted
without any config file
• NOTE: this does not apply to the old
“boot config flag factorydefaults” which
Circuitless IP IP-3 VLAN 20 produces the original default config
GRT where all ports are disabled and
members of VLAN 1
vrf-0 • dhcp-client cycle mode will
Brouter 1/1 IP-1 IP-2 VLAN 10 alternatively try and obtain a DHCP IP
on either the oob or vlan interfaces
11 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
 Segmented Mgmt Interface – Link-Local IP

Both the OOB Mgmt and inband Mgmt VLAN interfaces can auto-assign an
IPv4 link-local address
• 169.254.xx.1/16 on Mgmt OOB and/or 169.254.xx.4/16 on Mgmt VLAN
- where xx is second last Byte from Base MAC address of the node
• No config required
• Link-local IP address goes away if a manual static IP is configured

Example: OOB
• BaseMacAddr: 00:51:00:f9:20:00 Port

→ 0x20 = 32 Automatic Mgmt OOP IP: 169.254.32.1/16

PC IP: 169.254.1.1/16

• OOB Mgmt IP: 169.254.32.1/16 any

Port

• Mgmt VLAN IP: 169.254.32.4/16

PC IP: 169.254.1.1/16 Automatic Mgmt VLAN IP: 169.254.32.4/16

©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

©2023 Extreme Networks, Inc. All rights reserved 12
Segmented Mgmt Interface – convert command
mgmt oob IP
• Introduced in VOSS 8.5.0.0
Segmented
Mgmt mgmt clip IP CPU • Allows an existing mgmt IP to be
Interface switched to a different IP and/or
mgmt vlan IP
Control plane on a different VLAN-id, I-SID or
VRF
Data plane
Mgmt • Automatic rollback if user is not
OOB port Router able to connect to new IP within
vrf-512 configurable rollback time
VSP:1(config)#% mgmt vlan
VSP:1(config:vlan)#% convert [vlan <vid>] [ports-tagged <ports>] [ports-untagged <ports>] [i-sid <i-sid>] [ip <addr/mask>] [gateway <ip>] [rollback <secs>]
- Or -
Circuitless
VSP:1(config)#% mgmt
clip
IP IP-3 VLAN 40
VSP:1(config:clip)#%
- Or -
VRF
convert [vrf <name>] [ip <addr/mask>] [gateway <ip>] [rollback <secs>]

VSP:1(config)#% mgmt oob vrf-X

Brouter 1/2
VSP:1(config:oob)#% convert [ip <addr/mask>] [gateway <ip>] [rollback <secs>]
IP-1 IP-2 VLAN 30
WARNING: The existing mgmt interface will be deleted and re-created with the given parameters, please reconnect to the switch and issue 'mgmt
convert-commit' command before the 120 second rollback timer expires.
Continue with this operation (y/n) ?
Circuitless IP
<SSH/Telnet connection is lost> IP-3 VLAN 20
GRT
<Re-connect to newly configured IP (including new VLAN/I-SID/VRF if one was set/changed)>

Mgmt convert: Please issue 'mgmt vrf-0

convert-commit' in the remaining XX seconds before rollback timer expires otherwise mgmt XXXX config change will be reverted

Brouter 1/1
VSP8000-1:1(config)#% IP-1
mgmt convert-commit IP-2 VLAN 10

13 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

VOSS IP mgmt 8.2 – reduced asymmetrical routing (TCP only)
OOB segment
UDP based
protocols

Firewall

TCP based
mgmt protocols
not initiated by
switch

Mgmt segment

External IP router

• Segmented mgmt interfaces use Linux VR contexts

• If a mgmt request is received on mgmt clip, the switch response will always use the same mgmt interface
• However, this only works for TCP based protocols, not initiated by the switch, like SSH, Telnet, HTTP, HTTPS, etc..
• For switch-initiated messages (TCP or UDP) and all UDP based protocols (SNMP, Syslog, RADIUS, etc..), the same issues of asymmetrical
routing persists and per mgmt interface routes are inspected and the best route with the lowest metric will determine the outgoing
segmented mgmt interface
• Default metric weights: clip = 100, vlan = 200, oob = 300
• Static routes can only be configured for mgmt vlan & mgmt oob (and different weight can be configured)
14 • For mgmt clip, the IP routes of the associated VRF/GRT apply (always with weighting 100) ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Segmented Mgmt Interface: L3 BEB / L3 Router
mgmt oob IP • If the VSP is a L3 BEB (or a non-
Segmented Fabric IP router), inband
Mgmt mgmt clip IP CPU
management should use mgmt
Interface mgmt vlan IP clip
Control plane
• The mgmt vlan interface
Data plane “should” not be used
Mgmt
OOB port Router
• The mgmt clip interface can be
vrf-512
associated with the GRT (as
before) but can now also be easily
associated with any VRF
• If IP Shortcuts or L3VSN is
Circuitless IP IP-3 VLAN 40 enabled on the GRT/VRF, the
VRF mgmt clip will automatically be
vrf-X redistributed even if
Brouter 1/2 IP-1 IP-2 VLAN 30 redistribution of directs is not
enabled

Circuitless IP
• Note that management via a GRT
IP-3 VLAN 20
Circuitless IP was already best
GRT practice pre-8.2 for L3 BEBs
vrf-0
Brouter 1/1 IP-1 IP-2 VLAN 10 • The mgmt oob interface can also
be used
15 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Segmented Mgmt Interface: L2 BEB / L2 Switch
mgmt oob IP • If the VSP is a L2 BEB (or non-Fabric L2
Segmented switch), inband management should
Mgmt mgmt clip IP CPU use mgmt vlan
Interface mgmt vlan IP • The mgmt clip can however still
Control plane be used on a L2BEB, on the GRT,
but it will require IP enabling
Data plane SPBM
Mgmt • On a non-Fabric L2 switch, the
OOB port Router mgmt clip cannot really be used
vrf-512 as there are no IP interfaces to
route to/from that clip
- It would require turning the VSP
switch into a L3 switch
VLAN 40
• The mgmt vlan interface can be
associated with any platform VLAN
already created on the switch
VLAN 30
• The VLAN can of course be made
into a fabric wide L2VSN by
assigning an I-SID to it
VLAN 20
GRT • The mgmt oob interface can also be
vrf-0 used
VLAN 10

16 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Segmented Mgmt Interface: DVR Leaf, CLIP mgmt
mgmt oob IP • A DVR Leaf is a special case as it is
Segmented a L3 BEB in the data plane but a L2
Mgmt mgmt clip IP CPU
BEB from a configuration
Interface mgmt vlan IP management perspective
Control plane
Data plane
• If mgmt will be done over the GRT
then mgmt clip can be used
Mgmt
OOB port Router • This will be equivalent to the
vrf-512
pre-8.2 inband-mgmt-ip
• However, on a DVR Leaf, the
mgmt clip can only be associated
DVR-4 VLAN 40 with GRT
• As a DVR Leaf does not have any
L3 I-SID locally configured VRFs
DVR-3 VLAN 30 • A DVR Leaf already has SPBM IP
enabled, so no extra config is
required if a mgmt CLIP is created
DVR-2 VLAN 20
GRT • The mgmt oob interface can also
vrf-0 be used
DVR-1 VLAN 10

17 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Segmented Mgmt Interface: DVR Leaf, VLAN mgmt
mgmt oob IP • A DVR Leaf is a special case as it is a L3 BEB in
Segmented the data plane but a L2 BEB from a configuration
Mgmt mgmt clip IP CPU management perspective
Interface • Configuration of mgmt VLAN on DVR Leaf
mgmt vlan IP changed in VOSS 8.5
Control plane
• No need to create any VLANs, which is not
Data plane allowed on a DVR Leaf anyway
Mgmt • Simply create the mgmt VLAN against a L2
I-SID
OOB port Router - mgmt vlan i-sid <isid>
vrf-512
• For network wide VLAN management the above
is sufficient
• If the network management is IP routed on a
VLAN 40 VRF (or the GRT) then the mgmt VLAN I-SID can
be attached to an IP VLAN routed interface on
L3 I-SID the DVR Controllers
• The DVR Controllers should have an IP VRRP
DVR-3 VLAN 30 interface for this same mgmt I-SID
associated with the VRF (or GRT) used for
management
- Do not configure DVR on this VLAN !
DVR-2 VLAN 20
• Local DVR interfaces on the same mgmt
GRT VRF (or GRT) on the DVR Leaf will not be IP
vrf-0 routed directly to the local mgmt i-sid but
will be able to reach it via the DVR Controller
DVR-1 VLAN 10
• The mgmt oob interface can also be used
18 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Segmented Mgmt Interface: L3 BEB special cases
mgmt oob IP
• In some cases, it might be
Segmented necessary to configure mgmt vlan
Mgmt mgmt clip IP CPU even on a L3 BEB:
Interface mgmt vlan IP • XA1400 or VSP running Fabric
Control plane Extend over a dedicated VRF
Data plane and it is desired to reach the
switch on that VRF from the
Mgmt Internet (e.g., Cloud-IQ) or from
OOB port Router WAN underlay
vrf-512
• VSP7400 or VSP4900 with FIGW
VM and it is desired to SSH/FTP
the VM from the VSP host switch
Circuitless IP IP-3 VLAN 40 • In both the above cases a mgmt
VRF clip also exists for normal inband
vrf-X mgmt
Brouter 1/2 IP-1 IP-2 VLAN 30 • If a mgmt vlan is created on a
VLAN which already has an IP
address in the GRT/VRF, then the
Circuitless IP IP-3 VLAN 20 mgmt vlan IP must be made the
GRT
same as that IP address
vrf-0 • All three mgmt interfaces can be
Brouter 1/1 IP-1 IP-2 VLAN 10 used in this example
19 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Segmented Mgmt Interface: L3 BEB mistake to avoid!
• For a L3 VSP (BEB or non-Fabric),
mgmt oob IP management via a GRT Circuitless IP
Segmented
Mgmt mgmt clip IP CPU was already best practice pre-8.2 for L3
Interface BEBs
mgmt vlan IP
Control plane • However, some customers may not
Data plane have followed that best practice, and
used a GRT VLAN IP for managing all of
Mgmt their L3 BEBs and L2 BEBs alike
OOB port Router
• This did work pre-8.2
vrf-512
• However, this may NOT work properly
on a L3 BEB with the new Segmented
Mgmt interface
Circuitless IP IP-3 VLAN 40
• The mgmt vlan IP can only be
VRF reached if traffic destined to it
vrf-X enters the VSP switch on the same
Brouter 1/2 IP-1 IP-2 VLAN 30 VLAN
• If the traffic destined to it enters
the switch on a different IP
Circuitless IP IP-3 VLAN 20 interface of the same GRT/VRF,
GRT then it will not get IP routed to the
mgmt vlan IP destination
vrf-0
• Of course, if an external Firewall IP
Brouter 1/1 IP-1 IP-2 VLAN 10
routes onto the mgmt vlan
segment then it will work fine
20 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Segmented Mgmt Interface: L3 BEB mistake to avoid!
OOB segment

Firewall

Mgmt segment

External IP router

• In this example, the VSP mgmt vlan IP cannot be reached because the mgmt packet
entered the switch on a different IP interface
• This is true even if a routing VLAN IP is already also configured on the underlying platform
VLAN and IP routing is possible between both IP interfaces
• This is a mistake. As the VSP is clearly a L3 router and would have to route traffic to the
mgmt vlan subnet, mgmt clip must be used
21 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Migration to 8.2
Migration of L3 BEB / L3 Router

Upgrade to 8.2

• NOTE, after the upgrade the GRT CLIP will have gone
interface loopback <id> • If an ISIS Source IP was in use, re-create a new GRT
migrate-to-mgmt CLIP (using a different IP address) and assign that as
exit the new ISIS Source IP
• This operation can also be done before the
• “migrate-to-mgmt” command is upgrade by creating a second CLIP on GRT and
moving the ISIS Source IP to that second CLIP,
available since VOSS 7.1.3, 8.0.1 and 8.1.0 while the first CLIP is set to migrate-to-mgmt and
will disappear after the upgrade
• save config and upgrade
• As of 8.2 an ISIS Source IP is not mandatory but is still
recommended if using IP Shortcuts and will be
23 required again by DVR-One-IP ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Migration of L2 BEB / L2 Switch

Upgrade to 8.2

• NOTE, after the upgrade the GRT VLAN IP will

interface vlan <vid> have gone
migrate-to-mgmt
exit • If the VSP has more than 1 IP address on more
than 1 VLAN before the upgrade, then think twice;
• “migrate-to-mgmt” command is the VSP is probably a L3 BEB and should be
manged via a CLIP instead!
available since VOSS 7.1.3, 8.0.1 and 8.1.0
• If Application Telemetry / sFlow is in use, this will
• save config and upgrade not work with mgmt vlan; in this case consider
using mgmt clip or mgmt oob
24 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Migration of DVR Leaf

Upgrade to 8.2

• simply upgrade • The DVR inband-mgmt-ip CLIP

automatically becomes the new
segmented mgmt clip
• The ISIS inband-mgmt-ip command
becomes obsolete in 8.2

25 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Upgrade paths to VOSS 8.2+

Upgrade
Switch to be migrated: Pre-migration (7.1.3+) steps to 8.2+ Post-migration steps
OOB managed Access through OOB
Commit
(Optionally add management CLIP and
Switches management VLAN IP)
software

DVR Leafs Access through inband-mgmt-ip Commit

address software

(optionally
SPB Switches that Execute ‘migrate-to-mgmt’ under add ‘mgt Access through selected mgmt CLIP address Commit
are inband IP-SC existing IP CLIP interface context for OOB’ and change isis ip-source-address to different software
‘mgmt
SPB IP-SC IP interface non-mgmt IP address
managed VLAN’ IP)

(optionally
Select one CLIP address and add ‘mgmt
L3 Switches that are
execute ‘migrate-to-mgmt’ on CLIP - OOB’ and
CLIP managed or define NEW ‘mgmt CLIP” interface
‘mgmt
VLAN’ IP)
Access through selected mgmt CLIP Commit
address software
Configure a CLIP mgmt interface and (optionally
L3 Switches that are inband add ‘mgmt
VLAN IP managed execute ‘migrate-to-mgmt’ under it OOB’)

Select existing bridged mgmt VLAN host IP and

L2 Switches that are inband execute ‘migrate-to-mgmt’ under existing IP
(optionally Access through VLAN host IP Commit
add ‘mgmt
VLAN IP managed interface context or define NEW ‘mgmt VLAN’ IP software
OOB’)
interface

On selected bridged VLAN or CLIP execute ‘migrate-to-

mgmt’ under existing IP interface context OR configure Access through selected CLIP or Commit
XA Platform new mgmt VLAN or CLIP interfaces in VOSS 8.1.1 or VLAN host IP software
later releases (excl. 8.1.50)

26 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

VOSS 8.2+ upgrade – what if?

Upgrade to
Switch to be migrated: Pre-migration (7.1.3+) 8.2+ Post-migration

OOB managed If desired: add management CLIP and

Switches management VLAN IP

DVR Leafs Access through inband-mgmt-ip address

SPB Switches that switch only reachable through OOB (if available) but not
are inband IP-SC No migrate-to-mgmt executed reachable anymore through IP-SC clip and will reboot back
managed to 7.1.3+ release if no commit software executed

switch only reachable through OOB (if available) but not

L3 Switches that No migrate-to-mgmt executed reachable anymore through clip and will reboot back to
are CLIP managed 7.1.3+ release if no commit software executed

L2/L3 Switches switch only reachable through OOB (if available) but not
that are inband No migrate-to-mgmt executed reachable anymore through VLAN IP or clip and will reboot
back to 7.1.3+ release if no commit software executed
VLAN IP managed

not reachable anymore and will reboot back to 7.1.3+ release if no

XA Platform No migrate-to-mgmt executed
commit software executed

27 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Ping/Traceroute changes with 8.2
VOSS IP mgmt 8.2 with Segmented Mgmt Interface
ping <IP> mgmt
mgmt oob IP traceroute <IP> mgmt
Segmented
Mgmt mgmt clip IP CPU
VSP:1(config)#% show sys default-ping-context
Interface mgmt vlan IP
Default ping context grt
Control plane VSP:1(config)#% sys default-ping-context ?
grt ping/traceroute context is grt
Data plane mgmt ping/traceroute context is mgmt
vrf ping/traceroute context is vrf
Mgmt
VSP:1(config)#%
OOB port Router
vrf-512
• When pinging from VSP,
must remember to specify the
Circuitless IP IP-3 VLAN 40 “mgmt” context!
VRF ping <IP> vrf <name>
vrf-X traceroute <IP> vrf <name>
Brouter 1/2 IP-1 IP-2 VLAN 30
• If no context, GRT is assumed
Circuitless IP IP-3 VLAN 20
• Default context can be set
GRT ping <IP> [grt]
vrf-0 traceroute <IP> [grt]
Brouter 1/1 IP-1 IP-2 VLAN 10

29 ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.