Automating CVX BugAlert Database Updates

Bug Alert Update Automation Intro Arista Networks released the Bug Alert feature as part of EOS 4.17.0F. Arista publishes a database in JSON format of bugs. This database is installed on the CloudVision Exchange (CVX) that provides NetDB services to your Universal Cloud Network. Using the included CLI a user can report on her environment for know bug exposures based on the actual configuration and EOS versions of the switches. This is indeed a powerful feature and in this article we will explain how to automate the updating of the Bug Alerts database with a simple script.   For more...
Continue reading →

Deploying Arista Switches using CloudVision Portal

Deploying Arista switches using CloudVision Portal (CVP) Introduction CloudVision Portal or CVP is an automation and orchestration tool for management and deployment of switch configuration across an entire IP based data center network. CVP uses a container hierarchy for organizing devices into logical groups and splits the device configurations into ‘configlets’ which can be applied at varying levels of the hierarchy to provide inheritance and de-duplication of effort when developing device configuration. This approach reduces human error thru inheritance of configuration. Operators can focus on the device specific configuration, knowing that general configuration, such as, AAA, domain name and DNS...
Continue reading →

Using AAA to log all commands from users on Arista EOS

Introduction Some users of Arista Networks EOS may want to log all commands executed on a switch. This article explains how to use AAA without TACACS or RADIUS to provide accounting of all commands to the system log. The log can then be sent off to a syslog server or even sent to Splunk using the Arista EOS splunk extension. For more information about the Splunk app for Arista EOS click here. Setup First, it is important to create a user account for each switch administrator. Without a separate account for each administrator it will be impossible to retain accurate...
Continue reading →

Basic Use of Aggregation Groups

Introduction Aggregation groups provide a means of grouping tool ports to simplify the mapping of a tap port to multiple tools and allow grouping of alike applications. In current releases, each tap port can only be bound to one default aggregation group at any time. A tool port however, can simultaneously be a member of multiple aggregation groups. This is important as it allows multiple tools or tool servers to receive any of the multiple traffic flows input to the tap ports. The Tap Aggregation operator can for example have an IDS/IPS tool receiving the same traffic as an application...
Continue reading →

Truncation on Tap and Tool Ports

Introduction EOS supports truncation on ingress and egress. In this article we will focus on how it can be applied in tap aggregation exclusive mode, on the Arista 7150 line of switches. Please refer to the supported features matrix for other hardware platforms. Truncation is the ability to remove unwanted or unneeded bytes from the packet at a configurable or fixed starting byte position, it may also be referred to as ‘Packet Slicing’. This is useful in situations where the data of interest is contained within the headers or early in the packet payload. It can be used to remove...
Continue reading →

LLDP on Tap ports

Introduction As of EOS 4.14.0F for Arista 7150 line of switches and EOS 4.20.1F for Arista 7500/7280 lines of switches, users of the tap aggregation features can benefit from visibility gained from LLDP on tap ports. Neighbor information will now be processed by the CPU and made available via the EOS CLI. Allows the tap aggregation administrator to view neighbor information for verification and troubleshooting. This article details the use of LLDP neighbor information on tap ports in tap aggregation exclusive mode. Show LLDP commands work in Tap Aggregation Exlcusive mode as they do in normal switching mode, no configuration...
Continue reading →

TAP Aggregation – Traffic Steering

Introduction This article details the ability of the Tap Aggregator to redirect, or steer, traffic away from the aggregation group that the Tap port belongs to.  This capability allows for a more granular focus and control on individual, or multiple, traffic flows ingressing the Tap Aggregator. The traffic steering capability uses MQC (QoS style) policy and class maps combined with standard access-lists to perform this function.  The feature also allows for the configuration of an identity VLAN different from the identity VLAN associated with the Tap port.  This article details the configuration steps necessary to achieve this functionality. The following...
Continue reading →

Configuring Port Channel LACP Fallback on Arista Switches

The Port-Channel Fallback mode in Arista switches allows an active LACP interface to establish a Port Channel/LAG before it receives LACP PDU’s from its peer. This feature is useful in environments where customers have Preboot Execution Environment (PXE) Servers connected with a LACP Port Channel to the Ethernet switch.  Since PXE images are very small, many operating systems are unable to leverage LACP during the preboot process.  The Server NICs do not have the capability to run LACP without the assistance of a fully functional OS, and during the PXE process they are independent and have no knowledge of the...
Continue reading →

Running vEOS on ESXi 5.5

What is vEOS? Arista Networks vEOS is a software only version of the EOS network operating system. vEOS is meant to be run in a virtual machine environment. vEOS is useful for feature testing and especially for development of scripts and extensions. vEOS can be run on many different virtualization platforms like Virtual Box, VMware Fusion or Workstation as well as ESXi. Arista Networks has previously published how to documentation for running vEOS on other virtualization platforms and this document will extend that documentation to ESXi. What is ESXi? VMware ESXi is a server virtualization platform that supports hypervisor clustering,...
Continue reading →

TCPDUMP on an Arista switch and redirect or send output via email, SCP and TFTP

Sending TCPDUMP output to external servers Objective Perform tcpdump on switch to help with troubleshooting control-plane traffic e.g.m STP, OSPF, BGP, NTP etc. directed to CPU of the switch without impacting performance. Then redirect the output to email/tftp/ftp server. Prerequisites Email server SSH server TFTP server DNS Resolution Arista switch configured to send email: (read all about it here) Email example Security Considerations Arista Networks EOS supports TLS and SMTP Authentication for email. It is important to understand that this provides security, but does not guarantee security end-to-end. For example, if you send an email from a switch with TLS...
Continue reading →

Configuring LACP Fallback Individual Ports on Arista Switches

LACP Fallback Individual Ports Feature Overview LACP Fallback Individual Ports is a feature introduced in EOS 4.13.0 that allows all ports in a port- channel to fallback to individual switch ports when negotiation fails The feature is applied to the port-channel interface and consists of two configuration elements which will be described in the following sections Setting the port-channel to individual fallback Setting the fallback timeout   Feature Operation LACP Fallback Individual Ports use cases This feature is useful for servers with multiple NICs where it is difficult to predict which NIC the server might use for PXE boot. Summary of...
Continue reading →

MLAG – basic configuration

MLAG overview LAG or link aggregation is a way of bonding multiple physical links into a combined logical link. MLAG or multi-chassis link aggregation extends this capability allowing a downstream switch or host to connect to two switches configured as an MLAG domain. This provides redundancy by giving the downstream switch or host two uplink paths as well as full bandwidth utilization since the MLAG domain appears to be a single switch to Spanning Tree (STP). Because the MLAG domain appears to STP as a single switch there are no blocked ports. Configuration The following will provide instructions on how...
Continue reading →

How to configure Link Aggregation Groups in EOS

This article describes the configuration of Link Aggregation Groups (LAGs) between two Arista 7050T-64 switches. The configuration examples are not specific to the switch model and this guide should apply to configuring LAGs on all Arista hardware. Static Link Aggregation Configuration of 7050-01 7050-01(config-if-Et17-20)#channel-group 200 mode on Once the above sequence is entered, Ethernet interfaces 17 through 20 are bound in a LAG as port-channel 200: 7050-01#show int po200 Port-Channel200 is down, line protocol is lowerlayerdown (notconnect) Hardware is Port-Channel, address is 001c.731c.46f9 Ethernet MTU 9214 bytes Full-duplex, Unconfigured Active members in this channel: 0 Fallback mode is: off Fallback...
Continue reading →

Email client configuration in EOS

This article covers the configuration and use of email in Arista EOS. 1) Configuring Email Arista switches can be configured as email clients and can be used to send email alerts through event handlers (which trigger an action when a certain event happens, for example when an interface goes down). This capability is in addition to the other management and monitoring methods available in EOS. Email can also be used from the CLI, as a convenient way to retrieve information for support. EOS email supports both TLS and SMTP authentication. Arista(config)#email Arista(config-email)#? auth Email account authentication from-user Send email from...
Continue reading →