v

Cumulus Linux Conversion Guides

Cumulus Networks

May 24, 2016

Evolution of the CLI

§ Where did things move?

▪ Cisco ▪ Juniper ▪ Cumulus Linux
interfaces { /etc/network/interfaces:
vlan 100,200
ge-0/1/1 {
unit 0 { auto bridge
interface ethernet 1/1
family bridge { iface bridge
switchport mode access
interface-mode access; bridge-vlan-aware yes
switchport access vlan 100
vlan-id 100; bridge-ports swp1 swp2
} bridge-vids 100 200
interface ethernet 1/2
}
switchport mode access
} auto swp1
switchport access vlan 200
ge-0/1/2 { iface swp1
unit 0 { bridge-access 100
family bridge {
interface-mode access; auto swp2
vlan-id 200; iface swp2
} bridge-access 200
}
}

cumulusnetworks.com 2
Defining a Switch Port

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/network/interfaces
auto swp1
iface swp1

auto bridge
iface bridge
bridge-ports swp1

Cisco
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# switchport

cumulusnetworks.com 3
Adding an IP Address

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/network/interfaces
auto swp1
iface swp1
address [ipv4-address/subnet-mask]
address [ipv6-address/subnet-mask]

Cisco
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# no switchport
switch(config-if)# ip address [ipv4-address/subnet-mask]
switch(config-if)# ipv6 address [ipv6-address/subnet-mask]

cumulusnetworks.com 4
Setting Speed, Duplex, MTU, and Auto-negotiation for an Interface

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/network/interfaces
auto swp1
iface swp1
link-speed [speed]
link-duplex [full|half]
mtu [1500 - 9216]
link-autoneg [on|off]

Cisco
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# speed [speed]
switch(config-if)# duplex [full|half]
switch(config-if)# mtu [1500 - 9216]
switch(config-if)# [no] negotiate auto

cumulusnetworks.com 5
Configuring Trunks

▪ Cumulus Linux Cisco

/etc/network/interfaces:
auto bridge vlan 100,200
iface bridge
bridge-vlan-aware yes interface ethernet 1/1
bridge-ports glob swp1-2 switchport mode trunk
bridge-vids 100 200 interface ethernet 1/2
switchport mode trunk

cumulusnetworks.com 6
Pruning a Trunk

▪ Cumulus Linux Cisco

/etc/network/interfaces:
auto bridge vlan 100,200
iface bridge
bridge-vlan-aware yes interface ethernet 1/1
bridge-ports glob swp1-2 switchport mode trunk
bridge-vids 100 200 switchport trunk allowed vlan 200
interface ethernet 1/2
auto swp1 switchport mode trunk
iface swp1
bridge-vids 200

cumulusnetworks.com 7
Configuring Access Ports

▪ Cumulus Linux Cisco

/etc/network/interfaces:
auto bridge vlan 100,200
iface bridge
bridge-vlan-aware yes interface ethernet 1/1
bridge-ports glob swp1-2 switchport mode access
bridge-vids 100 200 switchport access vlan 100

auto swp1 interface ethernet 1/2

iface swp1 switchport mode access
bridge-access 100 switchport access vlan 200

auto swp2
iface swp2
bridge-access 200

cumulusnetworks.com 8
Changing the Native (Untagged) VLAN for a Single Trunk

▪ Cumulus Linux Cisco

/etc/network/interfaces:
auto bridge vlan 1-200
iface bridge
bridge-vlan-aware yes interface ethernet 1/1-2
bridge-ports glob swp1-2 switchport mode trunk
bridge-vids 1-200 switchport trunk allowed vlan 1-200

auto swp1 interface ethernet 1/1

iface swp1 switchport trunk native vlan 100
bridge-pvid 100
interface ethernet 1/2
auto swp2 switchport trunk native vlan 200
iface swp2
bridge-pvid 200

cumulusnetworks.com 9
EtherChannels/Bonds

▪ Cumulus Linux Cisco

/etc/network/interfaces: Cisco WS-C3560X-24 12.2(55)SE5

auto bond1 vlan 10

iface bond1 !
bond-slaves glob swp19-20 interface GigabitEthernet0/19
bond-miimon 100 switchport trunk encapsulation dot1q
bond-min-links 1 switchport mode trunk
bond-mode 802.3ad channel-group 1 mode active
bond-xmit-hash-policy layer3+4 interface GigabitEthernet0/20
bond-lacp-rate 1 switchport trunk encapsulation dot1q
switchport mode trunk
auto vlan10 channel-group 1 mode active
iface vlan10 interface Port-channel1
bridge-ports bond1.10 switchport trunk encapsulation dot1q
address 10.10.10.11/24 switchport mode trunk
bridge-stp on interface Vlan10
ip address 10.10.10.10 255.255.255.0

cumulusnetworks.com 10
EtherChannels/Bonds

▪ Cumulus Linux Arista

/etc/network/interfaces: Arista DCS-7148S-R 4.13.5F

auto bond2 interface Ethernet37

iface bond2 switchport mode trunk
bond-slaves glob swp37-38 channel-group 2 mode active
bond-miimon 100 interface Ethernet38
bond-min-links 1 switchport mode trunk
bond-mode 802.3ad channel-group 2 mode active
bond-xmit-hash-policy layer3+4 interface Port-Channel2
bond-lacp-rate 1 switchport trunk allowed vlan 12
switchport mode trunk
auto vlan12 interface Vlan12
iface vlan12 ip address 12.12.12.12/24
bridge-ports bond2.12
address 12.12.12.11/24
bridge-stp on

cumulusnetworks.com 11
EtherChannels/Bonds

▪ Cumulus Linux Cisco

/etc/network/interfaces: Cisco Nexus3064 5.0(3)U2(2c)

auto bond3 feature interface-vlan

iface bond3 feature lacp
bond-slaves glob swp39-40 vlan 14
bond-miimon 100
bond-min-links 1 interface Ethernet1/39
bond-mode 802.3ad switchport mode trunk
bond-xmit-hash-policy layer3+4 channel-group 3 mode active
bond-lacp-rate 1 interface Ethernet1/40
switchport mode trunk
auto vlan14 channel-group 3 mode active
iface vlan14 interface port-channel3
bridge-ports bond3.14 switchport mode trunk
address 14.14.14.11/24
bridge-stp on interface Vlan14
no shutdown
ip address 14.14.14.14/24

cumulusnetworks.com 12
Spanning Tree Configuration

Immediately bring an interface configured as an access or trunk port to the forwarding state.

▪ Cumulus Linux Cisco

auto swp1 interface Gigabit0/0
iface swp1 spanning-tree portfast
mstpctl-portadminedge yes

cumulusnetworks.com 13
Spanning Tree Configuration

Enabling/disabling the BPDU guard configuration.

▪ Cumulus Linux Cisco

auto swp1 !
iface swp1 spanning-tree portfast bpduguard default
mstpctl-bpduguard yes !
interface Gigabit0/0
spanning-tree portfast

cumulusnetworks.com 14
Spanning Tree Configuration

Enables BPDU filter on a switch port, which filters BPDUs in both directions.

▪ Cumulus Linux Cisco

auto swp1 !
iface swp1 spanning-tree portfast bpdufilter default
mstpctl-portbpdufilter yes !
interface Gigabit0/0
spanning-tree portfast

cumulusnetworks.com 15
Spanning Tree Configuration

Configure the port priority for an interface. The default for both operating systems is 128.

▪ Cumulus Linux Cisco

auto swp1 interface Gigabit0/0
iface swp1 spanning-tree port-priority 128
mstpctl-treeportprio 128

cumulusnetworks.com 16
Spanning Tree Configuration

Configure the switch's priority for a bridge/VLAN. The default for both operating systems is 32768.

▪ Cumulus Linux Cisco

auto vlan1 spanning-tree vlan 1 priority 32768
iface vlan1
mstpctl-treeprio 32768
bridge-ports swp1

cumulusnetworks.com 17
More Spanning Tree Info (Conversion Guide)

https://support.cumulusnetworks.com/hc/en-us/articles/206908397

Spanning Tree
Industry-standard Loop Prevention for L2

cumulusnetworks.com 18
 Access Lists

(Example permit http port 80 traffic to 10.10.10.0/24 subnet)

iptables/netfilter (including Cumulus Linux)
iptables -A {FORWARD | INPUT | OUTPUT} -j {ACCEPT | DROP | POLICE | SPAN | ERSPAN} | -p <protocol>
-s <source> --sport [<ports>] -d destination> --dport [<ports>] [<options>]
iptables -A FORWARD -j ACCEPT -p tcp -s 10.10.10.0/24 -d 3.3.3.3/24 --dport 80

IOS Standard Syntax

access-list <number> {permit | deny} <protocol> <source> [<ports>] <destination> [<ports>] [<options>]
access-list 10 permit tcp 10.10.10.0/24 3.3.3.3/24 eq www

IOS Extended Syntax (including NX-OS)

ip access-list extended {<number> | <name>}
[<sequence>] {permit | deny} <protocol> <source> [<ports>]<destination> [<ports>] [<options>]

ip access-list extended allow_http

10 permit tcp 10.10.10.0/24 3.3.3.3/24 eq www

cumulusnetworks.com 19
Block ICMP Echo Requests on the Specified Switch Port

Cumulus Linux
iptables -A FORWARD -j DROP -i swp1 -p icmp --icmp-type echo-request

Cisco
ip access-list extended block_icmp
deny icmp any any echo

interface g0/0
ip access-group block_icmp in

cumulusnetworks.com 20
Block SSH Traffic from the Specified Subnet (5.5.5.0/24)

Cumulus Linux
iptables -A INPUT -j DROP -p tcp -s 5.5.5.0/24 --dport 22

Cisco
ip access-list extended block_ssh
deny tcp 5.5.5.0 0.0.0.255 192.50.50.0 0.0.0.255 eq 22
interface g0/0
ip access-group block_ssh in

cumulusnetworks.com 21
Allow NTP Traffic to Transit the Switch (UDP Port 123)

Cumulus Linux
iptables -A FORWARD -j ACCEPT -p udp -s 192.168.1.0/24 --dport 123

Cisco
ip access-list extended allow_ntp
permit udp 192.168.1.0 0.0.0.255 any eq ntp
interface g0/0
ip access-group allow_ntp in

cumulusnetworks.com 22
Policing a Physical Interface

Cumulus Linux
-A FORWARD --in-interface swp1 -j POLICE --set-mode KB --set-rate 125000 --set-burst 2000

Output
cumulus@leaf1$ sudo cl-acltool -L ip | grep swp1
pkts bytes target prot opt in out source destination
0 0 POLICE all -- swp1 any anywhere anywhere POLICE mode:KB rate:125000 burst:2000

Cisco
policy-map sean
class class-default
police cir 1000000000 interface
TenGigabitEthernet1/13
service-policy input sean

cumulusnetworks.com 23
Policing DSCP Values

Cumulus Linux
-A FORWARD --in-interface swp2 -m dscp --dscp 10 -j POLICE --set-mode KB --set-rate 31250 --set-burst 2000

Output
cumulus@leaf1$ sudo cl-acltool -L ip | grep swp2
pkts bytes target prot opt in out source destination
0 0 POLICE all -- swp2 any anywhere anywhere DSCP match 0x0a POLICE mode:KB rate:31250 burst:2000

Cisco
class-map match-all dscp10
match dscp af11
!
policy-map sean2
class dscp10
police cir 250000000
!
interface TenGigabitEthernet1/14
service-policy input sean2

cumulusnetworks.com 24
Policing by Source Traffic

Cumulus Linux
-A FORWARD --in-interface swp3 -j POLICE --set-mode KB --set-rate 12500 --set-burst 2000 -s 3.3.3.0/24

Output
cumulus@leaf1$ sudo cl-acltool -L ip | grep swp3
pkts bytes target prot opt in out source destination
0 0 POLICE all -- swp3 any 3.3.3.0/24 anywhere POLICE mode:KB rate:12500 burst:2000

Cisco
access-list 100 permit ip 3.3.3.0 0.0.0.255 any
!
class-map match-all heller
match access-group 100
!
policy-map heller
class heller
police cir 100000000
!
interface TenGigabitEthernet1/15
service-policy input heller

cumulusnetworks.com 25
Time Zone Configuration

Cumulus Linux
cumulus@switch:~$ sudo tzconfg
cumulus@switch:~$ sudo hwclock

Cisco
switch# configure terminal
switch(config)# clock timezone PST -8 0
switch(config)# exit
switch# show clock
switch# copy running-config startup-config

cumulusnetworks.com 26
NTP

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/ntp.conf
cumulus@switch:~$ ntpd –q

Cisco
Set NTP (e.g. to VDC 1)
switch# clock protocol ntp vdc 1

cumulusnetworks.com 27
Show Management Interface Current Configuration

Cumulus Linux
cumulus@switch:~$ ifquery eth0

Cisco
switch# show interface mgmt 0

cumulusnetworks.com 28
DHCP Relay

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/default/isc-dhcp-relay
SERVERS="192.168.123.4"
INTERFACES="bridge swp4 swp5"

cumulus@switch:~$ sudo /etc/init.d/isc-dhcp-relay restart

Cisco
switch# configure terminal switch(config)# ip dhcp relay
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# ip dhcp relay address 192.168.123.4

cumulusnetworks.com 29
CLI Basics

Cumulus Linux Cisco

Show command history
cumulus@switch:~$ history switch# show cli history

Send message to all logged on users

cumulus@switch:~$ echo message | sudo wall switch# send message

Send message to specific user

cumulus@switch:~$ sudo write user-id switch# show users
switch# send session line message

cumulusnetworks.com 30
CLI Basics

Cumulus Linux Cisco

Show SPROM information
cumulus@switch:~$ decode-syseeprom switch# show sprom

Show hardware states (temperature, fan, power)

cumulus@switch:~$ sudo smonctl switch# show environment
cumulus@switch:~$ sudo sensors

Show memory allocation

cumulus@switch:~$ vmstat switch# show processes memory
Show real-time memory usage
cumulus@switch:~$ vmstat 1
Alternative command
cumulus@switch:~$ free
cumulusnetworks.com 31
CLI Basics

Cumulus Linux Cisco

Show CPU processes and utilization
cumulus@switch:~$ ps aux switch# show processes

cumulus@switch:~$ top switch# show processes cpu

Show hardware information

cumulus@switch:~$ dmidecode switch# show inventory

cumulus@switch:~$ netshow system

Show high level port state

cumulus@switch:~$ netshow interface switch# show ip int br

cumulusnetworks.com 32
 CLI Basics

Cumulus Linux Cisco

Show interface neighbors
cumulus@switch:~$ lldpctl switch# show lldp neigbhors
cumulus@switch:~$ netshow lldp

Show interface connector information

cumulus@switch:~$ sudo ethtool –m swp1 switch# show interface ethernet 1/1 transceiver

Reboot switch
cumulus@switch:~$ sudo reboot switch# reload

cumulusnetworks.com 33
Show ARP Table

Cumulus Linux
root@leaf01:~# arp –n
Address HWtype HWaddress Flags Mask Iface
10.2.0.254 ether 44:38:39:00:00:29 C eth0
169.254.1.2 ether 44:38:39:00:00:30 C peerlink.4094
169.254.0.1 ether 44:38:39:00:00:08 CM swp49
169.254.0.1 ether 44:38:39:00:00:14 CM swp50

Cisco
switch# show ip arp
IP ARP Table for context default
Total number of entries: 1
Address Age MAC Address Interface
90.10.10.2 00:03:11 000d.ece7.df7c Vlan900
cumulusnetworks.com 34
Configure SNMP (Net-SNMP)

Cumulus Linux
cumulus@switch:~$ sudo vi /etc/snmp/snmpd.conf
cumulus@switch:~$ sudo vi /etc/snmp/snmptrapd.conf

Cisco
switch# configure terminal
switch(config)# snmp-server host ip-address traps version 2c public

Detailed Info
https://docs.cumulusnetworks.com/display/DOCS/Monitoring+System+Hardware

cumulusnetworks.com 35
 Bringing the Linux Revolution to Networking

§Thank You!

© 2016 Cumulus Networks. CUMULUS, the Cumulus Logo, CUMULUS NETWORKS, and the Rocket Turtle Logo (the “Marks”) are trademarks and service marks of
Cumulus Networks, Inc. in the U.S. and other countries. You are not permitted to use the Marks without the prior written consent of Cumulus Networks. The registered
trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis. All other marks are used
under fair use or license from their respective owners.

cumulusnetworks.com 36