A-01 | Explore EOS¶
Overview¶
In this lab, you'll learn how to log into an Arista switch and explore configuration. All Arista switches, whether they’re used in data center, campus, WAN, or other environments, run on Arista's Extensible Operating System (EOS). We’ll also cover MLAG, how to configure it, and how to troubleshoot issues!
Let’s take a closer look at the EOS interface—while it might feel familiar, it’s also distinctly unique!
Completely Different, Totally Familiar¶
Let's log into the workshop spine switches.
I have a console cable or WiFi
If you have a console cable, feel free to console into your switch. The switch is in ZTP, you can explore the same commands! You may also use the WiFi to connect to the spine switches. The spine switch is running configuration your switch will not contain, but login using admin, hit Enter and type in enable to start exploring
-
Login to the spine using the address below and the username
student#, passwordArista123. -
First thing, let's validate you are on the spine switch and explore the hardware.
Example Output
Example OutputArista CCS-720XP-24ZY4-F Hardware version: 11.22 Serial number: HBG232901HT Hardware MAC address: fc59.c0ff.0e17 System MAC address: fc59.c0ff.0e17 Software image version: 4.34.0F Architecture: i686 Internal build version: 4.34.0F-41661064.4340F Internal build ID: 8346ed5e-061a-4a70-9c36-b6eee6fc0848 Image format version: 3.0 Image optimization: Strata-4GB Uptime: 2 days, 2 hours and 39 minutes Total memory: 3952928 kB Free memory: 2029952 kB- The full switch model
- The serial number of the switch
- Current EOS image running
- This EOS software is a 32-bit version, Arista EOS is also provided in a 64-bit version
- The current uptime
-
Let's explore the hardware in a bit more detail. Text output is great, but imagine you have been asked to pull all device information programmatically. Tools like TextFSM are common to parse unstructured data, wouldn't it be great if this data was structured? Try validating this command will also render as
json.Example Output
System information
Model Description
------------------------ ----------------------------------------------------
CCS-720XP-24ZY4 24 MGig Base-T PoE & 4-port SFP28 Switch
HW Version Serial Number Mfg Date Epoch
----------- -------------- ---------- -----
11.22 HBG232901HT 2023-07-26 01.00
System has 2 power supply slots
Slot Model Serial Number
---- ---------------- ----------------
1 PWR-621-AC-RED FFKT96307BE
2 PWR-621-AC-RED FFKT96307CT
System has 3 fan modules
Module Number of Fans Model Serial Number
------- --------------- ---------------- ----------------
1 1 FAN-7000-F N/A
2 1 FAN-7000-F N/A
3 1 FAN-7000-F N/A
System has 29 ports
Type Count
------------------ ----
Management 1
Switched 24
SwitchedBootstrap 4
System has 28 switched transceiver slots
Port Manufacturer Model Serial Number Rev
---- ---------------- ---------------- ---------------- ----
1 Arista Networks CCS-720XP-24ZY4
2 Arista Networks CCS-720XP-24ZY4
3 Arista Networks CCS-720XP-24ZY4
4 Arista Networks CCS-720XP-24ZY4
5 Arista Networks CCS-720XP-24ZY4
6 Arista Networks CCS-720XP-24ZY4
7 Arista Networks CCS-720XP-24ZY4
8 Arista Networks CCS-720XP-24ZY4
9 Arista Networks CCS-720XP-24ZY4
10 Arista Networks CCS-720XP-24ZY4
11 Arista Networks CCS-720XP-24ZY4
12 Arista Networks CCS-720XP-24ZY4
13 Arista Networks CCS-720XP-24ZY4
14 Arista Networks CCS-720XP-24ZY4
15 Arista Networks CCS-720XP-24ZY4
16 Arista Networks CCS-720XP-24ZY4
17 Arista Networks CCS-720XP-24ZY4
18 Arista Networks CCS-720XP-24ZY4
19 Arista Networks CCS-720XP-24ZY4
20 Arista Networks CCS-720XP-24ZY4
21 Arista Networks CCS-720XP-24ZY4
22 Arista Networks CCS-720XP-24ZY4
23 Arista Networks CCS-720XP-24ZY4
24 Arista Networks CCS-720XP-24ZY4
25 MergeOptics GmbH 10119467-2010LF CN81KBZ01C F
26 Arista Networks CAB-S-S-25G-1M XPK221730456 20
27 Not Present
28 Not Present
System has 1 storage device
Mount Type Model Serial Number Rev Size (GB)
---------- ---- -------------------- ------------- --- ---------
/mnt/flash eMMC Smart Modular 08GP1A 80199f4c 1.0 8
1. More information about this switch platform capabilities
2. You can see when this switch was manufactured and hardware versioning
3. Power supply details, like model and serial number
4. If you have fan modules, similar detail to that of power supplies
5. Get optics manufacturer, serial number, and model
-
Let's explore the interfaces and what's connected. Take note
- Your pod has one connection to the spine (we're not in a full mesh)
- Workshop access point and raspberry pi (lab guides) are connected
- MLAG interfaces
- Your POD is configured as part of a Port-Channel
Example Output
Example OutputPort Name Status Vlan Duplex Speed Type Flags Encapsulation Et1 POD01-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et2 POD02-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et3 POD03-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et4 POD04-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et5 POD05-LEAF1A connected in Po105 a-full a-1G 2.5GBASE-T Et6 POD06-LEAF1A connected in Po106 a-full a-1G 2.5GBASE-T Et7 POD07-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et8 POD08-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et9 POD09-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et10 POD10-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et11 POD11-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et12 POD12-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et13 POD13-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et14 POD014LEAF1A notconnect trunk auto auto 2.5GBASE-T Et15 POD015-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et16 POD16-LEAF1A notconnect trunk auto auto 2.5GBASE-T Et17 POD17-LEAF1A notconnect trunk auto auto 5GBASE-T Et18 POD18-LEAF1A notconnect trunk auto auto 5GBASE-T Et19 POD19-LEAF1A notconnect trunk auto auto 5GBASE-T Et20 POD20-LEAF1A notconnect trunk auto auto 5GBASE-T Et21 POD00-LEAF1A notconnect trunk auto auto 5GBASE-T Et22 AP C-330 LAN1 notconnect trunk auto auto 5GBASE-T Et23 Trunk Group to NAT inside networks connected trunk a-full a-1G 5GBASE-T Et24 RasPi5 notconnect 100 auto auto 5GBASE-T Et25 MLAG_spine2_Ethernet25 connected in Po25 full 10G 10GBASE-CR Et26 MLAG_spine2_Ethernet26 connected in Po25 full 25G 25GBASE-CR Et27 notconnect 1 full 25G Not Present Et28 notconnect 1 full 25G Not Present Ma1 disabled routed unconf unconf 10/100/1000 Po1 JS-LEAFA_Po10 notconnect trunk full unconf N/A Po2 POD02-LEAF1A_Po10 notconnect trunk full unconf N/A Po3 POD03-LEAF1A_Po10 notconnect trunk full unconf N/A Po7 SW-10.1.7.42_Po10 notconnect trunk full unconf N/A Po18 notconnect 1 full unconf N/A Po25 MLAG_PEER_spine2_Po25 connected trunk full 25G N/A Po100 POD00-LEAF1A notconnect trunk full unconf N/A Po101 POD01-LEAF1A notconnect trunk full unconf N/A Po102 POD02-LEAF1A notconnect trunk full unconf N/A Po103 POD03-LEAF1A notconnect trunk full unconf N/A Po104 POD04-LEAF1A notconnect trunk full unconf N/A Po105 POD05-LEAF1A connected trunk full 2G N/A Po106 POD06-LEAF1A connected trunk full 2G N/A Po107 POD07-LEAF1A notconnect trunk full unconf N/A Po108 POD08-LEAF1A notconnect trunk full unconf N/A Po109 POD09-LEAF1A notconnect trunk full unconf N/A Po110 POD10-LEAF1A notconnect trunk full unconf N/A Po111 POD11-LEAF1A notconnect trunk full unconf N/A Po112 POD12-LEAF1A notconnect trunk full unconf N/A Po113 POD13-LEAF1A notconnect trunk full unconf N/A Po114 POD014LEAF1A notconnect trunk full unconf N/A Po115 POD015-LEAF1A notconnect trunk full unconf N/A Po116 POD16-LEAF1A notconnect trunk full unconf N/A Po117 POD17-LEAF1A notconnect trunk full unconf N/A Po118 POD18-LEAF1A notconnect trunk full unconf N/A Po119 POD19-LEAF1A notconnect trunk full unconf N/A Po120 POD20-LEAF1A notconnect trunk full unconf N/A Po122 AP C-330 LAN1 notconnect trunk full unconf N/A -
Try some filtering of our output, there are some familiar filtering options like
include,exclude,begin, etc, but as we go through this workshop we will explore further!Read Only Mode
You have read only on the spines, which excludes access to EOS' underlying Linux subsystem. You will have full access to this in the workshop, where you can leverage tools like
grep,awk,sed, etc to filter content further.show interfaces status | ? show interfaces status | inc POD01 show interfaces | inc MTU|Eth show interfaces | sec Ethernet(25|26)Example OutputLINE Filter command by common Linux tools such as grep/awk/sed/wc append Append redirected output to URL begin Start output at the first matching line exclude Do not print lines matching the given pattern include Print lines matching the given pattern json Produce JSON output for this command no-more Disable pagination for this command nz Include only non-zero counters redirect Redirect output to URL section Include sections that match tee Copy output to URL -
The spines in this workshop will act as our gateway for the various pods, let's validate our ip addressing and the virtual router addresses (gateways).
Example Output
Example Output: interface briefAddress Interface IP Address Status Protocol MTU Owner ----------------- ---------------------- ------------ -------------- ---------- ------- Ethernet49 192.168.254.1/31 up up 9214 Management1 unassigned down down 1500 Vlan100 10.1.100.2/24 up up 9214 Vlan101 10.1.1.2/24 up up 9214 Vlan102 10.1.2.2/24 up up 9214 Vlan103 10.1.3.2/24 up up 9214 Vlan104 10.1.4.2/24 up up 9214 Vlan105 10.1.5.2/24 up up 9214 Vlan106 10.1.6.2/24 up up 9214 Vlan107 10.1.7.2/24 up up 9214 Vlan108 10.1.8.2/24 up up 9214 Vlan109 10.1.9.2/24 up up 9214 Vlan110 10.1.10.2/24 up up 9214 Vlan111 10.1.11.2/24 up up 9214 Vlan112 10.1.12.2/24 up up 9214 Vlan113 10.1.13.2/24 up up 9214 Vlan4094 192.168.255.1/30 up up 9214Example Output: virtual-routerIP virtual router is configured with MAC address: 00:1c:73:00:00:01 IP virtual router address subnet routes not enabled IP router is not configured with Mlag peer MAC address MAC address advertisement interval: 30 seconds Protocol: U - Up, D - Down, T - Testing, UN - Unknown NP - Not Present, LLD - Lower Layer Down Interface Vrf Virtual IP Address Protocol State --------------- ------------- ------------------------ -------------- ------ Vl100 default 10.1.100.1 U active Vl101 default 10.1.1.1 U active Vl102 default 10.1.2.1 U active Vl103 default 10.1.3.1 U active Vl104 default 10.1.4.1 U active Vl105 default 10.1.5.1 U active Vl106 default 10.1.6.1 U active Vl107 default 10.1.7.1 U active Vl108 default 10.1.8.1 U active Vl109 default 10.1.9.1 U active Vl110 default 10.1.10.1 U active Vl111 default 10.1.11.1 U active Vl112 default 10.1.12.1 U active Vl113 default 10.1.13.1 U active -
Ok, let's look at all the LLDP information, note the models and EOS version details and interesting command
atdpods. Explore the aliases configured on this device.Example Output
Example Output: atdpodsInterface Ethernet1 detected 1 LLDP neighbors: - System Description: "Arista Networks EOS version 4.31.6M running on an Arista Networks CCS-710P-12" Interface Ethernet51 detected 1 LLDP neighbors: - System Description: "Arista Networks EOS version 4.31.6M running on an Arista Networks CCS-720XP-48ZC2" Interface Ethernet52 detected 1 LLDP neighbors: - System Description: "Arista Networks EOS version 4.31.6M running on an Arista Networks CCS-720XP-48ZC2" -
Let's look at traffic on our interfaces, let's also leverage the
watchcommand with thenz(non-zero) command to monitor rates. -
Sometimes it's the little things that make a big difference! This was a brief introduction into the CLI. All features start in EOS, with respective show and configuration commands. We'll further explore the symbiotic relationship between EOS and CloudVision!
Wait! There's more!
If you're interested in exploring more fun EOS commands, we published the Arista EOS Tips for Network Operators. If you would like access, ask your Arista team for more information!
There are many more commands like:
- Configuration sessions
- CLI command finder
- Event handlers
- Event monitor
- Packet captures
- Scheduler
- Tech Support Bundles/Checkpoints
- So much more
MLAG & VARP¶
Arista's Multi-Chassis Link Aggregation (MLAG) is a technology that allows two physical switches to act as a single logical switch. By syncing the control plane without the need for proprietary cabling or protocols, it provides an active-active, non-blocking redundancy between multiple pairs of switches.
Let's explore the configuration and how to troubleshoot
-
From the switch run the
show mlagcommand to validate the high level stateExample Output
Example OutputMLAG Configuration: domain-id : MLAG local-interface : Vlan4094 peer-address : 192.168.255.2 peer-link : Port-Channel11 hb-peer-address : 0.0.0.0 peer-config : consistent MLAG Status: state : Active negotiation status : Connected peer-link status : Up local-int status : Up system-id : ae:3d:94:50:af:c6 dual-primary detection : Disabled dual-primary interface errdisabled : False MLAG Ports: Disabled : 0 Configured : 0 Inactive : 13 Active-partial : 0 Active-full : 0 -
You can also dive deeper in using the
show mlag detailExample Output
Example Output... MLAG Detailed Status: State : primary Peer State : secondary State changes : 2 Last state change time : 4:56:38 ago Hardware ready : True Failover : False Failover Cause(s) : Unknown Last failover change time : never Secondary from failover : False Peer MAC address : ac:3d:94:50:d2:aa Peer MAC routing supported : True Reload delay : 300 seconds Non-MLAG reload delay : 300 seconds Peer ports errdisabled : False Lacp standby : False Configured heartbeat interval : 4000 ms Effective heartbeat interval : 4000 ms Heartbeat timeout : 60000 ms Last heartbeat timeout : never Heartbeat timeouts since reboot : 0 UDP heartbeat alive : True Heartbeats sent/received : 4499/4450 Peer monotonic clock offset : -56.025806 seconds Agent should be running : True P2p mount state changes : 1 Fast MAC redirection enabled : True Interface activation interlock : unconfigured -
Let's look at the configuration to enable MLAG, first run the command to show the block of mlag configuration
Example Output
Example Outputmlag configuration domain-id MLAG #(1)! local-interface Vlan4094 #(2)! peer-address 169.254.0.0 #(3)! peer-address heartbeat 10.1.1.4 #(4)! peer-link Port-Channel11 #(5)! dual-primary detection delay 5 action errdisable all-interfaces reload-delay mlag 300 reload-delay non-mlag 330- MLAG domain is locally significant to the MLAG pair of switches, this can be any descriptor. Whether it's simply
MLAGlike shown or the name of say a pod:POD01 - The local interface used to peer to the MLAG neighbor, this will always be an SVI
- The MLAG neighbors address that resides within the
local-interfacesubnet - This is an optional configuration called Dual Primary Detection, you can read more on this topic.
- The peer link is the layer 2 port-channel used to trunk our MLAG vlans, we'll explore below how that's configured.
- MLAG domain is locally significant to the MLAG pair of switches, this can be any descriptor. Whether it's simply
-
Let's take a closer look at the peer link itself
Example Output
Example Output! interface Ethernet25 description MLAG channel-group 25mode active ! interface Ethernet26 description MLAG channel-group 25 mode active ! interface Port-Channel25 description MLAG_spine2_Ethernet25 switchport mode trunk switchport trunk group MLAG ! Port Channel Port-Channel25 (Fallback State: Unconfigured): Minimum links: unconfigured Minimum speed: unconfigured Current weight/Max weight: 2/8 Active Ports: Port Time Became Active Protocol Mode Weight State ---------------- ------------------------ -------------- ------------ ------------ ----- Ethernet25 11:51:27 LACP Active 1 Rx,Tx Ethernet26 9:24:02 LACP Active 1 Rx,Tx -
The port-channel is using a
trunk group, lets look at that trunk groupLinux Sub-system
On top of the typical
includes,section,begin, etc we commonly use to filter output. You also have access to many of the linux sub-system commands likegrep,sed,awk, etc to filter and manipulate the output. -
Note that
vlan 4094is a part of that trunk group, trunk groups are used to ensure those vlans assigned to trunk groupMLAGare pruned from all interfaces except those explicitly configured. In this casePort-Channel11is assigned the trunk group, therefore it's the only interface forwardingVlan 4094. -
Let's look at the peering SVI
Vlan4094Example Output: SPINE01interface Vlan4094 description MLAG_PEER mtu 9200 no autostate #(1)! ip address 169.254.0.0/31 #(2)!- We disable autostate to force the VLAN to be active
- This peering address is only locally significant, it's common to use an APIPA IP address range (/31) that's repeated across all MLAG pairs. The neighbor address is used in the mlag configuration to peer over the trunk.
-
In the previous
show mlagsection we got a brief overview of status. During troubleshooting steps, there is a built in command to ensure MLAG configuration parity between the two devices. Run the following command to validate configuration matches between the two devices -
Looking at the interfaces down to the POD, let's validate the interface configuration
Example Output
Example Output! interface Ethernet1 description POD01 switchport mode trunk channel-group 101 mode active lldp tlv transmit ztp vlan 101 ! interface Ethernet2 description POD01 switchport mode trunk channel-group 101 mode active lldp tlv transmit ztp vlan 101 ! interface Port-Channel101 description POD01 switchport trunk allowed vlan 101,201 switchport mode trunk port-channel lacp fallback individual port-channel lacp fallback timeout 20 mlag 101 ! -
If we do detect issues or want to verify the MLAG interfaces upstream/downstream are
up/upwe can validateExample Output
Example OutputSPINE01#show mlag interfaces local/remote mlag desc state local remote status ---------- ----------- -------------- ----------- ------------ ------------ 101 POD01 inactive Po101 Po101 down/down 102 POD02 inactive Po102 Po102 down/down 103 POD03 inactive Po103 Po103 down/down 104 POD04 inactive Po104 Po104 down/down 105 POD05 inactive Po105 Po105 down/down 106 POD06 inactive Po106 Po106 down/down 107 POD07 inactive Po107 Po107 down/down 108 POD08 inactive Po108 Po108 down/down 109 POD09 inactive Po109 Po109 down/down 110 POD10 inactive Po110 Po110 down/down 111 POD11 inactive Po111 Po111 down/down 112 POD12 inactive Po112 Po112 down/down 113 POD13 inactive Po113 Po113 down/down -
Lastly, how do we maintain active/active forwarding with MLAG, this where VARP comes in. A virtual router address and common MAC is all it takes.
Example Output
! interface Vlan101 ip virtual-router address 10.1.1.1 #(1)! interface Vlan102 ip virtual-router address 10.1.2.1 interface Vlan103 ip virtual-router address 10.1.3.1 ... ! ip virtual-router mac-address 00:1c:73:00:00:01 #(2)! !IP virtual router is configured with MAC address: feed.dead.beef IP virtual router address subnet routes not enabled IP router is not configured with Mlag peer MAC address MAC address advertisement interval: 30 seconds Protocol: U - Up, D - Down, T - Testing, UN - Unknown NP - Not Present, LLD - Lower Layer Down Interface Vrf Virtual IP Address Protocol State --------------- ------------- ------------------------ -------------- ------ Vl1 default 192.168.3.1 U active Vl100 default 10.1.100.1 U active Vl101 default 10.1.1.1 U active Vl102 default 10.1.2.1 U active Vl103 default 10.1.3.1 U active Vl104 default 10.1.4.1 U active Vl105 default 10.1.5.1 U active Vl106 default 10.1.6.1 U active Vl107 default 10.1.7.1 U active Vl108 default 10.1.8.1 U active Vl109 default 10.1.9.1 U active Vl110 default 10.1.10.1 U active Vl111 default 10.1.11.1 U active Vl112 default 10.1.12.1 U active Vl113 default 10.1.13.1 U active- This is the virtual IP address configured on both MLAG pairs.
- This vMAC will be used as the gateway vMAC associated with the Gateway VIP configured with either ip address virtual or ip virtual-router address (vARP). This vMAC will be consistent across all SVIs configured with a VIP.
-
That's it for this lab, you should have a bit better understanding of how MLAG is configured
Closing Out¶
Streaming Telemetry¶
Let's take a look at the steaming telemetry agent that communicates back to CloudVision. You may not be able to do this on you switch (current in zero-touch). Feel free to come back to this section to explore, your instructor will showcase this.
-
Let's view the telemetry agent daemon
Example Output
daemon TerminAttr exec /usr/bin/TerminAttr -disableaaa -cvaddr=apiserver.cv-prod-us-central1-b.arista.io:443 -taillogs -cvproxy= -cvauth=certs,/persist/secure/ssl/terminattr/primary/certs/client.crt,/persist/secure/ssl/terminattr/primary/keys/client.key -smashexcludes=ale,flexCounter,hardware,kni,pulse,strata no shutdown -
Now let's see this in action, login to CloudVision and navigate to the
Devices > Inventory -
Make a change to the hostname using a configuration session
! configure session namechange #(1)! hostname SOMEONEWASHERE ! show session-config diffs #(2)! ! commit timer 00:05:00 #(3)!- Create a configuration session, similar to branching in git, this will stage changes and wait for a commit to apply as a replace in configuration
- Show the differences of designed vs what's configured
- Commit the configuration to roll back in 5 minutes (
hh:mm:ss), if you do not commit after the fact, this will roll back.
-
You should see the hostname change immediately inside CloudVision! This is not a poll... this is a continuous stream of state from device to CloudVision.
Additional Fun Commands¶
There are few other commands you can explore in your lab after deployment. As we move away from the CLI, remember all interactions with Arista EOS both via terminal or automation are leveraging the same commands.
-
Bash
Access to the underlying Linux system is available. Quick example is exploring the flash
-
Packet Capture
You have the ability to capture traffic, capturing control plane traffic or mirroring data plane to CPU.
-
AAA Logs
Validate what commands have been run on the switch
-
Configuration Session
Leverage a configuration session to stage config, commit as a full replace, and even configure a timed rollback.
🤖 AI Lab Assistant¶
Want to automate all the commands above? Use our embedded AI agent to execute the entire lab automatically!
🚀 A01 Lab Automation Agent
Let the AI handle the typing while you focus on learning the concepts!
🎉 CONGRATS! You have completed this lab! 🎉