v

Cumulus Linux Conversion Guides

Cumulus Networks

May 24, 2016

Evolution of the CLI

§ Where did things move?

▪ Cisco ▪ Juniper ▪ Cumulus Linux
interfaces { /etc/network/interfaces:
vlan 100,200
ge-0/1/1 {
unit 0 { auto bridge
interface ethernet 1/1
family bridge { iface bridge
switchport mode access
interface-mode access; bridge-vlan-aware yes
switchport access vlan 100
vlan-id 100; bridge-ports swp1 swp2
} bridge-vids 100 200
interface ethernet 1/2
}
switchport mode access
} auto swp1
switchport access vlan 200
ge-0/1/2 { iface swp1
unit 0 { bridge-access 100
family bridge {
interface-mode access; auto swp2
vlan-id 200; iface swp2
} bridge-access 200
}
}

[Link] 2
Defining a Switch Port

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/network/interfaces
auto swp1
iface swp1

auto bridge
iface bridge
bridge-ports swp1

Cisco
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# switchport

[Link] 3
Adding an IP Address

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/network/interfaces
auto swp1
iface swp1
address [ipv4-address/subnet-mask]
address [ipv6-address/subnet-mask]

Cisco
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# no switchport
switch(config-if)# ip address [ipv4-address/subnet-mask]
switch(config-if)# ipv6 address [ipv6-address/subnet-mask]

[Link] 4
Setting Speed, Duplex, MTU, and Auto-negotiation for an Interface

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/network/interfaces
auto swp1
iface swp1
link-speed [speed]
link-duplex [full|half]
mtu [1500 - 9216]
link-autoneg [on|off]

Cisco
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# speed [speed]
switch(config-if)# duplex [full|half]
switch(config-if)# mtu [1500 - 9216]
switch(config-if)# [no] negotiate auto

[Link] 5
Configuring Trunks

▪ Cumulus Linux Cisco

/etc/network/interfaces:
auto bridge vlan 100,200
iface bridge
bridge-vlan-aware yes interface ethernet 1/1
bridge-ports glob swp1-2 switchport mode trunk
bridge-vids 100 200 interface ethernet 1/2
switchport mode trunk

[Link] 6
Pruning a Trunk

▪ Cumulus Linux Cisco

/etc/network/interfaces:
auto bridge vlan 100,200
iface bridge
bridge-vlan-aware yes interface ethernet 1/1
bridge-ports glob swp1-2 switchport mode trunk
bridge-vids 100 200 switchport trunk allowed vlan 200
interface ethernet 1/2
auto swp1 switchport mode trunk
iface swp1
bridge-vids 200

[Link] 7
Configuring Access Ports

▪ Cumulus Linux Cisco

/etc/network/interfaces:
auto bridge vlan 100,200
iface bridge
bridge-vlan-aware yes interface ethernet 1/1
bridge-ports glob swp1-2 switchport mode access
bridge-vids 100 200 switchport access vlan 100

auto swp1 interface ethernet 1/2

iface swp1 switchport mode access
bridge-access 100 switchport access vlan 200

auto swp2
iface swp2
bridge-access 200

[Link] 8
Changing the Native (Untagged) VLAN for a Single Trunk

▪ Cumulus Linux Cisco

/etc/network/interfaces:
auto bridge vlan 1-200
iface bridge
bridge-vlan-aware yes interface ethernet 1/1-2
bridge-ports glob swp1-2 switchport mode trunk
bridge-vids 1-200 switchport trunk allowed vlan 1-200

auto swp1 interface ethernet 1/1

iface swp1 switchport trunk native vlan 100
bridge-pvid 100
interface ethernet 1/2
auto swp2 switchport trunk native vlan 200
iface swp2
bridge-pvid 200

[Link] 9
EtherChannels/Bonds

▪ Cumulus Linux Cisco

/etc/network/interfaces: Cisco WS-C3560X-24 12.2(55)SE5

auto bond1 vlan 10

iface bond1 !
bond-slaves glob swp19-20 interface GigabitEthernet0/19
bond-miimon 100 switchport trunk encapsulation dot1q
bond-min-links 1 switchport mode trunk
bond-mode 802.3ad channel-group 1 mode active
bond-xmit-hash-policy layer3+4 interface GigabitEthernet0/20
bond-lacp-rate 1 switchport trunk encapsulation dot1q
switchport mode trunk
auto vlan10 channel-group 1 mode active
iface vlan10 interface Port-channel1
bridge-ports bond1.10 switchport trunk encapsulation dot1q
address [Link]/24 switchport mode trunk
bridge-stp on interface Vlan10
ip address [Link] [Link]

[Link] 10
EtherChannels/Bonds

▪ Cumulus Linux Arista

/etc/network/interfaces: Arista DCS-7148S-R 4.13.5F

auto bond2 interface Ethernet37

iface bond2 switchport mode trunk
bond-slaves glob swp37-38 channel-group 2 mode active
bond-miimon 100 interface Ethernet38
bond-min-links 1 switchport mode trunk
bond-mode 802.3ad channel-group 2 mode active
bond-xmit-hash-policy layer3+4 interface Port-Channel2
bond-lacp-rate 1 switchport trunk allowed vlan 12
switchport mode trunk
auto vlan12 interface Vlan12
iface vlan12 ip address [Link]/24
bridge-ports bond2.12
address [Link]/24
bridge-stp on

[Link] 11
EtherChannels/Bonds

▪ Cumulus Linux Cisco

/etc/network/interfaces: Cisco Nexus3064 5.0(3)U2(2c)

auto bond3 feature interface-vlan

iface bond3 feature lacp
bond-slaves glob swp39-40 vlan 14
bond-miimon 100
bond-min-links 1 interface Ethernet1/39
bond-mode 802.3ad switchport mode trunk
bond-xmit-hash-policy layer3+4 channel-group 3 mode active
bond-lacp-rate 1 interface Ethernet1/40
switchport mode trunk
auto vlan14 channel-group 3 mode active
iface vlan14 interface port-channel3
bridge-ports bond3.14 switchport mode trunk
address [Link]/24
bridge-stp on interface Vlan14
no shutdown
ip address [Link]/24

[Link] 12
Spanning Tree Configuration

Immediately bring an interface configured as an access or trunk port to the forwarding state.

▪ Cumulus Linux Cisco

auto swp1 interface Gigabit0/0
iface swp1 spanning-tree portfast
mstpctl-portadminedge yes

[Link] 13
Spanning Tree Configuration

Enabling/disabling the BPDU guard configuration.

▪ Cumulus Linux Cisco

auto swp1 !
iface swp1 spanning-tree portfast bpduguard default
mstpctl-bpduguard yes !
interface Gigabit0/0
spanning-tree portfast

[Link] 14
Spanning Tree Configuration

Enables BPDU filter on a switch port, which filters BPDUs in both directions.

▪ Cumulus Linux Cisco

auto swp1 !
iface swp1 spanning-tree portfast bpdufilter default
mstpctl-portbpdufilter yes !
interface Gigabit0/0
spanning-tree portfast

[Link] 15
Spanning Tree Configuration

Configure the port priority for an interface. The default for both operating systems is 128.

▪ Cumulus Linux Cisco

auto swp1 interface Gigabit0/0
iface swp1 spanning-tree port-priority 128
mstpctl-treeportprio 128

[Link] 16
Spanning Tree Configuration

Configure the switch's priority for a bridge/VLAN. The default for both operating systems is 32768.

▪ Cumulus Linux Cisco

auto vlan1 spanning-tree vlan 1 priority 32768
iface vlan1
mstpctl-treeprio 32768
bridge-ports swp1

[Link] 17
More Spanning Tree Info (Conversion Guide)

[Link]

Spanning Tree
Industry-standard Loop Prevention for L2

[Link] 18
 Access Lists

(Example permit http port 80 traffic to [Link]/24 subnet)

iptables/netfilter (including Cumulus Linux)
iptables -A {FORWARD | INPUT | OUTPUT} -j {ACCEPT | DROP | POLICE | SPAN | ERSPAN} | -p <protocol>
-s <source> --sport [<ports>] -d destination> --dport [<ports>] [<options>]
iptables -A FORWARD -j ACCEPT -p tcp -s [Link]/24 -d [Link]/24 --dport 80

IOS Standard Syntax

access-list <number> {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>]
access-list 10 permit tcp [Link]/24 [Link]/24 eq www

IOS Extended Syntax (including NX-OS)

ip access-list extended {<number> | <name>}
[<sequence>] {permit | deny} <protocol> <source> [<ports>]<destination> [<ports>] [<options>]

ip access-list extended allow_http

10 permit tcp [Link]/24 [Link]/24 eq www

[Link] 19
Block ICMP Echo Requests on the Specified Switch Port

Cumulus Linux
iptables -A FORWARD -j DROP -i swp1 -p icmp --icmp-type echo-request

Cisco
ip access-list extended block_icmp
deny icmp any any echo

interface g0/0
ip access-group block_icmp in

[Link] 20
Block SSH Traffic from the Specified Subnet ([Link]/24)

Cumulus Linux
iptables -A INPUT -j DROP -p tcp -s [Link]/24 --dport 22

Cisco
ip access-list extended block_ssh
deny tcp [Link] [Link] [Link] [Link] eq 22
interface g0/0
ip access-group block_ssh in

[Link] 21
Allow NTP Traffic to Transit the Switch (UDP Port 123)

Cumulus Linux
iptables -A FORWARD -j ACCEPT -p udp -s [Link]/24 --dport 123

Cisco
ip access-list extended allow_ntp
permit udp [Link] [Link] any eq ntp
interface g0/0
ip access-group allow_ntp in

[Link] 22
Policing a Physical Interface

Cumulus Linux
-A FORWARD --in-interface swp1 -j POLICE --set-mode KB --set-rate 125000 --set-burst 2000

Output
cumulus@leaf1$ sudo cl-acltool -L ip | grep swp1
pkts bytes target prot opt in out source destination
0 0 POLICE all -- swp1 any anywhere anywhere POLICE mode:KB rate:125000 burst:2000

Cisco
policy-map sean
class class-default
police cir 1000000000 interface
TenGigabitEthernet1/13
service-policy input sean

[Link] 23
Policing DSCP Values

Cumulus Linux
-A FORWARD --in-interface swp2 -m dscp --dscp 10 -j POLICE --set-mode KB --set-rate 31250 --set-burst 2000

Output
cumulus@leaf1$ sudo cl-acltool -L ip | grep swp2
pkts bytes target prot opt in out source destination
0 0 POLICE all -- swp2 any anywhere anywhere DSCP match 0x0a POLICE mode:KB rate:31250 burst:2000

Cisco
class-map match-all dscp10
match dscp af11
!
policy-map sean2
class dscp10
police cir 250000000
!
interface TenGigabitEthernet1/14
service-policy input sean2

[Link] 24
Policing by Source Traffic

Cumulus Linux
-A FORWARD --in-interface swp3 -j POLICE --set-mode KB --set-rate 12500 --set-burst 2000 -s [Link]/24

Output
cumulus@leaf1$ sudo cl-acltool -L ip | grep swp3
pkts bytes target prot opt in out source destination
0 0 POLICE all -- swp3 any [Link]/24 anywhere POLICE mode:KB rate:12500 burst:2000

Cisco
access-list 100 permit ip [Link] [Link] any
!
class-map match-all heller
match access-group 100
!
policy-map heller
class heller
police cir 100000000
!
interface TenGigabitEthernet1/15
service-policy input heller

[Link] 25
Time Zone Configuration

Cumulus Linux
cumulus@switch:~$ sudo tzconfg
cumulus@switch:~$ sudo hwclock

Cisco
switch# configure terminal
switch(config)# clock timezone PST -8 0
switch(config)# exit
switch# show clock
switch# copy running-config startup-config

[Link] 26
NTP

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/[Link]
cumulus@switch:~$ ntpd –q

Cisco
Set NTP (e.g. to VDC 1)
switch# clock protocol ntp vdc 1

[Link] 27
Show Management Interface Current Configuration

Cumulus Linux
cumulus@switch:~$ ifquery eth0

Cisco
switch# show interface mgmt 0

[Link] 28
DHCP Relay

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/default/isc-dhcp-relay
SERVERS="[Link]"
INTERFACES="bridge swp4 swp5"

cumulus@switch:~$ sudo /etc/init.d/isc-dhcp-relay restart

Cisco
switch# configure terminal switch(config)# ip dhcp relay
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# ip dhcp relay address [Link]

[Link] 29
CLI Basics

Cumulus Linux Cisco

Show command history
cumulus@switch:~$ history switch# show cli history

Send message to all logged on users

cumulus@switch:~$ echo message | sudo wall switch# send message

Send message to specific user

cumulus@switch:~$ sudo write user-id switch# show users
switch# send session line message

[Link] 30
CLI Basics

Cumulus Linux Cisco

Show SPROM information
cumulus@switch:~$ decode-syseeprom switch# show sprom

Show hardware states (temperature, fan, power)

cumulus@switch:~$ sudo smonctl switch# show environment
cumulus@switch:~$ sudo sensors

Show memory allocation

cumulus@switch:~$ vmstat switch# show processes memory
Show real-time memory usage
cumulus@switch:~$ vmstat 1
Alternative command
cumulus@switch:~$ free
[Link] 31
CLI Basics

Cumulus Linux Cisco

Show CPU processes and utilization
cumulus@switch:~$ ps aux switch# show processes

cumulus@switch:~$ top switch# show processes cpu

Show hardware information

cumulus@switch:~$ dmidecode switch# show inventory

cumulus@switch:~$ netshow system

Show high level port state

cumulus@switch:~$ netshow interface switch# show ip int br

[Link] 32
 CLI Basics

Cumulus Linux Cisco

Show interface neighbors
cumulus@switch:~$ lldpctl switch# show lldp neigbhors
cumulus@switch:~$ netshow lldp

Show interface connector information

cumulus@switch:~$ sudo ethtool –m swp1 switch# show interface ethernet 1/1 transceiver

Reboot switch
cumulus@switch:~$ sudo reboot switch# reload

[Link] 33
Show ARP Table

Cumulus Linux
root@leaf01:~# arp –n
Address HWtype HWaddress Flags Mask Iface
[Link] ether [Link] C eth0
[Link] ether [Link] C peerlink.4094
[Link] ether [Link] CM swp49
[Link] ether [Link] CM swp50

Cisco
switch# show ip arp
IP ARP Table for context default
Total number of entries: 1
Address Age MAC Address Interface
[Link] [Link] 000d.ece7.df7c Vlan900
[Link] 34
Configure SNMP (Net-SNMP)

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/snmp/[Link]
cumulus@switch:~$ sudo vi /etc/snmp/[Link]

Cisco
switch# configure terminal
switch(config)# snmp-server host ip-address traps version 2c public

Detailed Info
[Link]

[Link] 35
 Bringing the Linux Revolution to Networking

§Thank You!

© 2016 Cumulus Networks. CUMULUS, the Cumulus Logo, CUMULUS NETWORKS, and the Rocket Turtle Logo (the “Marks”) are trademarks and service marks of
Cumulus Networks, Inc. in the U.S. and other countries. You are not permitted to use the Marks without the prior written consent of Cumulus Networks. The registered
trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis. All other marks are used
under fair use or license from their respective owners.

[Link] 36