Dell N1100-ON Reference Manual

page of 2332

/ 2332
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

Dell EMC Networking N-Series

N1100-ON, N1500, N2000,

N2100-ON, N3000, N3100-ON,

Version 6.3.0.x—N2000/N3000/

Version 6.3.5.x—N3100-ON Series

Version 6.3.6.x—N2100-ON/N3100-

Version 6.4.x.x—N1100-ON Series

Regulatory Model:

E06W/E07W/PowerConnect 8132/PowerConnect 8132F/

PowerConnect 8164/PowerConnect 8164F

and N4000 Switches

CLI Reference Guide

N4000 Series Switches

ON Series Switches

E17W/E18W/E15W/E16W/E05W/E04W/

Switches

Table of Contents

Summary of Contents for Dell N1100-ON

Page 1: Cli Reference Guide
Dell EMC Networking N-Series N1100-ON, N1500, N2000, N2100-ON, N3000, N3100-ON, and N4000 Switches CLI Reference Guide Version 6.3.0.x—N2000/N3000/ N4000 Series Switches Version 6.3.5.x—N3100-ON Series Switches Version 6.3.6.x—N2100-ON/N3100- ON Series Switches Version 6.4.x.x—N1100-ON Series Switches Regulatory Model: E17W/E18W/E15W/E16W/E05W/E04W/ E06W/E07W/PowerConnect 8132/PowerConnect 8132F/...
Page 3 Dell EMC and the Dell EMC logo are trademarks of Dell EMC Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Page 5: Table Of Contents
Contents Dell EMC Networking CLI ... . Introduction ..... Command Groups .
Page 6 deny | permit (Mac-Access-List-Configuration) ip access-group ....mac access-group ....mac access-list extended .
Page 7 show mac address-table address ..show mac address-table count ..show mac address-table dynamic ..show mac address-table interface .
Page 8 show isdp neighbors ....show isdp traffic ....DHCP Layer 2 Relay Commands .
Page 9 ip dhcp snooping ....ip dhcp snooping binding ....ip dhcp snooping database .
Page 10 ipv6 dhcp snooping limit ....ipv6 dhcp snooping log-invalid ... ipv6 dhcp snooping trust ....ipv6 dhcp snooping verify mac-address .
Page 11 ip arp inspection validate ....ip arp inspection vlan ....permit ip host mac host .
Page 12 show interfaces detail ....show interfaces status ....show interfaces transceiver ... . show statistics .
Page 13 ethernet cfm mep active ....ethernet cfm mep archive-hold-time ..ethernet cfm mip level ....ping ethernet cfm .
Page 14 show green-mode eee-lpi-history interface ..GMRP Commands ......453 Commands in this Section .
Page 15 show ip igmp snooping mrouter ..ip igmp snooping vlan immediate-leave ..ip igmp snooping vlan groupmembership-interval ip igmp snooping vlan last-member-query-interval 475 ip igmp snooping vlan mcrtrexpiretime .
Page 16 IPv6 Access List Commands ....497 Commands in this Section ... . . deny | permit (IPv6 ACL) .
Page 17 ipv6 mld snooping querier (VLAN mode) ..ipv6 mld snooping querier address ..ipv6 mld snooping querier election participate ipv6 mld snooping querier query-interval ..ipv6 mld snooping querier timer expiry .
Page 18 Commands in this Section ... . . action ......link-dependency group .
Page 19 lldp transmit-tlv ....show lldp ..... . show lldp interface .
Page 20 peer detection interval ....peer-keepalive destination ... . . peer-keepalive enable ....peer-keepalive timeout .
Page 21 mvr mode ..... . mvr querytime ....mvr vlan .
Page 22 interface range port-channel ... . hashing-mode ....lacp port-priority ....lacp system-priority .
Page 23 Layer 2 ACLs ....Layer 3/4 IPv4 ACLs ....Class of Service (CoS) .
Page 24 mark ip-precedence ....match class-map ....match cos .
Page 25 police-two-rate ....policy-map ..... random-detect queue-parms .
Page 26 Commands in this Section ... . . clear spanning-tree detected-protocols ..exit (mst) ..... . instance (mst) .
Page 27 spanning-tree mode ....spanning-tree mst configuration ..spanning-tree mst cost ....spanning-tree mst port-priority .
Page 28 Processing UDLD Traffic from Neighbors ..UDLD in Normal-mode ....UDLD in Aggressive-mode ... . . Commands in this Section .
Page 29 name (VLAN Configuration) ... . private-vlan ..... protocol group ....protocol vlan group .
Page 30 switchport mode ....switchport mode dot1q-tunnel ... switchport mode private-vlan ... switchport private-vlan .
Page 31 Security Commands ....AAA Commands ......838 Administrative Authentication .
Page 32 aaa server radius dynamic-author ..authentication enable ....authentication order ....authentication priority .
Page 33 show users accounts ....show users login-history ....username ..... . username unlock .
Page 34 clear logging email statistics ... . security ..... . . mail-server ip-address | hostname .
Page 35 name (RADIUS server) ....primary ..... . . priority .
Page 36 TACACS+ Commands ......943 Commands in this Section ....
Page 37 dot1x reauthentication ....dot1x system-auth-control ... . . dot1x system-auth-control monitor ..dot1x timeout quiet-period .
Page 38 dot1x timeout guest-vlan-period ..dot1x unauth-vlan ....show dot1x advanced ....Captive Portal Commands .
Page 39 redirect-url 1002 ....session-timeout 1003 ....verification 1004 .
Page 40 user group moveusers 1019 ....user group name 1020 ....Denial of Service Commands ....1021 Commands in this Section 1022 .
Page 41 show management access-class 1042 ..show management access-list 1043 ..Password Management Commands ... .1045 Configurable Minimum Password Length 1045 .
Page 42 passwords strength exclude-keyword 1058 ..enable password encrypted 1059 ... show passwords configuration 1059 ..show passwords result 1061 .
Page 43 clear mmrp statistics 1076 ....mmrp 1077 ..... . . mmrp global 1078 .
Page 44 msrp srclass-pvid 1096 ....msrp srclassqav 1097 ....msrp talker-pruning 1099 .
Page 45 show dot1as statistics 1126 ....Data Center Technology Commands 1129 Data Center Bridging Commands ....1130 Data Center Bridging Exchange Protocol 1130 .
Page 46 show interfaces traffic 1156 ....show interfaces traffic-class-group 1158 ..OpenFlow Commands ......1160 Commands in this Section 1160 .
Page 47 Commands in this Section 1189 ... . 1189 ......arp cachesize 1191 .
Page 48 neighbor fall-over bfd 1208 ....show bfd neighbor 1208 ....Border Gateway Protocol Commands ..1212 Commands in this Section 1212 .
Page 49 bgp log-neighbor-changes 1233 ... . bgp maxas-limit 1233 ....bgp router-id 1234 ....clear ip bgp 1235 .
Page 50 ip extcommunity-list 1254 ....match extcommunity 1256 ....maximum-paths (BGP Router Configuration) 1257 .
Page 51 neighbor maximum-prefix (IPv6 Address Family Configuration) 1282 neighbor next-hop-self (BGP Router Configuration) 1283 neighbor next-hop-self (IPv6 Address Family Configuration) 1284 neighbor password 1285 ....neighbor prefix-list (BGP Router Configuration) 1287 neighbor prefix-list (IPv6 Address Family Configuration) 1288 neighbor remote-as...
Page 52 1308 ......redistribute (BGP) 1309 ....redistribute (BGP IPv6) 1311 .
Page 53 show ip bgp community 1346 ... . . show ip bgp community-list 1347 ... show ip bgp extcommunity-list 1348 ..show ip bgp listen range 1349 .
Page 54 ip bgp-community new-format 1387 ..ip community-list 1388 ....ip prefix-list 1389 ....ip prefix-list description 1391 .
Page 55 set metric 1413 ..... DVMRP Commands ......1415 Commands in this Section 1415 .
Page 56 show ip igmp 1431 ....show ip igmp groups 1431 ....show ip igmp interface 1432 .
Page 57 ip dhcp relay information option-insert 1451 ..ip helper-address (global configuration) 1452 ..ip helper-address (interface configuration) 1454 . . . ip helper enable 1456 ....show ip helper-address 1457 .
Page 58 ip routing 1477 ..... ip unnumbered 1478 ....ip unnumbered gratuitous-arp accept 1479 .
Page 59 show ip vlan 1506 ....show route-map 1507 ....show routing heap summary 1509 .
Page 60 ipv6 nd ra hop-limit unspecified 1524 ..ipv6 nd managed-config-flag 1524 ... ipv6 nd ns-interval 1525 ....ipv6 nd nud max-multicast-solicits 1526 .
Page 61 show ipv6 mld host-proxy 1547 ... . show ipv6 mld host-proxy groups 1548 ..show ipv6 mld host-proxy groups detail 1549 ..show ipv6 mld host-proxy interface 1551 .
Page 62 ip multicast boundary 1571 ....ip mroute 1571 ..... ip multicast-routing 1572 .
Page 63 show ip mroute source 1588 ....show ip mroute static 1589 ....show ip pim 1590 .
Page 64 ipv6 pim sparse-mode 1608 ....ipv6 pim ssm 1609 ....show ipv6 pim 1609 .
Page 65 area nssa no-redistribute 1630 ... . . area nssa no-summary 1630 ....area nssa translator-role 1631 ... . . area nssa translator-stab-intv 1632 .
Page 66 default-metric 1652 ....distance ospf 1652 ....distribute-list out 1653 .
Page 67 1670 ......nsf helper 1671 ..... nsf helper strict-lsa-checking 1672 .
Page 68 show ip ospf statistics 1703 ....show ip ospf stub table 1705 ....show ip ospf traffic 1706 .
Page 69 area virtual-link hello-interval 1726 ..area virtual-link retransmit-interval 1727 ..area virtual-link transmit-delay 1728 ..default-information originate (Router OSPFv3 Configuration) 1728 default-metric 1729...
Page 70 1743 ......nsf helper 1744 ..... nsf helper strict-lsa-checking 1745 .
Page 71 show ipv6 ospf stub table 1765 ... . . show ipv6 ospf virtual-links 1766 ... . show ipv6 ospf virtual-link brief 1767 .
Page 72 ip rip authentication 1782 ....ip rip receive version 1783 ....ip rip send version 1784 .
Page 73 show ip vrf 1802 ....Virtual Router Redundancy Protocol Commands .1805 Pingable VRRP Interface 1805 ... . . VRRP Route/Interface Tracking 1806 .
Page 74 Switch Management Commands 1823 ..Application Deployment ..... .1824 Commands in this Section 1824 ... . application install 1824 .
Page 75 macro global description 1841 ... . . macro apply 1842 ....macro trace 1842 .
Page 76 clock timezone hours-offset 1856 ... no clock timezone 1857 ....clock summer-time recurring 1858 ..clock summer-time date 1859 .
Page 77 erase 1880 ..... . . filedescr 1881 ..... . rename 1882 .
Page 78 dns-server (IP DHCP Pool Config) 1902 ..domain-name (IP DHCP Pool Config) 1903 ..hardware-address 1903 ....host 1904 .
Page 79 DHCPv6 Server Commands ....1922 clear ipv6 dhcp 1922 ....dns-server (IPv6 DHCP Pool Config) 1923 .
Page 80 1943 ......show hiveagent status 1944 ....show eula-consent hiveagent 1945 .
Page 81 ipv6 enable (Interface Configuration) 1964 ..ipv6 enable (OOB Configuration) 1965 ..ipv6 gateway (OOB Configuration) 1965 ..show hosts 1966 .
Page 82 show line 1982 ..... speed 1983 ..... . . terminal length 1984 .
Page 83 RMON Commands ......2005 Commands in this Section 2005 ... . rmon alarm 2005 .
Page 84 debug clear 2031 ....debug console 2032 ....debug crashlog 2032 .
Page 85 debug lacp 2051 ....debug mldsnooping 2051 ....debug ospf 2052 .
Page 86 Commands in this Section 2077 ... . sflow destination 2077 ....sflow polling 2079 .
Page 87 snmp-server community 2098 ... . . snmp-server community-group 2100 ..snmp-server contact 2101 ....snmp-server enable traps 2102 .
Page 88 show eula-consent support-assist 2126 ..show support-assist status 2128 ... . support-assist 2129 ....2130 .
Page 89 logging snmp 2148 ....logging source-interface 2149 ... . . logging traps 2150 .
Page 90 exit 2169 ......hardware profile portmode 2170 ... . hostname 2171 .
Page 91 show hardware profile 2192 ....show idprom interface 2193 ....show interfaces 2194 ....show interfaces advanced firmware 2196 .
Page 92 show system temperature 2226 ... . show tech-support 2228 ....show users 2231 ....show version 2232 .
Page 93 periodic 2253 ..... . show time-range 2255 ....USB Flash Drive Commands .
Page 94 country 2271 ..... . crypto certificate generate 2272 ... . crypto certificate import 2274 .
Page 95: Dell Emc Networking Cli
The CLI can be accessed from a console terminal connected to an RS-232 port or through a Telnet/SSH session. Serial communication via a dedicated USB port is available on the N1100-ON Series switch. This guide describes how the CLI is structured, describes the command syntax, and describes the command functionality.
Page 96: Command Groups
Configures IGMP Snooping Querier and displays IGMP Snooping Querier information. IP Addressing Configures and manages IP addresses on the switch. IPv6 ACL Configures and displays ACL information for IPv6. IPv6 MLD Snooping Configures IPv6 MLD Snooping. Dell EMC Networking CLI...
Page 97 Administrative Profiles Group commands into a profile and assign a profile to a Commands user upon authentication. E-mail Alerting Configures e-mail capabilities. RADIUS Configures and displays RADIUS information. TACACS+ Configures and displays TACACS+ information. Dell EMC Networking CLI...
Page 98 Configures BFD and displays BFD information. Configures BGP and displays BGP information. BGP Routing Policy Configures BGP routing policy and displays BGP routing policy information. DHCP Server and Relay Manages DHCP/BOOTP operations on the system. Agent (IPv4) Dell EMC Networking CLI...
Page 99 Managing tunneling operations. Virtual Router Manages a virtual router. Virtual Router Controls virtual LAN routing. Redundancy (IPv4) Switch Management Commands Application Deployment Manages Dell-supplied applications. Auto-Install Automatically configures switch when a configuration file is not found. Dell EMC Networking CLI...
Page 100 Manages file system and Command Line Interface Files scripting commands. DHCP Client Configures an interface to obtain an IP address via DHCP. HiveAgent Enables configuration of the Dell HiveAgent Line Configures the console, SSH, and remote Telnet connection. PHY Diagnostics Diagnoses and displays the interface status.
Page 101: Mode Types
IP — IP Access List Configuration • IPAF4—IPv4 Address Family Configuration • IPAF—IPv6 Address Family Configuration • IR — Interface Range • KC — Key Chain • KE — Key • L — Logging • LC — Line Configuration Dell EMC Networking CLI...
Page 102 SAC—Support Assist Configuration • SC — Stack Configuration • SP — SSH Public Key • SK — SSH Public Key-chain • TC — TACACS Configuration • TRC — Time Range Configuration • UE — User Exec Dell EMC Networking CLI...
Page 103: Layer 2 Commands
(ACL) to an interface in the in-bound direction. mac access-list extended Creates the MAC Access Control List (ACL) identified by the name parameter. mac access-list extended Renames the existing MAC Access Control List rename (ACL) name. Dell EMC Networking CLI...
Page 104: Address Table
Disables new address learning on an interface. (Interface Configuration) show mac address-table Displays dynamically created entries in the bridge-forwarding database. show mac address-table Displays all entries in the bridge-forwarding UE or address database for the specified MAC address. Dell EMC Networking CLI...
Page 105 Clears the ISDP counters. clear isdp table Clears entries in the ISDP table. isdp advertise-v2 Enables the sending of ISDP version 2 packets from the device. isdp enable Enables ISDP on the switch. GC or Dell EMC Networking CLI...
Page 106 Enables the L2 DHCP Relay agent for a set of VLANs. show dhcp l2relay all Displays the summary of DHCP L2 Relay PE or configuration. show dhcp l2relay interface Displays DHCP L2 Relay configuration specific to interfaces. Dell EMC Networking CLI...
Page 107: Dhcp Snooping
Configures the persistent location of the DHCP snooping database. ip dhcp snooping database Configures the interval in seconds at which the write-delay DHCP Snooping database will be stored in persistent storage. ip dhcp snooping limit Controls the maximum rate of DHCP messages. Dell EMC Networking CLI...
Page 108: Dynamic Arp Inspection
VLAN or a range of VLANs to filter invalid ARP packets. ip arp inspection limit Configures the rate limit and burst interval values for an interface. ip arp inspection trust Configures an interface as trusted for Dynamic ARP Inspection. Dell EMC Networking CLI...
Page 109: Ethernet Configuration
Enters the interface configuration mode to GC or execute a command on multiple ports at the IC or same time. link debounce time Configures the debounce timer for one or IC or multiple interfaces. Dell EMC Networking CLI...
Page 110 Displays the status for all configured interfaces. UE show interfaces transceiver Display the optic static parameters as well as the Dell EMC qualification. show statistics Displays statistics for one port or for the entire switch. show statistics switchport Displays detailed statistics for a specific port or for the entire switch.
Page 111 MEP. traceroute ethernet cfm Generates a link trace message (LTM) from the configured MEP. show ethernet cfm errors Displays the cfm errors. show ethernet cfm domain Displays the configured parameters in a maintenance domain. Dell EMC Networking CLI...
Page 112: Green Ethernet
Green Ethernet Command Description Mode clear counters Enables a Dell EMC proprietary mode of power reduction on ports that are not connected to another interface. green-mode eee Enables EEE low power idle mode on an interface or all the interfaces.
Page 113 GVRP and dynamic VLAN creation is enabled, and which ports are running GVRP. show gvrp error-statistics Displays GVRP error statistics. show gvrp statistics Displays GVRP statistics. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 114: Igmp Snooping
VLAN. For the meaning of each Mode abbreviation, see Mode Types. IGMP Snooping Querier Command Description Mode ip igmp snooping Enables/disables IGMP Snooping Querier on GC or the system (Global Configuration mode) or on a VLAN. Dell EMC Networking CLI...
Page 115: Ip Address
IPv4 addresses on the switch. ip address dhcp (Interface Acquires an IP address on an interface from the Configuration) DHCP server. ip default-gateway Defines a default gateway (router). ip domain-lookup Enables IP DNS-based host name-to-address translation. Dell EMC Networking CLI...
Page 116: Ip Domain-Name
Displays IPv6 DHCP statistics for the out-of- out-of-band statistics band interface. show ipv6 interface out-of- Displays the IPv6 out-of-band port band configuration. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 117: Ipv6 Mld Snooping
Statically configures a port as connected to a mrouter multicast router for a specified VLAN. ipv6 mld snooping (Global) Enables MLD Snooping on the system (Global Configuration mode). show ipv6 mld snooping Displays MLD Snooping information. Dell EMC Networking CLI...
Page 118: Ipv6 Mld Snooping Querier
Enables IP Source Guard on an interface. ip verify binding Configures IPSG static bindings. show ip verify Displays IPSG interface configuration. show ip verify source Displays the bindings configured on a particular interface. Dell EMC Networking CLI...
Page 119: Iscsi Optimization
Adds member gigabit Ethernet port(s) to the dependency list. depends-on Adds the dependent Ethernet ports or port channels list. show link-dependency Shows the link dependencies configured on a particular group. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 120 Displays the current LLDP configuration summary. show lldp interface Displays the current LLDP interface state. show lldp local-device Displays the LLDP local data. show lldp med Displays a summary of the current LLDP MED configuration. Dell EMC Networking CLI...
Page 121: Loop Protection
For the meaning of each Mode abbreviation, see Mode Types. MLAG Command Description Mode clear vpc statistics Clears the counters for the keepalive messages transmitted and received by the MLAG switch. feature vpc Enables debug traces for the specified protocols. Dell EMC Networking CLI...
Page 122 Displays information about the keepalive status, keepalive parameters, role of the MLAG switch, and the system MAC and priority. show vpc statistics Displays counters for the keepalive messages transmitted and received by the MLAG switch Dell EMC Networking CLI...
Page 123: Multicast Vlan Registration
Displays global MVR settings. show mvr members Displays the MVR membership groups allocated. show mvr interface Displays the MVR enabled interface configuration. show mvr traffic Displays global MVR statistics. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 124: Port Channel
Capture packets transmitted or received from Exec) the CPU monitor session Configures a port monitoring session. remote-span Configures a VLAN as an RSPAN VLAN. show monitor capture Displays captured packets transmitted or received from the CPU. Dell EMC Networking CLI...
Page 125 Configures WRED packet drop policy on an GC or interface CoS queue. cos-queue strict Activates the strict priority scheduler mode for GC or each specified queue. diffserv Sets the DiffServ operational mode to active. Dell EMC Networking CLI...
Page 126 Adds to the specified class definition a match condition based on the value of the ethertype. match ip6flowlbl Adds to the specified class definition a match v6CMC condition based on the IPv6 flow label of a packet. Dell EMC Networking CLI...
Page 127 Mirrors all the data that matches the class PCMC defined to the destination port specified. police-simple Implements simple color aware marking for the PCMC specified class. police-single-rate Implements a single-rate Three Color Marker PCMC (trTCM) per RFC 2698 Dell EMC Networking CLI...
Page 128 Displays policy service information for the interface specified interface and direction. show diffserv service brief Displays all interfaces in the system to which a DiffServ policy has been attached. show interfaces cos-queue Displays the class-of-service queue configuration for the specified interface. Dell EMC Networking CLI...
Page 129: Spanning Tree
Displays spanning tree information per VLAN and also lists the port roles and states as well as the port cost. spanning-tree Enables spanning-tree functionality. spanning-tree auto-portfast Sets the port to auto portfast mode. Dell EMC Networking CLI...
Page 130 Configures the path cost for multiple spanning tree (MST) calculations. spanning-tree mst port- Configures port priority. priority spanning-tree mst priority Configures the switch priority for the specified spanning tree instance. spanning-tree portfast Enables portfast mode. Dell EMC Networking CLI...
Page 131 Configures the bridge priority of a VLAN. For the meaning of each Mode abbreviation, see Mode Types. UDLD Command Description Mode udld enable (Global Globally enable UDLD. UDLD must be Configuration) globally enabled and enabled on an interface to operate. Dell EMC Networking CLI...
Page 132 VLAN identified by groupid. protocol vlan group all Adds all Ethernet interfaces to the protocol- based VLAN identified by groupid. show dot1q-tunnel Displays the QinQ status for each interface. show interfaces switchport Displays switchport configuration. PE or Dell EMC Networking CLI...
Page 133 Adds or removes VLANs from a port in General vlan mode. switchport general ingress- Disables port ingress filtering. filtering disable switchport general pvid Configures the PVID when the interface is in general mode. switchport mode Configures the VLAN membership mode of a port. Dell EMC Networking CLI...
Page 134: Voice Vlan
For the meaning of each Mode abbreviation, see Mode Types. Voice VLAN Command Description Mode voice vlan Enables the voice VLAN capability on the switch. voice vlan (Interface) Enables the voice VLAN capability on the interface. Dell EMC Networking CLI...
Page 135 Enters radius dynamic authorization mode. author authentication enable Globally enables the Authentication Manager. authentication order Sets the order of authentication methods used on a port. authentication priority Sets the priority for the authentication methods used on a port. Dell EMC Networking CLI...
Page 136 Displays information about the authentication methods methods. show authentication Displays the Authentication Manager statistics statistics on one or more interfaces. show authorization methods Displays the configured authorization method lists. show users accounts Displays information about the local user database. Dell EMC Networking CLI...
Page 137: Administrative Profiles
Administrative Profile for a local user. For the meaning of each Mode abbreviation, see Mode Types. E-mail Alerting Command Description Mode logging email Enables e-mail alerting and sets the lowest severity level for which log messages are e- mailed. Dell EMC Networking CLI...
Page 138 Configures the password required to Configuration Mode) authenticate to the e-mail server. show mail-server Displays the configuration of all the mail servers or a particular mail server. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 139 Sets the authentication and encryption key for all RADIUS communications between the switch and the RADIUS daemon. msgauth Enables the message authenticator attribute to be used for the RADIUS Authenticating server being configured. name (RADIUS server) Assigns a name to a RADIUS server. Dell EMC Networking CLI...
Page 140 Specifies the source IP address used for communication with RADIUS servers. radius-server source- Selects the interface from which to use the IP interface address in the source IP address field of transmitted RADIUS packets. Dell EMC Networking CLI...
Page 141 Specifies the order in which servers are used. show tacacs Displays TACACS+ server settings and statistics. tacacs-server host Specifies a TACACS+ server host. tacacs-server key Sets the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. Dell EMC Networking CLI...
Page 142 Enables manual control of the authorization state of the port. dot1x re-authenticate Manually initiates a reauthentication of all 802.1x-enabled ports or a specified 802.1X enabled port. dot1x reauthentication Enables periodic reauthentication of the client. IC dot1x system-auth-control Enables 802.1X globally. monitor Dell EMC Networking CLI...
Page 143 RADIUS clients that do not have an individual shared secret configured. show dot1x Displays 802.1X status for the switch or the specified interface. show dot1x authentication- Displays the dot1x authentication events and history information during successful and unsuccessful dot1x authentication processes. Dell EMC Networking CLI...
Page 144: Captive Portal
Configures an additional HTTPS port for captive portal to monitor. show captive-portal Displays the status of captive portal. show captive-portal status Reports the status of all captive portal instances in the system. Dell EMC Networking CLI...
Page 145 Displays the clients authenticated to all captive configuration client status portal configurations or a to specific configuration. show captive-portal Displays information about clients interface client status authenticated on all interfaces or a specific interface. Dell EMC Networking CLI...
Page 146 Creates a user group. user group moveusers Moves a group's users to a different group. user group name Configures a group name. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 147: Denial Of Service
Enables Unicast storm control. For the meaning of each Mode abbreviation, see Mode Types. Management ACL Command Description Mode deny (management) Defines a deny rule. management access-class Defines which management access-list is used. GC Dell EMC Networking CLI...
Page 148: Password Management
Enforces a minimum number of lowercase minimum lowercase-letters letters that a password must contain. passwords strength Enforces a minimum number of numeric minimum numeric- numbers that a password should contain. characters Dell EMC Networking CLI...
Page 149 Erases all public key chains or the public key chain chain for a user. crypto key zeroize {rsa|dsa} Deletes the RSA or DSA keys from the switch. ip ssh port Specifies the port to be used by the SSH server. GC Dell EMC Networking CLI...
Page 150 Displays the MMRP configuration for an PE or interface or globally. show mmrp statistics Displays the MMRP statistics for an interface PE or or globally. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 151 Globally enables MSRP. msrp max-fan-in-ports Configures the fan-in value used in calculating available bandwidth. msrp srclass-pvid Configures the MSRP VLAN ID for the SR traffic class on the interface. msrp srclassqav Configures the IEEE 802.1Qav class priority map. Dell EMC Networking CLI...
Page 152 Configures the number of sync intervals expiries with no received announce message in which case the master is considered to be no longer transmitting. Dell EMC Networking CLI...
Page 153 LLDP is enabled to transmit on the given interface. lldp dcbx port-role Configures the port role to manual, auto- upstream, auto-downstream and configuration source. show lldp tlv-select Displays the Traffic Class to Traffic Class Group mapping. Dell EMC Networking CLI...
Page 154 Selects the forwarding mode for the OpenFlow hybrid capability. ipv4 address Assigns the IPv4 source address utilized for controller connections. mode Configures the selection of interfaces used to assign the IP address utilized for controller connections. Dell EMC Networking CLI...
Page 155: Priority Flow Control
Displays the global or interface priority flow flow-control control status and statistics. For the meaning of each Mode abbreviation, see Mode Types. Layer 3 Routing Commands ARP (IPv4) Command Description Mode Creates an Address Resolution Protocol (ARP) entry. Dell EMC Networking CLI...
Page 156 Configures BFD session parameters for a VLAN routing interface. bfd slow-timer Configures the BFD periodic slow transmission interval for BFD Control packets. ip ospf bfd Enable sending of BFD events to OSPF on a VLAN routing interface. Dell EMC Networking CLI...
Page 157 Compares MED values during the decision process in paths received from different IPAF autonomous systems. bgp client-to-client Enables client-to-client reflection. reflection (BGP Router Configuration) bgp client-to-client Enables client-to-client reflection. IPAF reflection (IPv6 Address Family Configuration) Dell EMC Networking CLI...
Page 158: Redistribute Command
(IPv6 Address Sets the metric of redistributed IPv6 routes IPAF Family Configuration) when a metric is not configured in the redistribute command. distance Sets the preference of BGP routes to specific IPAF destinations. Dell EMC Networking CLI...
Page 159 BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors outside the local autonomous system. maximum-paths (IPv6 Limits the number of ECMP next hops in IPv6 IPAF Address Family routes from external peers. Configuration) Dell EMC Networking CLI...
Page 160 Router Configuration) neighbor according to the advertisement’s AS Path. neighbor filter-list (IPv6 Filters BGP to apply an AS path access list to IPAF Address Family UPDATE messages received from or sent to a Configuration) specific neighbor. Dell EMC Networking CLI...
Page 161 Enables advertisement of IPv4 routes over IPv6 next hops selectively to an external BGP IPv6 peer. neighbor route-map (BGP Applies a route map to incoming or outgoing Router Configuration) routes for a specific neighbor. Dell EMC Networking CLI...
Page 162 Configures BGP to advertise routes learned by means outside of BGP. BGP can redistribute local (connected), static, OSPF, and RIP routes. redistribute (BGP IPv6) Configures BGP to redistribute non-BGP routes IPAF from the IPv6 routing table. Dell EMC Networking CLI...
Page 163 Displays a list of IPv6 routes received from a received-routes specific neighbor. show bgp ipv6 statistics Displays statistics for the IPv6 decision process. UE, show bgp ipv6 summary Displays a summary of BGP configuration and status. Dell EMC Networking CLI...
Page 164 Displays recent decision process history. show ip bgp summary Displays a summary of BGP configuration and status. show ip bgp template Lists the routes that are allowed by the specified community list. Dell EMC Networking CLI...
Page 165: Bgp Routing Policy
AS path access list to a route map. match community Configures a route map to match based on a BGP community list. match ip address prefix-list Configures a route map to match based on a destination prefix. Dell EMC Networking CLI...
Page 166 DHCP Server and Relay Agent (IPv4) Command Description Mode ip dhcp pool Defines a DHCP address pool that can be used to supply addressing information to DHCP client. This command puts the user into DHCP Pool Configuration mode. Dell EMC Networking CLI...
Page 167 Sets the period for which a dynamically assigned DHCP address is valid. netbios-name-server Configures the IPv4 address of the Windows ® Internet Naming Service (WINS) for a Microsoft DHCP client. netbios-node-type Sets the NetBIOS node type for a Microsoft DHCP client. Dell EMC Networking CLI...
Page 168 Sets the DNS domain name which is provided v6DP Pool Config) to a DHCPv6 client by the DHCPv6 server. ipv6 dhcp pool Enters IPv6 DHCP Pool Configuration mode. ipv6 dhcp relay Configures an interface for DHCPv6 Relay functionality. Dell EMC Networking CLI...
Page 169 Configures a static IPv6 DHCP snooping binding. ipv6 dhcp snooping database Configures the persistent location of the DHCP snooping database. ipv6 dhcp snooping database Configures the time period between successive write-delay writes of the binding database. Dell EMC Networking CLI...
Page 170 Displays the IPv6 Source Guard configuration UE or on all interfaces or the specified interface. show ipv6 verify source Displays the Ipv6 source guard configurations UE or on all ports. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 171 Enables GMRP globally or on a port. GC or clear gvrp statistics Clears all the GMRO statistics information. show gmrp configuration Displays GMRP configuration. GC or For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 172 Displays the registered multicast groups on the interface. show ip igmp interface Displays the IGMP information for the specified interface. show ip igmp membership Displays the list of interfaces that have registered in the multicast group. Dell EMC Networking CLI...
Page 173: Igmp Proxy
BootP/DHCP Relay on the system. bootpdhcprelay Configures the minimum wait time in seconds minwaittime for BootP/DHCP Relay on the system. clear ip helper statistics Resets (to 0) the statistics displayed in show ip helper statistics. Dell EMC Networking CLI...
Page 174 For the meaning of each Mode abbreviation, see Mode Types. IP Routing Command Description Mode encapsulation Configures the link layer encapsulation type for the packet. ip icmp echo-reply Configures an IP address on an interface. Dell EMC Networking CLI...
Page 175 Routes packets to interface null 0. Sets a list of default next-hop IP addresses set ip default next-hop to be used if no explicit route for the packet’s destination address appears in the routing table. Dell EMC Networking CLI...
Page 176: Ipv6 Routing
Displays a summary of the memory allocation from the routing heap. For the meaning of each Mode abbreviation, see Mode Types. IPv6 Routing Command Description Mode Clears all entries in the IPv6 neighbor table or an entry on a specific interface. Dell EMC Networking CLI...
Page 177 Sets the MLD router's query interval for the interface. ipv6 mld query-max- Sets MLD querier's maximum response time response-time for the interface. ipv6 nd dad attempts Sets the number of duplicate address detection probes transmitted while doing neighbor discovery. Dell EMC Networking CLI...
Page 178 Sets the value that is placed in the Router Lifetime field of the router advertisements sent from the interface. ipv6 nd reachable-time Sets the router advertisement time to consider a neighbor reachable after neighbor discovery confirmation. Dell EMC Networking CLI...
Page 179 Displays information about IPv6 neighbors. show ipv6 protocols Displays information about the configured PE or GC IPv6 routing protocols. show ipv6 route Displays the IPv6 routing table. Dell EMC Networking CLI...
Page 180: Loopback Interface
Creates a static multicast route for a source range. ip multicast-routing Sets the administrative mode of the IP multicast forwarder in the router to active. ip multicast ttl-threshold Applies a ttlvalue to a routing interface. Dell EMC Networking CLI...
Page 181 Displays the system-wide multicast information. show ip multicast interface Displays the multicast information for the specified interface. show ip mroute Displays a summary or all the details of the multicast table. Dell EMC Networking CLI...
Page 182: Ipv6 Multicast
Mode Types. IPv6 Multicast Command Description Mode clear ipv6 mroute Selectively clears dynamic IPv6 multicast entries from the cache. ipv6 pim (VLAN Interface Administratively enables PIM-SM multicast config) routing mode on a particular IPv6 router interface. Dell EMC Networking CLI...
Page 183 Display the bootstrap router (BSR) information. PE, or show ip mroute group Displays the multicast configuration settings show ip mroute source Displays the multicast configuration settings show ipv6 pim interface Displays interface config parameters. PE or Dell EMC Networking CLI...
Page 184 (Router OSPF) Creates a specified area range for a specified ROSPF NSSA. area stub Creates a stub area for the specified area ID. ROSPF area stub no-summary Prevents Summary LSAs from being advertised ROSPF into the NSSA. Dell EMC Networking CLI...
Page 185 Controls the advertisement of default routes. ROSPF originate (Router OSPF Configuration) default-metric Sets a default for the metric of distributed routes. ROSPF distance ospf Sets the route preference value of OSPF in the ROSPF router. Dell EMC Networking CLI...
Page 186 Enables logging of OSPFv2 neighbor state ROSPF changes. max-metric router-lsa Configures OSPF to enable stub router mode. ROSPF maximum-paths Sets the number of paths that OSPF can report ROSPF for a given destination. Dell EMC Networking CLI...
Page 187 Displays information about the link state database when OSPF is enabled. show ip ospf database Displays the number of each type of LSA in the database-summary database for each area and for the router. Dell EMC Networking CLI...
Page 188 For the meaning of each Mode abbreviation, see Mode Types. OSPFv3 Command Description Mode area default-cost (Router Configures the monetary default cost for the stub ROSV3 OSPFv3) area. area nssa (Router Configures the specified areaid to function as an ROSV3 OSPFv3) NSSA. Dell EMC Networking CLI...
Page 189 ROSV3 delay virtual interface on the virtual interface identified by areaid and neighbor. default-information Controls the advertisement of default routes. ROSV3 originate (Router OSPFv3 Configuration) default-metric Sets a default for the metric of distributed routes. ROSV3 Dell EMC Networking CLI...
Page 190 Enters Router OSPFv3 Configuration mode. maximum-paths Sets the number of paths that OSPF can report ROSV3 for a given destination. Enables OSPF graceful restart. ROSV3 nsf helper Allows OSPF to act as a helpful neighbor for a ROSV3 restarting router. Dell EMC Networking CLI...
Page 191 Displays the information for the IFO object or virtual interface tables. show ipv6 ospf interface Displays brief information for the IFO object or brief virtual interface tables. show ipv6 ospf interface Displays the statistics for a specific interface. stats Dell EMC Networking CLI...
Page 192 Displays the router discovery information for all interfaces, or for a specified interface. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 193: Routing Information Protocol
Displays information relevant to the RIP router. PE show ip rip interface Displays information related to a particular RIP interface. show ip rip interface brief Displays general information for each RIP interface. split-horizon Sets the RIP split horizon mode. Dell EMC Networking CLI...
Page 194 Shows the interfaces associated with a VRF instance. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 195 Tracks route reachability. show vrrp Displays the global VRRP configuration and UE or status as well as the brief or detailed status of one or all VRRP groups. Dell EMC Networking CLI...
Page 196 Switch Management Commands Application Deployment Command Description Mode application install Installs or removes a Dell-supplied application. GC application start Schedules a Dell-supplied application for immediate execution on the stack master. application stop Stops a Dell-supplied application if the application is executing on the stack master.
Page 197 Displays the SNTP configuration. show sntp server Displays the preconfigured SNTP servers. show sntp status Displays the SNTP status. sntp authenticate Set to require authentication for received NTP traffic from servers. sntp authentication-key Defines an authentication key for SNTP. Dell EMC Networking CLI...
Page 198 Applies commands in the script to the switch. for this command. script delete Deletes a specific script. script list Lists all scripts present in the switch. script show Displays the contents of a script file. script validate Validates a script file. Dell EMC Networking CLI...
Page 199: Configuration And Image Files
For the meaning of each Mode abbreviation, see Mode Types. DHCP Client Command Description Mode release dhcp Forces the DHCPv4 client to release a leased address. renew dhcp Forces the DHCP client to immediately renew an IPv4 address lane. Dell EMC Networking CLI...
Page 200 Applies an accounting method to a line config. LC authorization Applies a command authorization method to a line config. enable authentication Specifies the authentication method list when accessing a higher privilege level from a remote telnet or console. Dell EMC Networking CLI...
Page 201 For the meaning of each Mode abbreviation, see Mode Types. PHY Diagnostics Command Description Mode show copper-ports tdr Displays the last TDR (Time Domain Reflectometry) tests on specified ports. show fiber-ports optical- Displays the optical transceiver diagnostics. transceiver Dell EMC Networking CLI...
Page 202 Reports current PoE configuration and status. show power inline Displays the version of the PoE controller firmware-version firmware present on the switch file system. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 203 Enables Authentication Manager debug traces interface for the interface. debug auto-voip Enables Auto VOIP debug messages. debug bfd Enables the display of BFD events or packets. debug cfm Enables CFM debugging. debug clear Disables all debug traces. Dell EMC Networking CLI...
Page 204 Displays debug information about DHCPv6 client activities and to trace DHCPv6 packets to and from the local DHCPv6 client. debug ipv6 mcache Traces MDATAv6 packet reception and transmission. debug ipv6 mld Traces MLD packet reception and transmission. PE Dell EMC Networking CLI...
Page 205 Configures the core dump file name. exception dump Configures the core dump location. exception protocol Enables full core dumps. exception switch-chip- Enables the dumping of the switch chip register registers in case of an exception. Dell EMC Networking CLI...
Page 206 Selects the interface from which to use the IP address inserted in the source IP address field of transmitted sFlow packets. show sflow agent Displays the sflow agent information. show sflow destination Displays all the configuration information related to the sFlow receivers. Dell EMC Networking CLI...
Page 207 Creates or updates an SNMP server filter entry. GC snmp-server group Configures a new SNMP group or a table that maps SNMP users to SNMP views. snmp-server host Specifies the recipient of SNMP notifications. Dell EMC Networking CLI...
Page 208 Configures a proxy server to be used to contact the SupportAssist servers. server Configures a SupportAssist server and enter SupportAssist server configuration mode. show eula-consent support- Reviews the EULA details whenever desired. assist show support-assist status Displays information on the SupportAssist feature status Dell EMC Networking CLI...
Page 209 Logs messages in RFC5424 of RFC 3164 format. logging snmp Enables SNMP Set command logging. logging source-interface Selects the interface from which to use the IP address in the source IP address field of transmitted SYSLOG packets. Dell EMC Networking CLI...
Page 210: System Management
Configures the rising and falling thresholds for the issuance of the message buffer SNMP trap and notification via a SYSLOG message. clear checkpoint Clears the statistics for the checkpointing statistics process. clear counters stack- Clears the statistics for all stack-ports. ports Dell EMC Networking CLI...
Page 211 Disconnects the serial connection to the remote unit on a stack member. reload Reloads the operating system. set description Associates a text description with a switch in the stack. slot Configures a slot in the system. Dell EMC Networking CLI...
Page 212 Checks the CPU utilization for each process currently running on the switch. show process proc-list Lists the configured and in-use resources for PE or GC each application known to the Process Manager. show sessions Displays a list of the open console sessions. Dell EMC Networking CLI...
Page 213 Configures the standby in the stack. switch renumber Changes the identifier for a switch in the stack. GC telnet Logs into a host that supports Telnet. traceroute Discovers the IP routes that packets actually take when traveling to their destinations. Dell EMC Networking CLI...
Page 214: Telnet Server
Adds a periodic time entry to a time range. show time-range Displays a time range and all the absolute/periodic time entries that are defined for the time range. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 215: User Interface
Closes an active terminal session by logging off the switch. For the meaning of each Mode abbreviation, see Mode Types. Web Server Command Description Mode common-name Specifies the common-name for the device. country Specifies the country. crypto certificate generate Generates a HTTPS certificate. Dell EMC Networking CLI...
Page 216 Displays the HTTP server status information. show ip http server secure Displays the HTTP secure server status UE or status information. state Specifies the state or province name. For the meaning of each Mode abbreviation, see Mode Types. Dell EMC Networking CLI...
Page 217: Using The Cli
Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Introduction This section describes the basics of entering and editing the Dell EMC Networking N1100-ON, N1500, N2000, N2100-ON, N3000, N3100-ON, and N4000 Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
Page 218 Two instances where the help information can be displayed are: • Keyword lookup — The <?> key is entered in place of a command. A list of all valid commands and corresponding help messages is displayed. Partial keyword lookup — A command is incomplete and the <?> key is •...
Page 219 Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall <Ctrl>+<P> successively older commands. Down-arrow key Returns to more recent commands in the history buffer after recalling commands with the up-arrow key.
Page 220 console(config-if-Gi1/0/1)#show interface status Port Name Duplex Speed Link Flow State Status Control --------- ------------------------- --------- ------------- --------- --------- ------------ Gi1/0/1 Unknown Auto Down Inactive Gi1/0/2 Unknown Auto Down Inactive Gi1/0/3 Unknown Auto Down Inactive Gi1/0/4 Unknown Auto Down Inactive Gi1/0/5 Unknown Auto Down Inactive Gi1/0/6...
Page 221 Table 2-2. CLI Shortcuts Keyboard Key Description <Delete, Backspace> Delete previous character <Ctrl>+<A> Go to beginning of line <Ctrl>+<E> Go to end of line <Ctrl>+<F> Go forward one character <Ctrl>+<B> Go backward one character <Ctrl>+<D> Delete current character <Ctrl>+<U,X> Delete to beginning of line <Ctrl>+<K>...
Page 222 ) or a blank. In these cases, it may be necessary to enclose the entire string in double or single quotes for the command line parser to properly interpret the parameter. Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, any characters entered after the <!>...
Page 223 Table 2-3. CLI Command Notation Conventions Convention Description In a command line, square brackets indicate an optional entry. In a command line inclusive brackets indicate a selection of compulsory parameters separated by the character. One option must be selected. For example: flowcontrol auto means that for the flowcontrol command either auto, on or off must be selected.
Page 224 • Slot# — The slot number is an integer number assigned to a particular slot. Front panel ports have a slot number of 0. Rear panel ports are numbered from 1 and can be identified by the lexan on the rear panel. Use show slot command to retrieve information for a particular slot.
Page 225 Stacking interfaces are represented in the CLI with the same unit/slot/port form as Ethernet interfaces. The fixed stacking interfaces on the N2000/N2100-ON/N3000 switches always use the TwentyGigabitStacking or Tw notation and on the N1100-ON/N1500/N4000 switches, are referred to using Ethernet notation. Loopback Interfaces Loopback interfaces are represented in the CLI by the keyword loopback followed by the variable loopback-id, which can assume values from 0–7.
Page 226 When listed in command line output, port channel interfaces are preceded by the characters Po. Tunnel Interfaces Tunnel interfaces are represented in the CLI by the keyword tunnel followed by the variable tunnel-id, which can assume values from 0–7. VLAN Routing Interfaces VLAN interfaces are represented in the CLI by the keywords interface vlan followed by the variable vlan-id, which can can assume values from 1-4093.
Page 227 (#, #-#, #) — ranges and non-consecutive interfaces listed together. For example, (1/0/1, 1/0/3-5, 1/0/7) indicates that the operation applies to the physical interfaces 1, 3, 4, 5, and 7 on unit 1. NOTE: Each physical interface must be a fully qualified interface identifier in the format unit/slot/port.
Page 228 None console(config-if-Gi1/0/23)#show slot 2/0 Slot......2/0 Slot Status....... Empty Admin State....... Enable Power State....... Enable Configured Card: Model Identifier....Dell Networking N3024F Card Description....Dell 24 Port 10G Fiber Pluggable......No Example #3 console(config-if-Gi1/0/23)#show slot Admin Power Configured Card Slot...
Page 229 Addresses MAC Addresses MAC addresses are specified in 3 groups of four upper or lower case hexadecimal characters separated by periods with no spaces, e.g. 0011.2233.FFee or by eight pairs of upper or lower case hexadecimal characters separated by colons, e.g. 00:11:22:33:FF:ee. Leadings zeros must be specified in all cases.
Page 230: Cli Command Modes
CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level.
Page 231 There are levels beneath the Global Configuration mode for further grouping of commands. The system prompt reflects these sub-Configuration modes. All the parameters are provided with reasonable defaults where possible. When starting a session, the initial mode is the User Exec mode (privilege level 0).
Page 232 console# Global Configuration Mode Global Configuration commands allow the operator to change the configuration of the switch. The Privileged Exec mode command configure (or configure terminal) is used to enter Global Configuration mode. console(config)# The following are the Global Configuration submodes: •...
Page 233 • Policy-map — Use the policy-map command to access the QoS policy map configuration mode to configure the QoS policy map. • Policy Class — Use the class command to access the QoS Policy-class mode to attach or remove a diffserv class from a policy and to configure the QoS policy class.
Page 234 Pre-configuration Nearly all switch features support a pre-configuration capability, even when a feature is not enabled or the required hardware is not present. Pre-configured capabilities become active only when enabled (typically via an admin mode control) or when the required hardware is present (or both). For example, a port can be pre-configured with both trunk and access mode information.
Page 235 • Interface VLAN— Enables routing on a VLAN and configures routing/L3 parameters on a VLAN. Identifying the Switch and Command Mode from the System Prompt The system prompt provides the user with the name of the switch (hostname) and identifies the command mode. The following is a formal description of the system command prompt: [device name][([command mode-[object]])][# | >] [device name] —...
Page 236 Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Use the enable Use the exit Privileged Exec console# command to enter command, or into this mode. This press mode is password <Ctrl>+<Z>...
Page 237 Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode IPv6 Address From BGP Router console (config-router-af)# To exit to BGP Family Configuration Router Configuration mode, use the Configuration address-family ipv6 mode, use the exit command, command.
Page 238 Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode MAC Access List From Global console(config-mac-access- To exit to Global list)# Configuration Configuration mode, use the mac mode, use the access-list exit command, command.
Page 239 Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Radius From Global console(Config-auth- To exit to Global radius)# Configuration Configuration mode, use the mode, use the radius-server host exit command, command. or press <Ctrl>+<Z>...
Page 240 Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode SNMP From Global console(config-snmp)# To exit to Global Community Configuration Configuration Configuration mode, use the mode, use the snmp-server exit command, community or press command.
Page 241 Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Logging From Global console(config-logging)# To exit to Global Configuration Configuration mode, use the mode, use the logging command. exit command, or press <Ctrl>+<Z>...
Page 242 Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Virtual Router From Global console(config-vrf- To exit to Global XXX)#where XXX is the VRF Config Configuration Configuration name. mode, use the ip vrf mode, use the exit command, command.
Page 243 Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Gigabit Ethernet From Global console (config-if- To exit to Global Giunit/slot/port# Configuration Configuration mode, use the mode, use the interface exit command, gigabitethernet or press command.
Page 244: Starting The Cli
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode VLAN From Global console(config-if-vlanvlan- To exit to Global id)# Configuration Configuration mode, use the mode, use the interface vlan exit command, command. or press <Ctrl>+<Z>...
Page 245: Using Cli Functions And Tools
3 When finished, exit the session with the quit or exit command. The switch can be managed over a direct connection to the switch console port or through a Telnet connection. If access is through a Telnet connection, the switch must have a defined IP address, corresponding management access granted, and a connection to the network.
Page 246 Copying Files The copy command not only provides a method for copying files within the file system, but also to and from remote servers. With the copy command and URLs to identify files, the user can back up images to local or remote systems or restore images from local or remote systems.
Page 247 • running-config — This file refers to the configuration file currently active in the system. It is possible to copy the running-config image to a backup- config file or to the startup-config file. • startup-config — This file refers to the special configuration image stored in flash memory which is loaded when the system next reboots.
Page 248 • The serial session defaults to 9600 BAUD, eight data bits, one stop bit, no parity and no flow control (115200 for the N1100-ON, N2100-ON, and N3100-ON). User Accounts Management The CLI provides authentication for users either through remote authentication servers supporting TACACS+ or Radius or through a set of locally managed user accounts.
Page 249 When RADIUS is used, the Vendor-Specific Option field returns the access level. Two vendor specific options are supported. These are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA (user-group=x). TACACS+ provides the appropriate level of access. The following rules and specifications apply: •...
Page 250 • Log messages are implementation-dependent but may contain debug messages, security or fault events. • The switch maintains at most the last 1000 system events in the in- memory log. Security Logs The system log records security events including the following: •...
Page 251 • HTTPS and the security certificate to be used. • SNMPv1/v2c and the read and read/write community strings to be used. • SNMPv3 and the security information for used this protocol. For each of these management profiles, the administrator defines the list of hosts or subnets from which the management profiles may be used.
Page 252: Boot Utility Menu
Extracting Operational Code from .stk file...done. Loading Operational Code...done. Decompressing Operational Code...done. Scanning devshell symbols file... 47544 symbols, loading... Done. PCI unit 0: Dev 0xb842, Rev 0x02, Chip BCM56842_A0, Driver BCM56840_B0 SOC unit 0 attached to PCI device BCM56842_A0 Adding BCM transport pointers Configuring CPUTRANS TX Configuring CPUTRANS RX <186>...
Page 253 - Activate Backup Image - Start Password Recovery Enter Choice# 4 Creating tmpfs filesystem on /mnt/download for download...done. Current Active Image# /dev/mtd7 Which Image to Update Active (/dev/mtd7) OR Back-Up (/dev/mtd6)? Select (A/B): B You selected to update Back-Up Image /dev/mtd6... Select Mode of Transfer (Press T/X/Y/Z for TFTP/XMODEM/YMODEM/ZMODEM) []:T Please ensure TFTP server is running to begin Transfer...
Page 254 (Unit 1 - Waiting to select management unit)> Applying Global configuration, please wait ... Welcome to Dell Easy Setup Wizard The setup wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup...
Page 255 Would you like to run the setup wizard (you must answer this question within 60 seconds)? [Y/N] n Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode. Applying Interface configuration, please wait ... Booting without a Startup Configuration...
Page 256 Welcome to Dell Easy Setup Wizard The setup wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch.
Page 257 Password = ******** Out-of-band IP address = DHCP VLAN1 Router Interface IP = 0.0.0.0 0.0.0.0 Proxy Server Address: 192.168.0.3 Proxy Server Port: 443 Proxy Server User Name: Proxy Server Password: Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system.
Page 258 Using the CLI...
Page 259: Layer 2 Switching Commands
Layer 2 Switching Commands The sections that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
Page 260: Acl Commands
Access list rules are monitored in hardware to either permit or deny traffic matching a particular classification pattern, but the network administrator currently has no insight as to which rules are being hit. Dell EMC Networking platforms have the ability to count the number of hits for a particular...
Page 261 SNMP trap. The Dell EMC Networking ACL syntax supports a log parameter that enables hardware hit count collection and reporting. A five minute logging interval is used, at which time trap log entries are written for each ACL logging rule that accumulated a nonzero hit count during that interval.
Page 262 Table 3-1. Common Ethertypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3)
Page 263: Commands In This Section
Commands in this Section This section explains the following commands: ip access-list mac access-list extended rename deny | permit (IP ACL) remark deny | permit (Mac-Access-List- service-acl input Configuration) ip access-group show service-acl interface mac access-group show ip access-lists mac access-list extended show mac access-lists ip access-list Use the ip access-list command in Global Configuration mode to create an...
Page 264: Deny | Permit (Ip Acl)
ACL names are global. An IPv6 access list cannot have the same name as an IPv4 access list. Access list names can consist of any printable character except a question mark. Names can be up to 31 characters in length. ACLs referenced in a route map may not be edited.
Page 265 – IPv4 protocols: eigrp, gre, icmp, igmp, ip, ipinip, ospf, tcp, udp, pim, arp, sctp – number: a protocol number in decimal, for example, 8 for EGP every: Match any protocol (don’t care) – • srcip srcmask | any | host srcip—Specifies a source IP address and netmask to match for the IP ACL rule.
Page 266 – When “neq” is specified, IP ACL rule matches only if the layer 4 destination port number is not equal to the specified port number or portkey. – IPv4 TCP/UDP port names: domain, echo, ftp, ftp-data, http, smtp, snmp, telnet, tftp, www, bgp, pop2, pop3, ntp, rip, time, who •...
Page 267 – When icmp-type is specified, IP ACL rule matches on the specified ICMP message type, a number from 0 to 255. – When icmp-code is specified, IP ACL rule matches on the specified ICMP message code, a number from 0 to 255. –...
Page 268 • assign-queue queue-id—Specifies the assign-queue, which is the queue identifier to which packets matching this rule are assigned. The queue ID is the internal queue number (traffic class), not the CoS value. Use the show classofservice command to display the assignment of CoS and DSCP values to internal queue numbers.
Page 269 Ethertype Protocol 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL –...
Page 270: Deny | Permit (Mac-Access-List-Configuration)
The command accepts the optional time-range parameter. The time-range parameter allows imposing a time limitation on the IP ACL rule as defined by the parameter time-range-name. If a time range with the specified name does not exist, and the IP ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied immediately.
Page 271 specified name does not exist, and the MAC ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied immediately. If a time range with the specified name exists, and the MAC ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied when the time-range with a specified name becomes active.
Page 272 • 0x0600-0xFFFF—Specify custom EtherType value (hexadecimal range 0x0600-0xFFFF). • vlan eq—VLAN identifier. (Range 0-4095). This matches the outer VLAN of a single or double-tagged packet. It does not match untagged packets. • secondary-vlan eq—VLAN identifier. (Range 0-4095). This matches the inner VLAN of a double-tagged packet.
Page 273: Ip Access-Group
Command Mode Mac-Access-List Configuration mode User Guidelines The assign-queue and redirect parameters are only valid for permit commands. An implicit deny all condition is added by the system after the last MAC or IP/IPv6 access group if no route-map is configured on the interface. Every permit/deny rule that does not have a rate-limit parameter is assigned a counter.
Page 274 LAG interfaces, whereas the interface mode command does so for the interface. Dell EMC Networking switches support configuration of multiple access groups. Packets are matched against group entries, from lowest sequence number to highest. Configuring an access-group, using the same sequence number as an existing entry, replaces the original group entry.
Page 275: Mac Access-Group
An implicit deny-all rule is added after the end of the last access group in each direction (in or out). Examples console(config)#ip access-list aclname console(config-ip-acl)#exit console(config)#ip access-group aclname in console(config)#no ip access-group aclname in console(config)#ip access-list aclname1 console(config-ip-acl)#exit console(config)#ip access-group aclname1 out console(config)#interface te1/0/1 console(config-if-Te1/0/1)#ip access-group aclname out 2 console(config-if-Te1/0/1)#no ip access-group aclname out...
Page 276 Command Mode Global Configuration mode or Interface Configuration (Ethernet, VLAN or Port Channel) mode User Guidelines If the access-list specified in the command does not exist, an error is given. The ACLs in the access-group are configured in hardware when the interface becomes active.
Page 277: Mac Access-List Extended
Example The following example creates MAC ACL and enters MAC-Access-List- Configuration mode. console(config)#mac access-list extended dell-networking mac access-list extended rename Use the mac access-list extended rename command in Global Configuration mode to rename the existing MAC Access Control List (ACL).
Page 278: Remark
• newname — New name of the access list. (Range: 1-31 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Command fails if the new name is the same as the old one. Example The following example shows the mac access-list extended rename command.
Page 279 Command Mode IPv4 Access-list Configuration mode, IPv6 Access-list Configuration mode, MAC Access-list Configuration mode, ARP Access-list Configuration mode The no form of the command is executed in Global Configuration mode. User Guidelines The administrator can use the remark keyword to add comments to ACL rule entries belonging to an IPv4, IPv6, MAC or ARP ACL.
Page 280: Service-Acl Input
service-acl input Use the service-acl input command in Interface Configuration mode to block Link Local Protocol Filtering (LLPF) protocol(s) on a given port. Use the no form of this command to unblock link-local protocol(s) on a given port. Syntax service-acl input {blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall} no service-acl input [blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall]...
Page 281: Show Service-Acl Interface
show service-acl interface This command displays the status of LLPF rules configured on a particular port or on all the ports. Syntax show service-acl interface {interface-id | all} • interface-id—An Ethernet interface identifier or a port channel interface identifier. See Interface Naming Conventions for interface representation.
Page 282: Show Access-Lists Interface
show access-lists interface Use the show access-lists interface command to display interface ACLs. Syntax show access-lists interface {interface-id {in | out}} | control-plane • interface-id—The interface identifier (Ethernet, port-channel, or VLAN). • in—Show the ingress ACLs. out— • Show the egress ACLs. •...
Page 283 • accesslistname—The name used to identify the IP ACL. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays information about the attributes “icmp-type”, “icmp- code”, “igmp-type,”...
Page 284 Examples The following example displays the configured IP ACLs. console(config)#show ip access-lists Current number of ACLs: 4 Maximum number of ACLs: 100 ACL Name Rules Count Interface(s) Direction ---------------- ----- ---------- ------------------------- --------- TO_FRM Gi1/0/26 Inbound UPLINKS Gi1/0/26 Outbound Allow-192-168-0-x 7617636 Gi1/0/29 Inbound...
Page 285: Show Mac Access-Lists
TCP Flags........FIN (Ignore) SYN (Set) RST (Ignore) PSH (Ignore) ACK (Ignore) URG (Ignore) ACL Hit Count........1 show mac access-lists Use the show mac access-lists command to display a MAC access list and all the rules that are defined for the MAC ACL. Use the [ name ] parameter to identify a specific MAC ACL to display.
Page 286 MAC ACL Name Rules Count Interface(s) Direction --------------- ----- ---------- ------------------------- --------- DELL123 Gi1/0/1 Inbound ipv4-multicast 14666 Po1-64,Gi1/0/1-24, Inbound console#show mac access-lists mac-acl MAC ACL Name: mac-acl Outbound Interface(s): Gi1/0/8 Rule Number: 1 Action......... permit Source MAC Address......0000.1122.3344 Source MAC Mask........ FFFF.0000.0000 EtherType........
Page 287: Mac Address Table Commands
MAC Address Table Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking switches implement a MAC Learning Bridge is compliance with IEEE 802.1Q. The switches implement independent VLAN learning (IVL). Dynamically learned MAC addresses are used to filter the set...
Page 288: Commands In This Section
Commands in this Section This section explains the following commands: clear mac address-table show mac address-table show mac address-table multicast dynamic mac address-table aging- show mac address-table show mac address-table time interface mac address-table multicast show mac address-table show mac address-table forbidden address address static...
Page 289: Mac Address-Table Aging-Time
User Guidelines This command has no user guidelines. Example In this example, the mac address-table tables are cleared. console#clear mac address-table dynamic mac address-table aging-time Use the mac address-table aging-time command in Global Configuration mode to set the aging time of the address. To restore the default, use the no form of the mac address table aging-time command.
Page 290: Mac Address-Table Multicast Forbidden Address
mac address-table multicast forbidden address Use the mac address-table multicast forbidden address command in Global Configuration mode to forbid adding a specific Multicast address to specific ports. To return to the system default, use the no form of this command. If routers exist on the VLAN, do not change the unregistered multicast addresses state to drop on the routers ports.
Page 291: Mac Address-Table Static Vlan
Examples In this example the MAC address 0100.5e02.0203 is forbidden on port 2/0/9 within VLAN 8. console(config)#mac address-table multicast forbidden address vlan 8 0100.5e02.0203 add interface gigabitethernet 2/0/9 mac address-table static vlan Use the mac address table static vlan command in Global Configuration mode to add a static MAC-layer station source address to the bridge table.
Page 292: Switchport Port-Security (Global Configuration)
The maximum number of static MAC addresses that may be configured on a port is limited by the switchport port-security maximum command. This command may be invoked multiple times with different interfaces (and the same VLAN) when used with a multicast MAC address. Example The following example adds a permanent static MAC address c2f3.220a.12f4 to the MAC address table.
Page 293 Port security allows the network administrator to secure interfaces by specifying (or learning) the allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally. All other host packets are discarded. Port security operates on access, trunk and general mode ports.
Page 294 Sticky mode configuration converts all the existing dynamically learned MAC addresses on an interface to sticky. This means that they will not age out and will appear in the running-config. In addition, new addresses learned on the interface will also become sticky. Note that sticky is not the same as static – the difference is that all sticky addresses for an interface are removed from the running-config when the interface is taken out of sticky mode.
Page 295: Switchport Port-Security (Interface Configuration)
console(config)#vlan 33 console(config-vlan33)#interface gi1/0/3 console(config-if-Gi1/0/3)#switchport mode trunk console(config-if-Gi1/0/3)#switchport port-security mac-address sticky 0011.2233.4455 vlan 33 Remove a sticky mode MAC address from trunk port Gi1/0/3 and VLAN 33. console(config)#vlan 33 console(config-vlan33)#interface gi1/0/3 console(config-if-Gi1/0/3)#switchport mode trunk console(config-if-Gi1/0/3)#no switchport port-security mac-address 0011.2233.4455 vlan 33 Convert all dynamically learned MAC addresses on trunk port gi1/0/3 to sticky MAC addresses and save the running-config so the configuration will persist across reboots.
Page 296 • mac-address — The static MAC address to be configured on the interface and VLAN. • vlan-id — The VLAN identifier on which to configure the MAC address. dynamic — Configure the maximum number of dynamic MAC addresses • that be be learned on the interface. Setting the dynamic limit to 0 causes all received packets with non-static MAC addresses to be considered as violations.
Page 297 User Guidelines Port security allows the network administrator to secure interfaces by specifying (or learning) the allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally. All other host packets are discarded. Port security operates on access, trunk and general mode ports.
Page 298 Statically locked MAC addresses are not eligible for aging. If a packet arrives on a port with a source MAC address that is statically locked on another port, then the packet is discarded. To configure static locking only, set the dynamic MAC limit to 0 and configure the static MAC addresses on the interface.
Page 299 Command History Updated in 6.3.0.1 firmware. Example Enable port security/MAC locking globally and on an interface. console(config)#switchport port-security console(config)#interface gi1/0/3 console(config-if-gi1/0/3)#switchport port-security Enable port security/MAC locking globally and on an interface, enable sticky mode on the interface and convert all dynamic addresses on the interface to sticky.
Page 300: Show Mac Address-Table Multicast
console(config-if-Gi1/0/3)#switchport port-security mac-address sticky console(config)#do write Convert all sticky MAC addresses on trunk port 33 to sticky MAC addresses and save the running-config so the configuration will persist across reboots. console(config)#vlan 33 console(config-vlan33)#interface gi1/0/3 console(config-if-Gi1/0/3)#switchport mode trunk console(config-if-Gi1/0/3)#switchport port-security mac-address sticky console(config)#do write show mac address-table multicast Use the show mac address-table multicast command to display Multicast...
Page 301: Show Mac Address-Table
in the specified format. The vlan, address, and format parameters may all be specified together. A MAC address can be displayed in IP format only if it is in the range 01:00:5e:00:00:00 through 01:00:5e:7f:ff:ff. Static multicast MAC addresses can be added via the mac address-table static command.
Page 302: Show Mac Address-Table Address
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Use the show mac address-table multicast to display multicast MAC address entries along with forbidden multicast MAC entries. Example In this example, all classes of entries in the mac address-table are displayed. console#show mac address-table Aging time is 300 Sec Vlan Mac Address...
Page 303: Show Mac Address-Table Count
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, the mac address table entry for 0000.E26D.2C2A is displayed.
Page 304: Show Mac Address-Table Dynamic
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the addresses in the Forwarding Database: console#show mac address-table count Capacity: 8192 Used: 109 Static addresses: 2 Secure addresses: 1 Dynamic addresses: 97...
Page 305: Show Mac Address-Table Interface
User Guidelines This command has no user guidelines. Example In this example, all dynamic entries in the mac address-table are displayed. console#show mac address-table dynamic Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ------- ------------- 0000.0001.0000 Dynamic Gi1/0/1 0000.8420.5010 Dynamic Gi1/0/1 0000.E26D.2C2A Dynamic Gi1/0/1 0000.E89A.596E Dynamic Gi1/0/1...
Page 306: Show Mac Address-Table Static
Example In this example, all classes of entries in the bridge-forwarding database for Gigabit Ethernet interface 1/0/1 are displayed. console#show mac address-table interface gigabitethernet 1/0/1 Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ---- ------------- 0000.0001.0000 Dynamic Gi1/0/1 0000.8420.5010 Dynamic Gi1/0/1 0000.E26D.2C2A Dynamic Gi1/0/1 0000.E89A.596E Dynamic Gi1/0/1...
Page 307: Show Mac Address-Table Vlan
Example In this example, all static entries in the bridge-forwarding database are displayed. console#show mac address-table static Vlan Mac Address Type Port ---- -------------- ----- ----- 0001.0001.0001 Static Gi1/0/1 show mac address-table vlan Use the show mac address-table vlan command in User Exec or Privileged Exec mode to display all entries in the bridge-forwarding database for the specified VLAN.
Page 308: Show Port-Security
1418.7715.47E8 Management 2047.47BA.F696 Dynamic Gi2/0/29 B8CA.3AD5.DF1A Static Gi2/0/29 show port-security Use the show ports security command to display port security (MAC locking) configuration. Syntax show port-security [ interface-id | all | dynamic interface-id | static interface-id | violation interface-id] • interface-id —A physical or port channel interface identifier.
Page 309 This information is shown if only an interface parameter is given: Field Description Interface Identifier The interface identifier. Status The port security administrative status (enabled/disabled). Max-dynamic The dynamic MAC address limit. Max-static The static address limit. Protect Trap issued on violation (enabled/disabled). Frequency The frequency of trap issuance (in seconds).
Page 310 Field Description MAC address The source MAC address of the last packet discarded on the interface. These are packets with unknown MAC addresses, e.g., as in the case of the dynamic limit set to 0. VLAN ID The VLAN identifier of the discarded packet, if applicable.
Page 311: Auto-Voip Commands
Auto-VoIP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
Page 312: Show Switchport Voice
show switchport voice switchport voice detect auto show switchport voice Use the show switchport voice command to show the status of Auto-VoIP on an interface or all interfaces. Syntax show switchport voice [ interface-id ] • interface-id —An Ethernet or port channel interface identifier. Default Configuration There is no default configuration for this command.
Page 313 Gi1/0/6 Disabled Gi1/0/7 Disabled Gi1/0/8 Disabled Gi1/0/9 Disabled Gi1/0/10 Disabled Gi1/0/11 Disabled Gi1/0/12 Disabled Gi1/0/13 Disabled Gi1/0/14 Disabled Gi1/0/15 Disabled Gi1/0/16 Disabled Gi1/0/17 Disabled Gi1/0/18 Disabled Gi1/0/19 Disabled Gi1/0/20 Disabled Gi1/0/21 Disabled Gi1/0/22 Disabled Gi1/0/23 Disabled Gi1/0/24 Disabled Disabled Disabled Disabled Disabled Disabled...
Page 314: Switchport Voice Detect Auto
• Traffic Class—The Cos Queue or Traffic Class to which all VoIP traffic is mapped. This is not configurable and defaults to the highest COS queue available in the system for data traffic. switchport voice detect auto The switchport voice detect auto command is used to enable the VoIP Profile on all the interfaces of the switch (global configuration mode) or for a specific interface (interface configuration mode).Use the no form of the command to disable the VoIP Profile.
Page 315: Cdp Interoperability Commands
Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices. Dell EMC Networking switches participate in the ISDP protocol and are able to both discover and be discovered by devices that support the Cisco Discovery Protocol (CDP).
Page 316: Clear Isdp Table
User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode User Guidelines...
Page 317: Isdp Enable
Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#isdp advertise-v2 isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP.
Page 318: Isdp Holdtime
console(config)#isdp enable console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds.
Page 319: Isdp Timer
isdp timer The isdp timer command sets period of time between sending new ISDP packets. The range is given in seconds. Use the “no” form of this command to reset the timer to the default. Syntax isdp timer time no isdp timer •...
Page 320: Show Isdp Entry
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show isdp Timer........ 30 Hold Time......180 Version 2 Advertisements..... Enabled Neighbors table last time changed..0 days 00:06:01 Device ID......
Page 321: Show Isdp Interface
Example console#show isdp entry Switch Device ID N2000/N3000 Series Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.18 Capability Router IGMP Platform cisco WS-C4948 Interface Gi1/0/1 Port ID Gi1/0/1 Holdtime Advertisement Version Entry last changed time 0 days 00:13:50 Version: Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000 I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc.
Page 322: Show Isdp Neighbors
Example console#show isdp interface all Interface Mode --------------- ---------- Gi1/0/1 Enabled Gi1/0/2 Enabled Gi1/0/3 Enabled Gi1/0/4 Enabled Gi1/0/5 Enabled Gi1/0/6 Enabled Gi1/0/7 Enabled Gi1/0/8 Enabled Gi1/0/9 Enabled console#show isdp interface gigabitethernet 1/0/1 Interface Mode --------------- ---------- Gi1/0/1 Enabled show isdp neighbors The show isdp neighbors command displays the list of neighboring devices.
Page 323: Show Isdp Traffic
Example console#show isdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge, S - Switch, H - Host, I - IGMP, r - Repeater Device ID Intf Holdtime Capability Platform Port ID ------------------------ --------- --------- ---------- ---------------- --------- CN0H784T2829841E0534A00 Gi1/0/13 N3048...
Page 324 Example console#show isdp traffic ISDP Packets Received......4253 ISDP Packets Transmitted....... 127 ISDPv1 Packets Received......0 ISDPv1 Packets Transmitted..... 0 ISDPv2 Packets Received......4253 ISDPv2 Packets Transmitted..... 4351 ISDP Bad Header........ 0 ISDP Checksum Error......0 ISDP Transmission Failure...... 0 ISDP Invalid Format......
Page 325: Dhcp Layer 2 Relay Commands
IP packets transparently, a DHCP Relay agent processes DHCP messages and generates new DHCP messages as a result. The Dell EMC Networking DHCP Relay supports DHCP Option 82 circuit- id and remote-id for a VLAN. Commands in this Section...
Page 326: Dhcp L2Relay (Global Configuration)
dhcp l2relay (Global Configuration) Use the dhcp l2relay command to enable Layer 2 DHCP Relay functionality. The subsequent commands mentioned in this section can only be used when the L2-DHCP Relay is enabled. Use the no form of this command to disable L2-DHCP Relay.
Page 327: Dhcp L2Relay Circuit-Id
Command Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82.
Page 328: Dhcp L2Relay Remote-Id
dhcp l2relay remote-id Use the dhcp l2relay remote-id command to enable setting the DHCP Option 82 Remote ID for a VLAN. When enabled, the supplied string is used for the Remote ID in DHCP Option 82. Use the no form of this command to disable setting the DHCP Option 82 Remote ID.
Page 329: Dhcp L2Relay Vlan
Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay trust dhcp l2relay vlan Use the dhcp l2relay vlan command to enable the L2 DHCP Relay agent for a set of VLANs.
Page 330: Show Dhcp L2Relay All
Enabled untrusted Gi1/0/4 Disabled trusted VLAN Id L2 Relay CircuitId RemoteId --------- ---------- ----------- ------------ Disabled Enabled --NULL-- Enabled Enabled --NULL-- Enabled Enabled --dell-- Enabled Disabled --NULL-- Enabled Disabled --NULL-- Enabled Disabled --NULL-- Enabled Disabled --NULL-- Layer 2 Switching Commands...
Page 331: Show Dhcp L2Relay Interface
show dhcp l2relay interface Use the show dhcp l2relay interface command to display DHCP L2 Relay configuration specific to interfaces. Syntax show dhcp l2relay interface {all | interface-id} • — Show all interfaces. • — interface-id An Ethernet interface. Default Configuration This command has no default configuration.
Page 332: Show Dhcp L2Relay Agent-Option Vlan
• interface-id— An Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay stats interface all DHCP L2 Relay is Enabled.
Page 333: Show Dhcp L2Relay Vlan
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console# show dhcp l2relay agent-option vlan 5-10 DHCP L2 Relay is Enabled. VLAN Id L2 Relay CircuitId RemoteId --------- ---------- ----------- ------------...
Page 334: Show Dhcp L2Relay Circuit-Id Vlan
User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay vlan 100 DHCP L2 Relay is Enabled. DHCP L2 Relay is enabled on the following VLANs: show dhcp l2relay circuit-id vlan Use the show dhcp l2relay circuit-id vlan command to display whether DHCP L2 Relay is globally enabled and whether the DHCP Circuit-ID option is enabled on the specified VLAN or VLAN range.
Page 335: Show Dhcp L2Relay Remote-Id Vlan
show dhcp l2relay remote-id vlan Use the show dhcp l2relay remote-id vlan command to display whether DHCP L2 Relay is globally enabled and shows the remote ID configured on the specified VLAN or VLAN range. Syntax show dhcp l2relay remote-id vlan vlan-list •...
Page 336 • — Show all interfaces. • — interface-id An Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear dhcp l2relay statistics interface gi1/0/1 Layer 2 Switching Commands...
Page 337: Dhcp Snooping Commands
DHCP Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized.
Page 338: Commands In This Section
Commands in this Section This section explains the following commands: clear ip dhcp snooping binding ip dhcp snooping trust clear ip dhcp snooping statistics ip dhcp snooping verify mac-address ip dhcp snooping show ip dhcp snooping ip dhcp snooping binding show ip dhcp snooping binding ip dhcp snooping database show ip dhcp snooping database...
Page 339: Clear Ip Dhcp Snooping Statistics
clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged Exec User Guidelines There are no user guidelines for this command.
Page 340: Ip Dhcp Snooping Binding
User Guidelines To enable DHCP snooping, do the following: 1 Enable DHCP Snooping globally. 2 Enable DHCP Snooping per VLAN. 3 Configure at least one DHCP Snooping trusted port via which the DHCP server may be reached. The bindings database populated by DHCP snooping is used by several other services, including IP source guard and dynamic ARP inspection.
Page 341: Ip Dhcp Snooping Database
Default Configuration There are no static or dynamic DHCP snooping bindings by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping binding 00:00:00:00:00:01 vlan 10 10.131.12.134 interface Gi1/0/1 ip dhcp snooping database Use the ip dhcp snooping database command to configure the persistent storage location of the DHCP snooping database.
Page 342: Ip Dhcp Snooping Database Write-Delay
Example The following example configures the storage location of the snooping database as local. console(config)#ip dhcp snooping database local The following example configures the storage location of the snooping database as remote. console(config)#ip dhcp snooping database tftp://10.131.11.1/db.txt ip dhcp snooping database write-delay Use the ip dhcp snooping database write-delay command to configure the interval in seconds at which the DHCP Snooping database will be stored in persistent storage.
Page 343: Ip Dhcp Snooping Limit
ip dhcp snooping limit Use the ip dhcp snooping limit command to diagnostically disable itself if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to re-enable the interface. Use the no form of this command to disable automatic shutdown of the interface.
Page 344: Ip Dhcp Snooping Log-Invalid
The administrator can configure the rate and burst interval. Rate limiting is configured independently on each physical interface and may be enabled on both trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds.
Page 345: Ip Dhcp Snooping Trust
ip dhcp snooping trust Use the ip dhcp snooping trust command to configure a port as trusted. Use the no form of this command to configure a port as untrusted. Syntax ip dhcp snooping trust no ip dhcp snooping trust Default Configuration Ports are untrusted by default.
Page 346: Ip Dhcp Snooping Verify Mac-Address
ip dhcp snooping verify mac-address Use the ip dhcp snooping verify mac-address command to enable the verification of the source MAC address with the client MAC address in the received DHCP message. Use the “no” form of this command to disable verification of the source MAC address.
Page 347: Show Ip Dhcp Snooping Binding
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping DHCP snooping is Disabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs: 11 - 30, 40 Interface...
Page 348: Show Ip Dhcp Snooping Database
Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping binding Total number of bindings: 2 MAC Address IP Address...
Page 349: Show Ip Dhcp Snooping Interfaces
Example console#show ip dhcp snooping database agent url: /10.131.13.79:/sai1.txt write-delay: 5000 show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces. Syntax show ip dhcp snooping interfaces [interface-id] •...
Page 350: Show Ip Dhcp Snooping Statistics
Gi1/0/15 show ip dhcp snooping statistics Use the show ip dhcp snooping statistics command to display the DHCP snooping filtration statistics. Syntax show ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed by this command:...
Page 351 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Gi1/0/10 Gi1/0/11 Gi1/0/12 Gi1/0/13 Gi1/0/14 Gi1/0/15 Gi1/0/16 Gi1/0/17 Gi1/0/18 Gi1/0/19 Gi1/0/20 Layer 2 Switching Commands...
Page 352: Dhcpv6 Snooping Commands
DHCPv6 Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches This section explains the following commands: clear ipv6 dhcp snooping binding ipv6 dhcp snooping verify mac-address clear ipv6 dhcp snooping binding ipv6 verify binding ipv6 dhcp snooping ipv6 verify source...
Page 353: Clear Ipv6 Dhcp Snooping Statistics
Command Modes User Exec, Privileged Exec User Guidelines This command has no user guidelines. Example (console)#clear ipv6 dhcp snooping binding clear ipv6 dhcp snooping statistics Use the clear ipv6 dhcp snooping statistics command to clear all IPv6 DHCP Snooping statistics. Syntax clear ipv6 dhcp snooping statistics Default Configuration...
Page 354: Ipv6 Dhcp Snooping Vlan
Syntax ipv6 dhcp snooping no ipv6 dhcp snooping Default Configuration By default, DHCP snooping is not enabled. Command Modes Global Configuration mode User Guidelines The DHCP snooping application processes incoming DHCP messages. For RELEASE and DECLINE messages from a DHCPv6 client and RECONFIGURE messages from a DHCPv6 server received on an untrusted interface, the application compares the receive interface and VLAN with the client’s interface and VLAN in the bindings database.
Page 355: Ipv6 Dhcp Snooping Binding
Syntax ipv6 dhcp snooping vlan vlan-list no ipv6 dhcp snooping vlan-list • vlan-list —A single VLAN, one or more VLANs separated by commas, or two VLANs separated by a single dash indicating all VLANs between the first and second inclusive. Multiple VLAN identifiers can be entered provided that no embedded spaces are contained within the vlan-list.
Page 356: Ipv6 Dhcp Snooping Database
• — mac-address A valid mac address in standard format. • — vlan-id A configured VLAN id. (Range 1-4093) • — ip-address A valid IPv6 address. • — interface-id A valid physical interface ID in short or long format. • port-channel-number—A valid port channel identifier.
Page 357: Ipv6 Dhcp Snooping Database Write-Delay
User Guidelines The DHCP binding database is persistently stored on a configured external server or locally in flash, depending on the user configuration. A row-wise checksum is placed in the text file that is stored on the configured TFTP server. On switch startup, the switch reads the text file and uses the contents to build the DHCP snooping database.
Page 358: Ipv6 Dhcp Snooping Limit
ipv6 dhcp snooping limit Use the ipv6 dhcp snooping limit command configures an interface to be diagnostically disabled if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to reenable the interface. Use the no form of the command to disable diagnostic disabling of the interface.
Page 359: Ipv6 Dhcp Snooping Log-Invalid
The administrator can configure the rate and burst interval. Rate limiting is configured independently on each physical interface and may be enabled on both trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds.
Page 360: Ipv6 Dhcp Snooping Trust
ipv6 dhcp snooping trust Use the ipv6 dhcp snooping trust command to configure an interface as trusted. Use the no form of the command to return the interface to the default configuration. Syntax ipv6 dhcp snooping trust no ipv6 dhcp snooping trust Default Configuration By default, interfaces are untrusted.
Page 361: Ipv6 Verify Binding
no ipv6 dhcp snooping verify mac-address Default Configuration By default, MAC address verification is not enabled. Command Modes Global Configuration mode User Guidelines DHCP MAC address verification operates on DHCP messages received over untrusted interfaces. The source MAC address of DHCP packet is different from the client hardware if: •...
Page 362: Ipv6 Verify Source
Syntax ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id no ipv6 verify binding mac-address vlan vlan-id ip-address interface interface • mac-address —A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093. • ip-address —A valid IPv6 address. •...
Page 363: Show Ipv6 Dhcp Snooping
Default Configuration By default, no sources are blocked. Command Modes Interface Configuration mode (physical and port-channel) User Guidelines DHCP snooping should be enabled on any interfaces for which ipv6 verify source is configured. If ipv6 verify source is configured on an interface for which DHCP snooping is disabled, or for which DHCP snooping is enabled and the interface is trusted, incoming traffic on the interface is dropped.
Page 364: Show Ipv6 Dhcp Snooping Binding
User Guidelines This command has no user guidelines. Example (console)#show ipv6 dhcp snooping DHCP snooping is Disabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs: 11 - 30, 40 Interface Trusted Log Invalid Pkts --------- -------- ----------------...
Page 365: Show Ipv6 Dhcp Snooping Database
Command Modes User Exec, Privileged Exec (all show modes) User Guidelines There are no user guidelines for this command. Example (console)#show ipv6 dhcp snooping binding Total number of bindings: 2 MAC Address IPv6 Address VLAN Interface Lease time(Secs) ------------------ ------------ ---- --------- -------------...
Page 366: Show Ipv6 Dhcp Snooping Interfaces
write-delay: 5000 show ipv6 dhcp snooping interfaces Use the show ipv6 dhcp snooping interfaces command to show the DHCP Snooping status of IPv6 interfaces. Syntax show ipv6 dhcp snooping interfaces [interface id] • interface id—A valid physical interface. Default Configuration There is no default configuration for this command.
Page 367 Syntax show ipv6 dhcp snooping statistics Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines The following statistics are displayed. Parameter Description MAC Verify Failures The number of DHCP messages that got filtered on an untrusted interface because of the source MAC address and client hardware address mismatch.
Page 368: Show Ipv6 Source Binding
show ipv6 source binding Use the show ipv6 source binding command to display the IPv6 Source Guard configurations on all ports, on an individual port, or on a VLAN. Syntax show ipv6 source binding [{dhcp-snooping | static}] [interface interface-id] [vlan vlan-id] •...
Page 369: Show Ipv6 Verify Source
Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines The filter type is one of the following values: • ipv6-mac: User has configure MAC address filtering on this interface •...
Page 370 Syntax show ipv6 verify source Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, the MAC Address field displays permit-all.
Page 371: Dynamic Arp Inspection Commands
Dynamic ARP Inspection Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors.
Page 372: Clear Ip Arp Inspection Statistics
• acl-name — A valid ARP ACL name (Range: 1–31 characters). Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command to reset the statistics for Dynamic Address Resolution Protocol (ARP) inspection on all VLANs.
Page 373: Ip Arp Inspection Filter
ip arp inspection filter Use the ip arp inspection filter command to configure the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings.
Page 374: Ip Arp Inspection Trust
Syntax ip arp inspection limit {none | rate pps [burst interval seconds]} no ip arp inspection limit • none — To set no rate limit. • pps — The number of packets per second (Range: 0–300). • seconds — The number of seconds (Range: 1–15). Default Configuration The default rate limit is 15 packets per second.
Page 375: Ip Arp Inspection Validate
Default Configuration Interfaces are configured as untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/3)#ip arp inspection trust ip arp inspection validate Use the ip arp inspection validate command to enable additional validation checks like source MAC address validation, destination MAC address validation or IP address validation on the received ARP packets.
Page 376: Ip Arp Inspection Vlan
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console(config)#ip arp inspection validate src-mac dst-mac ip console(config)#ip arp inspection validate src-mac ip console(config)#ip arp inspection validate dst-mac ip console(config)#ip arp inspection validate ip ip arp inspection vlan Use the ip arp inspection vlan command to enable Dynamic ARP Inspection on a single VLAN or a range of VLANs.
Page 377: Permit Ip Host Mac Host
Example console(config)#ip arp inspection vlan 200-300 console(config)#ip arp inspection vlan 200-300 logging permit ip host mac host Use the permit ip host mac host command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation. Use the “no”...
Page 378: Show Ip Arp Inspection
Syntax show arp access-list [acl-name] • acl-name — A valid ARP ACL name (Range: 1–31 characters). Default Configuration There is no default configuration for this command. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show arp access-list ARP access list H2...
Page 379 • statistics [vlan vlan-list]—Display the statistics of the ARP packets processed by Dynamic ARP Inspection. Given vlan-list argument, it displays the statistics on all DAI-enabled VLANs in that range. In the case of no argument, it lists the summary of the forwarded and dropped ARP packets.
Page 380 Invalid IP The number of packets dropped due to invalid IP checks. Example Following is an example of the show ip arp inspection command. console#show ip arp inspection Source MAC Validation....Disabled Destination MAC Validation.... Disabled IP Address Validation....Disabled VLAN Configuration Log Invalid ACL Name...
Page 381 The following global parameters are displayed when no parameters are given: Parameter Description Source Mac Validation If Source Mac validation of ARP frame is enabled. Destination Mac If Destination Mac validation of ARP Response frame is Validation enabled. IP Address Validation If IP address validation of ARP frame is enabled.
Page 382: Ethernet Configuration Commands
Dell EMC Networking switching implements the flow control mechanism defined in IEEE 802.3 Annexes 31A and 31B (formerly IEEE 802.3x). Dell EMC Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but do respect flow control PAUSE frames received from other switches.
Page 383: Commands In This Section
On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. speed command controls interface link speeds and auto-negotiation.
Page 384: Description
• interface-id—An Ethernet or port-channel identifier. If specified, counters are cleared for the individual interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Use of the clear counters command with no parameters indicates that both switch and all interface statistics are to be cleared.
Page 385: Duplex
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example adds a description to the Ethernet port 5. console(config)#interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)# description RD_SW#3 duplex Use the duplex command in Interface Configuration mode to configure the duplex operation of a given Ethernet interface.
Page 386: Flowcontrol
Auto-negotiation is required on 1G/10G/40G copper ports and 1G fiber ports. The duplex command is only available on the Dell EMC Networking N1500 Series switches. Other switch models support full duplex operation only.
Page 387: Interface
Changing the flow control setting on a copper port restarts auto-negotiation and causes a brief link-flap while auto-negotiation occurs. Changing the flow control setting on a fiber port may cause a brief link flap as the PHY is reset. Enabling flow control on some ports and not others can lead to excessive packet loss in situations where some ports on the switch have been paused and the internal packet buffers are consumed.
Page 388: Interface Range
User Guidelines Dell EMC Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but will respect received flow control PAUSE frames received from other switches. Disabling flow control causes the switch to ignore received PAUSE frames.
Page 389 checked until the carriage return is entered. In some cases, the user may need to enter special characters, most often in a string parameter such as a password or a label. Special characters are one of the following characters (`! $ % ^ & * ( ) _ - + = { [ } ] : ; @ ' " ~ # | \ < , > . / ) or a blank. In these cases, it may be necessary to enclose the entire string in double or single quotes for the command line parser to properly interpret the parameter..
Page 390: Link Debounce Time
console(config)#interface range gi1/0/20-48 console(config)#interface range gi1/0/1,gi1/0/48 console(config)#interface range gi2/0/1-10,gi1/0/30 console(config)#interface range gi1/0/1-10,gi1/0/30-48 console(config)#interface range gi1/0/1,te1/1/1 console(config)#interface range gigabitEthernet 1/0/10,te1/1/2 link debounce time Use the link debounce time command to configure the debounce timer for one or multiple interfaces. Use the no form of the command to set the link debounce time to the default (disabled).
Page 391: Rate-Limit Cpu
Use the show interfaces debounce command to display the link debounce time or to display the link flap count (the number of notifications sent to the system that link signal was lost). The link flap count is also displayed by the show interfaces command (Link Debounce Flaps).
Page 392 Default Configuration The default ingress rate limit is 1024 packets per second (3000 for N4000 series switches). Command Modes Global Configuration mode User Guidelines Unknown unicast and multicast packets are copied to the CPU on the lowest priority QoS queue. Unknown packets are those that do not have hardware forwarding entries.
Page 393: Show Interfaces
Example The following example shows output with higher than normal CPU usage due to packets copied to the software forwarding task. console#show process cpu Memory Utilization Report status bytes ------ ---------- free 1053933568 alloc 673873920 CPU Utilization: Name 5 Secs 60 Secs 300 Secs ---------- ------------------- -------- -------- -------- 1129...
Page 394 Default Configuration There is no default configuration. Command Mode All modes, including Config mode and all config submodes. User Guidelines The show interface command shows the actual operational status of the interface, which is not necessarily the same as the configuration. Input/output rate statistics are collected every 10 seconds.
Page 395 • DHCP Rate Limit – excessive DHCP packets detected • Loop Protection – A loop was detected by the CTP protocol • Multicast Storm – multicast storm detected • Port security – port security violation detected • SFP Mismatch – unsupported transceiver detected •...
Page 396: Show Interfaces Advertise
Broadcast Packets Received..... 0 Total Packets Received with MAC Errors..0 Jabbers Received....... 0 Fragments/Undersize Received....0 Alignment Errors....... 0 FCS Errors........0 Overruns........0 Total Received Packets Not Forwarded... 7 Total Packets Transmitted Successfully..147070 Unicast Packets Transmitted....0 Multicast Packets Transmitted....
Page 397 Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The priority resolution field indicates the auto-negotiated link speed and duplex. The clock field indicates whether the local interface has auto- negotiated to clock master or clock slave.
Page 398: Show Interfaces Configuration
Clock: Master 10000f 1000f 1000h 100f 100h ------ ----- ----- ----- ----- ----- ---- Admin Local link Advertisement Oper Local link Advertisement Oper Peer Advertisement Priority Resolution show interfaces configuration Use the show interfaces configuration command in User Exec mode to display the configuration for all configured interfaces.
Page 399: Show Interfaces Counters
Field Description Describes the Auto-negotiation status. The Maximum Transmission Unit. Admin State Displays whether the port is enabled or disabled. Example The following example displays the configuration for all configured interfaces: console#show interfaces configuration gigabitethernet 1/0/1 Port Description Duplex Speed Admin State --------- ------------------------------ ------ ------- ---- ----- -----...
Page 400 Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received Unicast packets. InMcastPkts Counted received Multicast packets. InBcastPkts Counted received Broadcast packets.
Page 401 Field Description Internal MAC Rx Errors A count of frames for which reception fails due to an internal MAC sublayer receive error. Received Pause Frames A count of MAC Control frames received with an opcode indicating the PAUSE operation. Transmitted Pause Counted MAC Control frames transmitted on this Frames interface with an opcode indicating the PAUSE operation.
Page 402 Gi1/0/19 Gi1/0/20 Port OutTotalPkts OutUcastPkts OutMcastPkts OutBcastPkts --------- ---------------- ---------------- ---------------- --------------- Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Gi1/0/10 Gi1/0/11 Gi1/0/12 The following example displays counters for Ethernet port Te1/0/1. console(config-if-Te1/0/1)#show interfaces counters tengigabitethernet 1/0/13 Port InTotalPkts InUcastPkts InMcastPkts InBcastPkts...
Page 403: Show Interfaces Debounce
show interfaces debounce Use the show interfaces debounce command to list the debounce information for one or multiple interfaces. If no parameter is given, all physical interfaces are shown. Syntax show interfaces debounce [ interface-id ] • interface-id—A physical interface identifier (i.e., a 1G, 10G, or 40G Ethernet interface) in standard interface format.
Page 404: Show Interfaces Detail
Syntax show interfaces description [gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port] Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the description for all interfaces.
Page 405 Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays detailed status and configuration of the specified interface. console#show interfaces detail gi1/0/1 Port Description...
Page 406: Show Interfaces Status
---- --------------------------------- ----------- Forbidden VLANS: VLAN Name ---- --------------------------------- Port Gi1/0/1 Enabled State: Disabled Role: Disabled Port id: 128.1 Port Cost: 0 Port Fast: No (Configured: no ) Root Protection: No Designated bridge Priority: 32768 Address: 1418.7715.2368 Designated port id: 0.0 Designated path cost: 0 CST Regional Root: 80:00:14:18:77:15:23:68 CST Port Cost: 0 BPDUs: Sent: 0, Received: 0...
Page 407 Field Description Port The port or port channel number. Oob means Out-of-Band Management Interface. Description Description of the port. This field may be truncated in the command output. Duplex Displays the port Duplex status. VLAN The VLAN membership for the port. The native VLAN is enclosed in parentheses.
Page 408: Show Interfaces Transceiver
------- ------------------------------ ------- - ------------------- Down H (4),5 show interfaces transceiver Use the show interfaces transceiver command to display the optic static parameters as well as the Dell EMC qualification. Syntax show interfaces transceiver [properties] • properties—Displays the static parameters for the optics.
Page 409: Show Statistics
Te1/0/9 Te1/0/11 Te1/0/13 Te1/0/15 Te1/0/17 The following example shows static parameters of the optics along with the qualifications status. console#show interfaces transceiver properties Yes: Dell Qualified No: Not Qualified N/A : Not Applicable Port Type Media Serial Number Dell Qualified...
Page 410 Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Statistics are only collected for physical interfaces, port-channel interfaces, and the switch CPU interface. Examples The following example shows statistics for port Te1/0/1. console(config-if-Te1/0/1)#show statistics te1/0/1 Total Packets Received (Octets)....
Page 411 Alignment Errors....... 0 FCS Errors........0 Overruns........0 Total Received Packets Not Forwarded... 0 802.3x Pause Frames Received....0 Unacceptable Frame Type......0 Total Packets Transmitted (Octets)..... 0 Packets Transmitted 64 Octets....0 Packets Transmitted 65-127 Octets....0 Packets Transmitted 128-255 Octets..... 0 Packets Transmitted 256-511 Octets.....
Page 412: Show Statistics Switchport
show statistics switchport Use the show statistics command to display detailed statistics for a specific port or for the entire switch. Syntax show statistics {interface-id |switchport} • interface-id—The interface ID. See Interface Naming Conventions interface representation. • switchport—Displays statistics for the entire switch. Default Configuration This command has no default configuration.
Page 413 Multicast Packets Transmitted ifHCOutMulticastPkts Broadcast Packets Transmitted ifHCOutBroadcastPkts Transmit Packets Discarded ifOutDiscards Example The following example shows statistics for the CPU interface. console#show statistics switchport Total Packets Received (Octets)....0 Packets Received Without Error....0 Unicast Packets Received....... 0 Multicast Packets Received..... 0 Broadcast Packets Received.....
Page 414: Show Storm-Control
show storm-control Use the show storm-control command to display the configuration of storm control. Syntax show storm-control [all | {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Page 415: Show Storm-Control Action
Gi1/0/2 Disable Disable Disable Enabled Gi1/0/3 Disable Disable Disable Enabled Gi1/0/4 Disable Disable Disable Enabled Gi1/0/5 Disable Disable Disable Enabled Gi1/0/6 Disable Disable Disable Enabled Gi1/0/7 Disable Disable Disable Enabled Gi1/0/8 Disable Disable Disable Enabled show storm-control action Use the show storm-control action command to display the storm control action configuration for one or all interfaces.
Page 416: Shutdown
shutdown Use the shutdown command in Interface Configuration mode to disable an interface. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, Port-Channel, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
Page 417 • 10—Configures the port to 10 Mbps operation. • 100—Configures the port to 100 Mbps operation. • 1000—Configures the port to 1000 Mbps operation. • 10000—Configures the port to 10 Gbps operation. • 40000—Configures the port to 40 Gbps operation. •...
Page 418 supporting are advertised. Not all ports support all speeds, even if they are available in the command. Entering an unsupported speed will produce the following error message An invalid interface has been used for this function. Fiber ports (other than 1000Base-X) do not support auto-negotiation and therefore require the operator to enter the speed command with the desired operating bandwidth.
Page 419: Switchport Protected
switchport protected Use the switchport protected command in Interface Configuration mode to configure a protected port. The groupid parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group. You are required to remove an interface from one group before adding it to another group.
Page 420: Switchport Protected Name
switchport protected name Use the switchport protected name command in Global Configuration mode to adds the port to the protected group 1 and also sets the group name to “protected”. Syntax switchport protected groupid name name no switchport protected groupid name •...
Page 421: Show System Mtu
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example identifies test as the protected group. console#show switchport protected 0 Name.........
Page 422: System Jumbo Mtu
Global Configuration mode User Guidelines Dell EMC Networking N-Series switches do not fragment received packets. The IPv4 and IPv6 MTU are set to the link MTU minus 18 bytes. IP packets forwarded in software are dropped if they exceed the IP MTU. Packets originated on the router, such as OSPF packets, may be fragmented by the IP stack.
Page 423 advertise different IP MTUs, they will not form an adjacency (unless OSPF has been instructed to ignore differences in IP MTU with the ip ospf mtuignore command). The allowed range is 1298 to 9216. This allows for configuration of an IPv4 and IPv6 MTU of 1280 to 9198.
Page 424: Ethernet Cfm Commands
MEP ID and maintenance association levels are assigned by the top level network service provider. Dell EMC Networking CFM is only available on the N4000 series switches. CFM is not compatible with iSCSI optimization. Disable iSCSI optimization before enabling CFM.
Page 425: Ethernet Cfm Domain
ethernet cfm mep active show ethernet cfm maintenance-points remote ethernet cfm mep archive-hold-time show ethernet cfm statistics ethernet cfm mip level – ethernet cfm domain Use the ethernet cfm domain command in Global Configuration mode to enter into Maintenance Domain Configuration mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain Configuration mode.
Page 426: Service
console(config-cfm-mdomain)# service Use the service command in Maintenance Domain Configuration mode to associate a VLAN with a maintenance domain. Use the no form of the command to remove the association. Syntax service service-name vlan vlan-id • service-name—Unique service identifier. • vlan-id—VLAN ID representing a service instance that is monitored by this maintenance association.
Page 427: Ethernet Cfm Mep Level
• vlan-id—VLAN ID representing a service instance that is monitored by this maintenance association. The range is 1-4093. • secs—Time interval between successive transmissions. The range is 1, 10, 60, and 600 seconds. The default is 1 second. Default Configuration CCMs are not sent by default.
Page 428: Ethernet Cfm Mep Enable
Command Mode Interface Configuration mode User Guidelines This command has no user guidelines. Example The following example creates a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep level 1 direction up mpid 1010 vlan 10 ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction.
Page 429: Ethernet Cfm Mep Active
Example The following example enables a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep enable level 1 vlan 10 mpid 1010 ethernet cfm mep active Use the ethernet cfm mep active command in Interface Configuration mode to activate a MEP at the specified level and direction.
Page 430: Ethernet Cfm Mip Level
• hold-time—The time in seconds to maintain the data for a missing MEP before removing the data. The default value is 600 seconds. Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration User Guidelines The hold time should generally be less than the CCM message interval. Example The following example sets the hold time for maintaining internal information regarding a missing MEP.
Page 431: Ping Ethernet Cfm
User Guidelines Refer to IEEE 802.1ag for an explanation of maintenance association levels. Typically, this value is assigned by the top level network service provider. Example console(config-if-Gi1/0/1)# ethernet cfm mip level 7 ping ethernet cfm Use the ping ethernet cfm command to generate a loopback message (LBM) from the configured MEP.
Page 432: Traceroute Ethernet Cfm
User Guidelines This command has no user guidelines. Example console #ping ethernet cfm mac 00:11:22:33:44:55 level 1 vlan 10 mpid 1 count traceroute ethernet cfm Use the traceroute ethernet command to generate a link trace message (LTM) from the configured MEP. Syntax traceroute ethernet cfm {mac mac-addr| remote-mpid 1-8191} {domain domain name | level 0-7} vlan vlan-id mpid 1-8191 [ttl 1-255]...
Page 433: Show Ethernet Cfm Errors
User Guidelines This command has no user guidelines. Example console # traceroute ethernet cfm remote-mpid 32 level 7 vlan 11 mpid 12 show ethernet cfm errors Use the show ethernet cfm errors command to display the cfm errors. Syntax show ethernet cfm errors {domain domain-id | level 0-7} level—Maintenance association level •...
Page 434: Show Ethernet Cfm Domain
• DevXconCCM—The MEP has received at least one CCM from either another MAID or a lower MD level whose CCM interval has not yet timed out. Example console#show ethernet cfm errors ----- ---- ---- --------- ------------ ------------ ----------- ---------- Level SVID MPID DefRDICcm DefMACStatus DefRemoteCCM DefErrorCCM DefXconCCM ----- ---- ---- --------- ------------ ------------ ----------- ---------- show ethernet cfm domain Use the show ethernet cfm domain command to display the configured...
Page 435: Show Ethernet Cfm Maintenance-Points Local
show ethernet cfm maintenance-points local Use the show ethernet cfm maintenance-points local command to display the configured local maintenance points. Syntax show ethernet cfm maintenance-points local {level 0-7 | interface interface- id | domain domain-name} • level—Maintenance association level • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 436: Show Ethernet Cfm Maintenance-Points Remote
• Operational Status—The MEP operational status • MAC—The MAC address associated with the MEP. Example show ethernet cfm maintenance-points local level 1 ---- ----- ---- ---- ------ ----- -------- ------ ----------- ----- MPID Level Type VLAN Port Dire- CC MEP- Operational MAC ction Transmit Active Status ---- ----- ---- ---- ------...
Page 437: Show Ethernet Cfm Statistics
User Guidelines Refer to IEEE 802.1ag for an explanation of the maintenance association level and MEP ID. Typically, these are assigned by the top level network service provider. • MEP Id—Local MEP identifier • RMep Id—Remote MEP identifier • Level—Connectivity association level •...
Page 438: Service Provider
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines Refer to IEEE 802.1ag for an explanation of the maintenance association level. Typically, maintenance levels are assigned by the top level network service provider. • Out-of-sequence CCM's received—Count of the out-of-sequence continuity check messages (CCM's) received •...
Page 439 Out-of-order Loopback Replies received: 5 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 3' ------------------------------------------------------------------ Out-of-sequence CCM's received CCM's transmitted In-order Loopback Replies received Out-of-order Loopback Replies received: 0 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received...
Page 440: Green Ethernet Commands
Green Ethernet Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking switches support various Green Ethernet modes, i.e., power saving modes, namely: • Energy-Detect Mode • Energy Efficient Ethernet These modes can enable significant operational cost reductions through direct power savings and reducing cooling costs.
Page 441: Green-Mode Energy-Detect
– green-mode energy-detect This command enables a Dell EMC proprietary mode of power reduction on ports that are not connected to another interface. Use the green-mode energy-detect command in Interface Configuration mode to enable energy- detect mode on an interface or all the interfaces. Energy-detect mode is enabled by default on 1G copper interfaces and enabled by default on 10G copper interfaces.
Page 442: Green-Mode Eee
ON 1G copper ports. Energy-detect mode is always enabled on N4000 series 10G ports and cannot be disabled. An error message (Unable to set energy-detect mode) will be displayed if the user attempts to configure energy-detect on a 10G port on a N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON series switch. green-mode eee Use the green-mode eee command in Interface Configuration mode to enable EEE low power idle mode on an interface.
Page 443: Green-Mode Eee { Tx-Idle-Time | Tx-Wake-Time}
EEE mode is supported on N4000 series 10G copper ports and on N1100-ON/N1500/N2000/N2100-ON/N3000/N3100-ON 1G copper interfaces. green-mode eee { tx-idle-time | tx-wake-time} Use the green-mode eee {tx-idle-time | tx_wake-time} command in Interface Configuration mode to control the transmit idle and wake time parameters on an interface.
Page 444: Clear Green-Mode Statistics
This command is available in Ethernet interface configuration mode for copper ports that are EEE capable. Configuring the values on interfaces that do not support EEE will return an error. Command History Syntax added in 6.4 release. clear green-mode statistics Use the clear green-mode statistics command to clear: •...
Page 445 Command Mode Global Configuration User Guidelines EEE and energy-detect modes are only supported on N4000 series 10G copper ports and on N1100-ON/N1500/N2000/N2100-ON/N3000/N3100-ON 1G copper ports. Examples Use the command below to set the EEE LPI History sampling interval to the default.
Page 446: Show Green-Mode Interface-Id
show green-mode interface-id Use the show green-mode interface-id command to display the green-mode configuration and operational status of the port. This command is also used to display the per port configuration and operational status of the green- mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled.
Page 447 Term Description Reason for Energy- The energy detect mode may be administratively enabled, but detect current the operational status may be inactive. The possible reasons are: operational status Port is currently operating in the fiber mode Link is up. If the energy-detect operational status is active, then the reason field shows up as: No energy Detected EEE Admin Mode...
Page 448 Term Description Tw_sys_rx Echo Integer that indicates the remote systems Receive Tw_sys that (μSec) was used by the local system to compute the Tw_sys that it can support. This value maps into the aLldpXdot3LocRxTwSysEcho attribute. Fallback Tw_sys Integer that indicates the value of fallback Tw_sys that the local (μSec) system requests from the remote system.
Page 449: Show Green-Mode
Term Description Time Since Time Since Counters Last Cleared (since the time of power up, Counters Last or after clear eee counters is executed) Cleared Example console#show green-mode gi1/0/1 Energy Detect Admin Mode.... Enabled Operational Status....Active Reason......No Energy Detected Short Reach Feature....
Page 450 Syntax show green-mode Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command output provides the following information. Term Description Energy Detect Energy-detect Energy-detect Admin mode is enabled or disabled. Config Energy-detect Opr Energy detect mode is currently active or inactive.
Page 451: Show Green-Mode Eee-Lpi-History Interface
Gi1/0/3 Enabled Active Enabled Disabled In-Active Enabled Gi1/0/4 Enabled Active Enabled Disabled In-Active Enabled Gi1/0/5 Enabled Active Enabled Disabled In-Active Enabled Gi1/0/6 Enabled Active Enabled Disabled In-Active Enabled Gi1/0/7 Enabled Active Enabled Disabled In-Active Enabled Gi1/0/8 Enabled Active Enabled Disabled In-Active Enabled show green-mode eee-lpi-history interface...
Page 452 Term Description Sample Time Time since last reset. %Time Spent in LPI Percentage of time spent in LPI mode on this port when Mode Since Last compared to sampling interval. Sample %Time Spent in LPI Percentage of total time spent in LPI mode on this port when Mode Since Last compared to time since reset.
Page 453: Gmrp Commands
GMRP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches The GARP Multicast Registration Protocol (GMRP) provides a mechanism that allows networking devices to dynamically register (and deregister) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
Page 454: Commands In This Section
This ensures that the networking device receives multicast frames from all ports but forwards them through only those ports for which GMRP has created Group registration entry (for that multicast address). Registration entries created by GMRP ensures that frames are not transmitted on LAN segments which neither have registered GMRP participants nor are in the path through the active topology between the sources of the frames and the registered group members.
Page 455: Clear Gmrp Statistics
Example In this example, GMRP is globally enabled. console(config)#gmrp enable clear gmrp statistics Use the clear gmrp statistics command to clear all the GMRO statistics information. Syntax clear gmrp statistics [{gigabitethernet unit/slot/port | port-channel port- channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
Page 456 Default Configuration GMRP is disabled by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show gmrp configuration Global GVRP Mode: Disabled Join Leave LeaveAll Port VLAN Interface Timer Timer...
Page 457: Gvrp Commands
GVRP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network.
Page 458: Garp Timer
Syntax clear gvrp statistics [interface-id] • interface-id—An Ethernet interface identifier or a port channel identifier Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example clears all the GVRP statistics information on interface Gi1/0/8.
Page 459: Gvrp Enable (Global Configuration)
Default Configuration The default timer values are as follows: • Join timer — 20 centiseconds • Leave timer — 60 centiseconds • Leaveall timer — 1000 centiseconds Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode.
Page 460: Gvrp Enable (Interface Configuration)
no gvrp enable Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (Interface Configuration) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface.
Page 461: Gvrp Registration-Forbid
User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode. An Access port cannot join dynamically to a VLAN because it is always a member of only one VLAN. Membership in untagged VLAN would be propagated in a same way as a tagged VLAN.
Page 462: Gvrp Vlan-Creation-Forbid
Example The following example shows how default dynamic registering and deregistering is forbidden for each VLAN on port 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To enable dynamic VLAN creation, use the no form of this command.
Page 463: Show Gvrp Configuration
show gvrp configuration Use the show gvrp configuration command to display GVRP configuration information. Timer values are displayed. Other data shows whether GVRP is enabled and which ports are running GVRP. Syntax show gvrp configuration [ interface-id ] Default Configuration This command has no default configuration.
Page 464: Show Gvrp Error-Statistics
Gi1/0/11 1000 Disabled Gi1/0/12 1000 Disabled Gi1/0/13 1000 Disabled Gi1/0/14 1000 Disabled show gvrp error-statistics Use the show gvrp error-statistics command in User Exec mode to display GVRP error statistics. Syntax show gvrp error-statistics [interface-id] • interface-id—An Ethernet interface identifier or a port channel interface identifier.
Page 465: Show Gvrp Statistics
Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 show gvrp statistics Use the show gvrp statistics command in User Exec mode to display GVRP statistics. Syntax show gvrp statistics [interface-id] • interface-id —A physical interface identifier or a port channel interface identifier. Default Configuration This command has no default configuration.
Page 466 Port rJIn rEmp rLIn sJIn sEmp sLIn ---- ---- ---- ---- ---- ---- --- Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Layer 2 Switching Commands...
Page 467: Igmp Snooping Commands
IGMP messages. Although the software processing the IGMP messages could maintain state information based on the full IP group addresses, the forwarding tables in Dell EMC Networking are mapped to link layer addresses. The Multicast Forwarding Database (MFDB) manages the forwarding address table for Layer 2 multicast protocols, such as IGMP Snooping.
Page 468: Commands In This Section
and thus not detectable by the switch. If a query is not received on an interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management.
Page 469 Default Configuration IGMP snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode User Guidelines Use this command without parameters to globally enable IGMP snooping. Use the no form of the command to disable IGMP snooping. Use the vlan parameter to enable IGMP snooping on a specific VLAN.
Page 470: Show Ip Igmp Snooping
show ip igmp snooping Use the show ip igmp snooping command to display the IGMP snooping configuration and SSM statistics. Syntax show ip igmp snooping [vlan vlan-id] • vlan-id—Specifies a VLAN ID value. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes...
Page 471: Show Ip Igmp Snooping Groups
show ip igmp snooping groups Use the show ip igmp snooping groups command in User Exec mode to display the Multicast groups learned by IGMP snooping and IGMP SSM entries. Syntax show ip igmp snooping groups [vlan vlan-id] [address ip-multicast-address] •...
Page 472: Show Ip Igmp Snooping Mrouter
224.3.3.3 192.168.10.2 include Te1/0/1 4.4.4.4 VLAN Group Reporter Filter Source Address ---- --------------------- ----------------- ------- ---------- ----------- 224.2.2.2 192.168.10.2 include Te1/0/1 1.1.1.2 console(config)#show ip igmp snooping Admin Mode........Enable IGMP Router-Alert check......Disabled Multicast Control Frame Count....6847 SSM FDB Capacity....... 128 SSM FDB High Water Mark......
Page 473: Ip Igmp Snooping Vlan Immediate-Leave
User Guidelines This command has no user guidelines. Example The following example shows IGMP snooping mrouter information. console#show ip igmp snooping mrouter VLAN ID Port ------- ----------- Gi2/0/1 ip igmp snooping vlan immediate-leave This command enables or disables IGMP Snooping immediate-leave mode on a selected VLAN.
Page 474: Ip Igmp Snooping Vlan Groupmembership-Interval
User Guidelines This command has no user guidelines. Example The following example enables IGMP snooping immediate-leave mode on VLAN 2. console(config)#ip igmp snooping vlan 2 immediate-leave ip igmp snooping vlan groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.
Page 475: Ip Igmp Snooping Vlan Last-Member-Query-Interval
Example The following example configures an IGMP snooping group membership interval of 1500 seconds on VLAN 2. console(config)#ip igmp snooping vlan 2 groupmembership-interval 1500 ip igmp snooping vlan last-member-query- interval This command sets the last-member-query interval on a particular VLAN. The last-member-query-interval is the amount of time in seconds after which a host is considered to have left the group.
Page 476: Ip Igmp Snooping Vlan Mcrtrexpiretime
console(config)#ip igmp snooping vlan 2 last-member-query-interval 7 ip igmp snooping vlan mcrtrexpiretime This command sets the Multicast Router Present Expiration time. The time is set on a particular VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached.
Page 477: Ip Igmp Snooping Unregistered Floodall
Syntax ip igmp snooping vlan vlan-id report-suppression no ip igmp snooping vlan vlan-id report-suppression • vlan-id — A VLAN identifier (Range 1-4093). Default Configuration Report suppression is enabled by default. Command Mode Global Configuration mode User Guidelines When IGMP report suppression is enabled, the switch only sends the first report received for a group in response to a query.
Page 478: Ip Igmp Snooping Vlan Mrouter
Command Mode Global Configuration mode. User Guidelines There is no equivalent MLD command since this setting applies to both protocols. Example console(config)#ip igmp snooping unregistered floodall ip igmp snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN.
Page 479 IGMP snooping will consider that an mrouter is active if an mrouter port is defined in the VLAN, regardless of whether the mrouter port is up or not. If an mrouter port is defined, IGMP snooping will not flood multicast source packets received in the VLAN.
Page 480: Igmp Snooping Querier Commands
In a network with IP multicast routing, an IP multicast router acts as the IGMP querier. However, if it is required that the IP-multicast traffic in a VLAN be switched and no multicast router is present in the network, the Dell EMC Networking switch can be configured as an IGMP querier. When IGMP...
Page 481 address when generating periodic queries. The no form of this command disables IGMP Snooping Querier on the system. Use the optional address parameter to set or reset the querier address. If a VLAN has IGMP Snooping Querier enabled, and IGMP Snooping is operationally disabled on the VLAN, IGMP Snooping Querier functionality is disabled on that VLAN.
Page 482: Ip Igmp Snooping Querier Election Participate
The VLAN IP address takes precedence over the global IP address when both are configured. IGMP Querier does not detect when the local switch is configured as a multicast router. It is not recommended to configure both L3 multicast routing and IGMP Querier on the same switch. IGMP snooping (and IGMP querier) validates IGMP packets.
Page 483: Ip Igmp Snooping Querier Query-Interval
Default Configuration The snooping querier is configured to not participate in the querier election by default. Command Mode Global Configuration mode User Guidelines If the switch detects another querier in the VLAN, it will cease sending queries for the querier timeout period. Example The following example configures the snooping querier to participate in the querier election on VLAN 10.
Page 484: Ip Igmp Snooping Querier Timer Expiry
The value of this parameter should be larger than the IGMP Max Response Time value inserted into general query messages by the querier. The default IGMP Max Response Time is defined in RFC 3376 as 10 seconds. Dell EMC Networking queriers use this value when sending general query messages.
Page 485: Ip Igmp Snooping Querier Version
Example The following example sets the querier timer expiry time to 100 seconds. console(config)#ip igmp snooping querier timer expiry 100 ip igmp snooping querier version This command sets the IGMP version of the query that the snooping switch is going to send periodically. The no form of this command sets the IGMP Querier Version to its default value.
Page 486 Syntax show ip igmp snooping querier [detail | vlan vlan-id] • vlan-id —Specifies a VLAN ID value. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all submodes User Guidelines When the optional argument vlan-id is not used, the command shows the following information.
Page 487 Parameter Description Operational State Indicates whether IGMP Snooping Querier is in the Querier or Non-Querier state. When the switch is in Querier state it sends out periodic general queries. When in Non-Querier state it waits for moving to Querier state and does not send out any queries.
Page 488 Operational State......Querier Operational version......1 Layer 2 Switching Commands...
Page 489: Interface Error Disable And Auto Recovery
The error disabled interface can be manually enabled using the no shutdown command. Alternatively administrator can enable auto recovery feature. Dell EMC Networking Auto Recovery re-enables the interface after the expiry of configured time interval.
Page 490 • arp-inspection — Recovery for the dynamic ARP inspection cause is enabled. • dhcp-rate-limit — Recovery for the DHCP rate limit cause is enabled. • bcast-storm — Recovery for broadcast storm disabled interfaces is enabled. • bpdustorm — Recovery for BPDU storm disabled interfaces is enabled. •...
Page 491: Errdisable Recovery Interval
the interface continues to encounter errors (from any listed cause), it may be placed back in the diag-disable state and the interface will be disabled (link down). Interfaces in the disabled state due to a listed cause may be manually recovered by entering the no shutdown command for the interface.
Page 492: Show Errdisable Recovery
User Guidelines Error disabled interfaces indicate that a problem that must be resolved by the administrator. This could be a configuration problem or a physical problem and does not necessarily indicate a problem with the switch. When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled.
Page 493 User Guidelines Error disabled interfaces indicate that a problem that must be resolved by the administrator. This could be a configuration problem or a physical problem and does not necessarily indicate a problem with the switch. When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled.
Page 494: Show Interfaces Status Err-Disabled
Example console(config)#show errdisable recovery Reason Auto-recovery Status ------------------ --------------------- ARP Inspection Disabled BPDU Guard Disabled Broadcast Storm Disabled BPDU Storm Disabled DHCP Rate Limit Disabled Loop Protect Disabled Multicast Storm Disabled SFP Mismatch Disabled SFP Plus Mismatch Disabled UDLD Disabled Unicast Storm Disabled Port MAC Locking...
Page 495 When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled. Only a single timer is used and recovery occurs when the timer expires, not when the interface time expires. The recovery delay time indicates the number of seconds until the interface is eligible for recovery if auto-recovery is enabled for the indicated cause.
Page 496 Example The following example console#show interfaces status err-disabled Interface Reason Recovery Delay ---------- ----------------- -------------- Gi1/0/1 UDLD Gi1/0/2 BPDU Guard Gi1/0/3 BPDU Storm Layer 2 Switching Commands...
Page 497: Ipv6 Access List Commands
The Dell EMC Networking ACL feature allows classification of packets based upon Layer 2 through Layer 4 header information. An Ethernet IPv6 packet is distinguished from an IPv4 packet by its unique EtherType value; thus all IPv6 classifiers implicitly include the EtherType field.
Page 498: Deny | Permit (Ipv6 Acl)
deny permit (IPv6 ACL) This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list. A rule may either deny or permit traffic according to the specified classification fields.
Page 499 [routing] [fragments] [dscp dscp]}} [time-range time-range-name] [log] [assign-queue queue-id] [{mirror | redirect} interface-id] [rate-limit rate burst-size] no [sequence-number] • sequence-number — Identifies the order of application of the permit/deny statement. If no sequence number is assigned, permit/deny statements are assigned a sequence number beginning at 1000 and incrementing by 10. Statements are applied in hardware beginning with the lowest sequence number.
Page 500 have a value equal or greater than the starting port. The starting port, ending port, and all ports in between will be part of the layer 4 port range. – When “eq” is specified, IPv6 ACL rule matches only if the layer 4 port number is equal to the specified port number or portkey.
Page 501 – This option is visible only if the protocol is tcp. – Ack – Acknowledgment bit – Fin – Finished bit – Psh – push bit – Rst – reset bit – Syn – Synchronize bit Urg – Urgent bit –...
Page 502 • log—Specifies that this rule is to be logged when the rule has been matched one or more times since the expiry of the last logging interval. The logging interval is five minutes. • time-range time-range-name—Allows imposing time limitation on the ACL rule as defined by the parameter time-range-name.
Page 503 Any – is equivalent to ::/0 for IPv6 access lists. Host - indicates /128 prefix length for IPv6. Port ranges are not supported for egress (out) IPv6 traffic-filters. This means that only the eq operator is supported for egress (out) ACLs. The protocol type must be SCTP, TCP or UDP to specify a port range.
Page 504: Ipv6 Access-List
For the N1100-ON/N1500/N2000/N2100-ON/N3000/N3100-ON series switches, for ingress (in) ACLs: • The IPv6 ACL “fragment” keyword matches only on the first IPv6 extension header for the fragment header (next header code 44). If the fragment header appears in the second or a subsequent header, it is not matched.
Page 505: Ipv6 Access-List Rename
Syntax ipv6 access-list name no ipv6 access-list name • name — Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list. Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example creates an IPv6 ACL named “DELL_IP6”...
Page 506: Ipv6 Traffic-Filter
Control List (ACL) to an interface or associates it with a VLAN ID in a given direction. Dell EMC Networking switches support configuration of multiple access groups on interfaces. An optional sequence number may be specified to indicate the order of this access list relative to other IPv6 access lists already assigned to this interface and direction.
Page 507: Show Ipv6 Access-Lists
• control-plane—The access list is applied to ingress control plane packets. This parameter is only available in Global Configuration mode. • seq-num — Order of access list relative to other access lists already assigned to this interface and direction. (Range: 1–4294967295) Default Configuration No IPv6 traffic filters are configured by default.
Page 508 Syntax show ipv6 access-lists [name] • — name The name used to identify the IPv6 ACL. Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
Page 509 Source IPV6 Address......fe80::2121/128 Destination IPV6 Address....... fe80::1212/128 Destination Layer 4 Operator....Equal To Destination L4 Port Keyword....800 Flow Label........65535 TCP Flags........FIN (Set) SYN (Ignore) RST (Ignore) PSH (Ignore) ACK (Ignore) URG (Ignore) ACL Hit Count........43981900 Layer 2 Switching Commands...
Page 510: Ipv6 Mld Snooping Commands
(ICMPv6), and MLD messages are a subset of ICMPv6 messages, identified in IPv6 packets by a preceding Next Header value of 58. Dell EMC Networking switches can snoop on both MLDv1 and MLDv2 protocol packets and bridge IPv6 multicast data based on destination IPv6 Multicast MAC Addresses.
Page 511: Ipv6 Mld Snooping Vlan Groupmembership-Interval
ipv6 mld snooping vlan groupmembership- interval The ipv6 mld snooping vlan groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.
Page 512: Ipv6 Mld Snooping Listener-Message-Suppression
You should enable immediate-leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port, but were still interested in receiving multicast traffic directed to that group.
Page 513: Ipv6 Mld Snooping Vlan Last-Listener-Query-Interval
Default Configuration Listener message suppression is enabled by default. Command Mode Global Configuration mode. User Guidelines MLD listener message suppression is equivalent to IGMP report suppression. When MLD listener message suppression is enabled, the switch only sends the first report received for a group in response to a query. Listener message suppression is only applicable to MLDv1.
Page 514: Ipv6 Mld Snooping Vlan Mcrtrexpiretime
User Guidelines This command has no user guidelines. Example console(config)#ipv6 mld snooping vlan 2 last-listener-query-interval 7 ipv6 mld snooping vlan mcrtrexpiretime The ipv6 mld snooping mcrtrexpiretime command sets the Multicast Router Present Expiration time. The time is set for a particular interface or VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached.
Page 515: Ipv6 Mld Snooping Vlan Mrouter
ipv6 mld snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. The no form of this command removes the static binding. Syntax ipv6 mld snooping vlan vlan-id mrouter interface interface no ipv6 mld snooping vlan vlan-id mrouter interface interface •...
Page 516: Show Ipv6 Mld Snooping
no ipv6 mld snooping [vlan vlan-id] • vlan-id — A VLAN identifier (Range 1-4093). Default Configuration MLD Snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode. User Guidelines Use this command without parameters to globally enable MLD Snooping. Use the no form of the command to disable MLD Snooping.
Page 517 • interface-id—A physical interface identifier or a port channel identifier • vlan-id—A VLAN identifier. Default Configuration This command has no default configuration Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines With no optional arguments, the command displays the following information: •...
Page 518: Show Ipv6 Mld Snooping Groups
• Last Listener Query Interval—Displays the amount of time the switch waits after it sends a query on an interface, participating in the VLAN, because it did not receive a report for a particular group on that interface. This value may be configured. •...
Page 519: Show Ipv6 Mld Snooping Mrouter
Default configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This user guideline applies to all switch models.To see the full Multicast address table (including static addresses) use the show mac address-table multicast command.
Page 520 Default configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines MLD snooping forwards IPv6 multicast data plane packets to mrouter ports, including statically configured mrouter ports. If a static mrouter port is configured in a VLAN, MLD snooping will forward multicast data plane packets received on the VLAN even if the interface is down.
Page 521: Ipv6 Mld Snooping Querier Commands
IPv6 MLD Snooping Querier Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches The MLD Snooping Querier is an extension of the MLD Snooping feature. MLD Snooping Querier allows the switch to simulate an MLD router in a Layer 2-only network, thus removing the need to have an MLD Router to collect the multicast group membership information.
Page 522: Ipv6 Mld Snooping Querier (Vlan Mode)
Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default. Command Mode Global Configuration mode User Guidelines It is not recommended the MLD Snooping Querier be enabled on a switch enabled for IPv6 multicast routing. Example console(config)#ipv6 mld snooping querier ipv6 mld snooping querier (VLAN mode)
Page 523: Ipv6 Mld Snooping Querier Address
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier vlan 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the no form of this command to reset the global MLD Snooping Querier address to the default.
Page 524: Ipv6 Mld Snooping Querier Query-Interval
enabled, if the Snooping Querier finds that the other Querier's source address is numerically lower than the Snooping Querier's address, it stops sending periodic queries. If the Snooping Querier wins the election then it will continue sending periodic queries. Use the no form of this command to disable election participation on a VLAN.
Page 525: Ipv6 Mld Snooping Querier Timer Expiry
• interval — Amount of time that the switch waits before sending another general query. (Range: 1–1800 seconds) Default Configuration The default query interval is 60 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console(config)#ipv6 mld snooping querier 120 ipv6 mld snooping querier timer expiry...
Page 526: Show Ipv6 Mld Snooping Querier
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier timer expiry 222 show ipv6 mld snooping querier Use the show ipv6 mld snooping querier command to display MLD Snooping Querier information. Configured information is displayed whether or not MLD Snooping Querier is enabled.
Page 527 Querier Query Interval Shows the amount of time that a Snooping Querier waits before sending out a periodic general query. Querier Expiry Interval Displays the amount of time to wait in the Non-Querier operational state before moving to a Querier state. When the optional argument vlan vlan-id is used, the following additional information appears: Parameter...
Page 528: Ip Source Guard Commands
IP Source Guard Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair.
Page 529 Syntax ip verify source {port-security} no ip verify source • port-security—Enables filtering based on IP address, VLAN, and MAC address. When not specified, filtering is based upon IP address. Default Configuration By default, no sources are blocked. Command Mode Interface Configuration mode (physical and port channel) User Guidelines DHCP snooping should be enabled on any ports for which ip verify source is configured.
Page 530: Ip Verify Binding
ip verify binding Use the ip verify binding command in Global Configuration mode to configure static bindings. Use the no form of the command to remove the IPSG entry. Syntax ip verify binding macaddr vlan ipaddr interface Default Configuration By default, there are no static bindings configured. Command Mode Global Configuration mode User Guidelines...
Page 531: Show Ip Verify Source
Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines The filter type is one of the following values: • ipv4-mac: IPv4 plus MAC address filtering • ip: IPv4 address filtering •...
Page 532: Show Ip Source Binding
Syntax show ip verify source [interface interface-id] • interface-id: A valid physical interface identifier or port-channel identifier Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Page 533 User Guidelines This command has no user guidelines. Example console#show ip source binding MAC Address IP Address Type VLAN Interface ------------ ---------- ----- ----- ------------- 0011.2233.4455 1.2.3.4 static Gi1/0/2 Layer 2 Switching Commands...
Page 534: Iscsi Optimization Commands
Optimization Commands Dell EMC Networking N2000/N2100-ON/N3000/N3100-ON/N4000 Series Switches iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.
Page 535: Commands In This Section
iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator. Enabling iSCSI Optimization uses one ACL list to monitor for iSCSI sessions. Each monitored iSCSI session utilizes two rules from additional ACL lists up to a maximum of two ACL lists.
Page 536: Iscsi Cos
User Guidelines Changing the aging time has the following behavior: • When aging time is increased, current sessions will be timed out according to the new value. • When aging time is decreased, any sessions that have been dormant for a time exceeding the new setting will be immediately deleted from the table.
Page 537 Default Configuration By default, frames are not remarked. The default vpt setting for iSCSI is 4, which the default class of service 802.1p mapping assigns to queue 2. Command Mode Global Configuration mode. User Guidelines The remark option only applies to DSCP values. Remarking is not available for vpt values.
Page 538: Iscsi Enable
console(config)#iscsi cos dscp 41 remark iscsi enable The iscsi enable command globally enables iSCSI optimization. To disable iSCSI optimization, use the no form of this command. Syntax iscsi enable no iscsi enable Default Configuration iSCSI is enabled by default. Command Mode Global Configuration mode User Guidelines This command modifies the running config to enable flow control on all...
Page 539: Iscsi Target Port
AE Selector = 1 AE Protocol = 3260 AE Priority = priority configured for iSCSI PFC (the VPT value above). This TLV is sent in addition to any Application Priority TLV information received from the configuration source. If the configuration source is sending iSCSI application priority information, it is not necessary to enable iscsi cos to send the iSCSI Application Priority TLV.
Page 540: Show Iscsi
Default Configuration iSCSI well-known ports 3260 and 860 are configured by default but can be removed as any other configured target. Command Mode Global Configuration mode. User Guidelines • When working with private iSCSI ports (not IANA assigned iSCSI ports 3260/860), it is recommended to specify the target IP address as well, so the switch will only snoop frames with which the TCP destination port is one of the configured TCP ports, AND their destination IP is the target's...
Page 541: Show Iscsi Sessions
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example The following example displays the iSCSI configuration. console#show iscsi iSCSI enabled iSCSI CoS enabled...
Page 542: Iscsi Sessions
Default Configuration If not specified, sessions are displayed in short mode (not detailed). Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The N2000/N2100-ON/N3000/N3100-ON Series switches support monitoring for up to 1024 sessions. The N4000 switches support monitoring for up to 512 sessions.
Page 543 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.3 49154 172.16.1.20 30001 172.16.1.4 49155 172.16.1.21 30001 172.16.1.5 49156 172.16.1.22 30001 Session 2: ----------------------------------------------------- Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 Time started: 17-Aug-2008 21:04:50 Time for aging out: 2 min ISID: 22 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.30 49200 172.16.1.20 30001...
Page 544: Link Dependency Commands
Link Dependency Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface.
Page 545: Link-Dependency Group
Command Mode Link Dependency mode User Guidelines The action up command will cause the group members to be up when no depended-on interfaces are up. Example console(config-depend-1)#action up link-dependency group Use the link-dependency group command to enter the link-dependency mode and configure a link-dependency group. Syntax link-dependency group GroupId no link-dependency group GroupId...
Page 546: Depends-On
Use this command to add member ten Gigabit or Gigabit Ethernet port(s) or port channels to the dependency list. Syntax add intf-list • intf-list — List of Ethernet interface identifiers or port channel identifiers or ranges. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports.
Page 547: Show Link-Dependency
no depends-on intf-list • intf-list — List of Ethernet interface identifiers or port channel interface identifiers or ranges.Separate nonconsecutive items with a comma and no spaces. Use a hyphen to designate the range of ports or port-channel numbers. Default Configuration This command has no default configuration.
Page 548 Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines Configure a link dependency group prior to using this command. Example The following command shows link dependencies for all groups. console#show link-dependency GroupId Member Ports Ports Depended On Link Action Group State...
Page 549: Lldp Commands
Devices are not required to implement both transmit and receive functions and each function can be enabled or disabled separately by the network manager. Dell EMC Networking supports both the transmit and receive functions in order to support device discovery.
Page 550: Commands In This Section
The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection.
Page 551: Clear Lldp Statistics
Default Configuration By default, data is removed only on system reset. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data. console#clear lldp remote-data clear lldp statistics Use the clear lldp statistics command to reset all LLDP statistics.
Page 552: Dcb Enable
dcb enable This command enables the sending of DCBX information in LLDP frames. Syntax dcb enable no dcb enable Command Mode Global Configuration mode Default Value The sending of DCBX information in enabled by default. User Guidelines Use this command to disable the sending of DCBX information when it is desirable to utilize legacy QoS and disable the automatic configuration of CNAs based on transmitted DCBX information.
Page 553: Lldp Med Confignotification
Default Value Transmission and reception of LLDP-MED TLVs is enabled on all supported interfaces. User Guidelines No specific guidelines. Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#lldp med lldp med confignotification This command is used to enable sending topology change notifications. Syntax lldp med confignotification no lldp med confignotification Command Mode Interface Configuration (Ethernet) mode...
Page 554: Lldp Med Transmit-Tlv
Syntax lldp med faststartrepeatcount count no lldp med faststartrepeatcount • count — Number of LLDPPDUs that are transmitted when the protocol is enabled. (Range 1–10) Command Mode Global Configuration Default Value User Guidelines No specific guidelines. Example console(config)# lldp med faststartrepeatcount 2 lldp med transmit-tlv This command is used to specify which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs.
Page 555: Lldp Notification
User Guidelines The optional ex-pse (extended PSE) and ex-pd (extended PD) parameters are only available on PoE capable switches. Default Value By default, the capabilities and network policy TLVs are included in LLDP packets sent on interfaces enabled for MED. On PoE capable switches, the extended PD TLV and extended PSE TLV are transmitted.
Page 556: Lldp Notification-Interval
console(config-if-Gi1/0/3)#lldp notification lldp notification-interval Use the lldp notification-interval command in Global Configuration mode to limit how frequently remote data change notifications are sent. To return the notification interval to the factory default, use the no form of this command. Syntax lldp notification-interval interval no lldp notification-interval •...
Page 557: Lldp Timers
no lldp receive Default Configuration The default lldp receive mode is enabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to enable the LLDP receive capability. console(config-if-Gi1/0/3)#lldp receive lldp timers Use the lldp timers command in Global Configuration mode to set the timing parameters for local data transmission on ports enabled for LLDP.
Page 558: Lldp Transmit
The default hold-multiplier is 4. The default delay before reinitialization is 2 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Examples The following example displays how to configure LLDP to transmit local information every 1000 seconds. console(config)#lldp timers interval 1000 The following example displays how to set the timing parameter at 1000 seconds with a hold multiplier of 8 and a 5 second delay before...
Page 559: Lldp Transmit-Mgmt
User Guidelines This command has no user guidelines. Example The following example displays how enable the transmission of local data. console(config-if-Gi1/0/3)#lldp transmit lldp transmit-mgmt Use the lldp transmit-mgmt command in Interface Configuration mode to include transmission of the local system management address information in the LLDPDUs.
Page 560: Lldp Transmit-Tlv
lldp transmit-tlv Use the lldp transmit-tlv command in Interface Configuration mode to specify which optional type-length-value settings (TLVs) in the AB basic management set will be transmitted in the LLDPDUs. To remove an optional TLV, use the no form of this command. Syntax lldp transmit-tlv [sys-desc][sys-name][sys-cap][port-desc] no lldp transmit-tlv [sys-desc][sys-name][sys-cap][port-desc]...
Page 561: Show Lldp
show lldp Use the show lldp command to display the current LLDP configuration summary. Syntax show lldp Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the current LLDP configuration summary.
Page 562: Show Lldp Local-Device
Syntax show lldp interface {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port| all} Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples This example show how the information is displayed when you use the command with the all parameter.
Page 563 Syntax show lldp local-device {detail interface | interface | all} detail — includes a detailed version of the local data. • • interface — Specifies a valid physical interface on the device. Specify either gigabitethernet unit/slot/port or tengigabitethernet unit/slot/port or fortygigabitethernet unit/slot/port. •...
Page 564: Show Lldp Med
Management Address: Type: IPv4 Address: 192.168.17.25 show lldp med This command displays a summary of the current LLDP MED configuration. Syntax show lldp med Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes Default Value Not applicable User Guidelines No specific guidelines.
Page 565: Show Lldp Med Local-Device Detail
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes Default Value Not applicable Example console#show lldp med interface all LLDP MED Interface Configuration Interface Link configMED operMED ConfigNotify TLVsTx --------- ------ --------- -------- ------------ ----------- Gi1/0/1 Detach Enabled Enabled Enabled0,1 Gi1/0/2...
Page 566 Default Value Not applicable Example Console#show lldp med local-device detail gi1/0/8 LLDP MED Local Device Detail Interface: Gi1/0/8 Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1 DSCP: 2...
Page 567: Show Lldp Med Remote-Device
Extended POE PD Required: 0.2 watts Source: local Priority: low show lldp med remote-device This command displays the current LLDP MED remote data. This command can display summary information or detail for each interface. Syntax show lldp med remote-device {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | all} show lldp med remote-device detail {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port}...
Page 568 Local Interface: 1/0/1 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse MED Capabilities Enabled: capabilities, networkpolicy Device Class: Endpoint Class I Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1...
Page 569: Show Lldp Remote-Device
Required: 0.2 Watts Source: local Priority: low show lldp remote-device Use the lldp remote-device command to display the current LLDP remote data. This command can display summary information or detail for each interface. Syntax show lldp remote-device {detail interface | interface | all} •...
Page 570: Show Lldp Statistics
Gi1/0/19 00:1E:C9:AA:AB:FD Gi1/0/5 console#show lldp remote-device detail Gi1/0/13 LLDP Remote Device Detail Local Interface: Gi1/0/13 Remote Identifier: 1 Chassis ID Subtype: MAC Address Chassis ID: F8:B1:56:2B:A4:FA Port ID Subtype: Interface Name Port ID: Gi1/0/13 System Name: System Description: Port Description: Gi1/0/13 System Capabilities Supported: System Capabilities Enabled: Time to Live: 113 seconds...
Page 571 LLDP Device Statistics Last Update........0 days 22:58:29 Total Inserts........ 1 Total Deletes........ 0 Total Drops........0 Total Ageouts........ 1 Interface Total Total Discards Errors Ageout Discards Unknowns MED 802.3 UPOE --------- ----- ----- -------- ------ ------ -------- -------- ---- ----- ----- Gi1/0/1 29395 82562 0 Gi1/0/2...
Page 572 Fields Description Total Deletes The number of times a complete set of information advertised by a remote device has been deleted from the table. Total Drops Number of times a complete set of information advertised by a remote device could not be inserted due to insufficient resources.
Page 573: Loop Protection
Loop Protection Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Loop protection detects physical and logical loops between Ethernet ports on a device. Loop protection must be enabled globally before it can be enabled at the interface level. Commands in this Section...
Page 574 User Guidelines Loop protection operates by unicasting a Configuration Test Protocol (CTP) reply packet with the following field settings: • Source MAC Address:switch L3 MAC address • Destination MAC Address: Switch L3 MAC address • Ether Type: 0x0900 (LOOP) • Skip Count: 0 •...
Page 575: Keepalive (Global Config)
keepalive (Global Config) Use the keepalive command in Global Configuration mode to enable keepalive or to configure the loop protection timer and packet count. Use the no form of the command to return the configuration to the defaults. Syntax keepalive [ period [ count ] ] no keepalive •...
Page 576: Keepalive Action
Example The following example configures the CTP transmit interval to transmit CTP packets every 5 seconds. console(config)#keepalive 5 This example configures the CTP transmit interval to 5 seconds. If an interface receives two CTP packets, it error disables the interface. console(config)#keepalive 5 2 In the next example, if the CTP transmit interval is configured to 5 seconds, if an interface receives three CTP packets, it will error disable the interface.
Page 577: Show Keepalive
User Guidelines Error disabled interfaces can be configured to auto-recover using the errdisable recovery cause loop-protect command. Keep-alive should only be configured on interfaces that do not participate in spanning-tree. Keep-alive may disable interfaces in the spanning-tree designated (blocked) role. Command History Implemented in version 6.3.0.1 firmware.
Page 578: Show Keepalive Statistics
Field Description Transmit Interval The transmission interval in seconds. Retry Count The number of times a keepalive packet must be seen before a looped state is declared. Command History Implemented in version 6.3.0.1 firmware. Example updated in 6.4 version. Example console#show keepalive Keepalive Service......
Page 579 User Guidelines The following information is displayed. Field Description Port The interface identifier. Keep Alive Are keepalives transmitted on this interface (Yes, No)? Loop Detected Has a loop been detected (Yes, No)? Loop Count The number of CTP packets detected. Time Since Last Loop The last time a loop was detected.
Page 580: Mlag Commands
MLAG Commands Dell EMC Networking N2000/N2100-ON/N3000/N3100-ON/N4000 Series Switches MLAG enables a LAG to be created across two independent switches, so that some member ports of a MLAG can reside on one switch and the other members of a MLAG can reside on another switch. The partner switch on the remote side can be a MLAG-unaware unit.
Page 581: Feature Vpc
Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear vpc statistics feature vpc The feature vpc command globally enables MLAG. Use the no form of the command to globally disable MLAG.
Page 582: Peer Detection Enable
peer detection enable Use the peer detection enable command to enable the Dual Control Plane Detection Protocol. This enables the detection of peer MLAG switches and suppresses state transitions out of the secondary state in the presence of peer link failures. Use the no form of the command to disable the dual control plane detection protocol.
Page 583: Peer-Keepalive Destination
Syntax peer detection interval interval-msecs timeout timeout-msecs no peer detection interval • interval-msecs—The peer keepalive timeout in seconds. The range is 200– 4000 milliseconds. • timeout-msecs—The peer timeout value in milliseconds. The range is 700–14000 milliseconds. Default Configuration The default transmission interval is 1000 milliseconds. The default reception timeout is 3500 milliseconds.
Page 584 Syntax peer-keepalive destination ipaddress source srcaddr [udp-port port] no peer-keepalive destination • ipaddress—The ip address of the MLAG peer. • port—The UDP port number to use to listen for peer Dual Control Plane Detection Protocol packets. • srcaddr—The local source address to use. Default Configuration There are no Dual Control Plane Detection Protocol peers configured by default.
Page 585: Peer-Keepalive Enable
Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.1 console(config-vpc 1)#peer detection enable console(config-vpc 1)#exit peer-keepalive enable Use the peer-keepalive enable command to enable the peer keepalive protocol on the peer link. When enabled, if an MLAG switch does not receive keepalive messages from the peer within the timeout value and DCPDP is disabled, the switch begins the process of transitioning to the primary role (if standby).
Page 586: Peer-Keepalive Timeout
• Secondary device fails: All MLAG members’ port information regarding the secondary device that the primary switch maintains are removed from the primary switch. Forwarding and control processing continues on the local MLAG ports on the primary switch. Once the secondary comes back up again, it starts the keepalive protocol and, if successful in contacting the primary device, moves to the secondary state.
Page 587: Role Priority
no peer-keepalive timeout • value—The peer keepalive timeout value in seconds. The range is 2 to 15 seconds. Default Configuration By default, the keepalive timeout value is 5 seconds. Command Modes VPC Domain User Guidelines This command configures the peer keepalive timeout value (in seconds). If an MLAG switch does not receive keepalive messages from the peer for this timeout value, it takes the decision to transition its role (if required).
Page 588: Show Vpc
• Value—The local switch priority value. (The range is 1-255.) Default Configuration The default priority value is 100. Command Modes MLAG Domain Configuration mode User Guidelines This value is used for the MLAG role election and is sent to the MLAG peer in the MLAG keepalive messages.
Page 589: Show Vpc Brief
Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines There are no user guidelines for this command. Example (console)# show vpc 10 VPC Id 10 ----------------- Configuration mode......Enabled Operational mode......Enabled Port channel........Po1 Self member ports Status...
Page 590 User Guidelines A VPC domain ID must be configured for this command to display the VPC status. Only the Primary switch maintains the member status of the Secondary switch. The Secondary switch does not maintain or show the status of the Primary switch peer members.
Page 591: Show Vpc Consistency-Parameters
Number of VPCs configured...... 2 Number of VPCs operational..... 2 VPC id# 1 ----------- Interface........Po2 Configured Vlans....... 1,10,11,12,13,14,15,16,17 VPC Interface State......Active Local MemberPorts Status ----------------- ------ Gi1/0/23 UP Gi1/0/24 UP Peer MemberPorts Status ---------------- ------ Gi1/0/23 UP Gi1/0/24 UP VPC id# 2 ----------- Interface........
Page 592 User Guidelines There are no user guidelines for this command. Command History Introduced in 6.2.0.1 firmware. Updated in 6.3.0.1 firmware. Example console# show vpc consistency-parameters global Parameter Value --------------------- ------------------------------------------- STP Mode Enabled STP Version IEEE 802.1s BPDU Filter Mode Enabled BPDU Guard Mode Enabled...
Page 593: Show Vpc Consistency-Features
Parameter Name Value ---------------- --------------------------- Port Channel Mode Enabled STP Mode Enabled BPDU Filter Mode Enabled BPDU Flood Mode Enabled Auto-edge FALSE TCN Guard True Port Cost Edge Port True Root Guard True Loop Guard True Hash Mode Minimum Links Channel Type Static Configured VLANs...
Page 594: Show Vpc Peer-Keepalive
Syntax show vpc consistency-features { global | interface port-channel-number } • port-channel-number—A valid port-channel identifier. Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines There are no user guidelines for this command. show vpc peer-keepalive Use the show vpc peer-keepalive command to display the peer MLAG switch’s IP address used by the Dual Control Plane Detection Protocol.
Page 595: Show Vpc Role
Peer IP address......10.130.14.55 Source IP address......10.130.14.54 UDP port........50000 Peer detection admin status....Enabled Peer detection operational status..Up Peer is detected......True Configured Tx interval.....500 milliseconds Configured Rx timeout......2000 milliseconds Operational Tx interval....500 milliseconds Operational Rx timeout.....2000 milliseconds show vpc role Use the show vpc role command to display information about the keepalive status and parameters.
Page 596: Show Vpc Statistics
Configured VPC system priority....32767 Operational VPC system priority....32767 Local System MAC........00:10:18:82:18:63 Timeout........5 VPC State........Primary VPC Role........Primary Peer ---- VPC Domain ID........1 Role Priority........100 Configured VPC MAC......<AA:BB:CC:DD:EE:FF> Operational VPC MAC......<AA:BB:CC:DD:EE:FF> Configured VPC system priority....32767 Operational VPC system priority....32767 Role..........Secondary Local System MAC........00:10:18:82:1b:ab show vpc statistics...
Page 597 Total received..........115 Rx successful...........108 Rx Errors..........7 Timeout counter.........6 (console)# show vpc statistics peer-link Peer link control messages transmitted....123 Peer link control messages Tx errors....5 Peer link control messages Tx timeout....4 Peer link control messages ACK transmitted..... 34 Peer link control messages ACK Tx errors....5 Peer link control messages received....
Page 598: System-Mac
system-mac Use this command to manually configures the MAC address for the VPC domain. Use the no form of the command to revert the domain MAC address to the default value. Syntax system-mac mac-address no system-mac • mac-address—The system MAC address for the VPC domain. Default Configuration By default, the domain uses a pre-configured MAC address.
Page 599: System-Priority
system-priority Use this command to manually configure the priority for the VPC domain. Use the no form of the command to revert the priority to the default value. Syntax system-priority priority no system-priority • priority—The priority for the VPC domain. Range is 1-65535. Default Configuration By default, the system priority is 32767.
Page 600 Use the vpc command to configure a port-channel (LAG) as part of an MLAG instance. Upon issuing this command, the port-channel is down until the port-channel member information is exchanged and agreed between the MLAG peer switches. Use the no form of the command to remove the LAG from the MLAG domain.
Page 601: Vpc Domain
console(config-if-Po3)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po3)#vpc 2 console(config-if-Po3)#exitconsole(config)#interface po3 console(config-if-Po3)#switchport mode trunk console(config-if-Po3)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po3)#vpc 2 console(config-if-Po3)#exit vpc domain Use the vpc domain command to enter into MLAG configuration mode. This command creates an MLAG domain and enters into MLAG configuration mode.
Page 602: Vpc Peer-Link
BPDUs sent out on VPC interfaces. If two VPC domains have the identical domain-ids, the resulting actor IDs may lead to LACP or STP convergence issues. Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.1 console(config-vpc 1)#peer detection enable console(config-vpc 1)#exit vpc peer-link Use the vpc peer-link command to configure a port channel as the MLAG...
Page 603 console(config-if-Po1)#spanning-tree disable console(config-if-Po1)#switchport mode trunk console(config-if-Po1)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po1)#vpc peer-link console(config-if-Po1)#exit Layer 2 Switching Commands...
Page 604: Multicast Vlan Registration Commands
Multicast VLAN Registration Commands Dell EMC Networking N1100-ON/N2000/N2100-ON/N3000/N3100- ON/N4000 Series Switches Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
Page 605: Commands In This Section
Commands in this Section This section explains the following commands: mvr type mvr group mvr vlan group mvr mode show mvr mvr querytime show mvr members mvr vlan show mvr interface mvr immediate show mvr traffic Use the mvr command in Global Configuration and Interface Configuration modes to enable MVR.
Page 606: Mvr Mode
Syntax mvr group A.B.C.D [count] no mvr group A.B.C.D [count] • A.B.C.D—Specify a multicast group. • count—Specifies the number of multicast groups to configure. Groups are configured contiguously by incrementing the first group specified. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines...
Page 607: Mvr Querytime
no mvr mode • compatible—Do not allow membership joins on source ports. • dynamic—Send IGMP joins to the multicast source when IGMP joins are received on receiver ports. Default Configuration The default mode is compatible. Command Mode Global Configuration User Guidelines This command has no user guidelines.
Page 608: Mvr Vlan
User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message Defaulting MVR query response time. Error Completion Message None Example console(config)#interface Gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 2 console(config-if-Gi1/0/1)#mvr console(config-if-Gi1/0/1)#mvr type receiver console(config-if-Gi1/0/1)#exit console(config)#mvr mode dynamic console(config)#mvr querytime 10 mvr vlan Use the mvr vlan command in Global Configuration mode to set the MVR...
Page 609: Mvr Immediate
Message Type Message Description Successful Completion Message MVR multicast VLAN ID is set to the default value which is equal to 1. Error Completion Message Receiver port in mVLAN, operation failed. mvr immediate Use the mvr immediate command in Interface Configuration mode to enable MVR Immediate Leave mode.
Page 610: Mvr Type
mvr type Use the mvr type command in Interface Configuration mode to set the MVR port type. Use the no form of this command to set the MVR port type to None. Syntax mvr type {receiver | source} no mvr type •...
Page 611: Mvr Vlan Group
console(config-if-Gi1/0/1)#mvr type receiver console(config-if-Gi1/0/1)#interface Gi1/0/24 console(config-if-Gi1/0/24)#switchport mode trunk console(config-if-Gi1/0/24)#switchport trunk native vlan 99 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 99 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#exit mvr vlan group Use the mvr vlan group command in Interface Configuration mode to participate in the specific MVR group. Use the no form of this command to remove the port participation from the specific MVR group.
Page 612: Show Mvr
console(config-vlan2000)#exit console(config)#mvr vlan 2000 console(config)#interface gi1/0/24 console(config-if-Gi1/0/24)#switchport mode trunk console(config-if-Gi1/0/24)#switchport trunk native vlan 2000 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 2000 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#mvr vlan 2000 group 239.1.1.1 show mvr Use the show mvr command to display global MVR settings. Syntax show mvr Default Configuration...
Page 613: Show Mvr Members
Parameter Description MVR Max Multicast Groups The maximum number of multicast groups that is supported by MVR. MVR Current Multicast groups The current number of MVR groups allocated. MVR Query Response Time The current MVR query response time. MVR Mode The current MVR mode.
Page 614: Show Mvr Interface
Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description MVR Group IP MVR group multicast IP address. Status The status of the specific MVR group. It can be active or inactive.
Page 615 Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description Port...
Page 616: Show Mvr Traffic
console#show mvr interface gi1/0/23 members vlan 12 235.0.0.1 STATIC ACTIVE 235.1.1.1 STATIC ACTIVE show mvr traffic Use the show mvr traffic command to display global MVR statistics. Syntax show mvr traffic Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages.
Page 617 Parameter Description IGMP Report V2 Transmitted Number of transmitted IGMP Reports V2. IGMP Leave Transmitted Number of transmitted IGMP Leaves. IGMP Packet Receive Failures Number of failures on receiving the IGMP packets. IGMP Packet Transmit Failures Number of failures on transmitting the IGMP packets.
Page 618: Port Channel Commands
DCBX configuration, etc. must be compatible on all member links. Per IEEE 802.1AX, only links with the same operational characteristics, such as speed and duplex setting, may be aggregated. Dell EMC Networking switches aggregate links only if they have the same operational speed and duplex setting, as opposed to the configured speed and duplex setting.
Page 619: Static Lags
unable to buffer the requisite number of frames will show excessive frame discard. Configuring copper and fiber ports together in an aggregation group is not recommended. If a dynamic LAG member sees an LACPDU that contains information different from the currently configured default partner values, that particular member drops out of the LAG.
Page 620: Vlans And Lags
VLANs and LAGs When Ethernet interfaces are added to a LAG, they are removed from all existing VLAN membership and take on the VLAN membership of the LAG. When members are removed from a LAG, the members regain the Ethernet interface VLAN membership as per the configuration.
Page 621: Enhanced Lag Hashing
Source/Destination IP and source/destination TCP/UDP Port fields of the packet. Enhanced LAG Hashing Dell EMC Networking devices based on Broadcom XGS-IV silicon support configuration of hashing algorithms for each LAG interface. The hashing algorithm is used to distribute traffic load among the physical ports of the LAG while preserving the per-flow packet order.
Page 622: Flexible Assignment Of Ports To Lags
8 interfaces per dynamic LAG. For example, 128 LAGs may be assigned 2 interfaces each or 18 LAGs may be assigned 8 interfaces each. NOTE: The N1100-ON/N1500 Series switches support 64 port channels. Commands in this Section...
Page 623: Interface Port-Channel
Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example shows how port gi1/0/5 is configured in port-channel 1 without LACP (static LAG). console(config)# interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)# channel-group 1 mode on The following example shows how port gi1/0/6 is configured to port-channel 2 with LACP (dynamic LAG).
Page 624: Interface Range Port-Channel
User Guidelines Port channel numbers range from 1 to 128 for all switches except the N1500 which supports 64 port channels. Example The following example enters the context of port-channel 1. console(config)# interface port-channel 1 console(config-if-po1)# interface range port-channel Use the interface range port-channel command in Global Configuration mode to execute a command on multiple port channels at the same time.
Page 625: Hashing-Mode
• 6 — Source/destination IP and source/destination TCP/UDP port • 7 — Enhanced hashing mode. This mode is not available on Dell EMC Networking N1100-ON/N1500 Series switches. Default Configuration The default hashing mode is 7—Enhanced hashing mode. On Dell EMC Networking N1100-ON/N1500 Series switches, the default hashing mode is 5.
Page 626: Lacp Port-Priority
User Guidelines Enhanced hashing mode is recommended, however, depending on the specific traffic patterns present in the network, a different hashing mode may give better bandwidth distribution across the LAG member links. Use the show interfaces utilization command to view link utilization. Example console(config)#interface port-channel l console(config-if-po1)#hashing-mode 4...
Page 627: Lacp System-Priority
The port priority of each port is a four octet binary number, formed by using the configured port priority as the two most significant octets and the port number as the two least significant octets. For any given set of ports, the port with the numerically lower value of port priority has the higher priority.
Page 628: Lacp Timeout
User Guidelines Per IEEE 802.1AX-2008 Section 5.6, ports are selected for aggregation by each switch based upon the port priority assigned by the switch with the higher system priority, starting with the highest priority port of the switch with the higher switch priority, and working downward through the ordered list of port priority values for the ports.
Page 629: Port-Channel Local-Preference
Command Mode Interface Configuration (Ethernet) mode Interface Range mode User Guidelines The LACP time-out setting indicates a local preference for the rate of LACPDU transmission and the period of time before invalidating received LACPDU information. This setting is negotiated with the link partner. Long time-outs are 90 seconds with a transmission rate of once every 30 seconds.
Page 630: Port-Channel Min-Links
User Guidelines For a LAG that contains links distributed across stacking units, the default behavior is to distribute locally received ingress traffic across all LAG links in the stack per the selected hashing algorithm. When enabled, this command disables forwarding of ingress unicast traffic across stacking links for a LAG that is comprised of links on multiple stack units.
Page 631: Show Interfaces Port-Channel
Default Configuration The default minimum links is 1. Command Mode Interface Configuration (port-channel) mode User Guidelines This command has no user guidelines. Example console(config)#interface port-channel 1 console(config-if-Po1)#port-channel min-links 3 console(config-if-Po1)#no port-channel min-links show interfaces port-channel Use the show interfaces port-channel command to show port-channel information.
Page 632: Show Lacp
Parameter Description Channel Number of the port channel to show. This parameter is optional. If the port channel number is not given, all the channel groups are displayed. (Range: Valid port-channel number, 1 to 48). • Ports—The ports that are members of the port-channel. •...
Page 633 Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows how to display LACP Ethernet interface information. console#show lacp gi1/0/1 port Gi1/0/1 LACP parameters: Actor:...
Page 634: Show Statistics Port-Channel
LACP PDUs send: LACP PDUs received: show statistics port-channel Use the show statistics port-channel command to display statistics about a specific port-channel. Syntax show statistics port-channel port-channel-number Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Page 635 Packets RX and TX 2048-4095 Octets..... 0 Packets RX and TX 4096-9216 Octets..... 0 Total Packets Received Without Errors..0 Unicast Packets Received....... 0 Multicast Packets Received..... 0 Broadcast Packets Received..... 0 Receive Packets Discarded...... 0 Total Packets Received with MAC Errors..0 Jabbers Received.......
Page 636 GVRP PDUs Transmitted......0 GVRP Failed Registrations...... 0 GMRP PDUs Received......0 GMRP PDUs Transmitted......0 GMRP Failed Registrations...... 0 BPDUs: Sent: 0, Received: 0 Time since counters last cleared....0 day 6 hr 19 min 42 sec Layer 2 Switching Commands...
Page 637: Port Monitor Commands
Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed.
Page 638: Commands In This Section
• Once configured, there is no network connectivity on the probe (destination) port. The probe port does not forward any traffic and does not receive any traffic. The probe tool attached to the probe port is unable to ping the networking device or ping through the networking device, and no device is able to ping the probe tool.
Page 639 The in memory buffer is 128 packets. The file system buffer is 524288 bytes and is named cpuPktCapture.pcap. The remote monitor capture port is 2002. Command Modes Global Configuration mode User Guidelines Packets that are transmitted or received by the switch CPU may be captured to the switch file system, to local memory, or sent to a WireShark client.
Page 640: Monitor Capture (Privileged Exec)
monitor capture (Privileged Exec) Use the monitor capture command to capture packets transmitted or received from the CPU. This facility captures switch control plane traffic and is useful in monitoring network control traffic and analyzing network security. Remote packet capture is not supported when the packets are received via Service Port.
Page 641 Syntax monitor capture mode {line | remote | file} no monitor capture mode • line—Captured packets are sent to the console. • remote—Captured packets are sent to a remote WireShark network analyzer. file—Captured packets are sent to the file system. •...
Page 642 • The time when packet passed through CPU. • The first 128 bytes of packet. • The length of full packet (if greater than 128 bytes). The in-memory capture buffer can be configured to stop when full. This mode is configured with the command no monitor capture line wrap. Capturing packets is started by the monitor capture start command.
Page 643 If capturing is in progress and more than 128 packets are captured and the user configures no monitor capture line wrap mode, capturing is stopped automatically. No packets are lost when capturing is in progress. All captured packets can be displayed. No captured and not yet displayed packets are lost.
Page 644 Remote capture can be enabled or disabled using the CLI. The network operator should obtain a computer with the Wireshark tool to display the captured traffic. When using remote capture mode, the switch doesn’t store any captured data locally. The local TCP port number can be configured for connecting Wireshark to the switch.
Page 645: Monitor Session
Example This example sends capture output to the console. console(config)#monitor capture line console(config)#exit console#monitor capture start all monitor session Use the monitor session command in Global Configuration mode to configure the source and destination for mirroring. Packets are copied from the source to the destination.
Page 646 Dell EMC Networking N2000, N2100-ON, N3000, N3100-ON, and N4000 Series switches. The Dell EMC Networking N1100-ON and N1500 Series switches support a single unidirectional or bidirectional session. Each session supports multiple sources. However, the destination interface for a session may not overlap with other sessions. The internal CPU port cannot be configured as an RSPAN source.
Page 647 • Up to 4 sessions with egress (TX) traffic mirroring may be active. • Up to 2 sessions with both (RX and TX) traffic mirroring may be active. • Any other combination of up to 4 total ingress or egress mirroring may be active.
Page 648 ports, and be members of the RSPAN VLAN. Do not assign other ports to the RSPAN VLANs (for example, trunk ports that are not reflector ports). Additionally, reflector ports may not be port channels. Monitored traffic is encapsulated in the RSPAN VLAN on the reflector port on the source switch.
Page 649 the implicit deny all). If configuring an egress ACL on the destination port, care must be taken with the ACL numbering to ensure the mirrored traffic is properly processed. Bidirectional mirroring of multiple ports in a network may result in duplicate packets transmitted on the probe port (one copy for the receive side and another copy for the transmit side).
Page 650: Remote-Span
console(config)#monitor session 1 destination remote vlan 723 reflector-port Te1/0/1 console(config)#monitor session 1 mode console(config)#show monitor session 1 Session Admin mode : Enabled Type : Remote source session Source ports Both : Gi1/0/48 Destination port : Te1/0/1 Destination RSPAN VLAN : 723 This example shows how to configure a destination switch using VLAN 723 as the source RSPAN VLAN interface Te1/0/1 and Gi1/0/10 as the destination interface.
Page 651: Show Monitor Capture
Syntax remote-span no remote-span Default Configuration There is no default configuration for this command. Command Modes VLAN Configuration mode. User Guidelines Remote-span VLANs must be configured as a tagged VLAN on trunk or general mode ports on RSPAN transit switches. Traffic in an RSPAN VLAN is always flooded as MAC address learning and link local protocols are disabled on RSPAN VLANs.
Page 652 Command Modes Privileged Exec mode (all SHOW modes) User Guidelines This command has no user guidelines. Example console#show monitor capture Operational Status......Enabled Current Capturing Type......Line Capturing Traffic Mode......Tx/Rx Line Wrap Mode......... Disabled RPCAP Listening Port......2002 RPCAP dump file size (KB)...... 45 console#show monitor capture packets Gi1/0/1 Length = 94...
Page 653: Show Monitor Session
0010 86 dd 60 00 00 00 00 24 00 01 fe 80 00 00 00 00 0020 00 00 00 00 88 ff fe 2f 8e 82 ff 02 00 00 00 00 0030 00 00 00 00 00 00 00 00 00 01 3a 00 05 02 00 00 0040 01 00 82 00 43 62 27 10 00 00 00 00 00 00 00 00 0050 00 00 00 00 00 00 00 00 00 00 ff ff 00 00 ===================...
Page 654 console(config)#show monitor session 1 Session Admin mode : Disabled Type : Local session Source ports Both : Te1/0/10 Destination ports : Te2/0/20 IP access-group : a1 The following example shows the detailed status of the port based mirroring session that is constrained to a local switch. console(config)#show monitor session 1 detail Session Admin mode...
Page 655: Show Vlan Remote-Span
The following example shows the detailed status of a VLAN session on destination switch, where session is span across multiple switches. console# show monitor session 1 detail Session Type : Remote Destination Session Source Ports RX Only : None TX Only : None Both : None...
Page 656 ----------------------------------------------------- Layer 2 Switching Commands...
Page 657: Qos Commands
Access Control Lists The Dell EMC Networking ACL feature allows classification of packets based upon Layer 2 through Layer 4 header information. An Ethernet IPv6 packet is distinguished from an IPv4 packet by its unique Ether-type value; thus, all IPv4 and IPv6 classifiers include the Ether-type field.
Page 658: Layer 2 Acls
Class of Service (CoS) The Dell EMC Networking CoS Queuing feature allows the user to directly configure device queuing and, therefore, provide the desired QoS behavior without the complexities of DiffServ. The CoS feature allows the user to determine the following queue behavior: •...
Page 659: Queue Mapping
CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as physical port interfaces. Queue Mapping The priority of a packet arriving at an interface is used to steer the packet to the appropriate outbound CoS queue through a mapping table.
Page 660: Diffserv
DiffServ Standard IP-based networks are designed to provide “best effort” data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will meet the latency or bandwidth requirements. During times of congestion, packets may be delayed, sent sporadically, or dropped.
Page 661: Assign-Queue
classofservice trust match dstip6 police-simple show diffserv service brief conform-color match dstl4port police-single-rate show interfaces cos- queue cos-queue min- match ethertype police-two-rate show interfaces bandwidth random-detect cos-queue random- match ip6flowlbl policy-map show policy-map detect cos-queue strict match ip dscp random-detect show policy-map queue-parms interface...
Page 662: Class
The command mode is changed to Policy-Class-Map Configuration when this command is executed successfully. Example The following example shows how to specify the DiffServ class name of “DELL.” console(config)#class-map match-all DELL console(config-classmap)#exit console(config)#policy-map DELL1 in console(config-policy-map)#class DELL Layer 2 Switching Commands...
Page 663: Class-Map
The match-all parameter indicates that all of the match criteria configured in the class map must be met for the packet to be processed by the class map. Example The following example creates a class-map named “DELL” which requires all ACE’s to be matched. console(config)#class-map DELL...
Page 664: Classofservice Dot1P-Mapping
User Guidelines This command has no user guidelines. Example The following example displays how to change the name of a DiffServ class from “DELL” to “DELL1.” console(config)#class-map rename DELL DELL1 console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an IEEE 802.1p user priority to an internal traffic class.
Page 665: Classofservice Ip-Dscp-Mapping
Default Configuration The default 802.1p mapping is as follows: User Priority Traffic Class Command Mode Global Configuration or Interface Configuration (Ethernet, Port-channel) mode User Guidelines None Example The following example globally configures a mapping for user priority 1 and traffic class 2. If trust mode is enabled for 802.1p (classofservice trust dot1p), packets received on any interface marked with IEEE 802.1p priority 1 will be assigned to internal CoS queue 2.
Page 666 Syntax classofservice ip-dscp-mapping ipdscp trafficclass no classofservice ip-dscp-mapping • ipdscp—Specifies the IP DSCP value which is to be mapped to the specified traffic class. (Range: 0–63 or an IP DSCP keyword – af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef).
Page 667 IP DSCP Traffic Class (queue-id) 16(cs2) 18(af21) 20(af22) 22(af23) 24(cs3) 26(af31) 28(af32) 30(af33) 32(cs4) 34(af41) 36(af42) 38(af43) 40(cs5) Layer 2 Switching Commands...
Page 668 IP DSCP Traffic Class (queue-id) 46(ef) 48(cs6) 56(cs7) Command Mode Global Configuration mode User Guidelines The switch may be configured to trust either DSCP or CoS values, but not both. Setting the trust mode does not affect ACL packet matching, e.g. it is still possible to use an ACL that matches on a received CoS value and assigns the packet to a queue even when DSCP is trusted.
Page 669: Classofservice Trust
Example The following example globally configures the mapping for IP DSCP 1 to traffic class 2. If trust mode is enabled for DSCP (classofservice trust ip- dscp), packets received on any interface marked with DSCP 1 will be assigned to internal CoS queue 2. console(config)#classofservice ip-dscp-mapping 1 2 classofservice trust Use the classofservice trust command in either Global Configuration mode...
Page 670: Conform-Color
Examples The following example sets the class of service trust mode of all interfaces to trust 802.1p packet markings. console(config)#classofservice trust dot1p The following example displays how to set the class of service trust mode of all interfaces to trust IP DSCP packet markings. console(config)#classofservice trust ip-dscp conform-color Use the conform-color command in Policy-Class-Map Configuration mode...
Page 671 Color conforming classes must be one of the following types: • Primary COS • Secondary COS • DSCP • IP Precedence This includes both the input and color aware classes. The conform color class may not be the same as the input class, nor may the match criteria be of the same type.
Page 672: Cos-Queue Min-Bandwidth
cos-queue min-bandwidth Use the cos-queue min-bandwidth command in either Global Configuration mode or Interface Configuration mode to specify the minimum transmission bandwidth for each interface queue. To restore the default for each queue’s minimum bandwidth value, use the no form of this command. Syntax cos-queue min-bandwidth bw-0 bw-1 …...
Page 673: Cos-Queue Random-Detect
When ETS is operational on an N4000 series switch, this command overrides the ETS assignments and assigns minimum bandwidth constraints across traffic class groups. This allows the administrator to ensure that the frame scheduler does not completely starve lower priority groups when strict priority is enabled on a high numbered TCG.
Page 674 Default Configuration WRED queue management policy is disabled by default. Tail-drop queue management policy is enabled by default. The threshold for invoking tail- drop behavior when WRED is disabled is approximately 1/2 of the remaining free packet buffer in the switch. Command Mode Interface Configuration (physical or port-channel) mode, Interface Range mode, or Global Configuration mode...
Page 675 Simple RED may be enabled/disabled for any CoS queue on the Dell EMC Networking N1500 Series switches, however, the drop probability must be one of the values given below. The percentage before the dash indicates the actual drop probability. The number after the dash indicates the value entered in the drop-prob-scale parameter.
Page 676: Cos-Queue Strict
cos-queue strict Use the cos-queue strict command in either Global Configuration mode or Interface Configuration mode to activate the strict priority scheduler mode for the specified queue. To restore the default weighted scheduler mode for each specified queue, use the no form of this command. Syntax cos-queue strict {queue-id-1} [{queue-id-2} …...
Page 677: Diffserv
bandwidth on other queues, ensure that the total of the minimum bandwidths is less than 100% to allow the scheduler to handle bursts of traffic. Example The following example displays how to activate the strict priority scheduler mode for two queues. console(config)#cos-queue strict 1 2 The following example displays how to activate the strict priority scheduler mode for three queues (1, 2, and 4) and reserves a minimal amount of...
Page 678: Drop
Example The following example displays how to set the DiffServ operational mode to active. console(Config)#diffserv drop Use the drop command in Policy-Class-Map Configuration mode to specify that all packets for the associated traffic stream are to be dropped at ingress. This command is not available on the N1500 Series switches.
Page 679: Mark Ip-Dscp
Syntax mark cos cos-value • cos-value — Specifies the CoS value as an integer. (Range: 0–7) Default Configuration There is no default cos-value for this command. Packets are not remarked by default. Command Mode Policy-Class-Map Configuration mode User Guidelines Received frames are assigned to an internal CoS queue on ingress depending on configuration such as whether the ingress port is trusted for CoS, DSCP or IP precedence value and it's mapping onto an internal CoS queue.
Page 680: Mark Ip-Precedence
• dscpval — Specifies a DSCP value (10, 12, 14, 18, 20, 22, 26, 28, 30, 34, 36, 38, 0, 8, 16, 24, 32, 40, 48, 56, 46) or a DSCP keyword (af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef).
Page 681: Match Class-Map
Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines. Received frames are assigned to a CoS queue on ingress depending on configuration such as whether the ingress port is trusted for CoS, DSCP or IP precedence value and it's mapping onto an internal CoS queue.
Page 682: Match Cos
Example The following example adds match conditions defined for the Dell class to the class currently being configured. console(config-classmap)#match class-map Dell The following example deletes the match conditions defined for the Dell class from the class currently being configured.
Page 683: Match Destination-Address Mac
Syntax match cos • cos-value — Specifies the CoS value as an integer (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition to the specified class.
Page 684: Match Dstip
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example configures a match condition for the specified MAC address and bit mask. console(config-classmap)#match destination-address mac AA:ED:DB:21:11:06 FF:FF:FF:EF:EE:EE match dstip Use the match dstip command in Class-Map Configuration mode to add a...
Page 685: Match Dstip6
User Guidelines This command has no user guidelines. Example The following example displays adding a match condition using the specified IP address and bit mask. console(config-classmap)#match dstip 10.240.1.1 255.255.255.1 match dstip6 The match dstip6 command adds a match condition based on the destination IPv6 address of a packet.
Page 686: Match Dstl4Port
match dstl4port Use the match dstl4port command in Class-Map Configuration mode to add a match condition based on the destination layer 4 port of a packet using a single keyword or a numeric notation. This command is not available on the N1500 Series switches. NOTE: Syntax match dstl4port {portkey | port-number}...
Page 687: Match Ip6Flowlbl
Syntax match ethertype {keyword | 0x0600-0xffff} keyword — Specifies either a valid keyword or a valid hexadecimal number. • The supported keywords are appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. (Range: 0x0600– 0xFFFF) Default Configuration This command has no default configuration.
Page 688: Match Ip Dscp
Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example adds a rule to match packets whose IPv6 Flow Label equals 32312. console(config-classmap)#match ip6flowlbl 32312 match ip dscp Use the match ip dscp command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet.
Page 689: Match Ip Precedence
The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. To specify a match on all DSCP values, use the match ip tos tosbits tosmask command with tosbits set to “0”...
Page 690: Match Ip Tos
To specify a match on all precedence values, use the match ip tos tosbits tosmask command with tosbits set to “0” (zero) and tosmask set to hex “1F.” Example The following example displays adding a match condition based on the value of the IP precedence field.
Page 691: Match Protocol
This specification is the free form version of the IP DSCP/Precedence/TOS match specification in that you have complete control of specifying which bits of the IP Service Type field are checked. Example The following example displays adding a match condition based on the value of the IP TOS field in a packet.
Page 692: Match Source-Address Mac
Example The following example displays adding a match condition based on the “ip” protocol name keyword. console(config-classmap)#match protocol ip match source-address mac Use the match source-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source MAC address of the packet.
Page 693: Match Srcip
match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet. This command is not available on the N1500 Series switches. NOTE: Syntax match srcip ipaddr ipmask...
Page 694: Match Srcl4Port
Syntax match srcip6 source-ipv6-prefix/prefix-length • source-ipv6-prefix — IPv6 prefix in IPv6 global address format. • prefix-length — IPv6 prefix length value. Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-classmap)#match srcip6 2001:DB8::0/32 match srcl4port...
Page 695: Match Vlan
Command Mode Class-Map Configuration mode User Guidelines Only one srcl4port matching criteria can be specified. To remove the matching criteria, delete the class map. Example The following example displays how to add a match condition using the “snmp” port name keyword. console(config-classmap)#match srcl4port snmp match vlan Use the match vlan command in Class-Map Configuration mode to add to...
Page 696: Mirror
Example The following example displays adding a match condition for the VLAN ID “2.” console(config-classmap)#match vlan 2 mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified. This command is not available on the N1500 Series switches.
Page 697 Syntax police-simple {datarate burstsize conform-action {drop | set-prec-transmit cos | set-dscp-transmit dscpval | transmit} [violate-action {drop | set-cos transmit cos | set-prec-transmit cos | set-dscp-transmit dscpval | transmit}]} • datarate — Data rate in kilobits per second (Kbps). (Range: 1– 4294967295) •...
Page 698: Police-Single-Rate
User Guidelines The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and violate. Conforming packets are colored green and non-conforming packets are colored red for use by the WRED mechanism. Only one style of police command (simple, single-rate or two-rate) is allowed for a given class instance in a particular policy.
Page 699: Police-Two-Rate
– set-dscp-transmit dscp-val: Remark the DSCP in the packet to dscp- val and transmit. (Range 0-63) – set-cos-transmit 802.1p-priority: Remark the 802.1p priority in the packet to 802.1p-priority and transmit. (Range 0-7) – transmit: Transmit the packet unmodified. Default Configuration There no default configuration for this command.
Page 700 Syntax police-two-rate datarate burstsize peak-data-rate excess-burstsize conform- action action exceed-action action violate-action action • datarate — Data rate in kilobits per second (Kbps). (Range: 1– 4294967295) • burstsize — Burst size in Kbytes (Range: 1–128) • peak-data-rate— Peak data rate in kilobits per second (Kbps). (Range 1- 4294967295) •...
Page 701: Policy-Map
Peak Burst Size (PBS) A packet is colored red if it exceeds the PIR, yellow if it exceeds the CIR, but not the PIR, and green if it does not exceed either. A trTCM is useful when a peak rate needs to be enforced separately from a committed rate. The CIR and PIR are measured in Kbps (not pps as indicated in the RFC), the CBS in Kbytes, and the PBS in Kbytes.
Page 702: Random-Detect Queue-Parms
Example The following example shows how to establish a new ingress DiffServ policy named “DELL.” console(config)#policy-map DELL in console(config-policy-classmap)# random-detect queue-parms Use the random-detect queue-parms command to configure the WRED green, yellow, and red TCP and non-TCP packet minimum and maximum drop thresholds and corresponding drop probabilities on an interface or globally.
Page 703 • queue-id—The internal class of service queue (range 0-6). The queue-id is not the same as the CoS value received in incoming packets. Use the show classofservice dot1p-mapping command to display the CoS value to internal CoS queue mapping. • min-thresh—The minimum threshold at which to begin dropping, based on the configured maximum drop probability for each color and for non- TCP packets.
Page 704 Queue ID WRED Minimum WRED Maximum WRED Drop ECN Enabled Threshold Threshold Probability Scale 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 Command Mode Global Configuration mode, Interface Configuration mode (physical and port-channel), Interface Range mode User Guidelines Interface configuration overrides the global configuration.
Page 705 For the Dell EMC NetworkingN2000/N3000 Series switches, a threshold of 100% corresponds to a buffer occupancy of 295428 bytes queued for transmission on an interface. For the N4000 Series switch, a threshold of 100% corresponds to a buffer occupancy of 666757 bytes queued for transmission on an interface.
Page 706 ECN capability is supported. Simple RED may be enabled/disabled for any CoS queue on the Dell EMC Networking N1500 Series switches, however, the drop probability must be one of the values given below. The percentage before the dash indicates the actual drop probability.
Page 707: Random-Detect Exponential-Weighting-Constant
100%: 100 Examples This example configures simple RED on an N1500 series switch. CoS queue 1 is globally configured for simple RED with a congestion threshold of 50% and a drop probability of 0.781% for green colored traffic. console(config)# random-detect queue-parms 1 min-thresh 50 0 0 drop-prob- scale 8 0 0 console(config)#cos-queue random-detect 1...
Page 708: Redirect
size to ½ the difference between the previous size and the current instantaneous queue size, set the weighting constant to 1. To update the current queue size to 1/4 the difference between the previous size and the current instantaneous queue size, set the weighting constant to 2, ..The average queue size is calculated for each physical interface independently.
Page 709: Service-Policy
service-policy Use the service-policy command in either Global Configuration mode (for all system interfaces) or Interface Configuration mode (for a specific interface) to attach a policy to an interface. To return to the system default, use the no form of this command. This command is not available on the N1500 Series switches.
Page 710: Show Class-Map
The policy appears in the running-config as part of the individual interface configuration. Example The following example shows how to attach a service policy named “DELL” to all interfaces for packets ingressing the switch. console(config)#service-policy in DELL show class-map Use the show class-map command to display all configuration information for the specified class.
Page 711: Show Classofservice Dot1P-Mapping
Class Name Type Proto Reference Class Name ------------------------------- ----- ----- ----------------------------- ipv4 ipv4 ipv6 ipv6 stop_http_class ipv6 match_icmp6 ipv6 console#show class-map ipv4 Class Name........ipv4 Class Type........All Class Layer3 Protocol......ipv4 Match Criteria Values ---------------------------- ------------------------------------- Source IP Address 2.2.2.2 (255.255.255.0) console#show class-map stop_http_class Class Name........
Page 712 Default Configuration By default, interfaces are configured to trust the IEEE 802.1p value in received packets and utilize the dot1p-mapping to assign packets to CoS queues. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If the interface is specified, the IEEE 802.1p mapping table of the interface is displayed.
Page 713: Show Classofservice Ip-Dscp-Mapping
show classofservice ip-dscp-mapping Use the show classofservice ip-dscp-mapping command to display the current IP DSCP mapping to internal traffic classes for a specific interface. Syntax show classofservice ip-dscp-mapping Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Page 714 18(af21) 20(af22) 22(af23) 24(cs3) 26(af31) 28(af32) 30(af33) 32(cs4) 34(af41) 36(af42) 38(af43) 40(cs5) 46(ef) 48(cs6) 56(cs7) Layer 2 Switching Commands...
Page 715: Show Classofservice Trust
show classofservice trust Use the show classofservice trust command to display the current trust mode setting for a specific interface. Syntax show classofservice trust [{gigabitethernet unit/slot/port| port-channel port- channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes...
Page 716: Show Diffserv Service Interface
Syntax show diffserv Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show diffserv DiffServ Admin mode......
Page 717: Show Diffserv Service Brief
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show diffserv service interface gigabitethernet 1/0/1 in DiffServ Admin Mode......Enable Interface........Gi1/0/1 Direction........
Page 718: Show Interfaces Cos-Queue
The following example shows how to display all interfaces in the system to which a DiffServ policy has been attached. console(config)#show diffserv service brief DiffServ Admin Mode......Enable Interface Direction OperStatus Policy Name ----------- ----------- ---------- ------------------------------- Po47 Down DELL Gi1/0/1 Down DELL Po48 Down DELL Gi1/0/2 Down DELL show interfaces cos-queue Use the show interfaces cos-queue command to display the class-of-service queue configuration for the specified interface.
Page 719 console#show interfaces cos-queue Global Configuration Interface Shaping Rate......0 Queue Id Min. Bandwidth Scheduler Type Queue Management Type -------- -------------- -------------- -------------- Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop This example displays the COS configuration for the specified interface...
Page 720: Show Interfaces Random-Detect
Parameter Description Queue Mgmt Type The queue depth management technique used for all queues on this interface. Queue An interface supports n queues numbered 0 to (n-1).The specific n value is platform-dependent. Internal egress queue of the interface; queues 0–6 are available.
Page 721 User Guidelines This command displays the globally configured policy if no interface parameter is given. If an interface parameter is given, it displays the configured interface policy. The per CoS queue display for an interface displays the minimum and maximum thresholds, drop probability, and ECN capability per TCP packet color in the order: green, yellow, red, and non-TCP.
Page 722: Show Policy-Map
Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show policy-map Policy Name Policy Type Class Members ----------- ----------- ------------- POLY1 DellClass DELL DellClass Layer 2 Switching Commands...
Page 723: Show Policy-Map Interface
The following example displays the statistics information for port te1/0/1. console#show policy-map interface te1/0/1 in Interface........Te1/0/1 Operational Status......Down Policy Name........DELL Interface Summary: Class Name........Dell EMC Networking In Offered Packets......1003 In Discarded Packets......11 Layer 2 Switching Commands...
Page 724: Show Service-Policy
This command has no user guidelines. Example The following example displays a summary of policy-oriented statistics information. console#show service-policy in Oper Policy Intf Stat Name ------ ----- ------------------------------- Gi1/0/1 Down DELL Gi1/0/2 Down DELL Gi1/0/3 Down DELL Gi1/0/4 Down DELL Gi1/0/5 Down DELL...
Page 725: Traffic-Shape
traffic-shape Use the traffic-shape command in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit for the interface as a whole. To restore the default interface shaping rate value, use the no form of this command. Syntax traffic-shape bw kbps no traffic-shape...
Page 726: Vlan Priority
vlan priority Use the vlan priority command to assign a default VLAN priority tag for untagged frames ingressing an interface. Syntax vlan priority cos-value • cos-value – A value ranging from 0-7. Default Configuration By default, untagged frames are processed with VLAN priority 0. The VLAN priority is mapped to a class of service value which determines the handling of the frame.
Page 727: Spanning Tree Commands
Management of MSTP is compliant with the requirements of RFC5060. The following features are supported by Dell EMC Networking MSTP: STP Loop Guard - The Loop Guard feature is an enhancement of the Multiple Spanning Tree Protocol. Loop guard protects a network from forwarding loops induced by BPDU packet loss.
Page 728: Commands In This Section
port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role.
Page 729: Clear Spanning-Tree Detected-Protocols
show spanning-tree spanning-tree spanning-tree spanning-tree vlan forward-time portfast forward-time show spanning-tree spanning-tree guard spanning-tree spanning-tree vlan summary portfast bpdufilter hello-time default show spanning-tree spanning-tree spanning-tree spanning-tree vlan vlan loopguard portfast default max-age spanning-tree spanning-tree max- spanning-tree port- spanning-tree vlan root priority (Interface Configuration) spanning-tree auto-...
Page 730: Exit (Mst)
console#clear spanning-tree detected-protocols gigabitethernet 1/0/1 exit (mst) Use the exit command in MST mode to exit the MST configuration mode and apply all configuration changes. Syntax exit Default Configuration MST configuration. Command Mode MST mode User Guidelines This command has no user guidelines. Example The following example shows how to exit the MST configuration mode and save changes.
Page 731 VLAN mapping, the same configuration revision number, and the same configuration name. Dell EMC Networking MSTP supports mapping of VLANs to MST instances, even though the underlying VLAN may not be defined on the switch. Traffic received on VLANs not defined on the port received is dropped.
Page 732: Name (Mst)
console(config-mst)#instance 1 add vlan 3000-4093 console(config-mst)#instance 2 add vlan 200-349 console(config-mst)#instance 2 add vlan 351-399 console(config-mst)#instance 2 add vlan 450-499 console(config-mst)#instance 2 add vlan 2000-2199 console(config-mst)#instance 2 add vlan 2500-2599 console(config-mst)#instance 2 add vlan 2800-2999 console(config-mst)#exit console(config)#interface te1/1/1 console(config-if-Te1/1/1)#switchport mode trunk console(config-if-Te1/1/1)#switchport trunk allowed vlan add 2-150 console(config-if-Te1/1/1)#spanning-tree mst 1 port-priority 16 console(config-if-Te1/1/1)#interface te1/1/2...
Page 733: Revision (Mst)
Example The following example sets the configuration name to “region1”. console(config)#spanning-tree mst configuration console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command.
Page 734: Show Spanning-Tree
show spanning-tree Use the show spanning-tree command to display the spanning-tree configuration. Syntax show spanning-tree [{gigabitethernet unit/slot/port | port-channel port- channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] [instance instance-id] show spanning-tree [detail] [active | blockedports] | [instance instance-id] show spanning-tree mst-configuration show spanning-tree {uplinkfast | backbonefast} •...
Page 735 console#show spanning-tree Spanning Tree: Enabled - BPDU Flooding: Disabled - Portfast BPDU Filtering: Disabled Mode: rstp CST Regional Root: 80:00:00:1E:C9:DE:D4:47 Regional Root Path Cost: ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Transmit Hold Count: 6s Bridge Max Hops: 20 Interfaces...
Page 736 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Transmit Hold Count: 6s Bridge Max Hops: 20 Number of topology changes: 1 Last Change Occurred: 0d0h3m6s ago Times: Hold: 6, Hello: 2, Max Age: 20, Forward Delay: 15 Port: Gi1/0/1 Enabled State: Forwarding Role: Designated...
Page 737 Port ID: 128.1 Port Cost: 20000 Root Protection: No Designated Bridge Priority: 32768 Address: 001E.C9DE.D447 Designated Port ID: 128.1 Designated Path Cost: 0 CST Regional Root: 80:00:00:1E:C9:DE:D4:47 CST Port Cost: 0 BPDUs: Sent: 112, Received: 0 Port: Gi1/0/2 Enabled State: Forwarding Role: Designated Port ID: 128.2 Port Cost: 20000...
Page 738 Name Interface list --------------- ------------------------------------ VLAN0001 Gi1/0/2(fwd) VLAN0002 VLAN0003 VLAN0004 VLAN0005 VLAN0006 VLAN0007 VLAN0008 VLAN0009 VLAN0010 console(config)#show spanning-tree backbonefast Indirectlink rapid convergence is enabled Indirectlink rapid convergence Statistics --------------------- Transitions via indirectlink rapid convergenc.. 0 Inferior BPDUs received (all VLANs).... 7 RLQ request PDUs received (all VLANs)..
Page 739 --------- -------- --------- --------- ---- ----- -------------- Gi1/0/1 Enabled 128.1 Desg Gi1/0/2 Enabled 128.2 Desg Te1/0/1 Enabled 128.49 Desg Te1/0/2 Enabled 128.50 Bkup ###### MST 1 Vlan Mapped: ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Interfaces Name State...
Page 740 Spanning Tree: Enabled BPDU Flooding: Disabled Mode: mstp Portfast BPDU Filtering: Disabled CST Regional Root: 80:00:00:1E:C9:DE:D4:47 Regional Root Path Cost: ###### MST 2 Vlan Mapped: ROOT ID Priority 4096 Address 001E.C9DE.D447 Path Cost Root Port Bridge ID Priority 4096 Address 001E.C9DE.D447 Hello Time: 2s Max Age: 20s Forward Delay: 15s Transmit Hold Count: 6s...
Page 741 Gi1/0/2 Enabled 128.2 20000 Desg Te1/0/1 Enabled 128.49 2000 Desg Te1/0/2 Enabled 128.50 2000 Bkup This example shows spanning-tree configured in rapid-pvst mode. Output is shown for each VLAN that is actively running a spanning tree instance. console(config)#show spanning-tree active Spanning-tree enabled protocol rpvst VLAN RootID...
Page 742: Show Spanning-Tree Summary
show spanning-tree summary Use the show spanning-tree summary command to display spanning tree settings and parameters for the switch. Syntax show spanning-tree summary Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed:...
Page 743: Show Spanning-Tree Vlan
Configuration Revision Identifier used to identify the configuration currently Level being used. Configuration Digest Key A generated Key used in the exchange of the BPDUs. Configuration Format Specifies the version of the configuration format being Selector used in the exchange of BPDUs. The default value is zero.
Page 744: Spanning-Tree
Default Configuration There is no default configuration for this command. Command Modes Privileged Exec and above User Guidelines There are no user guidelines for this command. Example console(config)#show spanning-tree vlan 2 VLAN Spanning Tree: Enabled Mode: rapid-pvst RootID Priority 32770 Address 001E.C9DE.D447 Cost...
Page 745: Spanning-Tree Auto-Portfast
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables spanning-tree functionality. console(config)#spanning-tree spanning-tree auto-portfast Use the spanning-tree auto-portfast command to set the port to auto portfast mode. This enables the port to become a portfast port if it does not see any BPDUs for 3 seconds after a link up event.
Page 746: Spanning-Tree Backbonefast
console(config-if-4/0/1)#spanning-tree auto-portfast spanning-tree backbonefast Use the spanning-tree backbonefast command to enable the detection of indirect link failures and accelerate spanning tree convergence on STP-PV/RSTP-PV configured switches using Indirect Link Rapid Convergence (IRC). IRC accelerates finding an alternative path when an indirect link to the root port goes down.
Page 747: Spanning-Tree Bpdu Flooding
spanning-tree bpdu flooding The spanning-tree bpdu flooding command allows flooding of BPDUs received on non-spanning-tree ports to all other non-spanning-tree ports. Use the “no” form of the command to disable flooding. Syntax spanning-tree bpdu flooding no spanning-tree bpdu flooding Default Configuration This feature is disabled by default.
Page 748: Spanning-Tree Cost
BPDU packets to maliciously disrupt the switch and cause network flapping. Dell spanning-tree provides a BPDU guard function against such attacks. If an interface enabled for BPDU guard receives a BPDU packet, the interface is diagnostically disabled and a message is written to the log. The port may be re-enabled using the no shutdown command after disconnecting the offending device from the interface.
Page 749 User Guidelines Dell EMC Networking spanning tree uses long values for spanning tree costs. The range for path cost for a port is 0-200,000,000. The range for path cost for a VLAN is 1-200,000,000. Use the no form of the command to calculate the cost based on the interface speed.
Page 750: Spanning-Tree Disable
Example The following example configures the external path cost to be 8192 for VLANs 12, 13, 24, 25, and 26. console(config-if-Gi1/0/1)#spanning-tree vlan 12,13,24-26 cost 8192 spanning-tree disable Use the spanning-tree disable command in Interface Configuration mode to disable spanning-tree on a specific port. To enable spanning-tree on a port, use the no form of this command.
Page 751: Spanning-Tree Guard
To reset the default forward time, use the no form of this command. Syntax spanning-tree forward-time seconds no spanning-tree forward-time • seconds — Time in seconds. (Range: 4–30) Default Configuration The default forwarding-time for IEEE Spanning-tree Protocol (STP) is 15 seconds.
Page 752: Spanning-Tree Loopguard
• loop — Enables loop guard • none — Disables root and loop guard. Default Configuration Neither root nor loop guard is enabled. Command Mode Interface Configuration (Ethernet, Port Channel) mode. User Guidelines There are no user guidelines for this command. Example The following example disables spanning-tree guard functionality on Gigabit ethernet interface 4/0/1.
Page 753: Spanning-Tree Max-Age
User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree loopguard functionality on all ports. console(config)#spanning-tree loopguard default spanning-tree max-age Use the spanning-tree max-age command in Global Configuration mode to configure the spanning-tree bridge maximum age. To reset the default maximum age, use the no form of this command.
Page 754: Spanning-Tree Max-Hops
console(config)#spanning-tree max-age 10 spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree. Use the “no” form of this command to reset the Max Hops to the default. Syntax spanning-tree max-hops hops no spanning-tree max-hops...
Page 755 • mst — Multiple Spanning Tree Protocol (MSTP) is enabled. • pvst— STP-PV Spanning-tree operates in mode. • rapid-pvst— RSTP-PV Spanning-tree operates in mode. Default Configuration Rapid Spanning Tree Protocol (RSTP) is enabled. Command Mode Global Configuration mode User Guidelines In RSTP mode, the switch uses STP when the neighbor switch is using STP.
Page 756: Spanning-Tree Mst Configuration
When the mode is changed to rapid-pvst, version 0 STP BPDUs are no longer transmitted and version 2 RSTP-PV BPDUs that carry per-VLAN information are transmitted on the VLANs enabled for spanning-tree. If a version 0 BPDU is seen, RSTP-PV reverts to sending version 0 BPDUs. RSTP-PV embeds support for STP-PV Indirect Link Rapid Convergence and Direct Link Rapid Convergence.
Page 757: Spanning-Tree Mst Cost
console (config-mst)#name region1 console (config-mst)#revision 1 spanning-tree mst cost Use the spanning-tree mst cost command in Interface Configuration mode to configure the internal path cost for multiple spanning tree (MST) calculations. If a loop occurs, the spanning tree considers path cost when selecting an interface to put in the forwarding state.
Page 758: Spanning-Tree Mst Port-Priority
Example The following example configures the MSTP instance 1 path cost for Gigabit Ethernet interface 1/0/9 to 4. console(config)#interface gigabitethernet 1/0/9 console(config-if-Gi1/0/9)#spanning-tree mst 1 cost 4 spanning-tree mst port-priority Use the spanning-tree mst port-priority command in Interface Configuration mode to configure port priority. To return to the default port priority, use the no form of this command.
Page 759: Spanning-Tree Mst Priority
spanning-tree mst priority Use the spanning-tree mst priority command in Global Configuration mode to set the switch priority for the specified spanning-tree instance. To return to the default setting, use the no form of this command. Syntax spanning-tree mst instance-id priority priority no spanning-tree mst instance-id priority •...
Page 760: Spanning-Tree Portfast
spanning-tree portfast Use the spanning-tree portfast command in Interface Configuration mode to enable portfast mode. In portfast mode, the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire. To disable portfast mode, use the no form of this command. Syntax spanning-tree portfast no spanning-tree portfast...
Page 761: Spanning-Tree Portfast Bpdufilter Default
spanning-tree portfast bpdufilter default The spanning-tree portfast bpdufilter default command disables the transmission and reception of BPDUs on portfast enabled ports. Use the “no” form of the command to enable the transmission and receipt of BPDUs. Syntax spanning-tree portfast bpdufilter default no spanning-tree portfast bpdufilter default Default Configuration This feature is disabled by default.
Page 762: Spanning-Tree Portfast Default
console(config)#spanning-tree portfast bpdufilter default spanning-tree portfast default Use the spanning-tree portfast default command to enable portfast mode on access ports. Interfaces configured as access mode ports are considered to be edge ports. Use the no form of this command to disable portfast mode on all ports.
Page 763: Spanning-Tree Port-Priority (Interface Configuration)
spanning-tree port-priority (Interface Configuration) Use the spanning-tree port-priority command in Interface Configuration mode to configure the priority value of an edge-port or point-to-point interface to allow the operator to select the relative importance of the interface in the selection process for forwarding. Set this value to a lower number to prefer an operationally enabled interface for forwarding of frames.
Page 764: Spanning-Tree Priority
An edge port is a port with spanning-tree port-fast enabled. A point-to-point link is a link configured as full-duplex. Edge-ports and point-to-point links directly transition to the forwarding state and do not delay for the listening and learning stages of spanning-tree. An edge port that receives a BPDU is no longer considered an edge-port and will utilize the configured port priority value.
Page 765: Spanning-Tree Tcnguard
Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The switch with the lowest priority is the root of the spanning tree. Bridge priority configuration is given preference over root primary/secondary configuration. Root primary/secondary configuration is given preference over DRC configuration.
Page 766: Spanning-Tree Transmit Hold-Count
Example The following example configures spanning-tree tcnguard on 4/0/1. console(config-if-4/0/1)#spanning-tree tcnguard spanning-tree transmit hold-count Use the spanning-tree transmit hold-count command to set the maximum number of BPDUs that a bridge is allowed to send within a hello time window (2 seconds). Use the no form of this command to reset the hold count to the default value.
Page 767 Direct Link Rapid Convergence on STP-PV switches. This command assists in accelerating spanning-tree convergence after switchover to an alternate port. Use the no form of the command to return the configured rate to the default value (or disable uplinkfast on STP-PV configured switches). Syntax spanning-tree uplinkfast [max-update-rate packets/s ] no spanning-tree uplinkfast [max-update-rate]...
Page 768: Spanning-Tree Vlan
Configuration of the bridge priority is given preference over configuration of the root primary or root secondary configuration, which is given preference over the configuration of DirectLink Rapid Convergence. RSTP-PV embeds support for IRC and DRC. There is no provision to enable or disable these features in RSTP-PV configured switches.
Page 769: Spanning-Tree Vlan Forward-Time
User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. Example This example configures a switch to use per VLAN spanning tree for VLANS 12, 13 and 24-26 console(config)#spanning-tree vlan 12,13,24-26 spanning-tree vlan forward-time...
Page 770: Spanning-Tree Vlan Hello-Time
Forward delay is only application to STP modes. The forward delay setting is ignored in MSTP, RSTP and RSTP-PV modes as the designated port is transitioned to the forwarding state immediately. Example console(config)#spanning-tree vlan 3 forward-time 12 spanning-tree vlan hello-time Use the spanning-tree vlan hello-time command to configure the spanning tree hello time for a specified VLAN or a range of VLANs.
Page 771: Spanning-Tree Vlan Max-Age
spanning-tree vlan max-age Use the spanning-tree vlan max-age command to configure the spanning tree maximum age time for a set of VLANs. Use the no form of the command to return the maximum age timer to the default value. Syntax spanning-tree vlan vlan-list max-age 6-40 no spanning-tree vlan vlan-list>...
Page 772: Spanning-Tree Vlan Root
Example console(config)#spanning-tree vlan 3 max-age 18 spanning-tree vlan root Use the spanning-tree vlan root primary command to configure the switch to become the root bridge or standby root bridge by modifying the bridge priority from the default value to a lower value calculated to ensure the bridge is the root (or standby) bridge.
Page 773: Spanning-Tree Vlan Priority
spanning-tree vlan priority Use the spanning-tree vlan priority command to configure the bridge priority of a VLAN. The bridge priority is combined with the MAC address of the switch and is used to select the root bridge for the VLAN. Use the no form of the command to return the priority to the default value.
Page 774 Configuration of the bridge priority is given preference over configuration of the root primary or root secondary configuration, which is given preference over the configuration of DirectLink Rapid Convergence. Example This example configures a switch to be the spanning tree root bridge for VLANs 12, 13, 24, 25, and 26.
Page 775: Udld Commands
UDLD Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches The UDLD feature detects unidirectional links on physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction.
Page 776: Processing Udld Traffic From Neighbors
recognize only the sending failures on unidirectional links. If all devices in the network support UDLD, this functionality is enough to detect all unidirectional links. Processing UDLD Traffic from Neighbors Every UDLD-capable device collects information about all other UDLD- capable devices. Each device populates UDLD echo packets with collected neighbor information to help neighbors identify unidirectional links.
Page 777: Commands In This Section
UDLD will put the port into the diagnostically disabled state in the following cases: When there is a loopback, the device ID and port ID sent out on a port is received back. UDLD PDU is received from a partner does not have its own details (echo).
Page 778: Udld Reset
Command Mode Global Configuration mode User Guidelines This command globally enables UDLD. Interfaces must also be individually enabled for UDLD. Example This command globally enables UDLD. console(config)#udld enable udld reset Use the udld reset command to reset (enable) all interfaces disabled by UDLD.
Page 779: Udld Message Time
Example This example resets all UDLD disabled interfaces. console#udld reset udld message time Use the udld message time command in Global Configuration mode to configure the interval between the transmission of UDLD probe messages on ports that are in the advertisement phase. Use the no form of the command to return the message transmission interval to the default value.
Page 780: Udld Timeout Interval
udld timeout interval Use the udld timeout interval command in Global Configuration mode to configure the interval for the receipt of ECHO replies. Use the no form of the command to return the value to the default setting. Syntax udld timeout interval timeout-interval no udld timeout interval •...
Page 781: Udld Port
no udld enable Default Configuration UDLD is disabled by default on an interface. UDLD must be enabled globally and on an interface in order to operate. Command Mode Interface (physical) Configuration mode User Guidelines UDLD cannot be enabled on a port channel. Instead, enable UDLD on the physical interfaces of a port channel.
Page 782: Show Udld
Command Mode Interface (Ethernet) Configuration mode User Guidelines In aggressive mode, UDLD will attempt to detect a peer by sending an ECHO packet every seven seconds until a peer is detected. Example This example configure an interface to operate in UDLD aggressive mode. console(config-if-Te1/0/1)#udld port aggressive show udld Use the show udld command in User Exec or Privileged Exec mode to display...
Page 783 Field Description Timeout Interval The time period (in seconds) before making decision that link is unidirectional. When an interface ID is specified, the following fields are shown: Field Description Interface Id The interface identifier in short form, e.g. te1/0/1. Admin Mode The administrative mode of UDLD configured on this interface.
Page 784: Vlan Commands
Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.
Page 785: Double Vlan Mode
Any valid Ethernet frame with a value of 0x8100 in the 12th and 13th bytes is recognized as a tagged frame. Dell EMC Networking N-Series switches can be configured to enable the port in double-VLAN (QinQ) mode. In this mode, the switch looks for 12th, 13th, 16th, and 17th bytes for the tag status in the incoming frame.
Page 786: Protocol Based Vlans
Protocol Based VLANs The main purpose of Protocol-based VLANs (PBVLANs) is to selectively process packets based on their upper-layer protocol by setting up protocol- based filters. Packets are bridged through user-specified ports based on their protocol. In PBVLANs, the VLAN classification of a packet is based on its protocol (IP, IPX, NetBIOS, and so on).
Page 787: Private Vlan Commands
Private VLAN Commands The Dell EMC Networking Private VLAN feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each another and provides Layer 2 isolation between ports of the same private VLAN.
Page 788 promiscuous ports or can communicate only with the promiscuous ports (if the secondary VLAN is an isolated VLAN). The Private VLANs can be extended across multiple switches through inter- switch/stack links that transport primary, community and isolated VLANs between devices, as shown in Figure 3-1. Figure 3-1.
Page 789: Commands In This Section
Private VLAN Operation in the Switch Environment The Private VLAN feature operates in a stacked or single switch environment. The stack links are transparent to the configured VLAN, thus there is no need for special private VLAN configuration. Any private VLAN port can reside on any stack member.
Page 790: Interface Vlan
IP routing is globally enabled. DHCP and Layer 3 are not enabled on VLAN 1 by default for the N3000, N3100-ON, and N4000 Series switches. DHCP is enabled on VLAN 1 by default for the N1100- ON/N1500/N2000/N2100-ON switches. The N1100-ON does not support routing. Command Mode...
Page 791: Interface Range Vlan
Use the no form of the command to remove empty interface vlan entries from the running config. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the L3 address of the switch.
Page 792: Name (Vlan Configuration)
Command Mode Global Configuration mode User Guidelines The VLANs in the interface range must by configured and enabled for routing prior to use in the vlan range command. Commands used in the interface range context are executed independently on each interface in the range.
Page 793: Private-Vlan
Command Mode VLAN Configuration mode User Guidelines The VLAN name may include any alphanumeric characters including a space, underscore, or dash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may truncate entries at the first illegal character or reject the entry entirely.
Page 794: Vlan Configuration Mode
• vlan-list—A list of secondary VLAN ids to be mapped to a primary VLAN. The VLAN list can contain multiple entries separated by commas and containing no spaces. Each entry can be a single VLAN id or a hyphenated range of VLANs. Default Configuration This command has no default setting.
Page 795: Protocol Group
protocol group Use the protocol group command in VLAN Configuration mode to attach a VLAN ID to the protocol-based group identified by groupid. A group may only be associated with one VLAN at a time. However, the VLAN association can be changed. The referenced VLAN should be created prior to the creation of the protocol-based group except when GVRP is expected to create the VLAN.
Page 796: Protocol Vlan Group
protocol vlan group Use the protocol vlan group command in Interface Configuration mode to add the physical unit/slot/port interface to the protocol-based group identified by groupid. A group may have more than one interface associated with it. Each interface and protocol combination can be associated with one group only.
Page 797: Protocol Vlan Group All
console(config-if-Gi1/0/1)#protocol vlan group 2 protocol vlan group all Use the protocol vlan group all command in Global Configuration mode to add all physical interfaces to the protocol-based group identified by groupid. A group may have more than one interface associated with it. Each interface and protocol combination can be associated with one group only.
Page 798: Show Dot1Q-Tunnel
show dot1q-tunnel Use the show dot1q-tunnel command to display the QinQ status for each interface. Syntax show dot1q-tunnel [ interface interface-id ] Default Configuration If no interfaces are specified, information is shown for all interfaces. Command Mode Privileged Exec mode and all show modes User Guidelines Up to three additional TPIDs can be configured.
Page 799: Show Interfaces Switchport
show interfaces switchport Use the show interfaces switchport command to display the complete switchport VLAN configuration for all possible switch mode configurations: access, dot1q-tunnel, general, trunk, and (private VLAN) host or (private VLAN) promiscuous. Syntax show interfaces switchport {{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port| fortygigabitethernet unit/slot/port}} Default Configuration...
Page 800: Show Port Protocol
General Mode Untagged VLANs: 1 General Mode Tagged VLANs: General Mode Forbidden VLANs: Trunking Mode Native VLAN: 1 (default) Trunking Mode Native VLAN Tagging: Disabled Trunking Mode VLANs Enabled: 1-99,101-4093 Private VLAN Host Association: none Private VLAN Mapping: Private VLAN Operational Bindings: Default Priority: 0 Protected: Disabled Forbidden VLANS:...
Page 801: Show Switchport Ethertype
Example The following example displays the Protocol-Based VLAN information for either the entire system. console#show port protocol all Group Group Name Protocol(s) VLAN Interface(s) --------------- ----- ---------- ---- ------------ test gi1/0/1 show switchport ethertype Use the show switchport ethertype to display the configured Ethertype for each interface.
Page 802: Show Vlan
Example This example shows the various invocations of the command. console(config)#show switchport ethertype Default TPID........802.1 Configured TPIDs....... vMAN Custom (1010) console(config)#show switchport ethertype interface gi1/0/1 Interface EtherType Secondary TPIDs --------- --------- --------------- Gi1/0/1 802.1 console(config-vlan10)#show switchport ethertype interface all console(config)#show switchport ethertype interface gi1/0/1 Interface EtherType Secondary TPIDs --------- --------- ---------------...
Page 803 Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines • VLAN—The VLAN identifier • Name—The VLAN name • Ports—The port membership for the VLAN • Type—The type of VLAN (default, static, dynamic) Example This shows all VLANs and RSPAN VLANs. console#show vlan VLAN Name...
Page 804: Show Vlan Association Mac
myspan Te1/0/1 Static RSPAN Vlan ------------------------------------------------------------------ Enabled show vlan association mac Use the show vlan association mac command to display the VLAN associated with a specific configured MAC address. If no MAC address is specified, the VLAN associations of all the configured MAC addresses are displayed. Syntax show vlan association mac [mac-address] •...
Page 805: Show Vlan Association Subnet
show vlan association subnet Use the show vlan association subnet command to display the VLAN associated with a specific configured IP-Address and netmask. If no IP Address and net mask are specified, the VLAN associations of all the configured IP-subnets are displayed. Syntax show vlan association subnet [ip-address ip-mask] •...
Page 806: Show Vlan Private-Vlan
show vlan private-vlan Use the show vlan private-vlan command to display information about the configured private VLANs including primary and secondary VLAN IDs, type (community, isolated, or primary), and the ports which belong to a private VLAN. Syntax show vlan private-vlan [type] Default Configuration This command has no default setting.
Page 807: Switchport Access Vlan
switchport access vlan Use the switchport access vlan command in Interface Configuration mode to configure the VLAN ID when the interface is in access mode. To reconfigure the interface to use the default VLAN, use the no form of this command. Syntax switchport access vlan vlan-id no switchport access vlan...
Page 808: Switchport Dot1Q Ethertype (Global Configuration)
console(config)# interface gi1/0/12 console(config-if-Gi1/0/12)# switchport access vlan 33 Access VLAN does not exist. Creating VLAN 33 switchport dot1q ethertype (Global Configuration) Use the switchport dot1q ethertype command to define additional QinQ tunneling TPIDs for matching in the outer VLAN tag of received frames. Use the no form of the command to remove the configured TPIDs.
Page 809 Use the no form of the command to remove an additional TPID. Doing so removes the TPID from all interfaces. If the removed TPID is the primary TPID for an interface, the interface is configured to use the default primary TPID 0x8100.
Page 810: Switchport Dot1Q Ethertype (Interface Configuration)
console(config-if-Te1/0/1)#switchport trunk native vlan 10 console(config-if-Te1/0/1)#switchport dot1q ethertype vman primary-tpid switchport dot1q ethertype (Interface Configuration) Use the switchport dot1q ethertype command to apply previously defined QinQ tunneling TPIDs to a service provider interface. Use the no form of the command to remove the configured TPIDs. Syntax switchport dot1q ethertype { 802.1Q | vman | custom 0-65535 } [primary- tpid]...
Page 811 The outer VLAN tag in tagged packets received on the interface is compared against the configured list of TPIDs. Frames that do not match any of the configured TPIDs are forwarded normally, i.e. without QinQ processing. Frames transmitted on the interface are always transmitted with the primary TPID inserted in the outer VLAN tag.
Page 812: Switchport General Forbidden Vlan
switchport general forbidden vlan Use the switchport general forbidden vlan command in Interface Configuration mode to forbid adding specific VLANs to a general mode port. To revert to allowing the addition of specific VLANs to the port, use the remove parameter of this command. Syntax switchport general forbidden vlan {add vlan-list | remove vlan-list} add vlan-list —...
Page 813: Switchport General Acceptable-Frame-Type Tagged-Only
switchport general acceptable-frame-type tagged-only Use the switchport general acceptable-frame-type tagged-only command in Interface Configuration mode to discard untagged frames at ingress. To enable untagged frames at ingress, use the no form of this command. Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress.
Page 814: Switchport General Ingress-Filtering Disable
• add vlan-list — List of VLAN IDs to add. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • remove vlan-list — List of VLAN IDs to remove. Separate nonconsecutive VLAN IDs with a comma and no spaces.
Page 815: Switchport General Pvid
Syntax switchport general ingress-filtering disable no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Ingress filtering, when enabled, discards received frames that are not tagged with a VLAN for which the port is a member. If ingress filtering is disabled, tagged frames from all VLANs are processed by the switch.
Page 816: Switchport Mode
Default Configuration The default value for the vlan-id parameter is 1 when the VLAN is enabled. Otherwise, the value is 4093. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Setting a new PVID does NOT remove the previously configured PVID VLAN from the port membership.
Page 817: Switchport Mode Dot1Q-Tunnel
configured with a native VLAN. A trunk port only transmits tagged packets for member VLANs other than the native VLAN and untagged packets for the native VLAN. • general—Full 802.1Q support VLAN interface. A general mode port is a combination of both trunk and access ports capabilities. It is possible to fully configure all VLAN features on a general mode port.
Page 818 Command Mode Interface mode (physical and port channel), Interface range mode (physical and port channel) User Guidelines This command configures a customer edge (CE) port for QinQ tunneling. The dot1q-tunnel mode is an overlay on switchport access mode. In particular, configuring the access mode PVID sets the outer dot1q-tunnel VLAN ID.
Page 819: Switchport Mode Private-Vlan
appear in the frame. Due to the internal processing of QinQ tagging, the TPID of ingress frames mirrored from the SP port will always be 0x8100. In addition, packets forwarded internally across a stacking link may have different tags applied than packets forwarded on a local egress port. This is due to the processing required for forwarding across a stack.
Page 820: Switchport Private-Vlan
Command Mode Interface Configuration (physical or port-channel) User Guidelines Do not configure private VLANs on ports configured with any of these features: • Link Aggregation Control Protocol (LACP) • Multicast VLAN Registration (MVR) • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast.
Page 821: Switchport Trunk
• add—Associates the secondary VLAN with the primary one. • remove—Deletes the secondary VLANs from the primary VLAN association. secondary-vlan-list—A list of secondary VLANs to be mapped to a primary • VLAN. Default Configuration This command has no default association or mapping configuration. Command Mode Interface Configuration (physical or port-channel) User Guidelines...
Page 822 – all specifies all VLANs from 1 to 4093. This keyword is not allowed on commands that do not permit all VLANs in the list to be set at the same time. – add adds the defined list of VLANs to those currently set instead of replacing the list.
Page 823: Switchport Trunk Encapsulation Dot1Q
Use this command for compatibility. This command performs no action. Syntax switchport trunk encapsulation dot1q Default Configuration Dell EMC Networking switches use dot1q encapsulation on trunk ports by default. Command Mode Interface config mode, Interface range mode (including port-channels) User Guidelines This command performs no action.
Page 824: Vlan
vlan Use the vlan command in Global Configuration mode to configure a VLAN. To delete a VLAN, use the no form of this command. Syntax vlan {vlan–list} no vlan {vlan–list} • vlan–list—A list of one or more valid VLAN IDs. List separate, non- consecutive VLAN IDs separated by commas (without spaces).
Page 825: Vlan Association Mac
vlan association mac Use the vlan association mac command in VLAN Configuration mode to associate a MAC address to a VLAN. The maximum number of MAC-based VLANs is 256. Only packets with a matching source MAC address are placed in the VLAN. Syntax vlan association mac mac-address no vlan association mac mac-address...
Page 826: Vlan Makestatic
no vlan association subnet ip-address subnet-mask • ip-address — Source IP address. (Range: Any valid IP address) • subnet-mask — Subnet mask. (Range: Any valid subnet mask) Default Configuration No assigned ip-subnet. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example associates the 192.168.0.xxx IP address with VLAN ID console(config)# vlan 1...
Page 827: Vlan Protocol Group
User Guidelines The dynamic VLAN (created via GRVP) should exist prior to executing this command. See the Type column in output from the show vlan command to determine that the VLAN is dynamic. Example The following changes vlan 3 to a static VLAN. console(config-vlan)#vlan makestatic 3 vlan protocol group Use the vlan protocol group command in Global Configuration mode to add...
Page 828: Vlan Protocol Group Add Protocol
vlan protocol group add protocol Use the vlan protocol group add protocol command in Global Configuration mode to add a protocol to the protocol-based VLAN groups identified by groupid. A group may have more than one protocol associated with it. Each interface and protocol combination can be associated with one group only.
Page 829: Vlan Protocol Group Name
vlan protocol group name This is a new command for assigning a group name to vlan protocol group id. Syntax vlan protocol group name group-id groupName no vlan protocol group name group-id • groupid—The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command.
Page 830 • group-id — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. Default Configuration This command has no default configuration.
Page 831: Voice Vlan Commands
Voice VLAN Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.
Page 832: Commands In This Section
traffic. See the User Configuration Guide for more information. Voice VLAN is recommended for enterprise-wide deployment of voice services on the IP network. Commands in this Section This section explains the following commands: voice vlan voice vlan data priority voice vlan (Interface) show voice vlan voice vlan This command is used to enable the voice VLAN capability on the switch.
Page 833 Syntax voice vlan {vlan-id | dot1p priority | none | untagged | data priority {trust | untrust} | auth { enable | disable} | dscp dscp} no voice vlan • auth { enable | disable}—Enables/disables authentication on the voice VLAN port. •...
Page 834: Voice Vlan Data Priority
Example This example configures an interface to use VLAN 100 as the voice VLAN and sends LLDP configuration in the Network Policy TLV to the phone to assign VLAN 100 to 802.1p priority 5. The data priority is trusted by default. console(config)#vlan 100 console(config-vlan100)#interface gi1/0/1 console(config-if-Gi1/0/1)#voice vlan 100...
Page 835: Show Voice Vlan
Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#voice vlan data priority untrust console(config-if-Gi1/0/1)#voice vlan data priority trust show voice vlan This command displays information about the voice VLAN. Syntax show voice vlan [interface {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}|all] Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines When the interface parameter is not specified, only the global mode of the...
Page 836 Example (console)#show voice vlan interface gi1/0/1 Interface........Gi1/0/1 Voice VLAN Interface Mode...... Enabled Voice VLAN Priority......2 Voice VLAN COS Override......True Voice VLAN DSCP Value......46 Voice VLAN Port Status......Disabled Voice VLAN Authentication...... Disabled Layer 2 Switching Commands...
Page 837: Security Commands
Security Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Security commands enable network operators to administer security for administrator access to the switch management console or web interface as well as to configure restrictions of network access for network attached devices.
Page 838: Aaa Commands
Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches Dell EMC Networking switches support authentication of network users and switch administrators via a number of methods. Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in the SNMP Commands section).
Page 839: Administrative Accounting
To authenticate a switch administrator, the authentication methods in the APL for the access line are attempted in order until an authentication attempt returns a success or failure return code. If a method times out, the next method in the list is attempted. The component requesting authentication is unaware of the ultimate authentication source.
Page 840: Accounting Method Lists
Accounting notification is sent when the administrator exits exec mode. The duration of the exec session is logged in the accounting notice. Accounting notifications are sent at the end of each administrator executed command. In the case of commands like reload, and clear config, an exception is made and the stop accounting notice is sent at the...
Page 841: Command Authorization
Local 802.1x Authentication Server The Dell EMC Networking switch supports a dedicated database for local authentication of users for network access through the 802.1x feature. This functionality is distinct from management access for the switch. See the 802.1x Commands section for information on configuring IEEE 802.1x access...
Page 842: Mac Authentication Bypass
The Internal Authentication Server feature provides support for the creation of users for IEEE 802.1x access only, i.e. without switch management access. This feature maintains a separate database of users allowed for 802.1x access. The authentication method internal is available in the list of methods supported by authentication to support user database lookup.
Page 843: Guest Vlan
Guest VLAN The Guest VLAN feature allows a Dell EMC Networking switch to provide a distinguished service to unauthenticated network devices (not rogue devices that fail authentication). This feature provides a mechanism to allow network devices to have network access to reach an external network while restricting their ability to access the internal LAN.
Page 844: Commands In This Section
in the unauthorized state and the client is not granted access to the network. If an unauthenticated VLAN is configured for the port and the 802.1x client fails to authenticate for the configured number of attempts, the port is placed in the authorized state on the unauthenticated VLAN and the client is granted access to the network.
Page 845 Use the no form of the command to delete a list. A list may be identified by the default keyword or a user-specified listname. Use either the aaa accounting dot1x default none or no aaa accounting dot1x default command to disable dot1x accounting. Use the no aaa accounting exec or no aaa accounting commands to disable aaa accounting and optionally delete an accounting method list.
Page 846 User Guidelines This list is identified by default or a user-specified list_name. Accounting records, when enabled for a line-mode, can be sent at both the beginning and at the end (start-stop) or only at the end (stop-only). If none is specified, accounting is disabled for the specified list.
Page 847: Aaa Authentication Dot1X Default
(console)#configure (console-config)#aaa accounting exec ExecList stop-only tacacs (console-config)#aaa accounting exec ExecList start-stop tacacs (console-config)#aaa accounting exec ExecList start-stop tacacs radius (console-config)#exit The first aaa command creates a method list for exec sessions with the name ExecList, with record-type as stop-only and the method as TACACS+. The second command changes the record type to start-stop from stop-only for the same method list.
Page 848: Aaa Authentication Enable
User Guidelines Only one authentication method may be specified in the command. For the RADIUS authentication method, if the RADIUS server cannot be contacted, the supplicant fails authentication. The none method always allows access. the ias method utilizes the internal authentication server. The internal authentication server only supports the EAP-MD5 method.
Page 849 Keyword Source or destination enable Uses the enable password for authentication. line Uses the line password for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The default enable list is enableList.
Page 850: Aaa Authentication Login
NOTE: Requests sent by the switch to a RADIUS server include the username “$enabx$”, where x is the requested privilege level in decimal. For enable to be authenticated on Radius servers, add “$enabx$” users to them. The login user ID is also sent to TACACS+ servers for enable authentication.
Page 851 Keyword Source or destination tacacs Use the list of all TACACS+ servers for authentication. Default Configuration The default login lists are defaultList and networkList. defaultList is used by the console and only contains the method none. networkList is used by telnet and SSH and only contains the method local.
Page 852: Aaa Authorization
aaa authorization Use the aaa authorization command to enable authorization and optionally create an authorization method list. A list may be identified by a user- specified list-name or the keyword default. Use the no form of the command to disable authorization and optionally delete an authorization list.
Page 853 Authorization is not enabled by default. Authorization supports Exec authorization and network authorization for RADIUS. Only TACACS is supported for command authorization. Setting a none or local method for authorization authorizes Exec access for all functions. The following default Authorization Methods List is present by default: Default List Name Description Authorization Method...
Page 854 If no authorization server is available or configured, the function is denied unless the none method is configured in the list. If authorization is configured on the console, this can lead to situations where the console denies administrative access. Therefore, it is recommended that the console authorization only be enabled with due regard to the risks involved.
Page 855: Aaa Authorization Network Default Radius
console(config)#aaa authorization exec exec-list radius none Apply the AML to an access line mode (SSH): console(config)#line ssh console(config-ssh)#authorization exec exec-list Display the authorization methods: console#show authorization methods Exec Authorization List Methods ---------------------------- ------------------------------ dfltExecAuthList none exec-list radius none Command Authorization List Methods ---------------------------- ------------------------------...
Page 856: Aaa Ias-User Username
Command Mode Global Configuration mode User Guidelines The RADIUS server can place a port in a particular VLAN based on the result of the authentication. VLAN assignment must be configured on the external RADIUS server using the RADIUS TUNNEL-TYPE attribute and others. See RADIUS Commands Security Commands for further information.
Page 857: Aaa New-Model
The aaa new-model command in Global Configuration mode is a no-op command. It is present only for compatibility purposes. Dell EMC Networking switches only support the new model command set. Syntax aaa new-model Default Configuration This command has no default configuration.
Page 858 Default Configuration By default, no dynamic RADIUS servers are configured. Command Mode Global Configuration User Guidelines Configuring a dynamic RADIUS server causes the system to begin listening on the default port 3799 for RADIUS CoA requests. The switch ensures that a unique Acct-Session-Id and the Calling-Station-Id is sent to the RADIUS server in all Access-Request packets.
Page 859: Authentication Enable
authentication type is allowed for CoA and disconnect requests. In this example, the NAS-IP-Address is optionally configured at the fixed IPv4 address of 3.3.3.3. CoA client 5.5.5.5 uses the global server key while client 4.4.4.4 uses a client-specific server key. console#configure terminal console(config)# aaa new-model console(config)# aaa authentication dot1x default radius...
Page 860: Authentication Order
Default Configuration The default value is Disabled. Command Mode Global Configuration mode User Guidelines The administrator must ensure that any methods configured by the Authentication Manager are enabled (e.g. enable IEEE 802.1x using the dot1x system-auth-control command). Enable MAB using the dot1x mac- auth-bypass command.
Page 861: Authentication Priority
User Guidelines Each method can only be entered once. Ordering is only possible between 802.1x and MAB. Captive portal can be configured either as a stand-alone method or as the last method in the order. Example console(config-if-Gi1/0/1)# authentication order dot1x mab captive-portal console(config-if-Gi1/0/1)# no authentication order authentication priority Use this command to set the priority for the authentication methods used on...
Page 862: Authentication Restart
Example console(config-if-Gi1/0/1)# authentication priority mab dot1x captive-portal console(config-if-Gi1/0/1)# no authentication priority authentication restart Use this command to set the interval after which reauthentication starts. This timer starts only if all the authentication methods fail. Use the no form of this command to set the authentication restart timer to factory default value.
Page 863: Clear Authentication Statistics
Syntax clear aaa ias-users Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear aaa ias-users clear authentication statistics Use this command to clear the authentication statistics. Syntax clear authentication statistics {interface-id | all} Default Configuration...
Page 864: Clear Authentication Authentication-History
clear authentication authentication-history Use this command to clear the authentication history logs. Syntax clear authentication authentication-history {interface-id | all} • interface-id—The interface. • all—All interfaces. Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode User Guidelines None Example...
Page 865: Ip Http Authentication
Command Mode Global Configuration mode User Guidelines The Dell EMC Networking firmware emulates industry standard behavior for enable mode authentication over SSH and telnet. The default enable authentication method for telnet and SSH uses the enableNetList method, which requires an enable password. If users are unable to enter privileged mode when accessing the switch via telnet or SSH, the administrator will need to either change the enable authentication method, e.g.
Page 866: Ip Https Authentication
• method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The local user database is checked.
Page 867 • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The local user database is checked.
Page 868: Password (Aaa Ias User Configuration)
password (AAA IAS User Configuration) Use the password command in aaa IAS User Configuration mode to configure a password for an IAS user. The password is composed of up to 64 alphanumeric characters. An optional parameter [encrypted] is provided to indicate that the password given to the command is already pre-encrypted.
Page 869: Password (User Exec)
console(config-ias-user)#password F81F3CCCB157 console(config-ias-user)#exit console(config)# password (User Exec) Use the password command in User Exec mode to allow a currently logged in user to change the user password without having read/write privileges. This command should be used after the password has aged. The user is prompted to enter the old password and the new password.
Page 870: Show Aaa Ias-Users
show aaa ias-users Use the show aaa ias-users command to display configured IAS users and their attributes. Passwords configured are not shown in the show command output. Syntax show aaa ias-users Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines IAS users are distinct from switch administrative users.
Page 871: Show Accounting Methods
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples console#show aaa statistics Number of Accounting Notifications sent at beginning of an Exec session: 0 Errors when sending Accounting Notifications beginning of an Exec session: 0 Number of Accounting Notifications sent at end of an Exec session: 0 Errors when sending Accounting Notifications at end of an Exec session: 0 Number of Accounting Notifications sent at beginning of a command execution: 0...
Page 872: Show Authentication
------------------------------------------------------------------ Exec dfltExecList start-stop tacacs Commands dfltCmdList stop-only tacacs Dot1x dfltDot1xList start-stop Line EXEC Method List Command Method List ------------------------------------------------- Console none none Telnet none none none none Command History Example updated in the 6.4 release. show authentication Use this command to list the authentication methods configured on the interface and display if the Tiered Authentication feature is enabled.
Page 873: Show Authentication Authentication-History
console# show authentication interface gi1/0/1 Port........... Gi1/0/1 Authentication Restart timer....300 Configured method order......dot1x mab captive-portal Enabled method order......dot1x mab undefined Configured method priority..... undefined undefined undefined Enabled method priority......undefined undefined undefined Number of authenticated clients....1 Logical Interface......
Page 874: Show Authentication Methods
--------------------- --------- ----------------- ------------ ------ Jul 21 1919 15:06:15 Gi1/0/1 00:00:00:00:00:01 Authorized 802.1x show authentication methods Use the show authentication methods command to display information about the authentication methods. Syntax show authentication methods Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes...
Page 875: Show Authentication Statistics
networkList enableNetList HTTPS :local HTTP :local DOT1X show authentication statistics Use this command to display the Authentication Manager statistics on one or more interfaces. Syntax show authentication statistics interface-id • interface-id—The physical interface. Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode, Global Configuration mode and all Configuration submodes...
Page 876: Show Authorization Methods
show authorization methods Use the show authorization methods command to display the configured authorization method lists. Syntax show authorization methods Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Command authorization is supported only for the line, telnet, and SSH access methods.
Page 877: Show Users Accounts
show users accounts Use the show users accounts command to display the local user status with respect to user account lockout and password aging. Syntax show users accounts Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines User accounts are distinct from the IAS user accounts.
Page 878: Show Users Login-History
console(config)#show users accounts UserName Privilege Password Password Lockout Aging Expiry date ------------------------ --------- -------- -------------------- -------- admin Jan 13 1915 00:32:12 False Administrative Profile(s): show users login-history Use the show users login-history command in Global Configuration mode to display information about the login history of users. Syntax show users login-history [username|long] •...
Page 879: Username
Command History Syntax updated in 6.4 release. username Use the username command in Global Configuration mode to add a new user to the local user (switch administrator) database. The default privilege level is 1. The command optionally allows the specification of an Administrative Profile for a local user.
Page 880 • encrypted—Encrypted password entered, copied from another switch configuration. Password strength checking is not applied to the encrypted string. Default Configuration The default privilege level is 1. Command Mode Global Configuration mode User Guidelines To use the ! character as part of the username or password string, it should be enclosed within quotation marks.
Page 881: Username Unlock
Message Type Message Description Reason behind the failure Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command. Password should contain Minimum <number>...
Page 882 Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command applies to switch administrator accounts. Privilege level 0 is restricted from using Privileged Exec or any Configuration- level commands. There is effectively no difference between privilege level 1 and 15.
Page 883: Administrative Profiles Commands
This capability is similar to the industry standard “User Roles” feature. The main difference is that the Administrative Profile is obtained via authentication rather than via authorization. This was necessary because Dell EMC Networking does not support AAA authorization of users.
Page 884: Commands In This Section
passes enable authentication, the user is permitted access to all commands. This is also true if none of the Administrative Profiles provided are configured on the switch. RADIUS and TACACS+ The network administrator may configure a custom attribute to be provided by the server during authentication.
Page 885: Description (Administrative Profile Configuration)
Default Configuration The administrative profiles are defined by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#admin-profile qos console(admin-profile)# description (Administrative Profile Configuration) Use the description command in Administrative Profile Configuration mode to add a description to an administrative profile. Use the no form of this command to delete the description.
Page 886: Rule
Example console(admin-profile)#description “This profile allows access to QoS commands.” rule Use the rule command to add a rule to an administrative profile. Use the no form of this command to delete a rule. Syntax rule number {deny|permit} {command command-string|mode mode- name} no rule number •...
Page 887: Show Admin-Profiles
Example console(admin-profile)#rule 1 permit command “access-list *” console(admin-profile)# show admin-profiles Use the show admin-profiles command to show the administrative profiles. If the optional profile name parameter is used, only that profile will be shown. Syntax show admin-profiles [name profile-name] • profile-name—The name of the administrative profile to display.
Page 888: Show Admin-Profiles Brief
Description: This profile allows access to QoS commands. Rule Perm Type Entity ---- ------ ------- ---------------------------------------- permit command access-list * permit command access-group * permit mode class-map show admin-profiles brief Use the show admin-profiles brief command to list the names of the administrative profiles defined on the switch.
Page 889: Show Cli Modes
show cli modes Use the show cli modes command to list the names of all the CLI modes. Syntax show cli modes Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines These are the generic mode names to be used in the...
Page 890: E-Mail Alerting Commands
E-mail Alerting Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches E-mail Alerting is an extension of the logging system. The Dell EMC Networking logging system allows the user to configure a variety of destinations for log messages. This feature adds e-mail configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
Page 891: Logging Email
logging email show logging email statistics logging email urgent clear logging email statistics logging email message-type to-addr security logging email from-addr mail-server ip-address | hostname logging email message-type subject port (Mail Server Configuration Mode) logging email logtime username (Mail Server Configuration Mode) logging email test message-type password (Mail Server Configuration...
Page 892: Logging Email Urgent
Default Configuration E-mail alerting is disabled by default. When e-mail alerting is enabled, log messages at or above severity Warning are e-mailed. Command Mode Global Configuration mode User Guidelines The logging email command with no arguments enables e-mail alerting. Specify a severity to set the severity level of log messages that are e-mailed in a non-urgent manner.
Page 893: Logging Email Message-Type To-Addr
– error (3) – warning (4) – notice (5) – info (6) – debug (7) • none— If you specify this keyword, no log messages are e-mailed urgently. All log messages at or above the non-urgent level (configured with the logging email command) are e-mailed in batch.
Page 894: Logging Email From-Addr
Urgent | non-urgent | both—The priority with which the email is queued. Urgent email is sent immediately. Non-urgent email is queued and sent periodically. Example console(config)#logging email message-type urgent to-addr admin123@dell.com Command History Example added in the 6.4 release. logging email from-addr Use the logging email from-addr command in Global Configuration mode to configure the From address of the e-mail.
Page 895: Logging Email Message-Type Subject
The from-addr in this command is the email address of the email sender. Many mail servers will validate the from address of an email to ensure that abuse of the email server does not occur. Example console(config)#logging email from-addr dell@gmail.com Command History Example added in the 6.4 release. logging email message-type subject Use the logging email message-type subject command in Global Configuration mode to configures subject of the e-mail.
Page 896: Logging Email Logtime
Example console(config)#logging email message-type urgent subject UrgentLog Command History Example added in the 6.4 release. logging email logtime Use the logging email logtime command in Global Configuration mode to configure the value of how frequently the queued messages are sent. Syntax logging email logtime time duration no logging email logtime...
Page 897: Logging Email Test Message-Type
logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server. Syntax logging email test message-type message-type message-body message-body • message-type— Urgent, non-urgent, or both •...
Page 898: Clear Logging Email Statistics
Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines This command has no user guidelines. Example console#show logging email statistics No of email Failures so far....0 No of email sent so far......0 Time since last email Sent....00 days 00 hours 00 mins 00 secs clear logging email statistics Use the clear logging email statistics command to clear the e-mail alerting...
Page 899: Security
Command History Example added in the 6.4 release. security Use the security command in Mail Server Configuration mode to set the e- mail alerting security protocol. This enables and disables the switch to use TLS authentication with the SMTP Server. If the administrator sets the TLS mode and, if the SMTP sever does not support TLS mode, then no e-mail goes to the SMTP server.
Page 900: Port (Mail Server Configuration Mode)
Syntax mail-server {ip-address | hostname} no mail-server {ip-address | hostname} • ip-address—An IPv4 or IPv6 address. • hostname— The DNS name of an SMTP server. Default Configuration The default configuration for a mail server is shown in the table below. Field Default Email Alert Mail Server Port...
Page 901: Username (Mail Server Configuration Mode)
Default Configuration The default value is 25 (SMTP). Command Mode Mail Server Configuration User Guidelines Port 25 is the standard SMTP port for cleartext messages. Port 465 is the standard port for messages sent using TLSv1. Example console(config)#mail-server 10.131.1.11 console(mail-server)#port 1024 Command History Example added in the 6.4 release.
Page 902: Password (Mail Server Configuration Mode)
User Guidelines This command has no user guidelines. Example console(config)#mail-server 10.131.1.11 console(mail-server)#username admin Command History Example added in the 6.4 release. password (Mail Server Configuration Mode) Use the password command in Mail Server Configuration mode to configure the password required to authenticate to the e-mail server. Use the no form of the command to revert the password to the default value.
Page 903: Show Mail-Server
show mail-server Use the show mail-server command to display the configuration of all the mail servers or a particular mail server. Syntax show mail-server {ip-address | hostname | all} Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Page 904 Email Alert Mail Server Address....10.131.1.11 Email Alert Mail Server Port....465 Email Alert SecurityProtocol....tlsv1 Email Alert Username......admin Email Alert Password......password Command History Example added in the 6.4 release. Security Commands...
Page 905: Radius Commands
The RADIUS client supports up to 32 named authentication and accounting servers. For the N1100-ON and N1500 Series switches, the number of supported authentication and accounting servers is 8. RADIUS-based Dynamic VLAN Assignment...
Page 906: Radius Change Of Authorization
RADIUS Change of Authorization Dell EMC Networking supports the Change of Authorization Disconnect - Request per RFC 3575. The Dell EMC Networking switch listens for the Disconnect-Request on UDP port 3799. The Disconnect-Request identifies the user session to be terminated using the following attributes: •...
Page 907: Commands In This Section
CoA NAK message is calculated from a dummy key value. The Dell EMC Networking switch starts listening to the client again based on re-authentication timer. Refer to the RADIUS Change of Authorization section in the Users Configuration Guide for examples of configuring RADIUS CoA.
Page 908: Acct-Port
auth-port radius-server attribute 31 source-ip deadtime radius-server deadtime timeout radius-server host usage msgauth radius-server key – name (RADIUS server) radius-server retransmit – acct-port Use the acct-port command to set the port on which the RADIUS accounting server listens for connections. Use the no form of this command to reset the port to the default.
Page 909: Attribute 6
Service-Type attribute is required and validated in the Access-Accept packet received from the RADIUS server. Dell EMC Networking N-Series switches accept the Login-User (1) and Administrative-User (6) values in the Access-Accept message returned from the RADIUS server. If the mandatory parameter is not configured, the Service-Type TLV received in an Access-Accept packet is ignored.
Page 910: Attribute 8
This example configures the switch to process and validate the Service-Type received in the Access-Accept message from the RADIUS server. console#conf console(config)#radius-server host 4.3.2.1 console(config-auth-radius)#attribute 6 mandatory attribute 8 Use the attribute 8 command to configure the switch to send the RADIUS Framed-IP-Address attribute in the Access-Request message sent to a specific RADIUS authentication server.
Page 911: Attribute 25
attribute 25 Use the attribute 25 command to enable the switch to send the RADIUS Class attribute as supplied by the RADIUS server in accounting messages sent to the specific accounting server. Syntax attribute 25 include-in-access-req no attribute 25 include-in-access-req Default Configuration By default, the Service-Type is included in the accounting messages sent to the accounting server.
Page 912 Syntax attribute 31 mac format { ietf | unformatted | legacy } [lower-case | upper- case] no attribute 31 mac format • ietf—Format the MAC address as aa-aa-bb-bb-cc-cc. The default is upper case. • unformatted—Format the MAC address as aaaabbbbcccc. The default is lower case.
Page 913: Authentication Event Fail Retry
Example This example configures the format of the MAC address sent in MAC based authentication to IETF lower case for the RADIUS server at address 1.2.3.4. MAB must be configured on the switch in an active authentication list, IEEE 802.1X must be configured, and a RADIUS server must also be configured. console(config)#radius-server host 1.2.3.4 console(config-auth-radius)# attribute 31 mac format ietf lower-case authentication event fail retry...
Page 914: Auth-Port
This parameter is independent of, and does not control, the number of times the authenticator will attempt to contact the RADIUS servers. For example, if the max-retries for a single configured RADIUS server is set to 3 and the max- attempts is set to 2, on a supplicant login attempt, the authenticator will send up to three access requests to the RADIUS server before returning failure.
Page 915: Deadtime
Syntax auth-port auth-port-number • auth-port-number — Port number for authentication requests. (Range: 1 - 65535) Default Configuration The default value of the port number is 1812. Command Mode RADIUS Server Configuration mode User Guidelines User must enter the mode corresponding to a specific RADIUS Server Configuration before executing this command.
Page 916 Default Configuration The default deadtime interval is 0 minutes. Command Mode RADIUS Server Configuration mode User Guidelines If only one RADIUS server is configured, it is recommended to use a deadtime interval of 0. Example The following example specifies a deadtime interval of 60 minutes. console(config)#radius-server host 192.143.120.123 console(config-auth-radius)#deadtime 60 Use the key command to specify the encryption key which is shared with the...
Page 917: Msgauth
Command Mode RADIUS Server Configuration mode User Guidelines There are no user guidelines for this command. In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). If no encryption parameter (7) is present, the key string is interpreted as an unencrypted shared secret.
Page 918: Name (Radius Server)
Default Configuration The message authenticator attribute is enabled by default. Command Mode RADIUS Server Configuration mode User Guidelines There are no user guidelines for this command. Example console(Config-auth-radius)#msgauth name (RADIUS server) Use the name command to assign a name to a RADIUS server. Use the no form of the command to return the name to the default (Default-RADIUS- Server).
Page 919: Primary
Note that, when multiple RADIUS servers are configured with different names (for example, ServerName is name1 and address is 1.1.1.1 and ServerName is name2 and address is 1.1.1.2): The RADIUS request is always sent to the first ordered name server list, i.e. name1 server list would be tried before moving on to name2.
Page 920: Priority
Command Mode RADIUS Server Configuration mode User Guidelines There are no user guidelines for this command. Example console(Config-auth-radius)#primary priority Use the priority command in RADIUS Server Configuration mode to specify the order in which the servers are to be used, with 0 being the highest priority. Syntax priority priority •...
Page 921: Radius-Server Attribute 4
radius-server attribute 4 Use the radius-server attribute 4 command to set the network access server (NAS) IPv4 address for the RADIUS server. The NAS-IP-Address is RADIUS attribute number 4. Use the no version of the command to set the value to the default.
Page 922: Radius-Server Attribute 6
Service- Type parameter received from the RADIUS server in Access-Accept messages. Dell EMC Networking N-Series switches accept the Login-User (1) or Administrative-User (6) values in the Access-Accept message returned from the RADIUS server. Access-Accept messages without one of those values are treated as if an Access-Reject message has been received.
Page 923: Radius-Server Attribute 8
Example This command configures the switch to send the Service-Type attribute in the Access-Request message sent to the RADIUS server. console#conf console(config)#radius-server attribute 6 on-for-login-auth radius-server attribute 8 Use the radius-server attribute 8 command to enable the switch to send the RADIUS Framed-IP-Address attribute in authentication messages sent to the authentication server.
Page 924: Radius-Server Attribute 25
radius-server attribute 25 Use the radius-server attribute 25 command to globally enable the switch to send the RADIUS Class attribute as supplied by the RADIUS server in accounting messages sent to the accounting server. Syntax radius-server attribute 25 include-in-access-req no radius-server attribute 25 include-in-access-req Default Configuration By default, the switch sends the Class attribute to the accounting server.
Page 925 Syntax radius-server attribute 31 mac format { ietf | unformatted | legacy } [lower- case | upper-case] no radius-server attribute 31 mac format • ietf—Format the MAC address as aa-aa-bb-bb-cc-cc. The default is upper case. • unformatted—Format the MAC address as aaaabbbbcccc. The default is lower case.
Page 926: Radius-Server Deadtime
Example This example globally configures the format of the MAC address sent in the Calling-Station-Id attribute and the User-Name attribute when using MAC based authentication to IETF lower case. It also configures interface Gi1/0/1 to use MAB. MAB must be configured on the switch in an active authentication list, IEEE 802.1X must be configured, and a RADIUS server must also be configured.
Page 927: Radius-Server Host
User Guidelines If only one RADIUS server is configured, it is recommended that the deadtime interval be left at 0. If a RADIUS server is currently active and responsive, that server will be used until it no longer responds. RADIUS servers whose deadtime interval has not expired are skipped when searching for a new RADIUS server to contact.
Page 928: Radius-Server Key
User Guidelines RADIUS servers are keyed by the host name, therefore it is advisable to use unique server host names. Example The following example specifies a RADIUS server host with the following characteristics: Server host IP address — 192.168.10.1 console(config)#radius-server host 192.168.10.1 radius-server key Use the radius-server key command to set the authentication and encryption key for all RADIUS communications between the switch and the RADIUS...
Page 929: Radius-Server Retransmit
User Guidelines In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). If no encryption parameter (7) is present, the key string is interpreted as an unencrypted shared secret. Keys are always displayed in their encrypted form in the running configuration.
Page 930: Radius-Server Source-Ip
User Guidelines This command has no user guidelines. Example The following example configures the number of times the RADIUS client attempts to retransmit requests to the RADIUS server to five attempts. console(config)#radius-server retransmit 5 radius-server source-ip Use the radius-server source-ip command to specify the source IPv4 address used in the IP header for communication with RADIUS servers.
Page 931: Radius-Server Source-Interface
The source IP address of RADIUS packets sent to a server should match the NAS IP address configured on the RADIUS server. A mismatch may lead to a RADIUS packet timeout. Loopback interfaces are not supported on the Dell EMC N1100-ON Series switches. Command History Introduced in version 6.3.0.1 firmware.
Page 932: Radius-Server Timeout
console(config)#interface vlan 1 console(config-if-vlan1)#ip address dhcp console(config-if-vlan1)#exit console(config)#radius-server source-interface vlan 1 radius-server timeout Use the radius-server timeout command in Global Configuration mode to set the interval for which a switch waits for a server to reply. To restore the default, use the no form of this command. Syntax radius-server timeout timeout no radius-server timeout...
Page 933: Show Aaa Servers
Syntax retransmit retries • retries — Specifies the retransmit value. (Range: 1-10 attempts) Default Configuration The default number for attempts is 3. Command Mode RADIUS mode User Guidelines User must enter the mode corresponding to a specific RADIUS server before executing this command.
Page 934 • servername—Will cause only the server(s) with server-name name to be displayed. There are no global parameters displayed when this parameter is specified. Default Configuration All authentication servers are displayed by default. Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed:...
Page 935: Source Interface
Field Description RADIUS Attribute 4 A Global parameter that specifies the IP address to be Value used in NAS-IP-Address attribute to be used in RADIUS requests. Source Interface The source interface from which the source IP address is obtained. Command History Introduced in version 6.2.0.1 firmware.
Page 936: Show Radius Statistics
test 6.6.6.6 1812 switch-top#show aaa servers authentication name CoA-Server-1 RADIUS Server Name......CoA-Server-1 Current Server IP Address...... 1.1.1.1 Number of Retransmits......3 Timeout Duration....... 15 Deadtime........0 Port........... 3799 Source IP........Default RADIUS Accounting Mode......Disabled Secret Configured......Yes Message Authenticator......Enable Number of CoA Requests Received......
Page 937 Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed for accounting servers: Field Description RADIUS Name of the accounting server. Accounting Server Name Server Host...
Page 938 Field Description Timeouts The number of accounting timeouts on this server. Unknown Types The number of packets unknown type which were received from this server on accounting port. Packets Dropped The number of RADIUS packets received from this server on accounting port and dropped for some other reason.
Page 939 Field Description Timeouts The number of authentication timeouts to this server. Unknown Types The number of packets unknown type which were received from this server on the authentication port. Packets Dropped The number of RADIUS packets received from this server on authentication port and dropped for some other reason.
Page 940: Source-Ip
source-ip Use the source-ip command in RADIUS Server Configuration mode to specify the source IP address to be used for communication with RADIUS servers. 0.0.0.0 is interpreted as a request to use the IP address of the outgoing IP interface. Syntax source-ip source •...
Page 941: Usage
Default Configuration The default value is 15 seconds. Command Mode RADIUS mode User Guidelines User must enter the mode corresponding to a specific RADIUS server before executing this command. Example The following example specifies the timeout setting for the designated RADIUS Server.
Page 942 Example The following example specifies usage type login. console(config)#radius-server host 192.143.120.123 console(config-auth-radius)#usage login Security Commands...
Page 943: Tacacs+ Commands
Dell EMC Networking supports authentication of a user using a TACACS+ server. When TACACS+ is configured as the authentication method for a user login type (CLI/HTTP/HTTPS), the NAS will prompt for the user login credentials and request services from the TACACS+ client;...
Page 944 show tacacs tacacs-server timeout – timeout Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon.
Page 945: Port
Keys are always displayed in their encrypted form in the running configuration. In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). The encryption algorithm is the same across switches. Encrypted passwords may be copied from one switch and pasted into another switch configuration. Command History Updated in version 6.3.0.1 firmware.
Page 946: Priority
Example The following example displays how to specify TACACS server port number 1200. console(config-tacacs)#port 1200 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority. Syntax priority [priority] •...
Page 947: Tacacs-Server Host
• ip-address — The name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example displays TACACS+ server settings.
Page 948: Tacacs-Server Key
Default Configuration No TACACS+ host is specified. Command Mode Global Configuration mode User Guidelines To specify multiple hosts, multiple tacacs-server host commands can be used. TACACS servers are keyed by the host name, therefore it is advisable to use unique host names. Example The following example specifies a TACACS+ host.
Page 949: Tacacs-Server Source-Interface
Default Configuration The default is an empty string. Command Mode Global Configuration mode User Guidelines The tacacs-server key command accepts any printable characters for the key except a question mark. Enclose the string in double quotes to include spaces within the key. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely.
Page 950: Tacacs-Server Timeout
User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). Loopback interfaces are not suppported on the Dell EMC N1100-ON Series switches. Command History Introduced in version 6.3.0.1 firmware. Example...
Page 951: Timeout
Syntax tacacs-server timeout [timeout] no tacacs-server timeout • timeout — The timeout value in seconds. (Range: 1–30) Default Configuration The default value is 5 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the timeout value as 30. console(config)#tacacs-server timeout 30 timeout Use the timeout command in TACACS Configuration mode to specify the...
Page 952 User Guidelines This command has no user guidelines. Example This example shows how to specify the timeout value. console(config-tacacs)#timeout 23 Security Commands...
Page 953: X Commands
A port is defined as a single point of attachment to the LAN. The Dell EMC Networking switches support an 802.1x Authenticator service with a local authentication server or authentication using remote RADIUS or TACACS servers.
Page 954: Commands In This Section
to be able to identify the short-comings in the configuration of a 802.1x authentication on the switch without affecting the network access to the users of the switch. There are three important aspects to this feature after activation: 1 To allow successful authentications using the returned information from authentication server.
Page 955: Dot1X Dynamic-Vlan Enable
dot1x max-users dot1x timeout tx-period show dot1x interface statistics dot1x port-control auth-type show dot1x users dot1x re-authenticate client clear dot1x authentication– history dot1x reauthentication ignore dot1x guest-vlan dot1x system-auth-control port dot1x unauth-vlan – – show dot1x advanced 802.1x Advanced Features dot1x guest-vlan dot1x unauth-vlan show dot1x advanced...
Page 956: Dot1X Eapolflood
dot1x eapolflood This command enables the flooding of received IEEE 802.1x frames in the VLAN. Use the no form of the command to return the processing of EAPOL frames to the default. Syntax dot1x eapolflood no dot1x eapolflood Default Configuration By default, the switch does not forward received IEEE 802.1x frames, even if 802.1x is not enabled on the switch.
Page 957: Dot1X Mac-Auth-Bypass
Syntax dot1x initialize [interface interface-id] • interface-id—The port to be initialized. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command. dot1x mac-auth-bypass Use the dot1x mac-auth-bypass command to enable MAB on an interface. Use the no form of this command to disable MAB on an interface.
Page 958: Dot1X Max-Req
Example The following example sets MAC Authentication Bypass on interface gigabitethernet 1/0/2: console(config-if-Gi1/0/2)#dot1x port-control mac-based console(config-if-Gi1/0/2)#dot1x mac-auth-bypass dot1x max-req Use the dot1x max-req command in Interface Configuration mode to set the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP)-request frame (assuming that no response is received) to the client before restarting the authentication process.
Page 959: Dot1X Max-Users
— The number of users the port supports for MAC-based 802.1x authentication (Range: 1–64) Default Configuration The default number of clients supported on a port with MAC-based 802.1x authentication is 64. The N1100-ON Series switches, the range is 1–32. Command Mode Interface Configuration (Ethernet) mode User Guidelines The N1100-ON Series switches support up to 32 users per interface.
Page 960 Syntax dot1x port-control {force-authorized | force-unauthorized | auto | mac- based} no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client. VLAN assignment is allowed on the port if it is not configured in trunk mode.
Page 961: Dot1X Re-Authenticate
When configuring a port to use MAC-based authentication, the port must be in switchport general mode. Example The following command enables MAC-based authentication on port 1/0/2 console(config)# interface gigabitethernet 1/0/2 console(config-if-Gi1/0/2)# dot1x port-control mac-based dot1x re-authenticate Use the dot1x re-authenticate command to manually initiate a re-authentication of all 802.1x-enabled ports or the specified 802.1x-enabled port.
Page 962: Dot1X Reauthentication
dot1x reauthentication Use the dot1x reauthentication command in Interface Configuration mode to enable periodic re-authentication of the client. To return to the default setting, use the no form of this command. Syntax dot1x reauthentication no dot1x reauthentication Default Configuration Periodic reauthentication is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines...
Page 963: Dot1X System-Auth-Control Monitor
Default Configuration The default for this command is disabled. Command Mode Global Configuration mode User Guidelines Devices connected to interfaces on which IEEE 802.1X authentication is enabled will be required to authenticate before accessing network resources. This command enables local processing of IEEE 802.1x frames on the switch. Dot1x eapolflood mode must be disabled for local processing to occur.
Page 964: Dot1X Timeout Quiet-Period
User Guidelines Monitor mode always allows access to network resources, even if authentication fails. Example The following command enables monitor mode. Clients are always authenticated in monitor mode. console(config)# dot1x system-auth-control monitor dot1x timeout quiet-period Use the dot1x timeout quiet-period command in Interface Configuration mode to set the number of seconds that the switch remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password).
Page 965: Dot1X Timeout Re-Authperiod
Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. To provide a faster response time to the user, enter a smaller number than the default.
Page 966: Dot1X Timeout Server-Timeout
Example The following example sets the number of seconds between re-authentication attempts to 300. console(config)# interface gigabitethernet 1/0/16 console(config-if-Gi1/0/16)# dot1x timeout re-authperiod 300 dot1x timeout server-timeout Use the dot1x timeout server-timeout command in Interface Configuration mode to set the time that the switch waits for a response from the authentication server.
Page 967: Dot1X Timeout Supp-Timeout
dot1x timeout supp-timeout Use the dot1x timeout supp-timeout command to set the time that the switch waits for a response before retransmitting an Extensible Authentication Protocol (EAP-Request/Identity) frame to the client. To return to the default setting, use the no form of this command. Syntax dot1x timeout supp-timeout seconds no dot1x timeout supp-timeout...
Page 968: Dot1X Timeout Tx-Period
dot1x timeout tx-period Use the dot1x timeout tx-period command in Interface Configuration mode to set the number of seconds that the switch waits for a response to an Extensible Authentication Protocol EAP-Request/Identity frame from the client before resending the request. To return to the default setting, use the no form of this command.
Page 969: Auth-Type
auth-type Use this command to set the accepted authorization types for dynamic RADIUS clients. Use the no form of the command to set the authorization type to the default. Syntax auth-type { all | any |session-key} no auth-type • all—Selects all COA client authentication types. All authentication attributes must match for the authentication to succeed.
Page 970: Client
client Use this command to enter the CoA client parameters. Syntax client {ip-address | hostname } [ server-key [0 | 7] key-string ] no client {ip-address | hostname } • ip-address—The IPv4 address of a CoA client. The IPv4 address is entered in dotted-quad notation.
Page 971 Command History Introduced in version 6.2.0.1 firmware. Example The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and 3.3.3.3 and CoA clients at 3.3.3.3, 4.4.4.4, and 5.5.5.5. It sets the front panel ports to use 802.1x MAC-based authentication. CoA is configured for two RADIUS servers located at 1.1.1.1 and 2.2.2.2 using a global shared secret and a third server using a server specific shared secret.
Page 972: Ignore
ignore Use this command to set the switch to ignore certain authentication parameters from dynamic RADIUS clients. Use the no form of the command to restore checking of the specific authentication parameters as configured by the auth-type command. Syntax ignore {session-key | server-key} no ignore {session-key | server-key} •...
Page 973: Port
port Use this command to set the port on which to listen for CoA and disconnect requests from authorized dynamic RADIUS clients. Syntax port port–number no port • port-number—An integer in the range of 1025–65535 Default Configuration The default is port 3799. Command Modes Dynamic Radius Configuration User Guidelines...
Page 974 Syntax server-key [0 | 7] key-string no server-key • 0—An unencrypted key is to be entered. • 7—An encrypted key is to be entered. • key-string—The key string in encrypted or unencrypted form. In encrypted form, it must be 256 characters in length. In unencrypted form, it may be up to 128 characters in length.
Page 975: Show Dot1X
console(config-if)# exit console(config)# radius-server host 1.1.1.1 console(config-auth-radius)#primary console(config-auth-radius)#exit console(config)# radius-server host 2.2.2.2 console(config-auth-radius)#exit console(config)# radius-server host 3.3.3.3 console(config-auth-radius)#key “That’s your secret.” console(config-auth-radius)#exit console(config)# radius-server key “Keep it. Keep it.” console(config)# aaa server radius dynamic-author console(config-radius-da)# client 3.3.3.3 server-key 0 “That’s your secret.” console(config-radius-da)# client 1.1.1.1 console(config-radius-da)# client 2.2.2.2 console(config-radius-da)# server-key 0 “Keep it.
Page 976 Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If you do not use the optional parameters, the command displays the global dot1x mode, Dynamic VLAN Creation Mode, Monitor Mode, EAPOL Flood Mode, and the VLAN Assignment mode. Field Description Administrative...
Page 977: Show Dot1X Authentication-History
show dot1x authentication-history Use the show dot1x authentication-history command to display the dot1x authentication events and information during successful and unsuccessful dot1x authentication processes. The command is available to display all events, or events per interface, or only failure authentication events in summary or in detail.
Page 978: Filter Name
Parameter Description Reason Actual reason behind the successful or failure authentication. Result Age Time since last result. Filter Name The name of the assigned filter (policy map). Example console#show dot1x authentication-history all detail Time Stamp......Mar 22 2010 01:16:31 Result Age......0 days, 1 hours, 17 minutes, 38 seconds Interface......
Page 979: Show Dot1X Clients
show dot1x clients Use the show dot1x clients command to display 802.1x client information. The client information is displayed in summary or in detail. The command also displays the statistics of the number of clients that are authenticated using Monitor Mode and using 802.1x. Syntax show dot1x clients {interface–id | all} •...
Page 980: Show Dot1X Interface
Supp MAC Address....... 00:01:02:03:04:05 Session Time........518 Filter Id........VLAN Assigned........1 Interface........Gi1/0/7 User Name........dell Supp MAC Address....... 00:08:A1:7E:45:1A Session Time........67 VLAN Assigned........Monitor Mode show dot1x interface This command shows the status and configuration of an IEEE 802.1x configured interface.
Page 981 Syntax show dot1x interface interface-id Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The command accepts Ethernet interface identifiers. Example console#show dot1x interface gigabitethernet 1/0/10 Administrative Mode....
Page 982: Show Dot1X Interface Statistics
show dot1x interface statistics Use the show dot1x interface statistics command to display 802.1x statistics for the specified interface. Syntax show dot1x interface {gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} statistics Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines...
Page 983: Show Dot1X Users
Field Description EAP Request/ID Frames The number of EAP Req/Id frames that have been Transmitted transmitted by this Authenticator. EAP Request Frames The number of EAP Request frames (other than Rq/Id Transmitted frames) that have been transmitted by this Authenticator. Invalid EAPOL Frames The number of EAPOL frames that have been received Received...
Page 984: Clear Dot1X Authentication–History
Syntax show dot1x users [username username] • username — Supplicant username (Range: 1–160 characters) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays 802.1x users.
Page 985: Dot1X Guest-Vlan
Syntax clear dot1x authentication–history [interface–id] • interface–id—Any valid interface. See Interface Naming Conventions interface representation. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example This examples clears all entries from the authentication log. console#clear dot1x authentication-history This example purges all entries for the specified interface from the authention log.
Page 986: Dot1X Timeout Guest-Vlan-Period
• vlan-id — The ID of a valid VLAN to use as the guest VLAN (Range: 0- 4093). Default Configuration The guest VLAN is disabled on the interface by default. Command Mode Interface Configuration (Ethernet) mode User Guidelines If configured, the guest VLAN is the VLAN to which 802.1X unaware clients are assigned.
Page 987: Dot1X Unauth-Vlan
Command Mode Interface Configuration (Ethernet) mode User Guidelines It is recommended that the user set the dot1x timeout guest-vlan-period to at least three times the while timer so that at least three EAP Requests are sent, before assuming that the client is an 802.1X unaware client. An 802.1X unaware client is one that does not respond to EAP-Request/Identity frames and does not send EAPOL-Start or EAP-Response/Identity frames.
Page 988: Show Dot1X Advanced
User Guidelines The switch attempts authentication three times before assigning a user to the unauthenticated VLAN. Configure the unauthenticated VLAN before using this command. Example The following example set the unauthenticated VLAN on port 1/0/2 to VLAN console(config-if-Gi1/0/2)#dot1x unauth-vlan 20 show dot1x advanced Use the show dot1x advanced command to display 802.1x advanced features for the switch or for the specified interface.
Page 989 console#show dot1x advanced Port Guest Unauthenticated VLAN Vlan --------- --------- --------------- Gi1/0/1 Disabled Disabled Gi1/0/2 Gi1/0/3 Disabled Disabled Gi1/0/4 Disabled Disabled Gi1/0/5 Disabled Disabled Gi1/0/6 Disabled Disabled console#show dot1x advanced gigabitethernet 1/0/2 Port Guest Unauthenticated VLAN Vlan --------- --------- --------------- Gi1/0/2 Security Commands...
Page 990: Captive Portal Commands
Captive Portal Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100- ON/N3000/N3100-ON/N4000 Series Switches The Captive Portal feature is a software implementation that blocks both wired and wireless clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users.
Page 991 interface session-timeout locale verification Captive Portal Client Connection Commands captive-portal client deauthenticate show captive-portal interface client status show captive-portal client status show captive-portal interface configuration status show captive-portal configuration client – status Captive Portal Local User Commands clear captive-portal users user-logout no user user name...
Page 992: Authentication Timeout
Captive Portal Global Commands authentication timeout Use the authentication timeout command to configure the authentication timeout. If the user does not enter valid credentials within this time limit, the authentication page needs to be served again in order for the client to gain access to the network.
Page 993: Enable
Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#captive-portal console(config-cp)# enable Use the enable command to globally enable captive portal. Use the “no” form of this command to globally disable captive portal.
Page 994: Http Port
http port Use the http port command to configure an additional HTTP port for captive portal to listen for connections. Use the “no” form of this command to remove the additional HTTP port from monitoring. Syntax http port port-num no http port •...
Page 995: Show Captive-Portal
• port-num — The port number on which the HTTPS server listens for connections (Range: 1025–65535). Default Configuration Captive portal listens on port 443 by default. Command Mode Captive Portal Configuration mode. User Guidelines The port number should not be set to a value that might conflict with other well- known protocol port numbers used on this switch.
Page 996: Show Captive-Portal Status
Example console#show captive-portal Administrative Mode....... Disabled Operational Status......Disabled Disable Reason......Administrator Disabled CP IP Address......1.2.3.4 show captive-portal status Use the show captive-portal status command to report the status of all captive portal instances in the system. Syntax show captive-portal status Default Configuration There is no default configuration for this command.
Page 997: Block
Captive Portal Configuration Commands The commands in this section are related to captive portal configurations. block Use the block command to block all traffic for a captive portal configuration. Use the “no” form of this command to unblock traffic. Syntax block no block Default Configuration...
Page 998: Enable
• cp-id — Captive Portal ID (Range: 1–10). Default Configuration Configuration 1 is enabled by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-cp)#configuration 2 console(config-cp 2)# enable Use the enable command to enable a captive portal configuration. Use the no form of this command to disable a configuration.
Page 999: Group
group Use the group command to configure the group number for a captive portal configuration. If a group number is configured, the user entry (Local or RADIUS) must be configured with the same name and the group to authenticate to this captive portal instance. Use the no form of this command to reset the group number to the default.
Page 1000: Locale
Default Configuration No interfaces are associated with a configuration by default. Command Mode Captive Portal Instance Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#interface gi1/0/2 locale The locale command is not intended to be a user command. The administrator must use the Web UI to create and customize captive portal web content.
Page 1001: Name (Captive Portal)
name (Captive Portal) Use the name command to configure the name for a captive portal configuration. Use the no form of this command to remove a configuration name. Syntax name cp-name no name • cp-name — CP configuration name (Range: 1–32 characters). Default Configuration Configuration 1 has the name “Default”...
Page 1002: Redirect
Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#protocol http redirect Use the redirect command to enable the redirect mode for a captive portal configuration. Use the “no” form of this command to disable redirect mode. Syntax redirect no redirect...

This manual is also suitable for:

N1500 N3100-on N4000 N2100-on N2000 N3000

Dell N1100-ON Reference Manual

1 Dell EMC Networking CLI

2 Using the CLI

3 Layer 2 Switching Commands

Quick Links

CLI Reference Guide

Related Manuals for Dell N1100-ON

Summary of Contents for Dell N1100-ON