A-01 | Explore EOS¶
Overview¶
In this lab, you'll learn how to log into an Arista switch and explore configuration. All Arista switches, whether they’re used in data center, campus, WAN, or other environments, run on Arista's Extensible Operating System (EOS). We’ll also cover MLAG, how to configure it, and how to troubleshoot issues!
Let’s take a closer look at the EOS interface—while it might feel familiar, it’s also distinctly unique!
Completely Different, Totally Familiar¶
Let's log into the workshop spine switches.
I have a console cable or WiFi
If you have a console cable, feel free to console into your switch. The switch is in ZTP, you can explore the same commands! You may also use the WiFi to connect to the spine switches. The spine switch is running configuration your switch will not contain, but login using admin, hit Enter and type in enable to start exploring
-
Login to the spine using the address below and the username
student#, passwordArista123. -
First thing, let's validate you are on the spine switch and explore the hardware.
Example Output
Example OutputArista CCS-722XPM-48ZY8-F #(1)! Hardware version: 11.01 Serial number: HBG23270736 #(2)! Hardware MAC address: ac3d.9450.afc6 System MAC address: ac3d.9450.afc6 Software image version: 4.31.5M #(3)! Architecture: i686 #(4)! Internal build version: 4.31.5M-38783123.4315M Internal build ID: a514fb70-598b-4084-975c-4f5978421b10 Image format version: 3.0 Image optimization: Strata-4GB Uptime: 4 hours and 58 minutes #(5)! Total memory: 3952960 kB Free memory: 2054376 kB- The full switch model
- The serial number of the switch
- Current EOS image running
- This EOS software is a 32-bit version, Arista EOS is also provided in a 64-bit version
- The current uptime
-
Let's explore the hardware in a bit more detail. Text output is great, but imagine you have been asked to pull all device information programmatically. Tools like TextFSM are common to parse unstructured data, wouldn't it be great if this data was structured? Try validating this command will also render as
json.Example Output
Example OutputSystem information Model Description ------------------------ ---------------------------------------------------- CCS-722XPM-48ZY8 48 2.5GBase-T PoE & 8-port SFP28 MacSec Switch #(1)! HW Version Serial Number Mfg Date Epoch ----------- -------------- ---------- ----- 11.01 HBG23270736 2023-07-14 01.00 #(2)! System has 2 power supply slots Slot Model Serial Number ---- ---------------- ---------------- 1 PWR-1021-AC-RED GGJT36P13J0 #(3)! 2 Not Inserted System has 3 fan modules Module Number of Fans Model Serial Number ------- --------------- ---------------- ---------------- 1 1 FAN-7000-F N/A 2 1 FAN-7000-F N/A 3 1 FAN-7000-F N/A System has 65 ports Type Count ------------------ ---- Management 1 Switched 52 SwitchedBootstrap 4 Fabric 8 System has 56 switched transceiver slots Port Manufacturer Model Serial Number Rev ---- ---------------- ---------------- ---------------- ---- 1 Arista Networks CCS-722XPM-48ZY8 2 Arista Networks CCS-722XPM-48ZY8 ... 49 Arista Networks SFP-10G-SR ACW1710002F0 20 50 Not Present 51 Arista Networks SFP-10G-SR XTH16080010E 0002 #(5)! 52 Not Present 53 Not Present 54 Not Present 55 Not Present 56 Not Present System has 1 storage device Mount Type Model Serial Number Rev Size (GB) ---------- ---- -------------------- ------------- --- --------- /mnt/flash eMMC Smart Modular 16GP1A 801f4198 1.0 8- More information about this switch platform capabilities
- You can see when this switch was manufactured and hardware versioning
- Power supply details, like model and serial number
- If you have fan modules, similar detail to that of power supplies
- Get optics manufacturer, serial number, and model
-
Let's explore the interfaces and what's connected. Take note
- Your pod has one connection to the spine (we're not in a full mesh)
- Workshop access point and raspberry pi (lab guides) are connected
- MLAG interfaces
- Your POD is configured as part of a Port-Channel
Example Output
Example OutputPort Name Status Vlan Duplex Speed Type Flags Encapsulation Et1 POD01 connected in Po101 a-full a-1G 2.5GBASE-T Et2 POD01 notconnect in Po101 auto auto 2.5GBASE-T Et3 POD02 connected trunk auto auto 2.5GBASE-T Et4 POD02 notconnect trunk auto auto 2.5GBASE-T Et5 POD03 connected trunk auto auto 2.5GBASE-T Et6 POD03 notconnect trunk auto auto 2.5GBASE-T Et7 POD04 connected trunk auto auto 2.5GBASE-T Et8 POD04 notconnect trunk auto auto 2.5GBASE-T Et9 POD05 connected trunk auto auto 2.5GBASE-T Et10 POD05 notconnect trunk auto auto 2.5GBASE-T Et11 POD06 connected trunk auto auto 2.5GBASE-T Et12 POD06 notconnect trunk auto auto 2.5GBASE-T Et13 POD07 connected trunk auto auto 2.5GBASE-T Et14 POD07 notconnect trunk auto auto 2.5GBASE-T Et15 POD08 connected trunk auto auto 2.5GBASE-T Et16 POD08 notconnect trunk auto auto 2.5GBASE-T Et17 POD09 connected trunk auto auto 2.5GBASE-T Et18 POD09 notconnect trunk auto auto 2.5GBASE-T Et19 POD10 connected trunk auto auto 2.5GBASE-T Et20 POD10 notconnect trunk auto auto 2.5GBASE-T Et21 POD11 connected trunk auto auto 2.5GBASE-T Et22 POD11 notconnect trunk auto auto 2.5GBASE-T Et23 POD12 connected trunk auto auto 2.5GBASE-T Et24 POD12 notconnect trunk auto auto 2.5GBASE-T Et25 POD13 connected trunk auto auto 2.5GBASE-T Et26 POD13 notconnect trunk auto auto 2.5GBASE-T ... Et33 ATD_WiFi disabled 100 auto auto 2.5GBASE-T Et34 ATD_PI disabled 100 auto auto 2.5GBASE-T ... Et47 MLAG connected in Po1000 auto auto 5GBASE-T Et48 MLAG connected in Po1000 auto auto 5GBASE-T ... Po101 POD01 connected trunk full 2G N/A Po102 POD02 connected trunk full unconf N/A Po103 POD03 connected trunk full unconf N/A Po104 POD04 connected trunk full unconf N/A Po105 POD05 connected trunk full unconf N/A Po106 POD06 connected trunk full unconf N/A Po107 POD07 connected trunk full unconf N/A Po108 POD08 connected trunk full unconf N/A Po109 POD09 connected trunk full unconf N/A Po110 POD10 connected trunk full unconf N/A Po111 POD11 connected trunk full unconf N/A Po112 POD12 connected trunk full unconf N/A Po113 POD13 connected trunk full unconf N/A Po1000 MLAG connected trunk full 20G N/A -
Try some filtering of our output, there are some familiar filtering options like
include,exclude,begin, etc, but as we go through this workshop we will explore further!Read Only Mode
You have read only on the spines, which excludes access to EOS' underlying Linux subsystem. You will have full access to this in the workshop, where you can leverage tools like
grep,awk,sed, etc to filter content further.show interfaces status | ? show interfaces status | inc POD01 show interfaces | inc MTU|Eth show interfaces | sec Ethernet(25|26)Example OutputLINE Filter command by common Linux tools such as grep/awk/sed/wc append Append redirected output to URL begin Start output at the first matching line exclude Do not print lines matching the given pattern include Print lines matching the given pattern json Produce JSON output for this command no-more Disable pagination for this command nz Include only non-zero counters redirect Redirect output to URL section Include sections that match tee Copy output to URL -
The spines in this workshop will act as our gateway for the various pods, let's validate our ip addressing and the virtual router addresses (gateways).
Example Output
Example Output: interface briefAddress Interface IP Address Status Protocol MTU Owner ----------------- ---------------------- ------------ -------------- ---------- ------- Ethernet49 192.168.254.1/31 up up 9214 Management1 unassigned down down 1500 Vlan100 10.1.100.2/24 up up 9214 Vlan101 10.1.1.2/24 up up 9214 Vlan102 10.1.2.2/24 up up 9214 Vlan103 10.1.3.2/24 up up 9214 Vlan104 10.1.4.2/24 up up 9214 Vlan105 10.1.5.2/24 up up 9214 Vlan106 10.1.6.2/24 up up 9214 Vlan107 10.1.7.2/24 up up 9214 Vlan108 10.1.8.2/24 up up 9214 Vlan109 10.1.9.2/24 up up 9214 Vlan110 10.1.10.2/24 up up 9214 Vlan111 10.1.11.2/24 up up 9214 Vlan112 10.1.12.2/24 up up 9214 Vlan113 10.1.13.2/24 up up 9214 Vlan4094 192.168.255.1/30 up up 9214Example Output: virtual-routerIP virtual router is configured with MAC address: 00:1c:73:00:00:01 IP virtual router address subnet routes not enabled IP router is not configured with Mlag peer MAC address MAC address advertisement interval: 30 seconds Protocol: U - Up, D - Down, T - Testing, UN - Unknown NP - Not Present, LLD - Lower Layer Down Interface Vrf Virtual IP Address Protocol State --------------- ------------- ------------------------ -------------- ------ Vl100 default 10.1.100.1 U active Vl101 default 10.1.1.1 U active Vl102 default 10.1.2.1 U active Vl103 default 10.1.3.1 U active Vl104 default 10.1.4.1 U active Vl105 default 10.1.5.1 U active Vl106 default 10.1.6.1 U active Vl107 default 10.1.7.1 U active Vl108 default 10.1.8.1 U active Vl109 default 10.1.9.1 U active Vl110 default 10.1.10.1 U active Vl111 default 10.1.11.1 U active Vl112 default 10.1.12.1 U active Vl113 default 10.1.13.1 U active -
Ok, let's look at all the LLDP information, note the models and EOS version details and interesting command
atdpods. Explore the aliases configured on this device.Example Output
Example Output: LLDP DetailLast table change time : 0:00:02 ago Number of table inserts : 51 Number of table deletes : 35 Number of table drops : 0 Number of table age-outs : 0 Port Neighbor Device ID Neighbor Port ID TTL ---------- ------------------------ ---------------------- --- Et1 sw-10.1.1.51 Ethernet15 120 Et3 sw-10.1.2.42 Ethernet15 120 Et5 sw-10.1.3.40 Ethernet15 120 Et7 sw-10.1.4.41 Ethernet15 120 Et9 sw-10.1.5.40 Ethernet15 120 Et11 sw-10.1.6.41 Ethernet15 120 Et13 sw-10.1.7.41 Ethernet15 120 Et15 sw-10.1.8.40 Ethernet15 120 Et17 sw-10.1.9.41 Ethernet15 120 Et19 sw-10.1.10.41 Ethernet15 120 Et21 sw-10.1.11.40 Ethernet15 120 Et23 sw-10.1.12.40 Ethernet15 120 Et25 sw-10.1.13.40 Ethernet15 120 Et33 Arista_18:66:BF 3086.2d18.66bf 120 Et47 SPINE02 Ethernet47 120 Et48 SPINE02 Ethernet48 120 Et49 CORE01 Ethernet49 120Example Output: atdpodsInterface Ethernet1 detected 1 LLDP neighbors: - System Description: "Arista Networks EOS version 4.31.6M running on an Arista Networks CCS-710P-12" Interface Ethernet51 detected 1 LLDP neighbors: - System Description: "Arista Networks EOS version 4.31.6M running on an Arista Networks CCS-720XP-48ZC2" Interface Ethernet52 detected 1 LLDP neighbors: - System Description: "Arista Networks EOS version 4.31.6M running on an Arista Networks CCS-720XP-48ZC2" -
Let's look at traffic on our interfaces, let's also leverage the
watchcommand with thenz(non-zero) command to monitor rates. -
Sometimes it's the little things that make a big difference! This was a brief introduction into the CLI. All features start in EOS, with respective show and configuration commands. We'll further explore the symbiotic relationship between EOS and CloudVision!
Wait! There's more!
If you're interested in exploring more fun EOS commands, we published the Arista EOS Tips for Network Operators. If you would like access, ask your Arista team for more information!
There are many more commands like:
- Configuration sessions
- CLI command finder
- Event handlers
- Event monitor
- Packet captures
- Scheduler
- Tech Support Bundles/Checkpoints
- So much more
MLAG & VARP¶
Arista's Multi-Chassis Link Aggregation (MLAG) is a technology that allows two physical switches to act as a single logical switch. By syncing the control plane without the need for proprietary cabling or protocols, it provides an active-active, non-blocking redundancy between multiple pairs of switches.
Let's explore the configuration and how to troubleshoot
-
From the switch run the
show mlagcommand to validate the high level stateExample Output
Example OutputMLAG Configuration: domain-id : MLAG local-interface : Vlan4094 peer-address : 192.168.255.2 peer-link : Port-Channel11 hb-peer-address : 0.0.0.0 peer-config : consistent MLAG Status: state : Active negotiation status : Connected peer-link status : Up local-int status : Up system-id : ae:3d:94:50:af:c6 dual-primary detection : Disabled dual-primary interface errdisabled : False MLAG Ports: Disabled : 0 Configured : 0 Inactive : 13 Active-partial : 0 Active-full : 0 -
You can also dive deeper in using the
show mlag detailExample Output
Example Output... MLAG Detailed Status: State : primary Peer State : secondary State changes : 2 Last state change time : 4:56:38 ago Hardware ready : True Failover : False Failover Cause(s) : Unknown Last failover change time : never Secondary from failover : False Peer MAC address : ac:3d:94:50:d2:aa Peer MAC routing supported : True Reload delay : 300 seconds Non-MLAG reload delay : 300 seconds Peer ports errdisabled : False Lacp standby : False Configured heartbeat interval : 4000 ms Effective heartbeat interval : 4000 ms Heartbeat timeout : 60000 ms Last heartbeat timeout : never Heartbeat timeouts since reboot : 0 UDP heartbeat alive : True Heartbeats sent/received : 4499/4450 Peer monotonic clock offset : -56.025806 seconds Agent should be running : True P2p mount state changes : 1 Fast MAC redirection enabled : True Interface activation interlock : unconfigured -
Let's look at the configuration to enable MLAG, first run the command to show the block of mlag configuration
Example Output
Example Outputmlag configuration domain-id MLAG #(1)! local-interface Vlan4094 #(2)! peer-address 169.254.0.0 #(3)! peer-address heartbeat 10.1.1.4 #(4)! peer-link Port-Channel11 #(5)! dual-primary detection delay 5 action errdisable all-interfaces reload-delay mlag 300 reload-delay non-mlag 330- MLAG domain is locally significant to the MLAG pair of switches, this can be any descriptor. Whether it's simply
MLAGlike shown or the name of say a pod:POD01 - The local interface used to peer to the MLAG neighbor, this will always be an SVI
- The MLAG neighbors address that resides within the
local-interfacesubnet - This is an optional configuration called Dual Primary Detection, you can read more on this topic.
- The peer link is the layer 2 port-channel used to trunk our MLAG vlans, we'll explore below how that's configured.
- MLAG domain is locally significant to the MLAG pair of switches, this can be any descriptor. Whether it's simply
-
Let's take a closer look at the peer link itself
Example Output
Example Output! interface Ethernet25 description MLAG channel-group 25mode active ! interface Ethernet26 description MLAG channel-group 25 mode active ! interface Port-Channel25 description MLAG_spine2_Ethernet25 switchport mode trunk switchport trunk group MLAG ! Port Channel Port-Channel25 (Fallback State: Unconfigured): Minimum links: unconfigured Minimum speed: unconfigured Current weight/Max weight: 2/8 Active Ports: Port Time Became Active Protocol Mode Weight State ---------------- ------------------------ -------------- ------------ ------------ ----- Ethernet25 11:51:27 LACP Active 1 Rx,Tx Ethernet26 9:24:02 LACP Active 1 Rx,Tx -
The port-channel is using a
trunk group, lets look at that trunk groupLinux Sub-system
On top of the typical
includes,section,begin, etc we commonly use to filter output. You also have access to many of the linux sub-system commands likegrep,sed,awk, etc to filter and manipulate the output. -
Note that
vlan 4094is a part of that trunk group, trunk groups are used to ensure those vlans assigned to trunk groupMLAGare pruned from all interfaces except those explicitly configured. In this casePort-Channel11is assigned the trunk group, therefore it's the only interface forwardingVlan 4094. -
Let's look at the peering SVI
Vlan4094Example Output: SPINE01interface Vlan4094 description MLAG_PEER mtu 9200 no autostate #(1)! ip address 169.254.0.0/31 #(2)!- We disable autostate to force the VLAN to be active
- This peering address is only locally significant, it's common to use an APIPA IP address range (/31) that's repeated across all MLAG pairs. The neighbor address is used in the mlag configuration to peer over the trunk.
-
In the previous
show mlagsection we got a brief overview of status. During troubleshooting steps, there is a built in command to ensure MLAG configuration parity between the two devices. Run the following command to validate configuration matches between the two devices -
Looking at the interfaces down to the POD, let's validate the interface configuration
Example Output
Example Output! interface Ethernet1 description POD01 switchport mode trunk channel-group 101 mode active lldp tlv transmit ztp vlan 101 ! interface Ethernet2 description POD01 switchport mode trunk channel-group 101 mode active lldp tlv transmit ztp vlan 101 ! interface Port-Channel101 description POD01 switchport trunk allowed vlan 101,201 switchport mode trunk port-channel lacp fallback individual port-channel lacp fallback timeout 20 mlag 101 ! -
If we do detect issues or want to verify the MLAG interfaces upstream/downstream are
up/upwe can validateExample Output
Example OutputSPINE01#show mlag interfaces local/remote mlag desc state local remote status ---------- ----------- -------------- ----------- ------------ ------------ 101 POD01 inactive Po101 Po101 down/down 102 POD02 inactive Po102 Po102 down/down 103 POD03 inactive Po103 Po103 down/down 104 POD04 inactive Po104 Po104 down/down 105 POD05 inactive Po105 Po105 down/down 106 POD06 inactive Po106 Po106 down/down 107 POD07 inactive Po107 Po107 down/down 108 POD08 inactive Po108 Po108 down/down 109 POD09 inactive Po109 Po109 down/down 110 POD10 inactive Po110 Po110 down/down 111 POD11 inactive Po111 Po111 down/down 112 POD12 inactive Po112 Po112 down/down 113 POD13 inactive Po113 Po113 down/down -
Lastly, how do we maintain active/active forwarding with MLAG, this where VARP comes in. A virtual router address and common MAC is all it takes.
Example Output
! interface Vlan101 ip virtual-router address 10.1.1.1 #(1)! interface Vlan102 ip virtual-router address 10.1.2.1 interface Vlan103 ip virtual-router address 10.1.3.1 ... ! ip virtual-router mac-address 00:1c:73:00:00:01 #(2)! !IP virtual router is configured with MAC address: feed.dead.beef IP virtual router address subnet routes not enabled IP router is not configured with Mlag peer MAC address MAC address advertisement interval: 30 seconds Protocol: U - Up, D - Down, T - Testing, UN - Unknown NP - Not Present, LLD - Lower Layer Down Interface Vrf Virtual IP Address Protocol State --------------- ------------- ------------------------ -------------- ------ Vl1 default 192.168.3.1 U active Vl100 default 10.1.100.1 U active Vl101 default 10.1.1.1 U active Vl102 default 10.1.2.1 U active Vl103 default 10.1.3.1 U active Vl104 default 10.1.4.1 U active Vl105 default 10.1.5.1 U active Vl106 default 10.1.6.1 U active Vl107 default 10.1.7.1 U active Vl108 default 10.1.8.1 U active Vl109 default 10.1.9.1 U active Vl110 default 10.1.10.1 U active Vl111 default 10.1.11.1 U active Vl112 default 10.1.12.1 U active Vl113 default 10.1.13.1 U active- This is the virtual IP address configured on both MLAG pairs.
- This vMAC will be used as the gateway vMAC associated with the Gateway VIP configured with either ip address virtual or ip virtual-router address (vARP). This vMAC will be consistent across all SVIs configured with a VIP.
-
That's it for this lab, you should have a bit better understanding of how MLAG is configured
Closing Out¶
Streaming Telemetry¶
Let's take a look at the steaming telemetry agent that communicates back to CloudVision. You may not be able to do this on you switch (current in zero-touch). Feel free to come back to this section to explore, your instructor will showcase this.
-
Let's view the telemetry agent daemon
Example Output
daemon TerminAttr exec /usr/bin/TerminAttr -disableaaa -cvaddr=apiserver.cv-prod-us-central1-b.arista.io:443 -taillogs -cvproxy= -cvauth=certs,/persist/secure/ssl/terminattr/primary/certs/client.crt,/persist/secure/ssl/terminattr/primary/keys/client.key -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata no shutdown -
Now let's see this in action, login to CloudVision and navigate to the
Devices > Inventory -
Make a change to the hostname using a configuration session
! configure session namechange #(1)! hostname SOMEONEWASHERE ! show session-config diffs #(2)! ! commit timer 00:05:00 #(3)!- Create a configuration session, similar to branching in git, this will stage changes and wait for a commit to apply as a replace in configuration
- Show the differences of designed vs what's configured
- Commit the configuration to roll back in 5 minutes (
hh:mm:ss), if you do not commit after the fact, this will roll back.
-
You should see the hostname change immediately inside CloudVision! This is not a poll... this is a continuous stream of state from device to CloudVision.
Additional Fun Commands¶
There are few other commands you can explore in your lab after deployment. As we move away from the CLI, remember all interactions with Arista EOS both via terminal or automation are leveraging the same commands.
-
Bash
Access to the underlying Linux system is available. Quick example is exploring the flash
-
Packet Capture
You have the ability to capture traffic, capturing control plane traffic or mirroring data plane to CPU.
-
AAA Logs
Validate what commands have been run on the switch
-
Configuration Session
Leverage a configuration session to stage config, commit as a full replace, and even configure a timed rollback.
🤖 AI Lab Assistant¶
Want to automate all the commands above? Use our embedded AI agent to execute the entire lab automatically!
🚀 A01 Lab Automation Agent
Let the AI handle the typing while you focus on learning the concepts!
🎉 CONGRATS! You have completed this lab! 🎉