Most Powerful Open Source ERP

HowTo Configure Edgecore Switch (Router, Re6st, SlapOS)

HowTo install a SlapOS node in a switch which have AOS installed and make it behave as a router
  • Last Update:2020-08-26
  • Version:002
  • Language:en

Configure a switch under AOS

This tutorial will guide you through the process of configuring a Edgecore switch under AOS (follow rapidspace-HowTo.Install.AOS.On.Edgecore.Switch if you want to install AOS on a Edgecore Switch. We will see how to upgrade the switch in order to install packets that we will need to configure the switch. We will also see how to install re6st and SlapOS, allow SSH connexion with ipv6 and finally, make the switch behave as a router

Table Of Content

  • Update and upgrade the switch
  • Install re6st and SlapOS
  • Allow SSH connexion with ipv6
  • Make the switch a router

Configure internet access on the switch

In order to install everything needed, your switch needs to access internet. In order to configure internet access on the switch, log inside the linux shell through minicom:

Username: admin
Password:

      CLI session with the AOS5810-54X is opened.
      To end the CLI session, enter [Exit].


Console#
Console#linux shell
# bash
root@test:/# 

Here you are inside a regular Debian 10 OS. You should make sure you can access internet (ping google.com should work).

Remember that CRAFT interface is the "management" ethernet cable. You will need to provide Internet access to this cable and configure correctly your Internet access.

 

Upgrade the switch

The following steps will guide you through the upgrade of the switch and which packets we will need to continue the configuration. First you need to remove the proxy in order to upgrade the switch.

Log in as root on the switch and change the proxy.conf file and comment every lines:


root@test:/# vi /etc/apt/apt.conf.d/proxy.conf 

#Acquire::http { Proxy "http://localhost:8111"; };
#Acquire::https::Proxy "DIRECT";


#Acquire::http { Proxy "http://localhost:3142"; };
#Acquire::https::Proxy "http://localhost:3142";

Then we need to give the good sources to the switch in order to install packets. You will need to modify the /etc/apt/sources.list file.


deb http://deb.debian.org/debian/ buster main
deb http://security.debian.org/debian-security buster/updates main 

You can now, update and upgrade the switch and install the wget packet . Don't forget to reboot after that.

apt update
apt upgrade
apt install wget

Install re6st and SlapOS

The following steps will guide you through the installation of re6st and SlapOS.

By default, the switch has only 2GB of disk in / which is too few for SlapOS. We thus need to create a new lvm entry in which we will put the /tmp, /opt and /srv of the switch:


apt install lvm2
lvcreate -n SLAPOS -L 20G ACCTON
mkfs.ext4 /dev/ACCTON/SLAPOS

Then you need to find the uuid of your new mount and change fstab file in order to make your changes persistent after rebooting the switch.


blkid
vi /etc/fstab
	UUID='uuid'       /mnt/SLAPOS    ext4    defaults        0       0
	/mnt/SLAPOS/opt	/opt	none	bind
	/mnt/SLAPOS/srv	/srv	none	bind
	/mnt/SLAPOS/tmp	/tmp	none	bind

Next,we need to create a mount point and mount the logical volume.


mkdir -vp /mnt/SLAPOS
mount /dev/ACCTON/SLAPOS /mnt/SLAPOS

Now our new mount is ready to get /tmp, /opt and /srv.


cd /mnt/SLAPOS
cp -R /tmp tmp
cp -R /opt opt
cp -R /srv srv
chmod 1777 /mnt/SLAPOS/tmp
chmod 755 /mnt/SLAPOS/opt
chmod 755 /mnt/SLAPOS/srv
mount /opt
mount /srv

We can now install re6st and Slapos. You can find these tutorials at Install re6st and SlapOS. Once you have done the part about the installtion of re6st and of a slapos node, you need to modify the config file in order to make re6st work. You will put this line in the config file:

default

Note that by default re6st attach the IPv6 address to "lo" interface. You can now restart the service by doing:


/etc/init.d/re6stnet restart

 

Try SSH connection with ipv6

You should now be able to do SSH on the IPv6 of re6st. In order to know your IPv6 of re6st, you should run "ip -6 a" and look at the IPv6 configured on your "lo" interface.

In order to be able to log in as root on AOS, you should setup a authorized_keys file:

root@test:/# mkdir -p /root/.ssh
root@test:/# vi /root/.ssh/authorized_keys # insert here your public SSH key.

Then from a location where you have IPv6, you can try:

ssh root@<IPv6 of the switch>

 

Make the switch a router

The following steps will guide you through the configuration of the switch in order to make it behave as a router. The goal is to be able to plug a test device on one ot the regular port of the switch and make this test device correctly access the internet through the connection on the management port.

The test device can be a computer, a raspberry pi, etc. as soon as you can connect it to one of the SFP port.

 

 

Create and configure VLAN

First of all, we create a VLAN on the switch with the SFP interface and the AOS.

you need to enter some CLI command, to tell the switch on which port you plug your test device and create a Vlan in which you will put your port.

Console#configure
Console(config)#vlan database
Console(config-vlan)#vlan 100
Console(config-vlan)#exit
Console(config)#exit
Console#


The code above will create one VLAN with id "100".

Console# configure
Console(config)# interface vlan 100
Console(config-if)# ip address 10.10.1.25/24
Console(config-if)# exit
Console(config)# interface ethernet 1/1-54
Console(config-if)# switchport allowed vlan add 100 untagged
Console(config-if)# switchport native vlan 100
Console(config-if)# ex
Console(config)# ex

The "1/1-54" will put all 54 ports of the switch to same VLAN, which is expected configuration.

Allow routing of packets to the outside of AOS

You need to choose the legacy option for the iptables in order to run the needed iptables config.

update-alternatives --config iptables
 

root@test:/# update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).
Selection Path Priority Status ------------------------------------------------------------
*0 /usr/sbin/iptables-nft 20 auto mode
1 /usr/sbin/iptables-legacy 10 manual mode
2 /usr/sbin/iptables-nft 20 manual mode
Press <enter> to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode 

Then you can run the following command:

root@test:~# iptables -t nat -A POSTROUTING -o CRAFT -j MASQUERADE

 

You need also to enable the packet forwarding inside the linux kernel:


root@test:~# sysctl net.ipv4.conf.CRAFT.forwarding=1
net.ipv4.conf.CRAFT.forwarding = 1

Configure an IP on the test device

Once you finish to configure the switch, you need to configure your computer in order to create route which will be used to send packets.



ip addr add 10.10.1.2/24 dev [your device]
ip route add default via 10.10.1.25

You can now switch off the internet on your computer and see that the switch behave as a router.

Make everything persistent

There is still something to do. If you reboot you will see that all your setup is lost. So here are the things to do to make the setup persistent:

IP address

You need to write your configuration in /etc/network/interfaces. Including the IP address for VLAN100 if you have one.

VLAN configuration

Once you are happy with the VLAN configuration, you need to save it in flash so that it is persistent after next reboot. Type "copy running-config startup-config" in the console.


Console#copy running-config startup-config
Startup configuration file name [startup1.cfg]: 
Write to FLASH Programming.
Write to FLASH finish.
Success.

 

sysctl

The sysctl should be written in /etc/sysctl.conf like this:


root@test:~# tail -n1 /etc/sysctl.conf 
net.ipv4.conf.CRAFT.forwarding=1

Unfortunately, with Debian10 this file is not correctly loaded at boot time and you need to add a crontab to load this file at reboot.


root@test:~# crontab -l
@reboot /bin/sleep 90 && /sbin/sysctl --load=/etc/sysctl.conf

 

iptables

the iptables are not persistent and we need them to be persistent on the switch.



apt install iptables-persistent
iptables-save > /etc/iptables/rules.v4

or:



ip6tables-save > /etc/iptables/rules.v6

The switch has now a slapos node running and it beahve as a router

Thank You

Image Nexedi Office
  • Nexedi GmbH
  • 147 Rue du Ballon
  • 59110 La Madeleine
  • France