First Time Arista Switch Setup via the Command Line

March 9, 2022
 |  No Comments

Ad – Purchase on Amazon

           Ad – Amazon Networking Products

Last updated on August 7th, 2024 at 10:44 am

Here are my notes for the first-time setup of an Arista Networks switch using the CLI and console.

This configuration is minimal for access and applies basic security.

Console settings:
Data rate: 9600 Data bits: 8 Parity: none Stop bits: 1 Flow control: none

Visit this page if you need information or recommendations on a console cable. The (Serial) Console Port Cable Options

Note: This places the management interface in a VRF, which is a recommended practice. If you need an understanding of VRF, this post is based on Cisco, though the VRF concept is the same for Cisco and Arista: Cisco Virtual Routing & Forwarding (VRF).

To start, go into config mode, for example:
arista>enable
arista#configure
Note: With current EOS releases of Artista OS, “configure” or “configure t” will work.

username Adm1n123! privilege 15 secret P@ssW0rd!

vrf instance mgmt
exit

int management 1
vrf mgmt
ip address 10.10.10.20/24
no shut
exit

ip route vrf mgmt 0.0.0.0 0.0.0.0 10.10.10.1

ntp server vrf mgmt 10.10.10.200 prefer
ntp server vrf mgmt 10.10.10.200 source management 1
clock timezone US/Eastern

ip ssh client source-interface management 1 vrf mgmt

logging buffered notifications
no logging console

aaa authentication login default local
aaa authentication enable default local

config t
int e1-24
shut
exit

management ssh
idle-timeout 15
exit
management console
idle-timeout 15
exit

Are there SVIs on the switch?

For security, the management interface should be in its own VRF. If there are switched virtual interfaces (SVI) on the switch, by default, if SSH is configured, those IP addresses will allow SSH connections. One impeccable feature/command is to enable or disable SSH access per VRF.

If all the SVIs are in one VRF, for example, default, and the management interface is in the mgmt VRF, SSH can be disabled for the default VRF.

Using our example, we will disable SSH to the default VRF while allowing SSH to the mgmt VRF.

arista-1(config)#management ssh

arista-1(config-mgmt-ssh)#vrf mgmt

arista-1(config-mgmt-ssh)#no shut

arista-1(config-mgmt-ssh)#exit

arista-1(config-mgmt-ssh)#shut

Using these commands, we enable SSH for the mgmt VRF, but for all others, in this example VRF default, SSH is shut down (disabled).

To view the status of SSH in general or per VRF, we can use the following commands.

arista-1#show management ssh

arista-1#show management ssh vrf mgtm

SNMP

For SNMP, see my post SNMP v3 on Arista Switches

Additional Reading

I highly recommend this book if you manage Arista switches or start out with them for the first time.

https://amzn.to/3YA4faj

References:

https://aristanetworks.force.com/AristaCommunity/s/question/0D52I00007ERq5eSAD/other-interfaces-still-accepting-ssh-with-management-vrf-defined

Copyright © Packet Passers 2024

Tags: ,