Dell S6100 Configuration Manual

Dell S6100 Configuration Manual

Hide thumbs Also See for S6100:
Table of Contents

Advertisement

Dell Configuration Guide for the S6100–ON
System
9.11(2.0P1)

Advertisement

Table of Contents
loading

Summary of Contents for Dell S6100

  • Page 1 Dell Configuration Guide for the S6100–ON System 9.11(2.0P1)
  • Page 2 A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.
  • Page 3: Table Of Contents

    Save the Running-Configuration..........................52 Configure the Overload Bit for a Startup Scenario....................53 Viewing Files................................53 Managing the File System.............................. 54 View Command History..............................54 Upgrading Dell Networking OS............................55 Using HTTP for File Transfers............................55 Verify Software Images Before Installation........................56 Contents...
  • Page 4 4 Management............................... 58 Configuring Privilege Levels............................58 Creating a Custom Privilege Level........................... 59 Removing a Command from EXEC Mode......................59 Moving a Command from EXEC Privilege Mode to EXEC Mode................59 Allowing Access to CONFIGURATION Mode Commands..................59 Allowing Access to Different Modes........................59 Applying a Privilege Level to a Username........................61 Applying a Privilege Level to a Terminal Line......................
  • Page 5 Dynamic CoS with 802.1X............................. 105 6 Access Control Lists (ACLs)........................107 IP Access Control Lists (ACLs).............................108 CAM Usage................................109 Implementing ACLs on Dell Networking OS......................109 Configure ACL Range Profiles..........................111 Important Points to Remember............................111 Configuration Task List for Route Maps......................... 112 Configuring Match Routes............................
  • Page 6 Configure a Route Map for Route Redistribution....................116 Configure a Route Map for Route Tagging......................117 Continue Clause.................................117 IP Fragment Handling..............................117 IP Fragments ACL Examples........................... 118 Layer 4 ACL Rules Examples........................... 118 Configure a Standard IP ACL............................119 Configuring a Standard IP ACL Filter........................120 Configure an Extended IP ACL............................121 Configuring Filters with a Sequence Number......................121 Configuring Filters Without a Sequence Number....................124...
  • Page 7 Multi-Exit Discriminators (MEDs)...........................179 Origin..................................180 AS Path..................................181 Next Hop..................................181 Multiprotocol BGP................................181 Implement BGP with Dell Networking OS........................182 Additional Path (Add-Path) Support........................182 Advertise IGP Cost as MED for Redistributed Routes..................182 Ignore Router-ID in Best-Path Calculation......................183 Four-Byte AS Numbers............................183 AS4 Number Representation..........................
  • Page 8 Changing MED Attributes............................208 Changing the LOCAL_PREFERENCE Attribute....................208 Configuring the local System or a Different System to be the Next Hop for BGP-Learned Routes.... 209 Changing the WEIGHT Attribute..........................210 Enabling Multipath..............................210 Filtering BGP Routes..............................210 Filtering BGP Routes Using Route Maps.......................212 Filtering BGP Routes Using AS-PATH Information....................212 Configuring BGP Route Reflectors........................
  • Page 9 11 Data Center Bridging (DCB)........................246 Ethernet Enhancements in Data Center Bridging..................... 246 Priority-Based Flow Control............................247 Enhanced Transmission Selection..........................248 Data Center Bridging Exchange Protocol (DCBx)....................249 Data Center Bridging in a Traffic Flow........................250 Enabling Data Center Bridging.............................250 DCB Maps and its Attributes..........................251 Data Center Bridging: Default Configuration......................
  • Page 10 DCBx Prerequisites and Restrictions........................271 Configuring DCBx..............................271 Verifying the DCB Configuration..........................275 QoS dot1p Traffic Classification and Queue Assignment..................282 Configuring the Dynamic Buffer Method........................282 Sample DCB Configuration............................283 PFC and ETS Configuration Command Examples....................285 12 Dynamic Host Configuration Protocol (DHCP)..................286 DHCP Packet Format and Options..........................
  • Page 11 Support for /128 IPv6 and /32 IPv4 Prefixes in Layer 3 Host Table and LPM Table........308 Support for ECMP in host table..........................309 Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes ................ 309 RTAG7..................................309 Flow-based Hashing for ECMP..........................310 14 FIP Snooping.............................314 Fibre Channel over Ethernet............................
  • Page 12 Ring Status................................337 Multiple FRRP Rings..............................337 Important FRRP Points............................338 Important FRRP Concepts............................. 339 Implementing FRRP...............................340 FRRP Configuration..............................340 Creating the FRRP Group............................340 Configuring the Control VLAN..........................341 Configuring and Adding the Member VLANs.......................342 Setting the FRRP Timers............................343 Clearing the FRRP Counters..........................343 Viewing the FRRP Configuration...........................
  • Page 13 Important Points to Remember..........................379 Configuring EIS................................ 379 Management Interfaces..............................380 Configuring Management Interfaces........................380 Configuring a Management Interface on an Ethernet Port................381 S6100 — OIR................................382 VLAN Interfaces................................382 Loopback Interfaces..............................383 Null Interfaces................................384 Port Channel Interfaces..............................384 Port Channel Definition and Standards.........................384 Port Channel Benefits.............................
  • Page 14 Configuration Tasks for Port Channel Interfaces....................385 Creating a Port Channel............................386 Adding a Physical Interface to a Port Channel.....................386 Reassigning an Interface to a New Port Channel....................388 Configuring the Minimum Oper Up Links in a Port Channel................388 Adding or Removing a Port Channel from a VLAN..................... 389 Assigning an IP Address to a Port Channel......................
  • Page 15 IPv6 Headers................................430 Longest Prefix Match (LPM) Table and IPv6 /65 – /128 support..............431 IPv6 Header Fields..............................432 Extension Header Fields............................434 Addressing................................435 Implementing IPv6 with Dell Networking OS......................436 ICMPv6................................... 436 Path MTU Discovery..............................436 IPv6 Neighbor Discovery.............................. 437 Contents...
  • Page 16 Application of Quality of Service to iSCSI Traffic Flows..................451 Information Monitored in iSCSI Traffic Flows......................451 Detection and Auto-Configuration for Dell EqualLogic Arrays................452 Configuring Detection and Ports for Dell Compellent Arrays................452 Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer..............453 Enable and Disable iSCSI Optimization.........................
  • Page 17 Configuration Tasks for IS-IS..........................462 Configuring the Distance of a Route........................469 Changing the IS-Type.............................. 470 Redistributing IPv4 Routes............................. 472 Redistributing IPv6 Routes............................. 473 Configuring Authentication Passwords......................... 474 Setting the Overload Bit............................474 Debugging IS-IS............................... 475 IS-IS Metric Styles................................. 476 Configure Metric Values..............................476 Maximum Values in the Routing Table........................477 Change the IS-IS Metric Style in One Level Only....................
  • Page 18 Disabling MAC Address Learning on the System....................502 NIC Teaming................................... 502 Configure Redundant Pairs............................503 Important Points about Configuring Redundant Pairs..................505 Far-End Failure Detection.............................506 FEFD State Changes...............................507 Configuring FEFD..............................508 Enabling FEFD on an Interface..........................508 Debugging FEFD..............................509 26 Link Layer Discovery Protocol (LLDP).......................511 802.1AB (LLDP) Overview.............................
  • Page 19 Enable Multiple Spanning Tree Globally........................559 Adding and Removing Interfaces..........................559 Creating Multiple Spanning Tree Instances........................ 560 Influencing MSTP Root Selection..........................560 Interoperate with Non-Dell Bridges..........................561 Changing the Region Name or Revision........................561 Modifying Global Parameters............................562 Modifying the Interface Parameters........................... 563 Configuring an EdgePort..............................
  • Page 20 Networks and Neighbors............................599 Router Types................................599 Designated and Backup Designated Routers......................601 Link-State Advertisements (LSAs).........................601 Router Priority and Cost............................602 OSPF with Dell Networking OS........................... 603 Graceful Restart..............................604 Fast Convergence (OSPFv2, IPv4 Only)......................605 Multi-Process OSPFv2 with VRF..........................605 RFC-2328 Compliant OSPF Flooding........................605 OSPF ACK Packing..............................
  • Page 21 Assigning Area ID on an Interface..........................623 Assigning OSPFv3 Process ID and Router ID Globally..................623 Assigning OSPFv3 Process ID and Router ID to a VRF..................624 Applying cost for OSPFv3............................624 Configuring Stub Areas............................625 Configuring Passive-Interface..........................625 Redistributing Routes..............................625 Configuring a Default Route...........................626 Applying cost for OSPFv3............................
  • Page 22 Displaying Remote-Port Mirroring Configurations....................666 Configuring the Sample Remote Port Mirroring....................667 Encapsulated Remote Port Monitoring........................670 ERPM Behavior on a typical Dell Networking OS .....................672 Decapsulation of ERPM packets at the Destination IP/ Analyzer..............672 Port Monitoring on VLT..............................673 VLT Non-fail over Scenario............................. 673 VLT Fail-over Scenario.............................674...
  • Page 23 Enabling PVST+ Extend System ID..........................691 PVST+ Sample Configurations.............................692 39 Quality of Service (QoS)......................... 695 Implementation Information............................697 Port-Based QoS Configurations...........................697 Setting dot1p Priorities for Incoming Traffic......................697 Honoring dot1p Priorities on Ingress Traffic......................698 Configuring Port-Based Rate Policing........................699 Configuring Port-Based Rate Shaping........................699 Policy-Based QoS Configurations..........................700 Classify Traffic................................
  • Page 24 Configuration Task List............................728 RIP Configuration Example............................. 734 41 Remote Monitoring (RMON)........................740 Implementation Information............................740 Fault Recovery................................740 Setting the RMON Alarm............................741 Configuring an RMON Event..........................741 Configuring RMON Collection Statistics.......................742 Configuring the RMON Collection History......................742 42 Rapid Spanning Tree Protocol (RSTP)..................... 744 Protocol Overview.................................
  • Page 25 Creating Access and Trunk Ports...........................797 Enable VLAN-Stacking for a VLAN........................798 Configuring the Protocol Type Value for the Outer VLAN Tag................798 Configuring Dell Networking OS Options for Trunk Ports.................. 798 Debugging VLAN Stacking............................. 799 VLAN Stacking in Multi-Vendor Networks......................799 VLAN Stacking Packet Drop Precedence........................
  • Page 26 Specifying a Destination MAC Address for BPDUs..................... 810 Setting Rate-Limit BPDUs............................810 Debugging Layer 2 Protocol Tunneling........................811 Provider Backbone Bridging............................811 46 sFlow................................812 Overview..................................812 Implementation Information............................812 Important Points to Remember..........................813 Enabling Extended sFlow...............................813 Enabling and Disabling sFlow on an Interface......................814 Enabling sFlow Max-Header Size Extended.......................
  • Page 27 Additional MIB Objects to View Copy Statistics....................833 Obtaining a Value for MIB Objects........................834 MIB Support for 25G, 40G, 50G, 100G Optical Transceiver or DAC cable IDPROM user info......834 MIB Support to Display the Available Memory Size on Flash...................836 Viewing the Available Flash Memory Size......................
  • Page 28 Configuring a Source IP Address for NTP Packets..................... 890 Configuring NTP Authentication........................... 890 Configuring a Custom-defined Period for NTP time Synchronization..............893 Dell Networking OS Time and Date..........................893 Configuration Task List ............................893 Setting the Time and Date for the Switch Software Clock................893 Setting the Timezone..............................894...
  • Page 29 Setting Recurring Daylight Saving Time....................... 895 52 Tunneling..............................897 Configuring a Tunnel..............................897 Configuring Tunnel Keepalive Settings........................898 Configuring a Tunnel Interface............................. 899 Configuring Tunnel Allow-Remote Decapsulation......................899 Configuring Tunnel source anylocal Decapsulation....................900 Guidelines for Configuring Multipoint Receive-Only Tunnels...................900 Multipoint Receive-Only Tunnels..........................900 53 Uplink Failure Detection (UFD).........................901 Feature Description................................901 How Uplink Failure Detection Works...........................
  • Page 30 Preventing Forwarding Loops in a VLT Domain....................936 Sample RSTP Configuration...........................936 Configuring VLT................................937 PVST+ Configuration..............................947 Sample PVST+ Configuration..........................947 Peer Routing Configuration Example.......................... 948 Dell-1 Switch Configuration.............................949 Dell-2 Switch Configuration............................953 R1 Configuration..............................956 Access Switch A1 Configurations and Verification....................957 eVLT Configuration Example............................958 eVLT Configuration Step Examples........................958 PIM-Sparse Mode Configuration Example.........................960...
  • Page 31 LLDP VLT Proxy Gateway in a Square VLT Topology..................988 Configuring a Static VLT Proxy Gateway........................989 Configuring an LLDP VLT Proxy Gateway........................989 VLT Proxy Gateway Sample Topology........................989 VLT Domain Configuration............................990 Dell-1 VLT Configuration............................990 Dell-2 VLT Configuration............................991 Dell-3 VLT Configuration............................992 Dell-4 VLT Configuration............................993 58 Virtual Extensible LAN (VXLAN)......................994 Overview..................................994...
  • Page 32 Assigning an Interface to a VRF..........................1010 Assigning a Front-end Port to a Management VRF................... 1010 View VRF Instance Information..........................1010 Assigning an OSPF Process to a VRF Instance....................1011 Configuring VRRP on a VRF Instance........................1011 Configuring Management VRF..........................1012 Configuring a Static Route.............................1012 Sample VRF Configuration............................
  • Page 33 Certificate authority (CA)............................1073 Certificate signing requests (CSR)........................1073 How certificates are requested..........................1073 Advantages of X.509v3 certificates........................1074 X.509v3 support in Dell Networking OS........................1074 Information about installing CA certificates......................1076 Installing CA certificate............................1076 Information about Creating Certificate Signing Requests (CSR)................1076 Creating Certificate Signing Requests (CSR).....................1077 Information about installing trusted certificates.......................
  • Page 34: About This Guide

    This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. For complete information about all the CLI commands, see the Dell Command Line Reference Guide for your system.
  • Page 35: Configuration Fundamentals

    In the Dell Networking OS, after you enter a command, the command is added to the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration, copy the running configuration to another location.
  • Page 36 You can set user access rights to commands and command modes using privilege levels. The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
  • Page 37: Navigating Cli Modes

    GRUB Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
  • Page 38 BGP ADDRESS-FAMILY Dell(conf-router_bgp_af)# (for address-family {ipv4 multicast | ipv6 unicast} (ROUTER BGP IPv4) Mode) Dell(conf-routerZ_bgpv6_af)# (for IPv6) ROUTER ISIS Dell(conf-router_isis)# router isis ISIS ADDRESS-FAMILY Dell(conf-router_isis-af_ipv6)# address-family ipv6 unicast (ROUTER ISIS Mode) ROUTER OSPF Dell(conf-router_ospf)# router ospf Configuration Fundamentals...
  • Page 39 ECMP Dell(conf-ecmp-group-ecmp- ecmp-group group-id)# Dell(conf-mgmt-eis)# management egress-interface- selection FRRP Dell(conf-frrp-ring-id)# protocol frrp LLDP Dell(conf-lldp)# or Dell(conf-if protocol lldp (CONFIGURATION or —interface-lldp)# INTERFACE Modes) LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE Dell(config-line-console) or line console orline vty Dell(config-line-vty) MONITOR SESSION...
  • Page 40: The Do Command

    You can enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the do command. The following example shows the output of the do command. Dell(conf)#do show system brief Stack MAC : 4c:76:25:f5:06:80...
  • Page 41: Obtaining Help

    Dell(conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 no ip address no shutdown Layer 2 protocols are disabled by default. To enable Layer 2 protocols, use the no disable command. For example, in PROTOCOL SPANNING TREE mode, enter no disable to enable Spanning Tree.
  • Page 42: Command History

    The variable specified_text is the text for which you are filtering and it IS case sensitive unless you use the ignore-case sub- option. Starting with Dell Networking OS version 7.8.1.0, the grep command accepts an ignore-case sub-option that forces the search to case-insensitive. For example, the commands: •...
  • Page 43: Example Of The Grep Keyword

    Dell# NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks. The except keyword displays text that does not match the specified text. The following example shows this command used in combination with the show system brief command.
  • Page 44 If either of these messages appears, Dell Networking recommends coordinating with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes. Configuration Fundamentals...
  • Page 45: Getting Started

    This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
  • Page 46: Console Access

    Accessing the RJ-45 Console Port with a DB-9 Adapter. Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S6100–ON console port to a terminal server. Connect the other end of the cable to the DTE terminal server.
  • Page 47: Micro Usb-B Access

    Connect the micro USB-B end of cable into the micro USB-B console port on the system. Power on the system. Install the necessary USB device drivers. (To download the drivers, go to http://www.dell.com/support.) For assistance, contact Dell Networking Technical Support.
  • Page 48: Default Configuration

    Default Configuration Although a version of Dell Networking OS is pre-loaded onto the system, the system is not configured when you power up the system first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
  • Page 49: Configure A Management Route

    MD5 encryption method. • enable sha256-password is stored in the running/startup configuration using sha256-based encryption method (PBKDF2). Dell Networking recommends using the enable sha256-password password. To configure an enable password, use the following command. •...
  • Page 50: Configuration File Management

    To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location. Table 3. Forming a copy Command...
  • Page 51: Mounting An Nfs File System

    Example of Importing a File to the Local System Dell#copy ftp://myusername:mypassword@192.168.1.1/file_path/FTOS-S6100-ON-9.10.0.0.bin flash:// FTOS-S6100-ON-9.10.0.0.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 54238335 bytes successfully copied Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands.
  • Page 52: Save The Running-Configuration

    225 bytes successfully copied Dell# Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration. The commands in this section follow the same format as those commands in the Copy Files to and from the System section but use the filenames startup-configuration and running-configuration.
  • Page 53: Configure The Overload Bit For A Startup Scenario

    For information about setting the router overload bit for a specific period of time after a switch reload is implemented, see the Intermediate System to Intermediate System (IS-IS) section in the Dell Command Line Reference Guide for your system. Viewing Files You can only view file information and content on local file systems.
  • Page 54: Managing The File System

    10.16.200.254 Managing the File System The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default but can be configured to store files elsewhere.
  • Page 55: Upgrading Dell Networking Os

    To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP server to use a specific routing table. You can use the ip http vrf command to inform the HTTP server to use a specific routing table.
  • Page 56: Verify Software Images Before Installation

    To validate a software image: Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file displays next to the software image file on the iSupport page.
  • Page 57 SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.bin Getting Started...
  • Page 58: Management

    Management This chapter describes the different protocols or services used to manage the Dell Networking system. Topics: • Configuring Privilege Levels • Configuring Logging • Log Messages in the Internal Buffer • Disabling System Logging • Sending System Messages to a Syslog Server •...
  • Page 59: Creating A Custom Privilege Level

    Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set. You can then customize privilege levels 2-14 by: • restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode •...
  • Page 60 CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...|| command} Example of EXEC Privilege Commands Dell#show running-config privilege privilege exec level 3 configure privilege exec level 4 resequence privilege configure level 3 line privilege configure level 3 interface tengigabitethernet Dell#telnet 10.11.80.201...
  • Page 61: Applying A Privilege Level To A Username

    When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: •...
  • Page 62: Audit And Security Logs

    CONFIGURATION mode no logging console Audit and Security Logs This section describes how to configure, display, and clear audit and security logs. The following is the configuration task list for audit and security logs: • Enabling Audit and Security Logs •...
  • Page 63: Configuring Logging Format

    May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security...
  • Page 64 On the switch, enable the SSH server Dell(conf)#ip ssh server enable On the syslog server, create a reverse SSH tunnel from the syslog server to the Dell OS switch, using following syntax: ssh -R <remote port>:<syslog server>:<syslog server listen port> user@remote_host -nNf In the following example the syslog server IP address is 10.156.166.48 and the listening port is 5141.
  • Page 65: Log Messages In The Internal Buffer

    Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer. For example, %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled Configuration Task List for System Log Management There are two configuration tasks for system log management: •...
  • Page 66: Track Login Activity

    Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events. When you log in using the console or VTY line, the system displays the last successful login details of the current user and the number of unsuccessful login attempts since your last successful login to the system, and whether the current user’s permissions have changed since...
  • Page 67: Display Login Statistics

    Example of the show login statistics all command The show login statistics all command displays the successful and failed login details of all users in the last 30 days or the custom defined time period. Dell#show login statistics all ------------------------------------------------------------------ User: admin Last login time: 08:54:28 UTC Wed Mar 23 2016 Last login location: Line vty0 ( 10.16.127.145 )
  • Page 68: Limit Concurrent Login Sessions

    Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines. You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions.
  • Page 69: Enabling The System To Clear Existing Sessions

    Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedure: •...
  • Page 70: Enabling Secured Cli Mode

    CONFIGURATION mode logging buffered size NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that Dell Networking OS saves to its logging history table.
  • Page 71: Display The Logging Buffer And The Logging Configuration

    When RBAC is enabled, the security logs are filtered based on the user roles. Only the security administrator and system administrator can view the security logs. Example of the show logging Command Dell#show logging Syslog logging: enabled Console logging: level debugging...
  • Page 72: Synchronizing Log Messages

    Dell# Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
  • Page 73: Enabling Timestamp On Syslog Messages

    File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.
  • Page 74: Enabling The Ftp Server

    • Enable FTP on the system. CONFIGURATION mode ftp-server enable Example of Viewing FTP Configuration Dell#show running ftp ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters.
  • Page 75: Terminal Lines

    (aux) connects secondary devices such as modems. Denying and Permitting Access to a Terminal Line Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines. • Layer 3 ACLs deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny traffic.
  • Page 76: Configuring Login Authentication For Terminal Lines

    You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, Dell Networking OS prompts the next method until all methods are exhausted, at which point the connection is terminated.
  • Page 77: Setting Timeout For Exec Privilege Mode

    Dell(config-line-vty)# Setting Timeout for EXEC Privilege Mode EXEC timeout is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set timeout, use the following commands. •...
  • Page 78: Using Telnet To Get To Another Network Device

    Dell# Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message 2). You can set two types of lockst: auto and manual.
  • Page 79: Lpc Bus Quality Degradation

    Dell can assist in pro-actively notifying and assisting customers when this condition is hit. System Status LED changes to an alarm state, blinking amber for S3048–ON, S6100–ON and Z9100–ON, and solid amber for C9000. It is not possible to suppress this LED pattern until the unit is switched off (for RMA).
  • Page 80: Lbqa (Lpc Bus Quality Analyzer) Failure Detection Mode

    Command History This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking OS Command Line Reference Guide. Version Description 9.11(2.0) Introduced on the C9010, S3048–ON, S6100–ON and Z9100–ON. Usage Information Enables Intel CPU LPC (Low Pin Count) clock-failure monitoring and issues a warning syslog to the user to take appropriate action if signal degradation is seen.
  • Page 81: Restoring Factory Default Environment Variables

    You enter BLI immediately, as indicated by the BOOT_USER # prompt. press any key Assign the new location of the Dell Networking OS image to be used when the system reloads. To boot from flash partition A: BOOT_USER # boot change primary...
  • Page 82: Reloading The System

    Reload the system if a configuration change to the NVRAM requires a device reload. EXEC Privilege mode reload conditional nvram-cfg-change • Reload the system into the Dell diagnostics mode. EXEC Privilege mode reload dell-diag • Reload the system into the ONIE mode.
  • Page 83 The following example shows how to reload the system: Dell# reload Proceed with reload [confirm yes/no]: yes The following example shows how to reload the system into Dell diagnostics mode: Dell#reload dell-diag Proceed with reload [confirm yes/no]: yes The following example shows how to reload the system into ONIE mode:...
  • Page 84: 802.1X

    802.1X employs Extensible Authentication Protocol (EAP) to transfer a device’s credentials to an authentication server (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server.
  • Page 85 The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network. It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator. •...
  • Page 86: Port-Authentication Process

    • Re-Authenticating a Port • Configuring Dynamic VLAN Assignment with Port Authentication • Guest and Authentication-Fail VLANs • Multi-Host Authentication • Multi-Supplicant Authentication • MAC Authentication Bypass • Dynamic CoS with 802.1X Port-Authentication Process The authentication process begins when the authenticator senses that a link status has changed from down to up: When the authenticator senses a link state change, it requests that the supplicant identify itself using an EAP Identity Request frame.
  • Page 87: Eap Over Radius

    79. Figure 6. EAP Over RADIUS RADIUS Attributes for 802.1X Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server. Attribute 41 NAS-Port-Type: NAS-port physical port type.
  • Page 88: Important Points To Remember

    Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
  • Page 89: Configuring Dot1X Profile

    Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication [output omitted]...
  • Page 90: Configuring Mac Addresses For A Do1X Profile

    Eenter a name to configure the static MAB profile name. The profile name length is limited to a maximum of 32 characters. Example of Static MAB and MAB Profile for an Interface Dell(conf-if-Te-2/1)#dot1x static-mab profile sample Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 21...
  • Page 91: Configuring Critical Vlan

    Dell(conf-if-Te 2/1))#show dot1x interface TenGigabitEthernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable Port Control: Auto Port Auth Status: AUTHORIZED(STATIC-MAB) Re-Authentication: Disable Untagged VLAN id: None Guest VLAN: Enable Guest VLAN id: Auth-Fail VLAN: Enable Auth-Fail VLAN id:...
  • Page 92: Configuring Request Identity Re-Transmissions

    Guest VLAN: Enable Guest VLAN id: Auth-Fail VLAN: Disable Auth-Fail VLAN id: NONE Auth-Fail Max-Attempts: NONE Mac-Auth-Bypass: Enable Mac-Auth-Bypass Only: Enable Tx Period: 3 seconds Quiet Period: 60 seconds ReAuth Max: Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: Host Mode:...
  • Page 93: Configuring A Quiet Period After A Failed Authentication

    EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-1/1/1/1)#dot1x tx-period 90 Dell(conf-if-range-Te-1/1/1/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-1/1/1/1)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 1/1/1/1 802.1x information on Te 1/1/1/1: ----------------------------- Dot1x Status: Enable...
  • Page 94: Forcibly Authorizing Or Unauthorizing A Port

    EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-1/1/1/1)#dot1x tx-period 90 Dell(conf-if-range-Te-1/1/1/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-1/1/1/1)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 1/1/1/1 802.1x information on Te 1/1/1/1: ----------------------------- Dot1x Status: Enable...
  • Page 95: Re-Authenticating A Port

    Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-1/1/1/1)#dot1x reauthentication interval 7200 Dell(conf-if-Te-1/1/1/1)#dot1x reauth-max 10 Dell(conf-if-Te-1/1/1/1)#do show dot1x interface TenGigabitEthernet 1/1/1/1 802.1x information on Te 1/1/1/1: ----------------------------- Dot1x Status:...
  • Page 96: Configuring Dynamic Vlan Assignment With Port Authentication

    Private-Group-ID The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
  • Page 97: Guest And Authentication-Fail Vlans

    Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data.
  • Page 98: Configuring Timeouts

    Dell(conf-if-Te-1/1/1/1)#dot1x guest-vlan 200 Dell(conf-if-Te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-1/1/1/1)# Dell(conf-if-Te-1/1/1/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown...
  • Page 99: Multi-Host Authentication

    The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-1/1/1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1/1/1)#do show dot1x interface TenGigabitEthernet 1/1/1/1 802.1x information on Te 1/1/1/1: ----------------------------- Dot1x Status:...
  • Page 100 When multiple end users are connected to a single authenticator port, single-host mode authentication does not authenticate all end users, and all but one are denied access to the network. For these cases, the Dell Networking OS supports multi-host mode authentication.
  • Page 101: Configuring Multi-Host Authenticationconfiguring Single-Host Authentication

    To verify the currently configured authentication mode, enter the show dot1x interface command. Dell(conf-if-te-2/1)# dot1x host-mode multi-host Dell(conf-if-te-2/1)# do show dot1x interface tengigabitethernet 2/1 802.1x information on Te 2/1: -----------------------------...
  • Page 102: Multi-Supplicant Authentication

    To verify the currently configured authentication mode, enter the show dot1x interface command. Dell(conf-if-te-1/3)# dot1x host-mode multi-auth Dell(conf-if-te-1/3)# do show dot1x interface tengigabitethernet 1/3 802.1x information on Te 1/3: -----------------------------...
  • Page 103: Mac Authentication Bypass

    To restrict the number of devices that 802.1X can authenticate on a port in multi-supplicant (multi-auth) mode, enter the dot1x max- supplicants number command in Interface mode. By default, the maximum number of multi-supplicant devices is 128. Dell(conf-if-te-2/1)# dot1x max-supplicants 4 MAC Authentication Bypass MAC authentication bypass (MAB) enables you to provide MAC-based security by allowing only known MAC addresses within the network using a RADIUS server.
  • Page 104: Mab In Single-Host And Multi-Host Mode

    If MAB times out or MAC authentication fails, the port is placed into the guest VLAN. If both MAB and re-authentication are enabled, when the re-auth period finishes and whether the previous authentication was through MAB or 802.1X, 802.1X authentication is tried first. If 802.1X times out, MAB authentication is tried. The port remains authorized throughout the reauthentication process.
  • Page 105: Dynamic Cos With 802.1X

    ACL, and DSCP). Once traffic is classified, you can use Quality of Service (QoS) traffic management to control the level of service for a class in terms of bandwidth and delivery time. For incoming traffic, the Dell Networking OS allows you to set a static priority value on a per-port basis or dynamically set a priority on a per-port basis by leveraging 802.1X.
  • Page 106 If multi-supplicant authentication mode is enabled on a port, you can configure a CoS mapping table for specified MAC addresses in the RADIUS server. Dell Networking OS then maintains a per-MAC CoS table for each port, and marks the priority of all traffic originating from a configured MAC address with the corresponding table value.
  • Page 107: Access Control Lists (Acls)

    Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol [TCP], or user datagram protocol [UDP] packets) and an action to take (permit or deny).
  • Page 108: Ip Access Control Lists (Acls)

    When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands.
  • Page 109: Cam Usage

    The status column indicates whether you can enable the policy. Example of the Command test cam-usage Dell#test cam-usage service-policy input asd stack-unit 1 port-set 0 Stack-unit|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status -------------------------------------------------------------------------- IPv4Flow|...
  • Page 110 In cases where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules. The order can range from 0 to 254. Dell Networking OS writes to the CAM ACL rules with lower-order numbers (order numbers closer to 0) before rules with higher-order numbers so that packets are matched as you intended.
  • Page 111: Configure Acl Range Profiles

    Configure ACL Range Profiles Dell Networking OS allows L3 ACLs to configure range of L4 source and destination ports using the operators and range of ports. This results in multiple ACL entries that use more space in the forwarding table. Staring from Dell Networking OS 9.11(0.0), you can configure the range of L4 source and destination ports as part of L3 ACLs, which results in only one ACL entry.
  • Page 112: Configuration Task List For Route Maps

    You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found.
  • Page 113 When there are multiple match commands with the same parameter under one instance of route-map, Dell Networking OS does a match between all of those match commands. If there are multiple match commands with different parameters, Dell Networking OS does a match ONLY if there is a match among ALL the match commands.
  • Page 114: Configuring Match Routes

    In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement. If there is a match anywhere, the route is permitted.
  • Page 115: Configuring Set Conditions

    • Match next-hop routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip next-hop {access-list-name | prefix-list prefix-list-name} • Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 next-hop {access-list-name | prefix-list prefix-list-name} • Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip route-source {access-list-name | prefix-list prefix-list-name} •...
  • Page 116: Configure A Route Map For Route Redistribution

    Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins. The metric value is the most common attribute that is changed to properly redistribute other routes into a routing protocol.
  • Page 117: Configure A Route Map For Route Tagging

    For IP ACL, Dell Networking OS always applies implicit deny. You do not have to configure it. • For IP ACL, Dell Networking OS applies implicit permit for second and subsequent fragment just prior to the implicit deny. Access Control Lists (ACLs)
  • Page 118: Ip Fragments Acl Examples

    Example of Permitting All Packets from a Specified Host In this first example, TCP packets from host 10.1.1.1 with TCP destination port equal to 24 are permitted. All others are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24 Dell(conf-ext-nacl)#deny ip any any fragment Dell(conf-ext-nacl) Example of Permitting Only First Fragments and Non-Fragmented Packets from a Specified Host In the following example, the TCP packets that are first fragments or non-fragmented from host 10.1.1.1 with TCP destination port equal to...
  • Page 119: Configure A Standard Ip Acl

    To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
  • Page 120: Configuring A Standard Ip Acl Filter

    Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of five.
  • Page 121: Configure An Extended Ip Acl

    Dell(config-ext-nacl)# seq 25 permit tcp any eq 40 any eq 33 Dell(config-ext-nacl)# seq 30 permit tcp any eq 33 any eq 43 Dell(config-ext-nacl)# seq 35 permit tcp any range www 194 any eq 101 Dell(config-ext-nacl)# seq 40 permit udp any eq 434 any gt mobile-ip...
  • Page 122 45 permit icmp any any port-unreachable count seq 50 permit icmp any any source-quench count seq 55 permit icmp any any time-exceeded count Dell(config-ext-nacl)#show ip accounting access-list Extended Ingress IP access list icmp on TenGigabitEthernet 1/1/1/1 Total cam count 11...
  • Page 123 The example below shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 15 was configured before filter 5, but the show config command displays the filters in the correct order. Dell(config-ext-nacl)#seq 15 deny ip host 112.45.0.0 any log monitor 501 Dell(config-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any...
  • Page 124: Configuring Filters Without A Sequence Number

    Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
  • Page 125: Assign An Ip Acl To An Interface

    • L2 egress access list If a rule is simply appended, existing counters are not affected. Table 6. L2 and L3 Filtering on Switched Packets L2 ACL Behavior L3 ACL Behavior Decision on Targeted Traffic Deny Deny L3 ACL denies. Deny Permit L3 ACL permits.
  • Page 126: Counting Acl Hits

    To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface tengigabitethernet 1/1/1/1 Dell(conf-if-te1/1/1/1)#ip access-group abcd in Dell(conf-if-te1/1/1/1)#show config tengogabitethernet 1/1/1/1 no ip address...
  • Page 127: Configure Egress Acls

    Dell(config-ext-nacl)#end Dell#show ip accounting access-list Extended Ingress IP access list abcd on tengigabitethernet 1/1/1/1 seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.2 Configure Egress ACLs Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack —...
  • Page 128: Applying Egress Layer 3 Acls (Control-Plane)

    (permit or deny) to process routes. The filters are processed in sequence so that if a route prefix does not match the criterion in the first filter, the second filter (if configured) is applied. When the route prefix matches a filter, Dell Networking OS drops or forwards the packet based on the filter’s designated action.
  • Page 129: Implementation Information

    • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following commands.
  • Page 130 To delete a filter, use the no seq sequence-number command in PREFIX LIST mode.If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The Dell Networking OS assigns filters in multiples of five.
  • Page 131 Examples of the show ip prefix-list Command The following example shows the show ip prefix-list detail command. Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0) seq 6 deny 2.1.0.0/16 ge 23 (hit count: 0)
  • Page 132: Acl Resequencing

    10.0.0.0 Dell(conf-router_rip)#router ospf 34 Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode. CONFIGURATION mode router ospf • Apply a configured prefix list to incoming routes. You can specify an interface.
  • Page 133: Resequencing An Acl Or Prefix List

    10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
  • Page 134: Route Maps

    10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
  • Page 135: Behavior Of Flow-Based Monitoring

    The show monitor session session-id command has been enhanced to display the Type field in the output, which indicates whether a particular session is enabled for flow-monitoring. Example Output of the show Command Dell# show monitor session 1 SessID Source...
  • Page 136: Enabling Flow-Based Monitoring

    Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define access-list rules that include the keyword monitor. Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor. CONFIGURATION mode ip access-list...
  • Page 137: Sample Configuration

    To view which IP mirror-access-group is applied to an interface, use the show config command in INTERFACE mode, or use the show running-config command in EXEC mode. Sample Configuration Dell#configure terminal Dell(conf)#cam-acl l2acl 2 ipv4acl 4 ipv6acl 2 ipv4qos 0 l2qos 1 l2pt 0 ipmacacl 0 vman-qos 0 ipv4udfmirracl 4 Dell(conf)#end Dell(conf)#monitor session 65535 type erpm...
  • Page 138: Example Of Viewing Ip Mirror-Access-Group Applied To An Interface

    Example of viewing IP mirror–access–group applied to an Interface Dell(conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 no ip address ip mirror-access-group acl4 in shutdown Dell(conf-if-te-1/1/1/1)# Access Control Lists (ACLs)
  • Page 139: Bidirectional Forwarding Detection (Bfd)

    BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the route processor.
  • Page 140: Bfd Packet Format

    The poll and final bits are used during the handshake and in Demand mode (refer to Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Bidirectional Forwarding Detection (BFD)
  • Page 141: Bfd Sessions

    Authentication Type, An optional method for authenticating control packets. Authentication NOTE: Dell Networking OS does not currently support the BFD authentication function. Length, Authentication Data Two important parameters are calculated using the values contained in the control packet. Transmit Interval Transmit interval is the agreed-upon rate at which a system sends control packets.
  • Page 142: Bfd Three-Way Handshake

    Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up. State...
  • Page 143 Figure 12. BFD Three-Way Handshake State Changes Bidirectional Forwarding Detection (BFD)
  • Page 144: Session State Changes

    Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4.
  • Page 145: Configure Bfd For Physical Ports

    • Configure BFD for OSPFv3 • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol.
  • Page 146 Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 14. Establishing a BFD Session on Physical Ports Enter interface mode.
  • Page 147 2.2.2.2 on interface Te 1/1/4/1 (diag: 0) Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role (active). Dell Networking recommends maintaining the default values. To view session parameters, use the show bfd neighbors detail command.
  • Page 148: Configure Bfd For Static Routes

    Disabling and Re-Enabling BFD BFD is enabled on all interfaces by default, though sessions are not created unless explicitly configured. If you disable BFD, all of the sessions on that interface are placed in an Administratively Down state ( the first message example), and the remote systems are notified of the session state change (the second message example).
  • Page 149 When you establish a BFD session using the ip route bfd command, all the next-hop neighbors in the static route become part of the BFD session. Starting with Dell Networking OS release 9.11.0.0, you can enable BFD sessions on specific next-hop neighbors. You can specify the next-hop neighbors to be part of a BFD session by including them in a prefix-list.
  • Page 150 octet. By specifying the exactly number of bits in an IP address that belong to a prefix list, the prefix list can be used to aggregate addresses and perform some functions; for example, redistribution. You can use the following options to enable or disable the BFD session: •...
  • Page 151: Configure Bfd For Ospf

    Disabling BFD for Static Routes If you disable BFD, all static route BFD sessions are torn down. A final Admin Down packet is sent to all neighbors on the remote systems, and those neighbors change to the Down state. To disable BFD for static routes, use the following command. •...
  • Page 152 Establishing Sessions with OSPF Neighbors for the Default VRF BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 16.
  • Page 153 INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS...
  • Page 154 - BGP - CLI - ISIS - OSPF - OSPFv3 - Static Route (RTM) - MPLS - VRRP - Vxlan Tunnel LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 5.1.1.1 5.1.1.2 Po 30 * 6.1.1.1 6.1.1.2 Vl 30 * 7.1.1.1 7.1.1.2 Te 1/1/1/1 The following example shows the show bfd vrf neighbors command output showing the nondefault VRF.
  • Page 155 Number of packets sent to neighbor: 73 Number of state changes: 1 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 4 Dell# show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 10.1.3.2 Local MAC Addr: 00:01:e8:02:15:0e Remote Addr: 10.1.3.1...
  • Page 156: Configure Bfd For Ospfv3

    Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 6 Dell# Changing OSPF Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: desired tx interval, required min rx interval, detection multiplier, and system role.
  • Page 157 Enable BFD globally. Establish sessions with OSPFv3 neighbors. NOTE: BFD for OSPFv3 with ECMP is not supported. Related Configuration Tasks • Changing OSPFv3 Session Parameters • Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all OSPFv3 neighbors at once or with all neighbors out of a specific interface. Sessions are only established when the OSPFv3 adjacency is in the Full state.
  • Page 158: Configure Bfd For Is-Is

    Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state. Disabling BFD does not trigger a change in BFD clients;...
  • Page 159 Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 17. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands. •...
  • Page 160: Configure Bfd For Bgp

    Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.2 2.2.2.1 Te 2/1/1 Changing IS-IS Session Parameters BFD sessions are configured with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role.
  • Page 161 Prerequisites Before configuring BFD for BGP, you must first configure the following settings: Configure BGP on the routers that you want to interconnect, as described in Border Gateway Protocol IPv4 (BGPv4). Enable fast fall-over for BGP neighbors to reduce convergence time (the neighbor fall-over command), as described in Fast Fall-Over.
  • Page 162 BFD notifies BGP of any failure conditions that it detects on the link. Recovery actions are initiated by BGP. BFD for BGP is supported only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies.
  • Page 163 The BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the bfd all- neighbors command or configured for the peer group to which the neighbor belongs. • Disable a BFD for BGP session with a specified neighbor. ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable •...
  • Page 164 EXEC Privilege mode show ip bgp neighbors [ip-address] Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown...
  • Page 165 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 1/1/2/1 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active...
  • Page 166 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 1.1.1.2 00:38:12 2.2.2.2 04:32:26 3.3.3.2 00:38:12...
  • Page 167: Configure Bfd For Vrrp

    R2# show ip bgp neighbors 2.2.2.4 BGP neighbor is 2.2.2.4, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 Neighbor is using BGP peer-group mode BFD configuration Peer active in peer-group outbound optimization Configure BFD for VRRP When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM).
  • Page 168 Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 19. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. •...
  • Page 169 The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-te-1/1/1/1)#vrrp bfd all-neighbors Dell(conf-if-te-1/1/1/1)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.5.1...
  • Page 170: Configuring Protocol Liveness

    To disable all VRRP sessions on an interface, sessions for a particular VRRP group, or for a particular VRRP session on an interface, use the following commands. • Disable all VRRP sessions on an interface. INTERFACE mode no vrrp bfd all-neighbors •...
  • Page 171 00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Up for neighbor 2.2.2.2 on interface Te 4/24/1 (diag: 0) The following example shows hexadecimal output from the debug bfd packet command. RX packet dump: 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00:34:13 : Sent packet for session with neighbor 2.2.2.2 on Te 4/24/1 TX packet dump:...
  • Page 172: Border Gateway Protocol Ipv4 (Bgpv4)

    Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary function of the BGP is to exchange network reachability information with other BGP systems.
  • Page 173 IBGP provides routers inside the AS with the knowledge to reach routers external to the AS. EBGP routers exchange information with other EBGP routers as well as IBGP routers to maintain connectivity and accessibility. Figure 20. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network.
  • Page 174: Sessions And Peers

    Figure 21. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor.
  • Page 175: Route Reflectors

    State Description Idle BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. Connect In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not successful, BGP resets the ConnectRetry timer and transitions to the Active state when the timer expires.
  • Page 176: Bgp Attributes

    Figure 22. BGP Router Rules Router B receives an advertisement from Router A through eBGP. Because the route is learned through eBGP, Router B advertises it to all its iBGP peers: Routers C and D. Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D, an iBGP peer, and Router D has already learned it through iBGP from Router B.
  • Page 177 In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
  • Page 178: Weight

    In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
  • Page 179: Multi-Exit Discriminators (Meds)

    Figure 24. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria.
  • Page 180: Origin

    BGP. In Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
  • Page 181: As Path

    Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address...
  • Page 182: Implement Bgp With Dell Networking Os

    BGP. Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones.
  • Page 183: Ignore Router-Id In Best-Path Calculation

    Configure 4-byte AS numbers with the four-octet-support command. AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature. If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported.
  • Page 184 65526 and the AS number 65546 appears as 1.10. Dynamic AS Number Notation Application Dell Networking OS applies the ASN notation type change dynamically to the running-config statements. When you apply or change an notation, the type selected is reflected immediately in the running-configuration and the show commands (refer to the following two examples).
  • Page 185: As Number Migration

    Dell(conf-router_bgp)#sho conf router bgp 100 neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress.
  • Page 186: Bgp4 Management Information Base (Mib)

    • To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5.
  • Page 187: Configuration Information

    To enable the BGP process and begin exchanging information, assign an AS number and use commands in ROUTER BGP mode to configure a BGP neighbor. By default, BGP is disabled. By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare- med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled.
  • Page 188: Enabling Bgp

    Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer.
  • Page 189 NOTE: Use it only if you support 4-Byte AS numbers or if you support AS4 number representation. If you are supporting 4-Byte ASNs, enable this command. Disable 4-Byte support and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured.
  • Page 190 Active For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
  • Page 191: Configuring As4 Number Representations

    Connections established 0; dropped 0 Last reset never No active TCP connection Dell# The following example shows verifying the BGP configuration using the show running-config bgp command.. Dell#show running-config bgp router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24...
  • Page 192 • Enable ASPLAIN AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asplain NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot •...
  • Page 193: Configuring Peer Groups

    Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy.
  • Page 194 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
  • Page 195: Configuring Bgp Fast Fall-Over

    To verify that you enabled fast fall-over on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fall- over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors Border Gateway Protocol IPv4 (BGPv4)
  • Page 196 Local host: 200.200.200.200, Local port: 65519 Foreign host: 100.100.100.100, Foreign port: 179 Dell# To verify that fast fall-over is enabled on a peer-group, use the show ip bgp peer-group command (shown in bold). Dell#sh ip bgp peer-group Peer-group test fall-over enabled BGP version 4...
  • Page 197: Configuring Passive Peering

    If you enable passive peering for the peer group, the software does not send an OPEN message, but it responds to an OPEN message. When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor.
  • Page 198: Allowing An As Number To Appear In Its Own As Path

    • No Prepend: specifies that local AS values are not prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number.
  • Page 199: Enabling Graceful Restart

    Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB. If you configure your system to do so, Dell Networking OS can perform the following actions during a hot failover: •...
  • Page 200: Enabling Neighbor Graceful Restart

    This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide.
  • Page 201 If you assign an non-existent or empty AS-PATH ACL, the software allows all routes. Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode. Dell#show ip bgp paths Total 30655 Paths Address...
  • Page 202: Regular Expressions As Filters

    For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS. Regular...
  • Page 203: Redistributing Routes

    Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in Dell(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#ex...
  • Page 204: Enabling Additional Paths

    One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. In Dell Networking OS, you can assign a COMMUNITY attribute to BGP routers by using an IP community list. After you create an IP community list, you can apply routing decisions to all routers meeting the criteria in the IP community list.
  • Page 205: Configuring An Ip Extended Community List

    Example of the show ip community-lists Command To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20...
  • Page 206: Filtering Routes With Community Lists

    704:666 deny 705:666 deny 14551:666 Dell# Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group.
  • Page 207: Manipulating The Community Attribute

    In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. To send the COMMUNITY attribute to BGP neighbors, use the following command.
  • Page 208: Changing Med Attributes

    --More-- Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands. •...
  • Page 209: Configuring The Local System Or A Different System To Be The Next Hop For Bgp-Learned Routes

    • Change the LOCAL_PREF value. CONFIG-ROUTER-BGP mode bgp default local-preference value • value: the range is from 0 to 4294967295. The default is 100. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running- config bgp command in EXEC Privilege mode.
  • Page 210: Changing The Weight Attribute

    By default, the software allows one path to a destination. You can enable multipath to allow up to 64 parallel paths to a destination. not using multipath and add path simultaneously in a route reflector. NOTE: Dell Networking recommends To allow more than one path, use the following command. The show ip bgp network command includes multipath information for that network.
  • Page 211 You can create inbound and outbound policies. Each of the commands used for filtering has in and out parameters that you must apply. In Dell Networking OS, the order of preference varies depending on whether the attributes are applied for inbound updates or outbound updates.
  • Page 212: Filtering Bgp Routes Using Route Maps

    • If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes. For example, you could have the following filter as the last filter in your prefix list permit 0.0.0.0/0 le 32).
  • Page 213: Configuring Bgp Route Reflectors

    {ip-address | peer-group-name} route-reflector-client When you enable a route reflector, Dell Networking OS automatically enables route reflection to all clients. To disable route reflection between all clients in this reflector, use the no bgp client-to-client reflection command in CONFIGURATION ROUTER BGP mode.
  • Page 214: Aggregating Routes

    EXEC Privilege mode. Aggregating Routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active.
  • Page 215: Enabling Route Flap Dampening

    (a numeric value) for routes that flap. When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or is decayed.
  • Page 216 By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival. You can change the path selection method to non-deterministic, that is, paths are compared in the order in which they arrived (starting with the most recent).
  • Page 217: Changing Bgp Timers

    25069 780266 20 00:38:50 102759 Dell> To view which routes are dampened (non-active), use the show ip bgp dampened-routes command in EXEC Privilege mode. Changing BGP Timers To configure BGP timers, use either or both of the following commands. Timer values configured with the neighbor timers command override the timer values configured with the timers bgp command.
  • Page 218: Enabling Or Disabling Bgp Neighbors

    The example enables inbound soft reconfiguration for the neighbor 10.108.1.1. All updates received from this neighbor are stored unmodified, regardless of the inbound policy. When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell>router bgp 100 neighbor 10.108.1.1 remote-as 200 neighbor 10.108.1.1 soft-reconfiguration inbound Enabling or disabling BGP neighbors You can enable or disable all the configured BGP neighbors using the shutdown all command in ROUTER BGP mode.
  • Page 219 In ROUTER BGP mode, enter the following command: ROUTER BGP Mode shutdown all You can use the no shutdown all command in the ROUTER BGP mode to re-enable all the BGP interface. You can also enable or disable BGP neighbors corresponding to the IPv4 unicast or multicast groups and the IPv6 unicast groups. To enable or disable BGP neighbors corresponding to the IPv4 unicast groups: Enter the router bgp mode using the following command: CONFIGURATION Mode...
  • Page 220: Route Map Continue

    The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer-group. The default is IPv4 Unicast routes.
  • Page 221: Configure Ipv6 Nh Automatically For Ipv6 Prefix Advertised Over Ipv4 Neighbor

    If the peer has not been activated in any AFI/SAFI, the peer remains in Idle state. Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide.
  • Page 222: Storing Last And Bad Pdus

    Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued.
  • Page 223: Capturing Pdus

    To change the maximum buffer size, use the capture bgp-pdu max-buffer-size command. To view the captured PDUs, use the show capture bgp-pdu neighbor command. Dell#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 26 packet(s) captured using 680 bytes...
  • Page 224: Pdu Counters

    313511 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command. Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions.
  • Page 225 Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/1/2/1 R1(conf-if-te-1/1/2/1)#ip address 10.0.1.21/24 R1(conf-if-te-1/1/2/1)#no shutdown R1(conf-if-te-1/1/2/1)#show config interface TengigabitEthernet 1/1/2/1 ip address 10.0.1.21/24 no shutdown R1(conf-if-te-1/21/1)#int te 1/1/3/1 R1(conf-if-te-1/1/3/1)#ip address 10.0.3.31/24...
  • Page 226 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192 168 128 3 no shutdown Example of Enabling BGP (Router 2) R2# conf R2(conf)#int loop 0...
  • Page 227 interface TengigabitEthernet 1/1/4/1 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int te 3/21/1 R3(conf-if-te-3/21/1)#ip address 10.0.2.3/24 R3(conf-if-te-3/21/1)#no shutdown R3(conf-if-te-3/21/1)#show config interface TengigabitEthernet 3/21/1 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21/1)# R3(conf-if-te-3/21/1)#router bgp 100 R3(conf-router_bgp)#show config router bgp 100 R3(conf-router_bgp)#network 192.168.128.0/24 R3(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R3(conf-router_bgp)#neighbor 192.168.128.1 no shut R3(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R3(conf-router_bgp)#neighbor 192.168.128.2 remote 99...
  • Page 228 MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2;...
  • Page 229 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.1 99 140 136 2 0 (0) 00:11:24 1 192.168.128.3 100 138 140 2 0 (0) 00:18:31 1 Example of Enabling Peer Groups (Router 3) R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor AAA peer-group...
  • Page 230 Last read 00:00:45, last write 00:00:44 Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 updates 122 keepalives, 0 route refresh requests Sent 140 messages, 0 in queue Border Gateway Protocol IPv4 (BGPv4)
  • Page 231: Content Addressable Memory (Cam)

    Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies.
  • Page 232 To allocate the space for egress L2, IPV4, and IPV6 ACL, use the cam-acl-egress command. The total number of available FP blocks is 4. Allocate at least one group of L2ACL and IPV4 ACL. Dell(conf)#do show cam-acl-egress -- Chassis Egress Cam ACL --...
  • Page 233: Test Cam Usage

    The Status column in the command output indicates whether or not you can enable the policy. Example of the test cam-usage Command Dell#test cam-usage service-policy input test-cam-usage stack-unit 2 po 0 Stack-Unit| Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status ------------------------------------------------------------------------------------...
  • Page 234: View Cam Usage

    The following output shows CAM blocks usage for Layer 2 and Layer 3 ACLs and other processes that use CAM space: Starting from OS 9.11(2.0), ACL filters are optimized to support more than 200 egress ACL rules on the S6000, S6000–ON, S6100–ON, and Z9100–ON.
  • Page 235: Cam Optimization

    Syslog Error When the Table is Full In the Dell Networking OS, the table full condition is displayed as CAM full only for LPM. But now the LPM is split into two tables. There are two syslog errors that are displayed: /65 to /128 Table full.
  • Page 236: Syslog Warning Upon 90 Percent Utilization Of Cam

    Prefix Match — LPM]) into a single flexible resource. Dell Networking OS supports several UFT modes to extract the forwarding tables, as required. By default, Dell Networking OS initializes the table sizes to UFT mode 2 profile, since it provides a reasonable shared memory for all the tables.
  • Page 237 Dell# Display the hardware forwarding table mode in the current boot and in the next boot. EXEC Privilege show hardware forwarding-table mode Dell#show hardware forwarding-table mode Current Settings Next Boot Settings Mode Default scaled-l3-hosts L2 MAC Entries L3 Host Entries...
  • Page 238: Control Plane Policing (Copp)

    Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
  • Page 239: Configure Control Plane Policing

    Figure 29. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 8500 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied. This happens because queue-based rate limiting is applied first.
  • Page 240: Configuring Copp For Protocols

    CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service-policies for CoPP. For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) Quality of Service...
  • Page 241 Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit The following example shows creating the QoS input policy. Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos...
  • Page 242: Configuring Copp For Cpu Queues

    Examples of Configuring CoPP for CPU Queues The following example shows creating the QoS policy. Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit The following example shows assigning the QoS policy to the queues.
  • Page 243: Protocol To Cpu Queue Mapping

    The following example shows creating the control plane service policy. Dell#conf Dell(conf)#control-plane Dell(conf-control-plane)#service-policy rate-limit-cpu-queues cpuq_rate_policy Protocol to CPU Queue Mapping CoPP enables you to rate-limit control-plane packets that are destined to the CPU there by, preventing undesired or malicious traffic from entering the CPU queues.
  • Page 244: Displaying Copp Configuration

    Other show commands display statistical information for trouble shooting CoPP operation. To view the rates for each queue, use the show cpu-queue rate cp command. Viewing Queue Rates Example of Viewing Queue Rates Dell#show cpu-queue rate cp Service-Queue Rate (PPS) Burst (Packets)
  • Page 245 TCP (TELNET) VRRP Dell# To view the queue mapping for the MAC protocols, use the show mac protocol-queue-mapping command. Example of Viewing Queue Mapping for MAC Protocols Dell# show mac protocol-queue-mapping Protocol Destination Mac EtherType Queue EgPort Rate (kbps) -------- ---------------...
  • Page 246: Data Center Bridging (Dcb)

    Data Center Bridging (DCB) Data center bridging (DCB) refers to a set of enhancements to Ethernet local area networks used in data center environments, particularly with clustering and storage area networks. Topics: • Ethernet Enhancements in Data Center Bridging • Enabling Data Center Bridging •...
  • Page 247: Priority-Based Flow Control

    Fibre Channel traffic, and a separate InfiniBand network for high-performance inter-processor computing within server clusters, only one DCB-enabled network is required in a data center. The Dell Networking switches that support a unified fabric and consolidate multiple network infrastructures use a single input/output (I/O) device called a converged network adapter (CNA).
  • Page 248: Enhanced Transmission Selection

    • iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface. However, only lossless queues are supported on an interface: one for Fibre Channel over Ethernet (FCoE) converged traffic and one for Internet Small Computer System Interface (iSCSI) storage traffic.
  • Page 249: Data Center Bridging Exchange Protocol (Dcbx)

    Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: •...
  • Page 250: Data Center Bridging In A Traffic Flow

    To enable DCB, enable either the iSCSI optimization configuration or the FCoE configuration. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For more information, refer to Ethernet Pause Frames.
  • Page 251: Dcb Maps And Its Attributes

    DCB Maps and its Attributes This topic contains the following sections that describe how to configure a DCB map, apply the configured DCB map to a port, configure PFC without a DCB map, and configure lossless queues. DCB Map: Configuration Procedure A DCB map consists of PFC and ETS parameters.
  • Page 252: Configuring Priority-Based Flow Control

    5, 6, and 7. Dell Networking OS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBx starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE, and CIN versions of PFC Type, Length, Value (TLV) are supported. DCBx also validates PFC configurations that are received in TLVs from peer devices.
  • Page 253: Configuring Lossless Queues

    NOTE: You cannot enable PFC and link-level flow control at the same time on an interface. Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off. Prerequisite: A DCB with PFC configuration is applied to the interface with the following conditions: •...
  • Page 254: Configuring Pfc In A Dcb Map

    NOTE: Dell Networking OS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues is supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message displays.
  • Page 255: Pfc Prerequisites And Restrictions

    In a switch stack, configure all stacked ports with the same PFC configuration. • Dell Networking OS allows you to change the default dot1p priority-queue assignments only if the change satisfies the following requirements in DCB maps already applied to the interfaces: •...
  • Page 256: Configuring Pfc Without A Dcb Map

    Step Task Command Command Mode Dell# interface tengigabitEthernet 1/1/1 Dell(config-if-te-1/1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port. You cannot apply a DCB map on an interface that has been already configured for PFC using thepfc priority command or which is already configured for lossless queues (pfc no-drop queues command).
  • Page 257: Buffer Sizes For Lossless Or Pfc Packets

    To address this issue, Dell Networking OS enables you to configure the shared headroom buffer for the entire device. Each PG can utilize up to the peak headroom configured per PG as part of the buffer threshold profile. The traditional threshold for any inflight or bursty traffic is set per ingress port and per PG.
  • Page 258: Example Scenario

    Each PG can use the shared headroom pool only up to its PG headroom limit. The shared headroom feature provides the capability to share the headroom buffer between all the ingress ports or PGs. It also provides ways to learn statistical data on shared buffer usage, thereby, reducing the overall headroom buffer allocation.
  • Page 259: Configuring Shared Head Room Buffer

    Table 18. Buffer usage statistics when shared headroom is used Parameter Description PFC Shared buffer size 208 KB Buffer-size parameter of dcb-buffer-threshold per 18KB lossless queue Pause-threshold parameter of dcb-buffer-threshold 18KB per lossless queue Average Headroom value reserved per lossless 35KB [Considering 76KB as worst case value] queue Total Headroom buffer to be configured in Shared...
  • Page 260: Monitoring Buffer Statistics For Tracking Purposes

    NOTE: The detail option display the current headroom pool usage in each of the Pipelines in the device. Dell#show hardware buffer headroom-pool buffer-info ------Buffer Details for Stack-Unit 1 portpipe 0 ------ ----------------------------------------------------------------- Headroom-Pool Configured Buffer(KB) Used Buffer(KB) ----------------------------------------------------------------- Dell# Monitoring Buffer Statistics for Tracking Purposes Using the buffer statistics tracking feature, you can monitor the peak buffer usage of the head room pool over a specific period of time.
  • Page 261: Snmp Support For Pfc And Buffer Statistics Tracking

    DSCP and provide PFC treatment. Dell Networking OS Releases 9.3(0.0) and earlier provide CLI support to specify the priorities for which PFC is enabled on each port. This feature is applicable only for the tagged packets based on the incoming packet Dot1p and Dot1p based queue classification. This document will discuss the configurations required to support PFC for untagged packets based on incoming packet DSCP.
  • Page 262: Configuration Example For Dscp And Pfc Priorities

    0-5,10-15 class-map match-any dscp-pfc-2 match ip dscp 20-25,30-35 Associate above class-maps to Queues Queue assignment as below. Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 Queue : 1 Dot1p->Queue Mapping Configuration is retained at the default value.
  • Page 263: Configure Enhanced Transmission Selection

    Configure Enhanced Transmission Selection ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.1p priority class to configure different treatment for traffic with different bandwidth, latency, and best-effort needs.
  • Page 264: Ets Operation With Dcbx

    5, 6, and 7. Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same priority group.
  • Page 265 • Dell Networking OS supports hierarchical scheduling on an interface. The control traffic on Dell Networking OS is redirected to control queues as higher priority traffic with strict priority scheduling. After the control queues drain out, the remaining data traffic is scheduled to queues according to the bandwidth and scheduler configuration in the DCB map.
  • Page 266: Hierarchical Scheduling In Ets Output Policies

    • If you configure more than one priority group as strict priority, the higher numbered priority queue is given preference when scheduling data traffic. Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, you can apply ETS output policies with the following configurations: Priority group 1 Assigns traffic to one priority queue with 20% of the link bandwidth and strict-priority scheduling.
  • Page 267: Dcbx Operation

    DCBx is a prerequisite for using DCB features, such as priority-based flow control (PFC) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic.
  • Page 268: Dcb Configuration Exchange

    On a DCBx port in a manual role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. When making a configuration change to a DCBx port in a Manual role, Dell Networking recommends shutting down the interface using the shutdown command, change the configuration, then re-activate the interface using the no shutdown command.
  • Page 269: Configuration Source Election

    Asymmetric DCB parameters are exchanged between a DCBx-enabled port and a peer port without requiring that a peer port and the local port use the same configured values for the configurations to be compatible. For example, ETS uses an asymmetric exchange of parameters between DCBx peers. Symmetric DCB parameters are exchanged between a DCBx-enabled port and a peer port but requires that each configured parameter value be the same for the configurations in order to be compatible.
  • Page 270: Auto-Detection And Manual Configuration Of The Dcbx Version

    Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection mode (the DCBx version auto command), a DCBx port automatically detects the DCBx version on a peer port. Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2.5 DCBx. A DCBx port detects a peer version after receiving a valid frame for that version.
  • Page 271: Dcbx Prerequisites And Restrictions

    Figure 33. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mode (the protocol lldp mode command; refer to the example in in the chapter).
  • Page 272 [no] DCBx version {auto | cee | cin | ieee-v2.5} • cee: configures the port to use CEE (Intel 1.01). • cin: configures the port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5: configures the port to use IEEE 802.1Qaz (Draft 2.5). The default is Auto.
  • Page 273 Configuring DCBx Globally on the Switch To globally configure the DCBx operation on a switch, follow these steps. Enter Global Configuration mode. EXEC PRIVILEGE mode configure Enter LLDP Configuration mode to enable DCBx operation. CONFIGURATION mode [no] protocol lldp Configure the DCBx version used on all interfaces not already configured to exchange DCB information. PROTOCOL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.5} •...
  • Page 274 Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF.
  • Page 275: Verifying The Dcb Configuration

    PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# show interfaces tengigabitethernet 1/1/1/4 pfc summary Interface TenGigabitEthernet 1/1/1/4 Data Center Bridging (DCB)
  • Page 276 Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Remote FCOE PriorityMap is 0x8 Dell# show interfaces tengigabitethernet 1/1/1/4 pfc detail Interface TenGigabitEthernet 1/1/1/4 Admin mode is on Admin is enabled Remote is enabled...
  • Page 277 Number of PFC pause frames transmitted. PFC TLV Statistics: Pause Rx pkts Number of PFC pause frames received The following example shows the show interface pfc statistics command. Dell#show interface hundredGigE 1/1/1 pfc statistics Interface hundredGigE 1/1/1 Interface Priority Rx XOFF Frames...
  • Page 278 The following example shows the show interface ets summary command. Dell(conf)#do show interfaces te 1/1/1 ets summary Interface TenGigabitEthernet 1/1/1 Max Supported TC is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled...
  • Page 279 Priority# Bandwidth TSA Remote Parameters: ------------------- Remote is disabled Local Parameters : ------------------ Local is enabled TC-grp Priority# Bandwidth 0,1,2,3,4,5,6,7 100% Priority# Bandwidth Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class TLV Pkts The following table describes the show interface ets detail command fields.
  • Page 280 ETS TLV Statistic: Error Conf TLV pkts Number of ETS Error Configuration TLVs received. The following example shows the show interface DCBx detail command (IEEE). Dell(conf-if-te-1/1/1/1-lldp)#do sho int te 1/1/1/2 dc d E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled...
  • Page 281 ----------------------------------------------------------------------- Interface TenGigabitEthernet 1/1/4/1 Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Auto-Upstream DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx Compatibility mode is CEE Local DCBx Configured mode is CEE Peer Operating version is CEE Local DCBx TLVs Transmitted: ErPFi Local DCBx Status ----------------- DCBx Operational Version is 0...
  • Page 282: Qos Dot1P Traffic Classification And Queue Assignment

    NOTE: Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS. However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces. If you use L2 class maps to map dot1p priority traffic to egress queues, take into...
  • Page 283: Sample Dcb Configuration

    dcb enable Configure the shared PFC buffer size and the total buffer size. A maximum of 4 lossless queues are supported. CONFIGURATION mode dcb pfc-shared-buffer-size value dcb pfc-total-buffer-size value The buffer size range is from 0 to 3399. Default is 3088. Configure the number of PFC queues.
  • Page 284 Figure 34. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
  • Page 285: Pfc And Ets Configuration Command Examples

    PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic. Enabling DCB Dell(conf)#dcb enable Configure DCB map and enable PFC, and ETS Apply DCB map to relevant interface dcb-map test...
  • Page 286: Dynamic Host Configuration Protocol (Dhcp)

    Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the network and it reclaims IP addresses that are no longer in use to prevent address exhaustion.
  • Page 287 The following table lists common DHCP options. Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Option 6 Server Specifies the domain name servers (DNSs) that are available to the client.
  • Page 288: Assign An Ip Address Using Dhcp

    Option Number and Description User Port Stacking Option 230 Set the stacking option variable to provide DHCP server stack-port detail when the DHCP offer is set. Option 255 Signals the last option in the DHCP packet. Assign an IP Address using DHCP The following section describes DHCP and the client in a network.
  • Page 289: Implementation Information

    ACLs to an interface which has IP source address validation. If you configure IP source address validation on a member port of a virtual local area network (VLAN) and then to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message.
  • Page 290: Configuring The Server For Automatic Address Allocation

    After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address. This validation is a default behavior and is separate from IP+MAC source address validation.
  • Page 291: Specifying A Default Gateway

    DHCP <POOL> default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses.
  • Page 292: Using Netbios Wins For Address Resolution

    NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host Create an address pool.
  • Page 293: Using Dhcp Clear Commands

    Layer 3 mode and pre-configured with no shutdown and no ip address. For this reason, you cannot enter configuration commands to set up the switch. To interrupt a BMP process, prevent a loop from occurring, and apply the Dell Networking OS image and startup configuration stored in the local flash, enter the stop bmp command from the console.
  • Page 294: Ip Address Dhcp

    To configure a secondary (backup) IP address on an interface, use the ip address command at the INTERFACE configuration level. Use the no ip address dhcp command to: • Release the IP address dynamically acquired from a DHCP server from the interface. •...
  • Page 295: Dhcp Client On A Management Interface

    DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as the following describes. Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. It periodically synchronizes the lease file with the standby unit.
  • Page 296: Configure The System For User Port Stacking (Option 230)

    DHCP Snooping A DHCP client can run on a switch simultaneously with the DHCP snooping feature as follows: • If you enable DHCP snooping globally on a switch and you enable a DHCP client on an interface, the trust port, source MAC address, and snooping table validations are not performed on the interface by DHCP snooping for packets destined to the DHCP client daemon.
  • Page 297: Option 82

    • Source Address Validation Option 82 RFC 3046 (the relay agent information option, or Option 82) is used for class-based IP address assignment. The code for the relay agent information option is 82, and is comprised of two sub-options, circuit ID and remote ID. Circuit ID This is the interface on which the client-originated message is received.
  • Page 298: Enabling Dhcp Snooping

    DHCP snooping is supported on Layer 2 and Layer 3 traffic. DHCP snooping on Layer 2 interfaces does require a relay agent. Binding table entries are deleted when a lease expires or when the relay agent encounters a DHCPRELEASE. Line cards maintain a list of snooped VLANs.
  • Page 299 Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command.
  • Page 300: Drop Dhcp Packets On Snooped Vlans Only

    Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address...
  • Page 301: Dynamic Arp Inspection

    To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic...
  • Page 302: Configuring Dynamic Arp Inspection

    Validate ARP frames against the DHCP snooping binding table. INTERFACE VLAN mode arp inspection Examples of Viewing the ARP Information To view entries in the ARP database, use the show arp inspection database command. Dell#show arp inspection database Protocol Address Age(min) Hardware Address Interface VLAN...
  • Page 303: Source Address Validation

    Dynamic ARP inspection is supported on Layer 2 and Layer 3. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 25. Three Types of Source Address Validation Source Address Validation...
  • Page 304: Dhcp Mac Source Address Validation

    INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address- validation [interface] command in EXEC Privilege mode.
  • Page 305: Viewing The Number Of Sav Dropped Packets

    Dell>clear ip dhcp snooping source-address-validation discard-counters To clear the number of SAV dropped packets on a particular interface, use the clear ip dhcp snooping source-address- validation discard-counters interface interface command. Dell>clear ip dhcp snooping source-address-validation discard-counters interface TenGigabitEthernet 1/1/1/1 Dynamic Host Configuration Protocol (DHCP)
  • Page 306: Equal Cost Multi-Path (Ecmp)

    This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops. Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same.
  • Page 307: Managing Ecmp Group Paths

    These two ecmp-groups are not related in any way. Example of Viewing Link Bundle Monitoring Dell# show link-bundle-distribution ecmp-group 1 Link-bundle trigger threshold - 60 ECMP bundle - 1 Utilization[In Percent] - 44 Alarm State - Active...
  • Page 308: Modifying The Ecmp Group Threshold

    You can configure ecmp-group with id 2 for link bundle monitoring. This ecmp-group is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Dell(conf-ecmp-group-5)#show config ecmp-group 5...
  • Page 309: Support For Ecmp In Host Table

    Dell Networking OS releases earlier than Release 9.3(0.1) stores IPv6 /128 entries in Host table since it cannot be written in LPM table, and IPv4 0/32 route entries are written in LPM table itself to support the ECMP since ECMP was not supported in Host table. On the system, unified forwarding table (UFT) is enabled, and the host table size is bigger compared to the LPM.
  • Page 310: Flow-Based Hashing For Ecmp

    The second portion comes from static physical configuration such as ingress and egress port numbers. • RTAG7 hashing also provides options to select between multiple hash algorithms that would result in balanced traffic distribution for various traffic patterns. Dell(conf)#hash-algorithm ecmp ? crc16 CRC16_BISYNC - 16 bit CRC16-bisync polynomial crc16cc...
  • Page 311 Polarization Multipath routing is a method that is often used to address data forwarding issues during network failures so that the network traffic reaches its desired destination. Multipath routing in IP networks is typically implemented using Equal-Cost Multipath (ECMP) routing, which employs load balancing algorithms to distribute the traffic over multiple paths towards its destination.
  • Page 312 CRC16_BISYNC_AND_XOR8 - Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor8 xor16 CR16 - 16 bit XOR] Example to view show hash-algorithm: Dell(conf)#hash-algorithm ecmp flow-based-hashing crc16 Dell(conf)#end Dell#show hash-algorithm Hash-Algorithm linecard 0 Port-Set 0 Seed 185270328 Hg-Seed 185282673...
  • Page 313 Figure 38. After Polarization Effect Traffic flow after enabling flow-based hashing When the flow-based hashing is enabled at all the nodes in the multi-tier network, traffic distribution is balanced at all tiers of the network nullifying the polarization effect. Traffic occurs by the randomness for the flow-based hashing algorithm across multiple nodes in a given network.
  • Page 314: Fip Snooping

    FIP Snooping The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a switch stack. Topics: •...
  • Page 315 FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the FCF. FIP uses its own EtherType and frame format. The following illustration shows the communication that occurs between an ENode server and an FCoE switch (FCF).
  • Page 316: Fip Snooping On Ethernet Bridges

    FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB).
  • Page 317 Figure 40. FIP Snooping on a Dell Networking Switch The following sections describe how to configure the FIP snooping feature on a switch: • Allocate CAM resources for FCoE. • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis.
  • Page 318: Using Fip Snooping

    Example. Statistical information is available for FIP Snooping-related information. For available commands, refer to the FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure FIP snooping on a switch, ensure that certain conditions are met.
  • Page 319: Enabling The Fcoe Transit Feature

    You must apply the CAM-ACL space for the FCoE region before enabling the FIP-Snooping feature. If you do not apply CAM-ACL space, the following error message is displayed: Dell(conf)#feature fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe.
  • Page 320: Enable Fip Snooping On Vlans

    configurations are synchronized. By default, all FCoE and FIP frames are dropped unless specifically permitted by existing FIP snooping- generated ACLs. You can reconfigure any of the FIP snooping settings. If you disable FCoE transit, FIP and FCoE traffic are handled as normal Ethernet frames and no FIP snooping ACLs are generated. The VLAN-specific and FIP snooping configuration is disabled and stored until you re-enable FCoE transit and the configurations are re-applied.
  • Page 321: Impact On Other Software Features

    Impact on Other Software Features When you enable FIP snooping on a switch, other software features are impacted. The following table lists the impact of FIP snooping. Table 27. Impact of Enabling FIP Snooping Impact Description MAC address learning MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping on server-facing ports in ENode mode.
  • Page 322: Displaying Fip Snooping Information

    Displays information on the FCoE VLANs on which FIP snooping is enabled. Examples of the show fip-snooping Commands The following example shows the show fip-snooping sessions command. Dell#show fip-snooping sessions Enode MAC Enode Intf FCF MAC FCF Intf...
  • Page 323 Worldwide port name of the CNA port. Port WWNN Worldwide node name of the CNA port. The following example shows the show fip-snooping config command. Dell# show fip-snooping config FIP Snooping Feature enabled Status: Enabled FIP Snooping Global enabled Status: Enabled Global FC-MAP Value: 0X0EFC00...
  • Page 324 FC-ID Fibre Channel session ID assigned by the FCF. The following example shows the show fip-snooping statistics interface vlan command (VLAN and port). Dell# show fip-snooping statistics interface vlan 100 Number of Vlan Requests Number of Vlan Notifications Number of Multicast Discovery Solicits...
  • Page 325 Number of VN Port Session Timeouts Number of Session failures due to Hardware Config :0 The following example shows the show fip-snooping statistics port-channel command. Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests Number of Vlan Notifications...
  • Page 326 Number of Session failures due to Hardware Config Number of session failures due to hardware configuration that occurred on the interface. The following example shows the show fip-snooping system command. Dell# show fip-snooping system Global Mode : Enabled FCOE VLAN List (Operational) : 1, 100...
  • Page 327: Fcoe Transit Configuration Example

    Example of Enabling the FIP Snooping Feature on the Switch (FIP Snooping Bridge) Dell(conf)# feature fip-snooping Example of Enabling FIP Snooping on the FCoE VLAN Dell(conf)# interface vlan 10 Dell(conf-if-vl-10)# fip-snooping enable Example of Enabling an FC-MAP Value on a VLAN...
  • Page 328 Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 1/1/1/1 Dell(conf-if-te-1/1/1/1)# portmode hybrid Dell(conf-if-te-1/1/1/1)# switchport Dell(conf-if-te-1/1/1/1)# protocol lldp Dell(conf-if-te-1/1/1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for bridge-ENode links. Example of Configuring the FCF-Facing Port Dell(conf)# interface tengigabitethernet 1/1/5/1...
  • Page 329: Flex Hash And Optimized Boot-Up

    RTAG7 hash computation. You must specify the offset of hash fields from the start of the L4 header, which contains a flow identification field. In Dell Networking OS Release 9.3(0.0), you can enable bins 2 and 3 by using the load-balance ingress-port enable command in Global Configuration mode. To configure the flex hash functionality, you must enable these bins.
  • Page 330: Configuring Fast Boot And Lacp Fast Switchover

    Enabled When device running Dell Networking OS earlier than Release 9.3(0.0) is reloaded, the CPU and other components on the board are reset at the same time. Therefore, the control plane and the forwarding plane are impacted immediately. After the system boots up and re-...
  • Page 331: Guidelines For Configuring Optimized Booting Mechanism

    Fast boot is supported only when you perform an expected, stipulated reload by using the reload-type normal-reload command in Global Configuration mode or by using the reset command in uBoot mode on a switch that is running Dell Networking OS Release 9.3(0.0) or later, or when you perform a planned upgrade (and not an abrupt or unexpected shutdown) from an older release of Dell Networking OS to Release 9.3(0.0) or later.
  • Page 332: Interoperation Of Applications With Fast Boot And System States

    • The system saves all the dynamic ND cache entries to a database on the flash card. After the system comes back online, and the Dell Networking OS image is loaded and the corresponding software applications on the system are also activated, the following processes specific to IPv6 are performed: •...
  • Page 333: Bgp Graceful Restart

    BGP Graceful Restart When the system contains one or more BGP peerings configured for BGP graceful restart, fast boot performs the following actions: • A closure of the TCP sessions is performed on all sockets corresponding to BGP sessions on which Graceful Restart has been negotiated.
  • Page 334: Changes To Bgp Multipath

    Delayed Installation of ECMP Routes Into BGP The current FIB component of Dell Networking OS has some inherent inefficiencies when handling a large number of ECMP routes (i.e., routes with multiple equal-cost next hops). To circumvent this for the configuration of fast boot, changes are made in BGP to delay the installation of ECMP routes.
  • Page 335: Preserving 802.1Q Vlan Tag Value For Lite Subinterfaces

    enabled, the packets comprise TCP and UDP packets and they can be marked with DSCP code points. Multicast is not supported in that network. RRoCE packets are received and transmitted on specific interfaces called lite-subinterfaces. These interfaces are similar to the normal Layer 3 physical interfaces except for the extra provisioning that they offer to enable the VLAN ID for encapsulation.
  • Page 336: Force10 Resilient Ring Protocol (Frrp)

    Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) and may require 4 to 5 seconds to reconverge.
  • Page 337: Ring Status

    The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node. Ring Status The ring failure notification and the ring status checks provide two ways to ensure the ring remains up and active in the event of a switch or port failure.
  • Page 338: Important Frrp Points

    Member VLAN Spanning Two Rings Connected by One Switch A member VLAN can span two rings interconnected by a common switch, in a figure-eight style topology. A switch can act as a Master node for one FRRP group and a Transit for another FRRP group, or it can be a Transit node for both rings. In the following example, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring.
  • Page 339: Important Frrp Concepts

    • One Master node per ring — all other nodes are Transit. • Each node has two member interfaces — primary and secondary. • There is no limit to the number of nodes on a ring. • Master node ring port states — blocking, pre-forwarding, forwarding, and disabled. •...
  • Page 340: Implementing Frrp

    FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
  • Page 341: Configuring The Control Vlan

    Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer Be sure to follow these guidelines: •...
  • Page 342: Configuring And Adding The Member Vlans

    Identify the Member VLANs for this FRRP group. CONFIG-FRRP mode. member-vlan vlan-id {range} VLAN-ID, Range: VLAN IDs for the ring’s member VLANS. Enable FRRP. CONFIG-FRRP mode. no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands.
  • Page 343: Setting The Frrp Timers

    • For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the stack/slot/port information. VLAN ID: Identification number of the Control VLAN. Configure a Transit node. CONFIG-FRRP mode. mode transit Identify the Member VLANs for this FRRP group. CONFIG-FRRP mode. member-vlan vlan-id {range} VLAN-ID, Range: VLAN IDs for the ring’s Member VLANs.
  • Page 344: Viewing The Frrp Information

    CONFIG-FRRP mode. show configuration Viewing the FRRP Information To view general FRRP information, use one of the following commands. • Show the information for the identified FRRP group. EXEC or EXEC PRIVELEGED mode. show frrp ring-id Ring ID: the range is from 1 to 255. •...
  • Page 345 interface Vlan 201 no ip address tagged TenGigabitEthernet 1/1/1/1, 1/1/1/2 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 1/1/1/1 secondary TenGigabitEthernet 1/1/1/2 control-vlan 101 member-vlan 201 mode master no disable Example of R2 TRANSIT interface TenGigabitEthernet 1/1/2/1 no ip address switchport no shutdown interface TenGigabitEthernet 1/1/2/2...
  • Page 346: Frrp Support On Vlt

    mode transit no disable FRRP Support on VLT Using FRRP rings, you can inter-connect VLT domains across data centers. These FRRP rings make use of Layer2 VLANs that spawn across Data Centers and provide resiliency by detecting node or link level failures. You can configure a simple FRRP ring that connects a VLT device in one data center to a VLT devices in two or more Data Centers.
  • Page 347: Important Points To Remember

    and the FRRP ring itself. In addition to the control VLAN, multiple member VLANS are configured (for example, M1 through M10) that carry the data traffic across the FRRP rings. The secondary port P1 is tagged to the control VLAN (V1). VLTi is implicitly tagged to the member VLANs when these VLANs are configured in the VLT peer.
  • Page 348 • Dell Networking OS does not support coexistence of xSTP and FRRP configurations. Meaning, if there is any active FRRP ring in the system, then you cannot enable xSTP in the system globally or at the interface level. Similarly, if xSTP is enabled, then you cannot configure FRRP in the system.
  • Page 349: Garp Vlan Registration Protocol (Gvrp)

    Dynamic VLANs are aged out after the LeaveAll timer expires three times without receipt of a Join message. To display status, use the show gvrp statistics {interface interface | summary} command. Dell(conf)#protocol spanning-tree pvst Dell(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST.
  • Page 350: Configure Gvrp

    Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, GVRP is configured on VLAN trunk ports.
  • Page 351: Enabling Gvrp Globally

    To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command.
  • Page 352: Configure A Garp Timer

    GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The Dell Networking OS default is 10000ms.
  • Page 353: Internet Group Management Protocol (Igmp)

    IGMP Implementation Information • Dell Networking Operating System (OS) supports IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet.
  • Page 354: Leaving A Multicast Group

    leaves a multicast group by sending an IGMP message to its IGMP Querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table. IGMP messages are encapsulated in IP packets, as shown in the following illustration. Figure 46.
  • Page 355: Igmp Version 3

    Any remaining hosts respond to the query according to the delay timer mechanism (refer to Adjusting Query and Response Timers). If no hosts respond (because there are none remaining in the group), the querier waits a specified period and sends another query. If it still receives no response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet.
  • Page 356 Figure 48. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
  • Page 357 Figure 49. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
  • Page 358: Configure Igmp

    Figure 50. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. Enable multicast routing using the ip multicast-routing command. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Version •...
  • Page 359: Viewing Igmp Enabled Interfaces

    Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
  • Page 360: Adjusting Timers

    EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell#show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires Last Reporter 225.1.1.1 TenGigabitEthernet 1/1/1/1 IGMPV2...
  • Page 361: Enabling Igmp Immediate-Leave

    If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end-point VLANs only.
  • Page 362: Removing A Group-Port Association

    • Specifying a Port as Connected to a Multicast Router • Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell(conf)#ip igmp snooping enable Dell(conf)#do show running-config igmp ip igmp snooping enable Dell(conf)# Removing a Group-Port Association To configure or view the remove a group-port association feature, use the following commands.
  • Page 363: Configuring The Switch As Querier

    Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
  • Page 364: Egress Interface Selection (Eis) For Http And Igmp Applications

    Egress Interface Selection (EIS) for HTTP and IGMP Applications You can use the Egress Interface Selection (EIS) feature to isolate the management and front-end port domains for HTTP and IGMP traffic. Also, EIS enables you to configure the responses to switch-destined traffic by using the management port IP address as the source IP address.
  • Page 365: Enabling And Disabling Management Egress Interface Selection

    Application Name Port Number Client Server 20/21 Supported Supported Syslog Supported Telnet Supported Supported TFTP Supported Radius 1812,1813 Supported Tacacs Supported HTTP 80 for httpd Supported 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application If you configure a source interface is for any EIS management application, EIS might not coexist with that interface and the behavior is undefined in such a case.
  • Page 366: Handling Of Management Route Configuration

    • For management applications, route lookup is preferentially done in the management EIS routing table for all traffic. management port is the preferred egress port. For example, if SSH is a management application, an SSH session to a front-panel port IP on the peer box is initiated via management port only, if the management port is UP and management route is available.
  • Page 367: Handling Of Switch-Destined Traffic

    • To ensure that protocol separation is done only for switch initiated traffic where the application acts as client, only the destination TCP/UDP port is compared and not the source TCP/UDP port. The source TCP/UDP port becomes a known port number when the box acts as server.
  • Page 368: Handling Of Transit Traffic (Traffic Separation)

    EIS routing table fails, ip2 is the source IP and the front-panel port is used to reach the destination. The fallback route between the management and data networks is used in such a case. At any given time, end users can access Dell Networking OS applications using either ip1 or ip2.
  • Page 369: Behavior Of Various Applications For Switch-Initiated Traffic

    This phenomenon occurs where traffic is transiting the switch. Traffic has not originated from the switch and is not terminating on the switch. • Drop the packets that are received on the front-end data port with destination on the management port. •...
  • Page 370: Behavior Of Various Applications For Switch-Destined Traffic

    Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled Snmp (SNMP Mib response and SNMP EIS Behavior Default Behavior Traps) EIS Behavior Default Behavior syslog EIS Behavior Default Behavior tacacs EIS Behavior Default Behavior telnet EIS Behavior Default Behavior tftp EIS Behavior Default Behavior...
  • Page 371: Interworking Of Eis With Various Applications

    To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address. All IGMP control packets and IP multicast data traffic originating from receivers is forwarded to multicast router interfaces.
  • Page 372: Interfaces

    Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10–Gigabit, 25–Gigabit, 40–Gigbit, 50–Gigabit, and 100–Gigabit QSFP 28 interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell optics for 40–Gigbit, 25–Gigabit, 50–Gigabit, and 100–Gigabit are set to error-disabled state.
  • Page 373: Interface Types

    • Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Split 40G Ports on a 16X40G QSFP+ Module • Splitting 100G Ports • Link Dampening • Link Bundle Monitoring •...
  • Page 374 NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. NOTE: The CLI output may be incorrectly displayed as 0 (zero) for the Rx/Tx power values. To obtain the correct power information, perform a simple network management protocol (SNMP) query.
  • Page 375: Resetting An Interface To Its Factory Default State

    TenGigabitEthernet 1/1/5/1 no ip address portmode hybrid switchport rate-interval 8 mac learning-limit 10 no-station-move no shutdown Reset an interface to its factory default state. CONFIGURATION mode default interface interface-type] Dell(conf)#default interface tengigabitethernet 1/1/5/1 Verify the configuration. INTERFACE mode Interfaces...
  • Page 376: Enabling A Physical Interface

    Configuration. For more information on port channels, refer to Port Channel Interfaces. Dell Networking OS Behavior: The system uses a single MAC address for all physical interfaces. Configuration Task List for Physical Interfaces By default, all interfaces are operationally disabled and traffic does not pass through them.
  • Page 377: Overview Of Layer Modes

    Clearing Interface Counters Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode. Table 38. Layer Modes...
  • Page 378: Configuring Layer 2 (Interface) Mode

    Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Te 1/1/2/1. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode.
  • Page 379: Egress Interface Selection (Eis)

    View Basic Interface Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode. Dell>show ip interface vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Broadcast address is 1.1.49.255...
  • Page 380: Management Interfaces

    You can configure this interface using the CLI, but the configuration options on this interface are limited. You cannot configure Gateway addresses and IP addresses if it appears in the main routing table of Dell Networking OS. In addition, proxy ARP is not supported on this interface.
  • Page 381: Configuring A Management Interface On An Ethernet Port

    To display the configuration for a given port, use the show interface command in EXEC Privilege mode, as shown in the following example. To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int TenGigabitEthernet 1/1/1/1 TenGigabitEthernet 1/1/1/1 is up, line protocol is up...
  • Page 382: S6100 - Oir

    Dell# S6100 — OIR This section deals with information on the S6100–OIR (Online Insertion and Removal) feature. Online Insertion and Removal of Modules There are 3 scenarios you may come across with regard to Online Insertion and Removal of Modules:...
  • Page 383: Loopback Interfaces

    Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
  • Page 384: Null Interfaces

    (LAG) or port channel. A LAG is “a group of links that appear to a MAC client as if they were a single link” according to IEEE 802.3ad. In Dell Networking OS, a LAG is referred to as a port channel interface.
  • Page 385: Interfaces In Port Channels

    There are 4096 port-channels with 16 members per channel. As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel.
  • Page 386: Creating A Port Channel

    The physical interfaces in a port channel can be on any line card in the chassis, but must be the same physical type. NOTE: Port channels can contain a mix of Ethernet interfaces, but Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port channel (refer to 10/100/1000 Mbps Interfaces in Port Channels).
  • Page 387 Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indicates the primary port.
  • Page 388: Reassigning An Interface To A New Port Channel

    An interface can be a member of only one port channel. If the interface is a member of a port channel, remove it from the first port channel and then add it to the second port channel. Each time you add or remove a channel member from a port channel, Dell Networking OS recalculates the hash algorithm for the port channel.
  • Page 389: Adding Or Removing A Port Channel From A Vlan

    Example of Configuring the Minimum Oper Up Links in a Port Channel Dell#config t Dell(conf)#int po 1 Dell(conf-if-po-1)#minimum-links 5 Dell(conf-if-po-1)# Adding or Removing a Port Channel from a VLAN As with other interfaces, you can add Layer 2 port channel interfaces to VLANs. To add a port channel to a VLAN, place the port channel in Layer 2 mode (by using the switchport command).
  • Page 390: Assigning An Ip Address To A Port Channel

    Load Balancing Through Port Channels Dell Networking OS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among Equal Cost Multi-path (ECMP) paths and LAG members. The distribution is based on a flow, except for packet-based hashing.
  • Page 391: Load-Balancing Method

    Change the default (0) to another algorithm and apply it to ECMP, LAG hashing, or a particular line card. CONFIGURATION mode For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide.
  • Page 392: Bulk Configuration

    [ecmp{crc16|crc16cc|crc32LSB|crc32MSB|crc-upper|dest-ip|lsb|xor1|xor2|xor4| xor8|xor16}] Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh-ecmp checksum 26 Dell(conf)# The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crc-lower. This command takes the lower 32 bits of the hash key to compute the egress port. Other options for ECMP hash-algorithms are: •...
  • Page 393: Bulk Configuration Examples

    The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range tengigabitethernet 1/1/2/1 - 1/1/3/4 , tengigabitethernet 1/1/2/1 -...
  • Page 394: Defining Interface Range Macros

    The following example shows how to use commas to add VLAN and port-channel interfaces to the range. Example of Adding VLAN and Port-Channel Interface Ranges Dell(config-if-range-te-1/1/1/1-1/1/2/1)# interface range Vlan 2 – 100 , Port 1 – 25 Dell(config-if-range-te-1/1/1/1-1/1/2/1-vl-2-100-po-1-25)# no shutdown Dell(config-if-range-hu-1/1/1-1/1/6)# interface range Vlan 2 –...
  • Page 395: Define The Interface Range

    T — Increase refresh interval (by 1 second) • t — Decrease refresh interval (by 1 second) • c — Clear screen • a — Page down • q — Quit Dell#monitor interface Te 1/1/1/1 Dell uptime is 1 day(s), 4 hour(s), 31 minute(s) Interfaces...
  • Page 396: Split 40G Ports On A 16X40G Qsfp+ Module

    The following example shows that when you split an interface on a 16X40G module, the subsequent even numbered interface is removed from the configuration. Dell(conf)# stack-unit [stack-unit number] module [module number] port [port number] portmode quad speed 10G Warning: Enabling Quad mode on stack-unit 1 module 3 port 1. Please verify whether the configs related to interface Fo 1/3/1 Fo 1/3/2 are cleaned up before proceeding further.
  • Page 397: Splitting 100G Ports

    40GBASE-SR4 4829455N01XP 3/1/4 QSFP 40GBASE-SR4 4829455N01XP The physical port is missing also from the show ip interface brief command output: Dell# show ip interface brief TenGigabitEthernet 1/3/1/1 unassigned YES Manual up TenGigabitEthernet 1/3/1/2 unassigned Manual administratively down down TenGigabitEthernet 1/3/1/3...
  • Page 398: Link Dampening

    • module module-number: enter the keyword module then the module number to specify the optional module in which the port is present. • number: enter the port number of the 100G port to be split. The range is from 1 to 8. •...
  • Page 399 The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
  • Page 400: Link Bundle Monitoring

    Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it.
  • Page 401: Enabling Pause Frames

    NOTE: If you disable rx flow control, Dell Networking recommends rebooting the system. The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes.
  • Page 402: Port-Pipes

    Port-Pipes A port pipe is a Dell Networking-specific term for the hardware packet-processing elements that handle network traffic to and from a set of front-end I/O ports. The physical, front-end I/O ports are referred to as a port-set. In the command-line interface, a port pipe is entered as port-set port-pipe-number.
  • Page 403: Fec Configuration

    Example of the intf-type cr4 autoneg Command Dell(conf)#interface hundredGigE 1/1/1 Dell(conf-if-hu-1/1/1)#intf-type cr4 autoneg Dell(conf-if-hu-1/1/1)#no intf-type cr4 autoneg Dell(conf-if-hu-1/1/1)#show config interface hundredGigE 1/1/1 no ip address shutdown no intf-type cr4 autoneg Important Points to Remember • For 10–Gigabit Ethernet interfaces, CR4 auto-negotiation is not applicable.
  • Page 404 • To view CR4 auto-negotiation and FEC configurations for 25–Gigabit, 50–Gigabit and 100–Gigabit Ethernet interfaces, use the show interfaces command. Dell#show interfaces hundredGigE 1/1/1 hundredGigE 1/1/1 is up, line protocol is up Hardware is DellEth, address is 00:12:32:12:42:13 Current address is 00:12:32:12:42:13...
  • Page 405: Setting The Speed Of Ethernet Interfaces

    Example of the show interfaces status Command to View Link Status NOTE: The show interfaces status command displays link status, but not administrative status. For both link and administrative status, use the show ip interface command. Dell#show interfaces status Port Description Status Speed...
  • Page 406: Adjusting The Keepalive Timer

    Dell#show ip interface tengigabitEthernet 1 configured Dell#show ip interface hundredGigE 1 configured Dell#show ip interface br configured Dell#show ip interface br stack-unit 1 configured Dell#show ip interface br tengigabitEthernet 1 configured Dell#show running-config interfaces configured Dell#show running-config interface tengigabitEthernet 1 configured...
  • Page 407: Configuring The Interface Sampling Size

    In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Dell#show interfaces switchport Name: TenGigabitEthernet 1/1/1/1 802.1QTagged: True...
  • Page 408: Configuring The Traffic Sampling Size Globally

    The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100. Dell#configure terminal Dell(Conf)#rate-interval 150 DELL#show interface TenGigabitEthernet 10/0 TenGigabitEthernet 10/0 is up, line protocol is up Description: interface tengig 10/0...
  • Page 409: Dynamic Counters

    Time since last interface status change: 21:00:43 Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
  • Page 410: Clearing Interface Counters

    Example of the clear counters Command When you enter this command, confirm that you want Dell Networking OS to clear the interface counters for that interface. Dell#clear counters te 1/1/1/1 Clear counters on TenGigabitEthernet 1/1/1/1 [confirm]...
  • Page 411: Compressing Configuration Files

    2.1.1.1/16 switchport shut shut shut shut shut shut Dell# show running-config Dell# show running-config compressed <snip> <snip> interface TenGigabitEthernet 1/1/1/1 interface TenGigabitEthernet 1/1/1/1 no ip address no ip address switchport switchport shutdown shutdown interface TenGigabitEthernet 1/1/1/2 Interface group TenGigabitEthernet 1/1/2/1 –...
  • Page 412 no ip address no ip address shutdown shutdown interface TenGigabitEthernet 1/1/1/3 interface TenGigabitEthernet 1/1/4/1 no ip address ip address 2.1.1.1/16 shutdown shutdown interface TenGigabitEthernet 1/1/1/4 interface group Vlan 2 , Vlan 100 no ip address no ip address shutdown no shutdown interface TenGigabitEthernet 1/1/5/1 interface group Vlan 3 –...
  • Page 413 Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). Interfaces...
  • Page 414: Ipv4 Routing

    IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature...
  • Page 415: Ip Addresses

    NOTE: Even though Dell Networking OS listens to all ports, you can only use the ports starting from 35001 for IPv4 traffic. Ports starting from 0 to 35000 are reserved for internal use and you cannot use them for IPv4 traffic.
  • Page 416: Configuring Static Routes

    Example the show config Command To view the configuration, use the show config command in INTERFACE mode or use the show ip interface command in EXEC privilege mode, as shown in the second example. Dell(conf-if)#show conf interface TenGigabitEthernet 1/1/1/1 ip address 10.11.1.1/24...
  • Page 417: Configure Static Routes For The Management Interface

    Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface. Dell Networking OS also installs a next hop that is not on the directly connected subnet but which recursively resolves to a next hop on the interface's configured subnet.
  • Page 418: Using The Configured Source Ip Address In Icmp Messages

    Define the wait duration in seconds for the TCP connection to be established. CONFIGURATION mode Dell(conf)#ip tcp reduced-syn-ack-wait <9-75> You can use the no ip tcp reduced-syn-ack-wait command to restore the default behavior, which causes the wait period to be set as 8 seconds.
  • Page 419: Enabling Directed Broadcast

    Dell>show ip tcp reduced-syn-ack-wait Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command.
  • Page 420: Specifying The Local System Domain And A List Of Domains

    If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches the host table first to resolve the partial domain.
  • Page 421: Arp

    For more information about ARP, refer to RFC 826, An Ethernet Address Resolution Protocol. In Dell Networking OS, Proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network. Proxy ARP makes it possible for hosts to be ignorant of the network, including subnetting.
  • Page 422: Enabling Proxy Arp

    Gratuitous ARP can mean an ARP request or reply. In the context of ARP learning via gratuitous ARP on Dell Networking OS, the gratuitous ARP is a request. A gratuitous ARP request is an ARP request that is not needed according to the ARP specification, but one that hosts may send to: •...
  • Page 423: Enabling Arp Learning Via Gratuitous Arp

    ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address.
  • Page 424: Configuring Arp Retries

    The following lists the configuration tasks for ICMP. • Enabling ICMP Unreachable Messages For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled.
  • Page 425: Udp Helper

    IP address of packets to match those addresses. Configure UDP Helper To configure Dell Networking OS to direct UDP broadcast, enable UDP helper and specify the UDP ports for which traffic is forwarded. See Enabling UDP Helper Important Points to Remember •...
  • Page 426: Configurations Using Udp Helper

    UDP Helper with No Configured Broadcast Addresses UDP Helper with Broadcast-All Addresses When the destination IP address of an incoming packet is the IP broadcast address, Dell Networking OS rewrites the address to match the configured broadcast address. In the following illustration: Packet 1 is dropped at ingress if you did not configure UDP helper address.
  • Page 427: Udp Helper With Subnet Broadcast Addresses

    Figure 53. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface. In the following illustration, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101.
  • Page 428: Udp Helper With No Configured Broadcast Addresses

    To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Te 5/1/1 with IP DA (0xffffffff) will be sent on Te 5/1/2 Te 5/1/3 Vlan 3 01:44:54: Pkt rcvd on Te 7/1/1 is handed over for DHCP processing.
  • Page 429: Ipv6 Routing

    IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
  • Page 430: Extended Address Space

    Router Solicitations (RS). By default, RA response messages are sent when an RS message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised so the neighbor can use this information to auto-configure its address. However, received ND messages are not used to create an IPv6 address.
  • Page 431: Longest Prefix Match (Lpm) Table And Ipv6 /65 - /128 Support

    A command has been introduced to partition the LPM to support provisioning of IPv6 /65 to /128 route prefixes. To support /65 – /128 IPv6 route prefix entries, Dell Networking OS needs to be programmed with /65 - /128 bit IPv6 support. The number of entries as well needs to be explicitly programmed.
  • Page 432: Ipv6 Header Fields

    The platforms uses only IPv6 /0 – 0/64 prefix route entries. Support for /0 – /128 IPv6 prefix route entries is available, although they are not utilized. A total of eight pools or regions are present with each region containing 1024 210-bit entries (supports up to 0/64 prefix). To support up to /128 prefixes, you must use 2 banks (410-bit entries).
  • Page 433 Next Header (8 bits) The Next Header field identifies the next header’s type. If an Extension header is used, this field contains the type of Extension header (as shown in the following table). If the next header is a transmission control protocol (TCP) or user datagram protocol (UDP) header, the value in this field is the same as for IPv4.
  • Page 434: Extension Header Fields

    Source Address (128 bits) The Source Address field contains the IPv6 address for the packet originator. Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router.
  • Page 435: Addressing

    Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet’s Source IP Address identifying the unknown option type. Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet’s Source IP Address only if the Destination IP Address is not a multicast address.
  • Page 436: Implementing Ipv6 With Dell Networking Os

    ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443.
  • Page 437: Ipv6 Neighbor Discovery

    NOTE: To avoid problems with network discovery, Dell Networking recommends configuring the static route last or assigning an IPv6 address to the interface and assigning an address to the peer (the forwarding router’s address) less than 10 seconds apart.
  • Page 438: Debugging Ipv6 Rdnss Information Sent To The Host

    Dell(conf-if-te-1/1/1/1)#do debug ipv6 nd tengigabitethernet 1/1/1/1 ICMPv6 Neighbor Discovery packet debugging is on for tengigabitethernet 1/1/1/1 Dell(conf-if-te-1/1/1/1)#00:13:02 : : cp-ICMPV6-ND: Sending RA on Te 1/1/1/1 current hop limit=64, flags: M-, O-, router lifetime=1800 sec, reachable time=0 ms, retransmit time=0 ms...
  • Page 439: Displaying Ipv6 Rdnss Information

    Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. IPv6 Routing...
  • Page 440: Configuration Tasks For Ipv6

    Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol. • Adjusting Your CAM-Profile • Assigning an IPv6 Address to an Interface • Assigning a Static IPv6 Route • Configuring Telnet with IPv6 • SNMP over IPv6 •...
  • Page 441: Assigning An Ipv6 Address To An Interface

    Assigning an IPv6 Address to an Interface Essentially, IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully. To assign an IPv6 address to an interface, use the ipv6 address command.
  • Page 442: Configuring Telnet With Ipv6

    Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router.
  • Page 443: Displaying An Ipv6 Interface Information

    • For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Example of the show ipv6 interface Command Dell#show ipv6 int ManagementEthernet 1/1 ManagementEthernet 1/1 is up, line protocol is up IPV6 is enabled Stateless address autoconfiguration is enabled...
  • Page 444: Showing Ipv6 Routes

    To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command. Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0...
  • Page 445: Showing The Running-Configuration For An Interface

    For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the stack/slot/port information. • For the Management interface on the stack-unit, enter the keyword ManagementEthernet then the slot/port information. Example of the show running-config interface Command Dell#show run int Te 1/1/1/1 interface TenGigabitEthernet 1/1/1/1 no ip address ipv6 address 3:4:5:6::8/24...
  • Page 446: Disabling Nd Entry Timeout

    The following example shows how to disable the ND timer. Dell(conf-if-fo-1/1/1)#ipv6 nd disable-reachable-timer Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router advertisement guard messages that arrive at the network device platform.
  • Page 447 The retransmission time range is from 100 to 4,294,967,295 milliseconds. Display the configurations applied on the RA guard policy mode. POLICY LIST CONFIGURATION mode show config Example of the show config Command Dell(conf-ra_guard_policy_list)#show config ipv6 nd ra-guard policy test device-role router hop-limit maximum 251 mtu 1350...
  • Page 448: Configuring Ipv6 Ra Guard On An Interface

    [interface slot/port[/subport] | count value] The count range is from 1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide. IPv6 Routing...
  • Page 449: Iscsi Optimization

    In a data center network, Dell EqualLogic and Compellent iSCSI storage arrays are connected to a converged Ethernet network using the data center bridging exchange protocol (DCBx) through stacked and/or non-stacked Ethernet switches.
  • Page 450 • iSCSI QoS — A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch. Preferential treatment helps to avoid session interruptions during times of congestion that would otherwise cause dropped iSCSI packets.
  • Page 451: Monitoring Iscsi Traffic Flows

    QoS dot1p-priority command (refer to QoS dot1p Traffic Classification and Queue Assignment). Dell Networking recommends setting the CoS dot1p priority-queue to 0 (zero). You can configure whether iSCSI frames are re-marked to contain the configured VLAN priority tag or IP DSCP when forwarded through the switch.
  • Page 452: Detection And Auto-Configuration For Dell Equallogic Arrays

    The switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network. LLDP is enabled by default. For more information about LLDP, refer to Link Layer Discovery Protocol (LLDP).
  • Page 453: Synchronizing Iscsi Sessions Learned On Vlt-Lags With Vlt-Peer

    • Unicast storm control is disabled on the interface. Enter the iscsi profile-compellent command in INTERFACE Configuration mode; for example: Dell(conf-if-te-o/50# iscsi profile-compellent Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT- Peer The following behavior occurs during synchronization of iSCSI sessions.
  • Page 454: Default Iscsi Optimization Values

    NOTE: By default, CAM allocation for iSCSI is set to 0. This disables session monitoring. Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 41. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Disabled.
  • Page 455: Iscsi Enable

    NOTE: Content addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. However, if no CAM blocks are allocated, session monitoring is disabled and this information the show iscsi command displays this information.
  • Page 456: Displaying Iscsi Optimization Information

    ID. show iscsi sessions detailed [session isid] • Display all globally configured non-default iSCSI settings in the current Dell Networking OS session. show run iscsi Examples of the show iscsi Commands The following example shows the show iscsi command.
  • Page 457 VLT PEER2 Session 0: ------------------------------------------------------------------------------------ Target: iqn.2001-05.com.equallogic:0-8a0906-0f60c2002-0360018428d48c94-iom011 iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 The following example shows the show iscsi session detailed command. VLT PEER1 Dell# show iscsi session detailed Session 0: ------------------------------------------------------------ Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.101 3260 0...
  • Page 458: Intermediate System To Intermediate System

    Intermediate System to Intermediate System The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. Topics: • IS-IS Protocol Overview • IS-IS Addressing • Multi-Topology IS-IS •...
  • Page 459: Multi-Topology Is-Is

    • area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI). • system address — the router’s MAC address. • N-selector — this is always 0. The following illustration is an example of the ISO-style address to show the address format IS-IS uses.
  • Page 460: Interface Support

    Interface Support MT IS-IS is supported on physical Ethernet interfaces, physical synchronous optical network technologies (SONET) interfaces, port- channel interfaces (static and dynamic using LACP), and virtual local area network (VLAN) interfaces. Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement MT extensions. If a local router does not participate in certain MTs, it does not advertise those MT IDs in its IS-IS hellos (IIHs) and so does not include that neighbor within its LSPs.
  • Page 461: Configuration Information

    By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing;...
  • Page 462: Configuration Tasks For Is-Is

    Configuration Tasks for IS-IS The following describes the configuration tasks for IS-IS. • Enabling IS-IS • Configure Multi-Topology IS-IS (MT IS-IS) • Configuring IS-IS Graceful Restart • Changing LSP Attributes • Configuring the IS-IS Metric Style • Configuring IS-IS Cost •...
  • Page 463 The default IS type is level-1-2. To change the IS type to Level 1 only or Level 2 only, use the is-type command in ROUTER ISIS mode. To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
  • Page 464 IS-IS: LSP checksum errors received : 0 IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: •...
  • Page 465 Use this command for IPv6 route computation only when you enable multi-topology. If using single-topology mode, to apply to both IPv4 and IPv6 route computations, use the spf-interval command in CONFIG ROUTER ISIS mode. Implement a wide metric-style globally. ROUTER ISIS AF IPV6 mode isis ipv6 metric metric-value [level-1 | level-2 | level-1-2] To configure wide or wide transition metric style, the cost can be between 0 and 16,777,215.
  • Page 466 Example of the show isis interface Command To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface TenGigabitEthernet 1/1/1/4 TenGigabitEthernet 1/1/1/4 is up, line protocol is up MTU 1497, Encapsulation SAP...
  • Page 467 Example of Viewing IS-IS Configuration (ROUTER ISIS Mode) To view the configuration, use the show config command in ROUTER ISIS mode or the show running-config isis command in EXEC Privilege mode. Dell#show running-config isis router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00...
  • Page 468 If you configure narrow, transition, or narrow transition metric style, the cost can be a number between 0 and 63. If you configure wide or wide transition metric style, the cost can be a number between 0 and 16,777,215. Dell Networking OS supports five different metric styles: narrow, wide, transition, narrow transition, and wide transition.
  • Page 469: Configuring The Distance Of A Route

    Accept wide metrics: none Dell# Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with IS-IS enabled, you can assign a cost or metric that is used in the link state calculation.
  • Page 470: Changing The Is-Type

    The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database...
  • Page 471 Another method of controlling routing information is to filter the information through a prefix list. Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS.
  • Page 472: Redistributing Ipv4 Routes

    Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands. NOTE: These commands apply to IPv6 IS-IS only. To apply prefix lists to IPv4 routes, use ROUTER ISIS mode, previously shown. • Apply a configured prefix list to all incoming IPv6 IS-IS routes. ROUTER ISIS-AF IPV6 mode distribute-list prefix-list-name in [interface] Enter the type of interface and the interface information:...
  • Page 473: Redistributing Ipv6 Routes

    ROUTER ISIS mode redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: • level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. •...
  • Page 474: Configuring Authentication Passwords

    Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system.
  • Page 475: Debugging Is-Is

    When the bit is set, a 1 is placed in the OL column in the show isis database command output. The overload bit is set in both the Level-1 and Level-2 database because the IS type for the router is Level-1-2. Dell#show isis database IS-IS Level-1 Link State Database...
  • Page 476: Is-Is Metric Styles

    Enter the type of interface and slot/port information to view IS-IS information on that interface only. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
  • Page 477: Maximum Values In The Routing Table

    Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000. Change the IS-IS Metric Style in One Level Only By default, the IS-IS metric style is narrow.
  • Page 478: Leaks From One Level To Another

    Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value narrow transition transition original value wide transition wide original value wide transition narrow default value (10) if the original value is greater than 63. A message is sent to the console.
  • Page 479: Sample Configurations

    Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: • Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface. Enable the ip router isis and ipv6 router isis commands on the interface.
  • Page 480 TenGigabitEthernet 1/1/1/1 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-1/1/1/1)# Dell (conf-router_isis)#show config router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# Dell (conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1...
  • Page 481 Dell (conf-router_isis)# Dell (conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-1/1/1/1)# Dell (conf-router_isis)#show config router isis net 34.0000.0000.AAAA.00 address-family ipv6 unicast multi-topology transition exit-address-family Dell (conf-router_isis)# Intermediate System to Intermediate System...
  • Page 482: Link Aggregation Control Protocol (Lacp)

    Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards.
  • Page 483: Lacp Modes

    LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state.
  • Page 484: Lacp Configuration Tasks

    Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface TenGigabitethernet 1/1/1/1 Dell(conf-if-te-1/1/1/1)#no shutdown Dell(conf-if-te-1/1/1/1)#port-channel-protocol lacp Dell(conf-if-te-1/1/1/1-lacp)#port-channel 32 mode active Dell(conf)#interface TenGigabitethernet 1/1/1/2 Dell(conf-if-te-1/1/1/2)#no shutdown Dell(conf-if-te-1/1/1/2)#port-channel-protocol lacp Dell(conf-if-te-1/1/1/2-lacp)#port-channel 32 mode active Link Aggregation Control Protocol (LACP)
  • Page 485: Setting The Lacp Long Timeout

    Dell(conf)#interface TenGigabitethernet 1/1/1/2 Dell(conf-if-te-1/1/1/2)#no shutdown Dell(conf-if-te-1/1/1/2)#port-channel-protocol lacp Dell(conf-if-te-1/1/1/2-lacp)#port-channel 32 mode active Dell(conf)#interface TenGigabitethernet 1/1/1/3 Dell(conf-if-te-1/1/1/3)#no shutdown Dell(conf-if-te-1/1/1/3)#port-channel-protocol lacp Dell(conf-if-te-1/1/1/3-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static channel-member configuration in LAG 32.
  • Page 486: Shared Lag State Tracking

    Figure 62. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To achieve this functionality, you must group LAG 1 and LAG 2 into a single entity, called a failover group.
  • Page 487 Example of LAGs in the Same Failover Group Dell#config Dell(conf)#port-channel failover-group Dell(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 To view the failover group configuration, use the show running-configuration po-failover-group command. Dell#show running-config po-failover-group port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group.
  • Page 488: Important Points About Shared Lag State Tracking

    Important Points about Shared LAG State Tracking The following is more information about shared LAG state tracking. • This feature is available for static and dynamic LAGs. • Only a LAG can be a member of a failover group. • You can configure shared LAG state tracking on one side of a link or on both sides.
  • Page 489 Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface Index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit, Mode full duplex, Slave Flowcontrol rx on tx on ARP type: ARPA, ARP Timeout 04:00:00...
  • Page 490 Figure 65. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP)
  • Page 491 Figure 66. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP)
  • Page 492 Figure 67. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 1/1/1/2 Alpha(conf-if-te-1/1/1/2)#no ip address Alpha(conf-if-te-1/1/1/2)#no switchport Alpha(conf-if-te-1/1/1/2)#shutdown Alpha(conf-if-te-1/1/1/2)#port-channel-protocol lacp Alpha(conf-if-te-1/1/1/2-lacp)#port-channel 10 mode active Alpha(conf-if-te-1/1/1/2-lacp)#no shut Alpha(conf-if-te-1/1/1/2)#show config interface GigabitEthernet 1/1/1/2 no ip address port-channel-protocol LACP port-channel 10 mode active...
  • Page 493 Summary of the LAG Configuration on Bravo Bravo(conf-if-te-1/1/1/3)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int tengig 1/1/1/3 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-te-1/1/1/3)#port-channel-protocol lacp Bravo(conf-if-te-1/1/1/3-lacp)#port-channel 10 mode active Bravo(conf-if-te-1/1/1/3-lacp)#no shut Bravo(conf-if-te-1/1/1/3)#end interface TenGigabitEthernet 1/1/1/3...
  • Page 494 Figure 68. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP)
  • Page 495 Figure 69. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP)
  • Page 496 Figure 70. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
  • Page 497: Layer 2

    Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries •...
  • Page 498: Configuring A Static Mac Address

    Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior: When configuring the MAC learning limit on a port or VLAN, the configuration is accepted (becomes part of running-config and show mac learning-limit interface) before the system verifies that sufficient CAM space exists. If...
  • Page 499: Setting The Mac Learning Limit

    Entries created before this option is set are not affected. Dell Networking OS Behavior: If you do not configure the dynamic option, the system does not detect station moves in which a MAC address learned from a MAC-limited port is learned on another port on the same system.
  • Page 500: Mac Learning-Limit Station-Move

    EXEC Privilege mode show mac learning-limit Dell Networking OS Behavior: The systems do not generate a station-move violation log entry for physical interfaces or port-channels when you configure mac learning-limit or when you configure mac learning-limit station-move-violation log. Dell Networking OS detects a station-move violation only when you configure mac learning-limit dynamic and logs the violation only when you configure the mac learning-limit station-move-violation log, as shown in the following example.
  • Page 501: Setting Station Move Violation Actions

    Setting Station Move Violation Actions no-station-move is the default behavior. You can configure the system to take an action if a station move occurs using one the following options with the mac learning-limit command. To display a list of interfaces configured with MAC learning limit or station move violation actions, use the following commands. •...
  • Page 502: Disabling Mac Address Learning On The System

    ARP is resolved (in the previous example, this location is Port 0/5 of the switch). To ensure that the MAC address is disassociated with one port and reassociated with another port in the ARP table, the no mac-address-table station-move refresh-arp command should not be configured on the Dell Networking switch at the time that NIC teaming is being configured on the server. Layer 2...
  • Page 503: Configure Redundant Pairs

    Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces.
  • Page 504 Figure 73. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command. Initially, the primary interface is active and transmits traffic and the backup interface remains down. If the primary fails for any reason, the backup transitions to an active Up state.
  • Page 505: Important Points About Configuring Redundant Pairs

    TenGigabitEthernet 1/1/1/2 no shutdown interface TenGigabitEthernet 1/1/1/2 no ip address switchport no shutdown Dell(conf-if-range-te-1/1/1/1-1/1/1/2)# Dell(conf-if-range-te-1/1/1/1-1/1/1/2)#do show ip int brief | find 1/1/1/2 TenGigabitEthernet 1/1/1/1 unassigned YES Manual up TenGigabitEthernet 1/1/1/1 unassigned NO Manual up down [output omitted]...
  • Page 506: Far-End Failure Detection

    Port-channel 2 Standby Port-channel 1 Active Dell# Dell(conf-if-po-1)#switchport backup interface tengigabitethernet 1/2/1 Apr 9 00:16:29: %STKUNIT0-M:CP %IFMGR-5-L2BKUP_WARN: Do not run any Layer2 protocols on Po 1 and Te 1/1/1/2 Dell(conf-if-po-1)# Far-End Failure Detection Far-end failure detection (FEFD) is a protocol that senses remote data link errors in a network. FEFD responds by sending a unidirectional report that triggers an echoed response after a specified time interval.
  • Page 507: Fefd State Changes

    You can enable FEFD globally or on a per-interface basis. Interface FEFD configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. • FEFD is not supported on Fibre Channel and copper Ethernet ports.
  • Page 508: Configuring Fefd

    Te 1/3/1 Normal 3 Admin Shutdown Te 1/4/1 Normal 3 Admin Shutdown Dell#show run fefd fefd-global mode normal fefd-global interval 3 Enabling FEFD on an Interface To enable, change, or disable FEFD on an interface, use the following commands. •...
  • Page 509: Debugging Fefd

    Dell(conf-if-te-1/1/1)#shutdown 2w1d22h: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Te 1/1/1 Dell(conf-if-te-1/1/1)#2w1d22h : FEFD state on Te 1/1/1 changed from ANY to Unknown 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/1/1 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 4/1/1...
  • Page 510 2w1d22h: %RPM0-P:CP %IFMGR-5-INACTIVE: Changed Vlan interface state to inactive: Vl 1 2w1d22h : FEFD state on Te 4/1/1 changed from Bi-directional to Unknown Dell#debug fefd packets Dell#2w1d22h : FEFD packet sent via interface Te 1/1/1 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port-Subport(Te 1/1/1)
  • Page 511: Link Layer Discovery Protocol (Lldp)

    Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
  • Page 512: Optional Tlvs

    Organizationally Specific TLVs. Figure 76. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender.
  • Page 513 Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
  • Page 514: Tia-1057 (Lldp-Med) Overview

    • LLDP-MED Network Connectivity Device — any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: •...
  • Page 515 The value of the LLDP-MED capabilities field in the TLV is a 2–octet bitmap, each bit represents an LLDP-MED capability (as shown in the following table). • The possible values of the LLDP-MED device type are shown in the following. The Dell Networking system is a network connectivity device, which is Type 4. Link Layer Discovery Protocol (LLDP)
  • Page 516 When you enable LLDP-MED in Dell Networking OS (using the advertise med command), the system begins transmitting this TLV. Figure 78. LLDP-MED Capabilities TLV Table 51. Dell Networking OS LLDP-MED Capabilities Bit Position Dell Networking OS Support LLDP-MED Capabilities Network Policy...
  • Page 517 Advertise the extended power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • Power Type — there are two possible power types: power source entity (PSE) or power device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification.
  • Page 518: Configure Lldp

    • Power Value — Dell Networking advertises the maximum amount of power that can be supplied on the port. By default the power is 15.4W, which corresponds to a power value of 130, based on the TIA-1057 specification. You can advertise a different power value using the max-milliwatts option with the power inline auto | static command.
  • Page 519: Enabling Lldp

    LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration Negate a command or set its defaults show Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/1/3/1 Dell(conf-if-te-1/1/3/1)#protocol lldp Dell(conf-if-te-1/1/3/1-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol on this interface...
  • Page 520: Enabling Lldp On Management Ports

    Enabling LLDP on Management Ports LLDP on management ports is enabled by default. To enable LLDP on management ports, use the following command. Enter Protocol LLDP mode. CONFIGURATION mode protocol lldp Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode management-interface Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP on Management Ports...
  • Page 521: Viewing The Lldp Configuration

    To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations The following example shows viewing an LLDP global configuration. Dell(conf)#protocol lldp Dell(conf-lldp)#show config protocol lldp Link Layer Discovery Protocol (LLDP)
  • Page 522: Viewing Information Advertised By Adjacent Lldp Agents

    TenGigabitEthernet 1/1/3/1 00:01:e8:05:40:46 Te 1/1/2/1 TenGigabitEthernet 1/1/4/1 00:01:e8:05:40:46 Example of Viewing Details Advertised by Neighbors Dell#show lldp neighbors detail ======================================================================== Local Interface Te 1/1/4/1 has 1 neighbor Total Frames Out: 6547 Total Frames In: 4136 Total Neighbor information Age outs: 0...
  • Page 523: Configuring Lldpdu Intervals

    Remote MTU: 1554 Remote System Desc: Dell Networks Real Time Operating System Software Dell Operating System Version: 1.0. Dell Application Software Version: 9.8(1.0). Copyright (c) 1999-2014 Build Time: Thu Aug 9 01:05:51 PDT 1999-2015 Existing System Capabilities: Repeater Bridge Router...
  • Page 524: Configuring The Time To Live Value

    • Receive only. CONFIGURATION mode or INTERFACE mode mode rx • Return to the default setting. CONFIGURATION mode or INTERFACE mode no mode Example of Configuring a Single Mode R1(conf)#protocol lldp R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ?
  • Page 525: Debugging Lldp

    R1(conf-lldp)#multiplier ? <2-10> Multiplier (default=4) R1(conf-lldp)#multiplier 5 R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description multiplier 5 no disable R1(conf-lldp)#no multiplier R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Debugging LLDP...
  • Page 526: Relevant Management Objects

    Figure 82. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on the local agent •...
  • Page 527 MIB Object LLDP Variable LLDP MIB Object Description Category Basic TLV mibBasicTLVsTxEnable lldpPortConfigTLVsTxEnable Indicates which management TLVs Selection are enabled for system ports. mibMgmtAddrInstanceTxEnable lldpManAddrPortsTxEnable The management addresses defined for the system and the ports through which they are enabled for transmission.
  • Page 528 TLV Type TLV Name TLV Variable System LLDP MIB Object System Capabilities system capabilities Local lldpLocSysCapSupported Remote lldpRemSysCapSupported Management Address enabled capabilities Local lldpLocSysCapEnabled Remote lldpRemSysCapEnabled management address Local lldpLocManAddrLen length Remote lldpRemManAddrLen management address Local lldpLocManAddrSubtype subtype Remote lldpRemManAddrSubtype management address Local lldpLocManAddr...
  • Page 529 TLV Type TLV Name TLV Variable System LLDP MIB Object VLAN name Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName Table 57. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedPortCapSupporte LLDP-MED Capabilities LLDP-MED Capabilities Local lldpXMedPortConfigTLVsTx Enable lldpXMedRemCapSupporte Remote lldpXMedRemConfigTLVsTx...
  • Page 530 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Remote lldpXMedRemLocationSubt Location ID Data Local lldpXMedLocLocationInfo Remote lldpXMedRemLocationInfo Link Layer Discovery Protocol (LLDP)
  • Page 531: Microsoft Network Load Balancing

    Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
  • Page 532: Limitations Of The Nlb Feature

    ARP request is sent to a server cluster, either the active server or all the servers send a reply, depending on the cluster configuration. If the active server sends a reply, the Dell switch learns the active server’s MAC address. If all servers reply, the switch registers only the last received ARP reply and the switch learns one server’s actual MAC address;...
  • Page 533: Enabling A Switch For Multicast Nlb

    NOTE: When you use the mac-address-table static multicast-mac-address command in a VLT setup, Dell Networking OS recommends to add VLTi as one of the egress interfaces along with other cluster facing interfaces. Microsoft Network Load Balancing...
  • Page 534: Multicast Source Discovery Protocol (Msdp)

    Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
  • Page 535: Anycast Rp

    RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 84.
  • Page 536: Implementation Information

    New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446. Configure Multicast Source Discovery Protocol Configuring MSDP is a four-step process.
  • Page 537 Figure 85. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP)
  • Page 538 Figure 86. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP)
  • Page 539 Figure 87. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP)
  • Page 540: Enable Msdp

    Figure 88. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. Enable MSDP. CONFIGURATION mode ip multicast-msdp Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 Multicast Source Discovery Protocol (MSDP)
  • Page 541: Manage The Source-Active Cache

    Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking OS caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the reverse path forwarding (RPF) and policy check.
  • Page 542: Clearing The Source-Active Cache

    If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries.
  • Page 543 Figure 89. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP)
  • Page 544 Figure 90. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP)
  • Page 545: Specifying Source-Active Messages

    If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check. Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50...
  • Page 546: Limiting The Source-Active Messages From A Peer

    24.0.50.2 200.0.0.50 10.0.50.2 00:13:49 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 00:13:49 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 10.0.50.2 Rpf-Fail 00:33:18 229.0.50.65...
  • Page 547: Preventing Msdp From Caching A Remote Source

    R1_E600(conf)#do show ip msdp sa-cache R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands.
  • Page 548: Logging Changes In Peership States

    Example of Verifying the System is not Advertising Local Sources In the following example, R1 stops advertising source 10.11.4.2. Because it is already in the SA cache of R3, the entry remains there until it expires. [Router 1] R1(conf)#do show run msdp ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter...
  • Page 549: Clearing Peer Statistics

    Output (S,G) filter: none [Router 1] R1(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command.
  • Page 550: Msdp With Anycast Rp

    03:17:10 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:17:27 : MSDP-0: Peer 192.168.0.3, sent Source Active msg Input (S,G) filter: none Output (S,G) filter: none MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than one active group to use RP mapping. PIM-SM allows only active groups to use RP mapping, which has several implications: •...
  • Page 551: Configuring Anycast Rp

    Figure 92. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address.
  • Page 552: Reducing Source-Active Message Flooding

    Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source. CONFIGURATION mode ip msdp peer Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs flood source-active messages to all of their peers away from the RP.
  • Page 553 interface Loopback 1 ip address 192.168.0.11/32 no shutdown router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0 ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.22 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.22 ip msdp originator-id Loopback 1! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4...
  • Page 554: Msdp Sample Configurations

    The following example shows an R3 configuration for MSDP with Anycast RP. ip multicast-routing interface TenGigabitEthernet 1/1/4/1 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TenGigabitEthernet 1/1/5/1 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown router ospf 1...
  • Page 555 interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 MSDP Sample Configuration: R2 Running-Config ip multicast-routing interface TenGigabitEthernet 1/1/1/1...
  • Page 556 ip address 10.11.6.34/24 no shutdown interface ManagementEthernet 1/1 ip address 10.11.80.3/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100...
  • Page 557: Multiple Spanning Tree Protocol (Mstp)

    Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
  • Page 558: Spanning Tree Variations

    Implementation Information MSTP is implemented as follows in Dell Networking OS: • The Dell Networking OS MSTP implementation is based on IEEE 802.1Q-2003 and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP.
  • Page 559: Related Configuration Tasks

    • Creating Multiple Spanning Tree Instances • Adding and Removing Interfaces • Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters •...
  • Page 560: Creating Multiple Spanning Tree Instances

    All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID...
  • Page 561: Interoperate With Non-Dell Bridges

    For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for the name and revision number must match on all Dell Networking OS devices. If there are non-Dell devices that participate in MSTP, ensure these values match on all devices.
  • Page 562: Modifying Global Parameters

    Max-hops — the maximum number of hops a BPDU can travel before a receiving switch discards it. NOTE: Dell Networking recommends that only experienced network administrators change MSTP parameters. Poorly planned modification of MSTP parameters can negatively affect network performance.
  • Page 563: Modifying The Interface Parameters

    Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode. Dell(conf-mstp)#forward-delay 16 Dell(conf-mstp)#exit Dell(conf)#do show running-config spanning-tree mstp protocol spanning-tree mstp no disable name my-mstp-region MSTI 1 VLAN 100...
  • Page 564: Configuring An Edgeport

    Enable EdgePort on an interface. INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
  • Page 565: Flush Mac Addresses After A Topology Change

    Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, you may activate the flushing mechanism defined by 802.1Q-2003 using the tc-flush-standard command, which flushes MAC addresses after every topology change notification.
  • Page 566 no ip address switchport no shutdown interface TenGigabitEthernet 1/1/1/2 no ip address switchport no shutdown (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 1/1/1/1,1/1/1/2 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 1/1/1/1,1/1/1/2 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1/1/1/1,1/1/1/2 no shutdown...
  • Page 567: Debugging And Verifying Mstp Configurations

    (Step 2) interface 1/0/31 no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300...
  • Page 568 Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti...
  • Page 569: Multicast Features

    Because protocol control traffic in the Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic.
  • Page 570: Multicast Policies

    IGMP and MLD to resume. • If you decrease the limit after it is reached, the Dell Networking OS does not clear the existing sessions. Entries are cleared after a timeout (you may also clear entries using the clear ip mroute command).
  • Page 571 Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the Dell Networking OS clears the multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
  • Page 572 Figure 95. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 60. Preventing a Host from Joining a Group — Description Location Description 1/21/1 • Interface TenGigabitEthernet 1/21/1 •...
  • Page 573 Location Description • no shutdown 2/1/1 • Interface TenGigabitEthernet 2/1/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11/1 • Interface TenGigabitEthernet 2/11/1 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31/1 • Interface TenGigabitEthernet 2/31/1 •...
  • Page 574 Preventing a PIM Router from Forming an Adjacency To prevent a router from participating in PIM (for example, to configure stub multicast routing), use the following command. • Prevent a router from participating in PIM. INTERFACE mode ip pim neighbor-filter Setting a Threshold for Switching to the SPT The functionality to specify a threshold for switchover to the shortest path trees (SPTs) is available on the system.
  • Page 575 Figure 96. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 62. Preventing a Source from Transmitting to a Group — Description Location Description 1/21/1 • Interface TenGigabitEthernet 1/21/1 •...
  • Page 576 Location Description • no shutdown 2/1/1 • Interface TenGigabitEthernet 2/1/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11/1 • Interface TenGigabitEthernet 2/11/1 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31/1 • Interface TenGigabitEthernet 2/31 •...
  • Page 577: Understanding Multicast Traceroute (Mtrace)

    To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
  • Page 578: Important Points To Remember

    MTRACE Transit — when a Dell Networking system is an intermediate router between the source and destination in an MTRACE query, Dell Networking OS computes the RPF neighbor for the source, fills in the request, and forwards the request to the RPF neighbor.
  • Page 579: Supported Error Codes

    • Source Network/Mask — source mask Example of the mtrace Command to View the Network Path The following is an example of tracing a multicast route. R1>mtrace 103.103.103.3 1.1.1.1 226.0.0.3 Type Ctrl-C to abort. Querying reverse path for source 103.103.103.3 to destination 1.1.1.1 via group 226.0.0.3 From source (?) to destination (?) ----------------------------------------------------------------- |Hop|...
  • Page 580: Mtrace Scenarios

    The response data block filled in by the last-hop router contains a Forwarding code field. Forwarding code can be added at any node and is not restricted to the last hop router. This field is used to record error codes before forwarding the response to the next neighbor in the path towards the source.
  • Page 581 Scenario Output 103.103.103.3 --> Source -------------------------------------------------------------- ---- R1>mtrace 103.103.103.3 1.1.1.1 226.0.0.3 You can issue the mtrace command Type Ctrl-C to abort. specifying the source multicast tree and multicast group without specifying the Querying reverse path for source 103.103.103.3 via group destination.
  • Page 582 Scenario Output 103.103.103.0/24 2.2.2.1 103.103.103.0/24 103.103.103.3 --> Source -------------------------------------------------------------- ---- R1>mtrace 3.3.3.3 1.1.1.1 226.0.0.3 You can issue the mtrace command by Type Ctrl-C to abort. providing the source and multicast information. However, if the multicast group Querying reverse path for source 3.3.3.3 to destination is a shared group (*,G), then mtrace traces 1.1.1.1 via group 226.0.0.3 From source (?) to destination (?)
  • Page 583 Scenario Output 10.10.10.1 No route default -------------------------------------------------------------- ---- R1>mtrace 6.6.6.6 4.4.4.5 If a multicast tree is not formed due to a Type Ctrl-C to abort. configuration issue (for example, PIM is not enabled on one of the interfaces on the Querying reverse path for source 6.6.6.6 to destination path), you can invoke a weak mtrace to 4.4.4.5 via RPF...
  • Page 584 Scenario Output 2.2.2.1 99.99.0.0/16 * * * * -------------------------------------------------------------- ---- R1>mtrace 99.99.99.99 1.1.1.1 If there is no response for mtrace even after Type Ctrl-C to abort. switching to expanded hop search, the command displays an error message. Querying reverse path for source 99.99.99.99 to destination 1.1.1.1 via RPF From source (?) to destination (?) * * * * switching to hop-by-hop:...
  • Page 585 Scenario Output -------------------------------------------------------------- scenario, a corresponding error message is displayed. |Hop| OIF IP |Proto| Forwarding Code |Source Network/ Mask| -------------------------------------------------------------- 4.4.4.5 --> Destination 4.4.4.4 6.6.6.0/24 20.20.20.2 6.6.6.0/24 10.10.10.1 Wrong interface 6.6.6.0/24 -------------------------------------------------------------- ---- R1>mtrace 6.6.6.6 4.4.4.5 Type Ctrl-C to abort. Querying reverse path for source 6.6.6.6 to destination 4.4.4.5 via RPF From source (?) to destination (?)
  • Page 586: Object Tracking

    IPv4 or IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking OS client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes.
  • Page 587: Track Layer 2 Interfaces

    Figure 97. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. •...
  • Page 588: Track Ipv4 And Ipv6 Routes

    For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes. •...
  • Page 589: Set Tracking Delays

    Track Layer 3 Interfaces • Track an IPv4/IPv6 Route For a complete listing of all commands related to object tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN).
  • Page 590: Tracking A Layer 3 Interface

    The text string can be up to 80 characters. (Optional) Display the tracking configuration and the tracked object’s status. EXEC Privilege mode show track object-id Example of Configuring Object Tracking Dell(conf)#track 100 interface tengigabitethernet 1/1/1/1 line-protocol Dell(conf-track-100)#delay up 20 Dell(conf-track-100)#description San Jose data center Dell(conf-track-100)#end Dell#show track 100...
  • Page 591 Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface The following is an example of configuring object tracking for an IPv4 interface: Dell(conf)#track 101 interface tengigabitethernet 1/1/1/1 ip routing Dell(conf-track-101)#delay up 20 Dell(conf-track-101)#description NYC metro...
  • Page 592: Track An Ipv4/Ipv6 Route

    For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
  • Page 593 Dell(conf-track-104)#delay up 20 down 10 Dell(conf-track-104)#end Dell#show track 104 Track 104 IP route 10.0.0.0/8 reachability Reachability is Down (route not in route table) 2 changes, last change 00:02:49 Tracked by: Dell#configure Dell(conf)#track 4 ip route 3.1.1.0/24 reachability vrf vrf1 Object Tracking...
  • Page 594 The following example configures object tracking on the reachability of an IPv6 route: Dell(conf)#track 105 ipv6 route 1234::/64 reachability Dell(conf-track-105)#delay down 5 Dell(conf-track-105)#description Headquarters Dell(conf-track-105)#end Dell#show track 105 Track 105 IPv6 route 1234::/64 reachability Description: Headquarters Reachability is Down (route not in route table)
  • Page 595: Displaying Tracked Objects

    Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv4 route: Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track ip route metric...
  • Page 596 IP Route Resolution ISIS OSPF IPv6 Route Resolution ISIS Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/1/4/1...
  • Page 597: Open Shortest Path First (Ospfv2 And Ospfv3)

    Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS).
  • Page 598: Area Types

    Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the details of another area’s topology.
  • Page 599: Networks And Neighbors

    Each router has a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router’s IP address reflect each other.
  • Page 600 Figure 99. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
  • Page 601: Designated And Backup Designated Routers

    OSPF routers on the network segment are listening on. These router designations are not the same ad the router IDs described earlier. The DRs and BDRs are configurable in Dell Networking OS. If you do not define DR or BDR, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR.
  • Page 602: Router Priority And Cost

    • Type 7: External LSA — Routers in an NSSA do not receive external LSAs from ABRs, but are allowed to send external routing information for redistribution. They use Type 7 LSAs to tell the ABRs about these external routes, which the ABR then translates to Type 5 external LSAs and floods as normal to the rest of the OSPF network.
  • Page 603: Ospf With Dell Networking Os

    OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF. OSPFv2 and OSPFv3 can co-exist but you must configure them individually. Dell Networking OS supports stub areas, totally stub (no summary) and not so stubby areas (NSSAs) and supports the following LSAs, as described earlier.
  • Page 604: Graceful Restart

    When the restarting router completes its restart, it flushes the Type 9 and 11 LSAs, notifying its neighbors that the restart is complete. This notification happens before the grace period expires. Dell Networking routers support the following OSPF graceful restart functionality: •...
  • Page 605: Fast Convergence (Ospfv2, Ipv4 Only)

    Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. Dell Networking OS allows you to accept and originate LSAs as soon as they are available to speed up route information propagation. NOTE: The faster the convergence, the more frequent the route calculations and updates.
  • Page 606: Ospf Ack Packing

    In Dell Networking OS, the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in Dell Networking OS. In contrast, the OSPF dead interval on a Cisco router is, by default, four times as long as the hello interval.
  • Page 607: Configuration Information

    In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell (conf-if-te-1/1/1/1)#ip ospf dead-interval 20 Dell (conf-if-te-1/1/1/1)#do show ip os int tengigabitethernet 1/1/1/3 TenGigabitEthernet 1/1/1/1 is up, line protocol is up Internet Address 20.0.0.1/24, Area 0 Process ID 10, Router ID 1.1.1.2, Network Type BROADCAST, Cost: 1...
  • Page 608: Router Ospf

    Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback). By default, OSPF, similar to all routing protocols, is disabled.
  • Page 609 In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described.
  • Page 610 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that is a subset of a network on which OSPF is enabled.
  • Page 611 Loopback interfaces also help the OSPF process. OSPF picks the highest interface address as the router-id and a Loopback interface address has a higher precedence than other interface addresses. Example of Viewing OSPF Status on a Loopback Interface Dell#show ip ospf 1 int TenGigabitEthernet 1/1/3/1 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type BROADCAST, Cost: 1...
  • Page 612 Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID Router Network S-Net S-ASBR Type-7 Subtotal 2.2.2.2...
  • Page 613 When disabled, the parameter is set at 0. NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Examples of the fast-converge Command In the following examples, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold).
  • Page 614 Dell# Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors.
  • Page 615 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface TenGigabitEthernet 1/1/1/1 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100...
  • Page 616 Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • grace period — the length of time the graceful restart process can last before OSPF terminates it.
  • Page 617 After you enable restart mode the router advertises the neighbor as fully adjacent during a restart. For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following.
  • Page 618 Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3...
  • Page 619: Show Ip Route Summary

    • Have you enabled OSPF globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the interfaces configured for Layer 3 correctly? • Is the router in the correct area type? • Have the routes been included in the OSPF database? •...
  • Page 620 Example of Viewing OSPF Configuration Dell#show run ospf router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ipv6 router ospf 999 default-information originate always router-id 10.10.10.10 Dell# Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations.
  • Page 621: Configuration Task List For Ospfv3 (Ospf For Ipv6)

    interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 interface Loopback 30 ip address 192.168.100.100/24 no shutdown interface TenGigabitEthernet 1/1/1/1 ip address 10.1.13.3/24 no shutdown interface TenGigabitEthernet 1/1/2/1...
  • Page 622: Enabling Ipv6 Unicast Routing

    To set the interval time between the reception of topology changes and calculation of SPF in milli seconds, use the timers spf delay holdtime msec command. Example Dell#conf Dell(conf)#ipv6 router ospf 1 Dell(conf-ipv6-router_ospf)#timer spf 2 5 msec Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#show config ipv6 router ospf 1 timers spf 2 5 msec...
  • Page 623: Assigning Area Id On An Interface

    Assigning Area ID on an Interface To assign the OSPFv3 process to an interface, use the following command. The ipv6 ospf area command enables OSPFv3 on an interface and places the interface in the specified area. Additionally, the command creates the OSPFv3 process with ID on the router. OSPFv2 requires two commands to accomplish the same tasks — the router ospf command to create the OSPF process, then the network area command to enable OSPFv2 on an interface.
  • Page 624: Assigning Ospfv3 Process Id And Router Id To A Vrf

    Assigning OSPFv3 Process ID and Router ID to a VRF To assign, disable, or reset OSPFv3 on a non-default VRF, use the following commands. • Enable the OSPFv3 process on a non-default VRF and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf {process ID}} The process ID range is from 0 to 65535.
  • Page 625: Configuring Stub Areas

    Configuring Stub Areas To configure IPv6 stub areas, use the following command. • Configure the area as a stub area. CONF-IPV6-ROUTER-OSPF mode area area-id stub [no-summary] • no-summary: use these keywords to prevent transmission in to the area of summary ASBR LSAs. •...
  • Page 626: Configuring A Default Route

    Configure the following required and optional parameters: • bgp | connected | static: enter one of the keywords to redistribute those routes. • metric metric-value: The range is from 0 to 4294967295. • metric-type metric-type: enter 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2. •...
  • Page 627 By default, OSPFv3 graceful restart is disabled and functions only in a helper role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA. To enable OSPFv3 graceful restart, enter the ipv6 router ospf process-id command to enter OSPFv3 configuration mode. Then configure a grace period using the graceful-restart grace-period command.
  • Page 628 30.1.1.0/24 area 0 ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 The following example shows the show ipv6 ospf database database-summary command. Dell#show ipv6 ospf database database-summary OSPFv3 Router with ID (200.1.1.1) (Process ID 1) Process 1 database summary Type Count/Status...
  • Page 629: Ospfv3 Authentication Using Ipsec

    ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
  • Page 630 • Manual key configuration is supported in an authentication or encryption policy (dynamic key configuration using the internet key exchange [IKE] protocol is not supported). • In an OSPFv3 authentication policy: • AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension headers. •...
  • Page 631 show crypto ipsec policy • Display the security associations set up for OSPFv3 interfaces in authentication policies. show crypto ipsec sa ipv6 Configuring IPsec Encryption on an Interface To configure, remove, or display IPsec encryption on an interface, use the following commands. Prerequisite: Before you enable IPsec encryption on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF for...
  • Page 632 If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command, you cannot use the area authentication command in the area at the same time. The configuration of IPSec authentication on an interface-level takes precedence over an area-level configuration. If you remove an interface configuration, an area authentication policy that has been configured is applied to the interface.
  • Page 633 In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold). The following example shows the show crypto ipsec policy command. Dell#show crypto ipsec policy Crypto IPSec client security policy data...
  • Page 634 Outbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set : esp-128-aes esp-sha1-hmac The following example shows the show crypto ipsec sa ipv6 command. Dell#show crypto ipsec sa ipv6 Interface: TenGigabitEthernet 1/1/1/1 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas...
  • Page 635: Troubleshooting Ospfv3

    outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The system provides several tools to troubleshoot OSPFv3 operation on the switch. This section describes typical, OSPFv3 troubleshooting scenarios.
  • Page 636 • For a 25-Gigabit Ethernet interface, enter the keyword twentyFiveGigE then the stack/slot/port/subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the stack/slot/port[/subport] information. • For a 50-Gigabit Ethernet interface, enter the keyword fiftyGigE then the stack/slot/port/subport information. •...
  • Page 637: Policy-Based Routing (Pbr)

    Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look up an entry in a routing table.
  • Page 638: Implementing Pbr

    • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel ID for a redirect rule.
  • Page 639: Pbr Exceptions (Permit)

    The Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Because the order of rules is important, ensure that you configure any necessary sequence numbers.
  • Page 640 Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 ? Mask A.B.C.D or /nn Mask in dotted decimal or in slash format Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 ? Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 Dell(conf-redirect-list)#do show ip redirect-list IP redirect-list xyz: Defined as: seq 5 redirect 3.3.3.3 ip host 222.1.1.1 host 77.1.1.1...
  • Page 641: Apply A Redirect-List To An Interface Using A Redirect-Group

    Dell(conf-redirect-list)# NOTE: Starting with the Dell Networking OS version 9.4(0.0), the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router. A recursive route is a route for which the immediate next-hop address is learned dynamically through a routing protocol and acquired through a route lookup in the routing table.
  • Page 642 In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration, use the following commands.
  • Page 643: Sample Configuration

    Example: Showing CAM PBR Configuration Dell(conf)#cam-acl l2acl 2 ipv4acl 2 ipv6acl 0 ipv4qos 0 l2qos 0 l2pt 0 ipmacacl 1 vman-qos 0 ipv4Pbr 4 Dell#show cam pbr stack-unit 1 port-set 0...
  • Page 644: Create The Redirect-List Goldassign Redirect-List Gold To Interface 2/11View Redirect-List Gold

    Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23/1)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any seq 15 permit ip any any...
  • Page 645 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 tcp any any Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp any host 144.144.144.144 Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the Status of the Track Objects (Up/Down):...
  • Page 646 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp any any Dell(conf-redirect-list)#redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp any any...
  • Page 647 Dell(conf-if-te-2/28)#ip redirect-group explicit_tunnel Dell(conf-if-te-2/28)#exit Dell(conf)#end Verify the Applied Redirect Rules: Dell#show ip redirect-list explicit_tunnel IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144, Track 1 [up], Next-...
  • Page 648: Pim Sparse-Mode (Pim-Sm)

    The SPT-Threshold is zero, which means that the last-hop designated router (DR) joins the shortest path tree (SPT) to the source after receiving the first multicast packet. • Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. •...
  • Page 649: Refuse Multicast Traffic

    SPT to the source with a Prune message. Dell Networking OS Behavior: When the router creates an SPT to the source, there are then two paths between the receiver and the source, the SPT and the RPT. Until the router can prune itself from the RPT, the receiver receives duplicate multicast packets which may cause disruption.
  • Page 650: Related Configuration Tasks

    Enable PIM-Sparse mode. INTERFACE mode ip pim sparse-mode Examples of Viewing PIM-SM Information To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface Ver/ Query Mode...
  • Page 651: Configuring S,G Expiry Timers

    5 permit ip 10.1.2.0/24 225.1.1.0/24 seq 10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf)#ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running-configuration pim command from EXEC Privilege mode. PIM Sparse-Mode (PIM-SM)
  • Page 652: Configuring A Static Rendezvous Point

    226.1.1.1 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segment.
  • Page 653: Creating Multicast Boundaries And Domains

    • Change the interval at which a router sends hello messages. INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs).
  • Page 654: Pim Source-Specific Mode (Pim-Ssm)

    SPT. PIM-SSM uses IGMPv3. Because receivers subscribe to a source and group, the RP and shared tree is unnecessary; only SPTs are used. On Dell Networking systems, it is possible to use PIM-SM with IGMPv3 to achieve the same result, but PIM-SSM eliminates the unnecessary protocol overhead.
  • Page 655: Configure Pim-Ssm

    Then, specify the multicast source. • When an SSM map is in place and Dell Networking OS cannot find any matching access lists for a group, it continues to create (*,G) entries because there is an implicit deny for unspecified groups in the ACL.
  • Page 656: Configuring Pim-Ssm With Igmpv2

    To display the source to which a group is mapped, use the show ip igmp ssm-map [group] command. If you use the group option, the command displays the group-to-source mapping even if the group is not currently in the IGMP group table. If you do not specify the group option, the display is a list of groups currently in the IGMP group table that has a group-to-source mapping.
  • Page 657: Electing An Rp Using The Bsr Mechanism

    When you configure an RP candidate, its advertisement is sent to the entire multicast address range and the group-to-RP mapping is advertised for the entire range of multicast address. Starting with Dell Networking OS 9.11.0.0, you can configure an RP candidate for a specified range of multicast group address.
  • Page 658 ip pim [vrf vrf-name] rp-Candidate interface [priority] [acl-name] The specified acl-list is associated to the rp-candidate. NOTE: You can create the ACL list of multicast prefix using the ip access-list standard command. PIM Source-Specific Mode (PIM-SSM)
  • Page 659: Port Monitoring

    • In general, a monitoring port should have no ip address and no shutdown as the only configuration; Dell Networking OS permits a limited set of commands for monitoring ports. You can display these commands using the ? command. A monitoring port also may not be a member of a VLAN.
  • Page 660: Port Monitoring

    TenGigabitEthernet 1/1/1/4 destination TenGigabitEthernet 1/1/4/4 direction rx Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs.
  • Page 661: Configuring Port Monitoring

    VLAN ID 4095. This behavior might result in a difference between the number of egress packets on the MD port and monitored packets on the MG port. Dell Networking OS Behavior: The platform continues to mirror outgoing traffic even after an MD participating in spanning tree protocol (STP) transitions from the forwarding to blocking.
  • Page 662: Configuring Monitor Multicast Queue

    Dell(conf-mon-sess-1)#exit Dell(conf)#do show monitor session SessID Source Destination Mode Source IP Dest IP DSCP Drop Rate Gre-Protocol FcMonitor ------ ------ ----------- ---- --------- -------- ---- ---- ---- ----------- --------- Te 1/1/1/1 Te 1/1/1/2 Port 0.0.0.0 0.0.0.0 Po 10 Te 1/1/1/2 Port 0.0.0.0...
  • Page 663: Enabling Flow-Based Monitoring

    Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define IP access-list rules that include the keyword monitor. For port monitoring, Dell Networking OS only considers traffic matching rules with the keyword monitor. CONFIGURATION mode ip access-list Refer to .
  • Page 664: Remote Port Mirroring Example

    Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and green circles.
  • Page 665 • You can configure any switch in the network with source ports and destination ports, and allow it to function in an intermediate transport session for a reserved VLAN at the same time for multiple remote-port mirroring sessions. You can enable and disable individual mirroring sessions.
  • Page 666: Displaying Remote-Port Mirroring Configurations

    Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination...
  • Page 667: Configuring The Sample Remote Port Mirroring

    Configuring the sample Source Remote Port Mirroring Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged te 1/1/4/1 Dell(conf-if-vl-10)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source te 1/1/5/1 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged te 1/1/7/1 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20...
  • Page 668 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/1/3/1 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/1/8/1 - 1/1/8/2 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disable Dell(conf-mon-sess-3)# Dell(conf-mon-sess-3)#exit Dell(conf)#end Dell# Dell#show monitor session SessID...
  • Page 669 Create Source RPM session as follows (port-channel 1 and port-channel 2 are LACP). Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source port-channel 1 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Show the output for the LACP. Dell#show interfaces port-channel brief...
  • Page 670: Encapsulated Remote Port Monitoring

    NOTE: When configuring ERPM, follow these guidelines • The Dell Networking OS supports ERPM source session only. Encapsulated packets terminate at the destination IP address or at the analyzer. • You can configure up to four ERPM source sessions on switch.
  • Page 671 The following example shows an ERPM configuration: Dell(conf)#monitor session 0 type erpm Dell(conf-mon-sess-0)#source tengigabitethernet 1/1/1/1 direction rx Dell(conf-mon-sess-0)#source port-channel 1 direction tx Dell(conf-mon-sess-0)#erpm source-ip 1.1.1.1 dest-ip 7.1.1.2 gre-protocol 111 Dell(conf-mon-sess-0)#no disable Dell(conf)#monitor session 1 type erpm Dell(conf-mon-sess-1)#source vlan 11 direction rx Dell(conf-mon-sess-1)#erpm source-ip 5.1.1.1 dest-ip 3.1.1.2 gre-protocol 139...
  • Page 672: Erpm Behavior On A Typical Dell Networking Os

    ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported.
  • Page 673: Port Monitoring On Vlt

    RPM or ERPM monitoring between two VLT peers. As VLT devices are seen as a single device in the network, when a fail over occurs, the source or destination port on one of the VLT peers becomes inactive causing the monitoring session to fail. As a result, Dell Networking OS does not allow local Port mirroring based monitoring to be configured between VLT peers.
  • Page 674: Vlt Fail-Over Scenario

    VLTi link is added as an implicit member of the RPM vlan. As a result, the mirrored traffic also reaches the peer VLT device effecting VLTi link's bandwidth usage. To mitigate this issue, the L2 VLT egress mask drops the duplicate packets that egress out of the VLT port. If the LAG status of the peer VLT device is OPER-UP, then the other VLT peer blocks the transmission of packets received through VLTi to its port or LAG.
  • Page 675 Scenario RPM Restriction Recommended Solution is connected through the VLT device, but not directly to the VLT device. Mirroring Orphan Ports across VLT Devices No restrictions apply to the RPM session. None. — In this scenario, an orphan port on the The following example shows the primary VLT device is mirrored to another configuration on the primary VLT...
  • Page 676: Private Vlans (Pvlan)

    Private VLANs (PVLAN) The private VLAN (PVLAN) feature is supported on Dell Networking OS. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide.
  • Page 677: Using The Private Vlan Commands

    • A switch can have one or more primary VLANs, and it can have none. • A primary VLAN has one or more secondary VLANs. • A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. •...
  • Page 678: Configuration Task List

    Secondary VLANs are Layer 2 VLANs, so even if they are operationally down while primary VLANs are operationally up, Layer 3 traffic is still transmitted across secondary VLANs. Dell NOTE: The outputs of the show arp and show vlan commands provide PVLAN data. For more information, refer to the Networking OS Command Line Reference Guide .
  • Page 679: Creating A Primary Vlan

    (ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface TenGigabitEthernet 2/1/1 Dell(conf-if-te-2/1/1)#switchport mode private-vlan promiscuous Dell(conf)#interface TenGigabitEthernet 2/2/1 Dell(conf-if-te-2/2/1)#switchport mode private-vlan host Dell(conf)#interface TenGigabitEthernet 2/3/1...
  • Page 680: Creating A Community Vlan

    Add PVLAN trunk ports to the VLAN only as tagged interfaces. You can enter interfaces in numeric or in range format, either comma-delimited (slot/port,port,port) or hyphenated (slot/ port-port). You can only add promiscuous ports or PVLAN trunk ports to the PVLAN (no host or regular ports). (OPTIONAL) Assign an IP address to the VLAN.
  • Page 681 The following example shows the use of the PVLAN commands that are used in VLAN INTERFACE mode to configure the PVLAN member VLANs (primary, community, and isolated VLANs). Dell#conf Dell(conf)# interface vlan 10 Dell(conf-vlan-10)# private-vlan mode primary Dell(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Dell(conf-vlan-10)# untagged Te 2/1/1 Dell(conf-vlan-10)# tagged Te 2/3/1 Dell(conf)# interface vlan 101 Dell(conf-vlan-101)# private-vlan mode community...
  • Page 682: Private Vlan Configuration Example

    Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 105. Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500: • Te 1/1 and Te 1/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000. •...
  • Page 683: Inspecting The Private Vlan Configuration

    [interface interface] This command is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN.
  • Page 684 The following example shows using the show vlan private-vlan mapping command. S50-1#show vlan private-vlan mapping Private Vlan: Primary : 4000 Isolated : 4003 Community : 4001 NOTE: In the following example, notice the addition of the PVLAN codes – P, I, and C – in the left column. The following example shows viewing the VLAN status.
  • Page 685: Per-Vlan Spanning Tree Plus (Pvst+)

    For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 106. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Per-VLAN Spanning Tree Plus (PVST+)
  • Page 686: Implementation Information

    • The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multivendor network, verify that the costs are values you intended.
  • Page 687: Disabling Pvst

    no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode.
  • Page 688 Figure 107. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority.
  • Page 689: Modifying Global Pvst+ Parameters

    • Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter.
  • Page 690: Modifying Interface Pvst+ Parameters

    The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you intended.
  • Page 691: Configuring An Edgeport

    There is no data loop in this scenario; however, you can employ PVST+ to avoid potential misconfigurations. If you enable PVST+ on the Dell Networking switch in this network, P1 and P2 receive BPDUs from each other. Ordinarily, the Bridge ID in the frame matches the Root ID, a loop is detected, and the rules of convergence require that P2 move to blocking state because it has the lowest port ID.
  • Page 692: Pvst+ Sample Configurations

    Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.73f7...
  • Page 693 no ip address tagged TenGigabitEthernet 1/1/1/1,1/1/1/2 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1/1/1/1,1/1/1/2 no shutdown protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface TenGigabitEthernet 1/1/1/1 no ip address switchport no shutdown interface TenGigabitEthernet 1/1/2/1 no ip address...
  • Page 694 protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Per-VLAN Spanning Tree Plus (PVST+)
  • Page 695: Quality Of Service (Qos)

    This chapter describes how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 71. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features Feature...
  • Page 696 Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict-Priority Queueing Egress Weighted Random Early Detection Create WRED Profiles Egress Figure 109. Dell Networking QoS Architecture Topics: Quality of Service (QoS)
  • Page 697: Implementation Information

    Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value. You cannot assign a dot1p value to an individual interface in a port-channel.
  • Page 698: Honoring Dot1P Priorities On Ingress Traffic

    Honoring dot1p Priorities on Ingress Traffic By default, Dell Networking OS does not honor dot1p priorities on ingress traffic. You can configure this feature on physical interfaces and port-channels, but you cannot configure it on individual interfaces in a port channel.
  • Page 699: Configuring Port-Based Rate Policing

    Dell Networking OS Behavior: Rate shaping is effectively rate limiting because of its smaller buffer size. Rate shaping on tagged ports is slightly greater than the configured rate and rate shaping on untagged ports is slightly less than configured rate.
  • Page 700: Policy-Based Qos Configurations

    Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
  • Page 701 CLASS MAP mode match {ip | ipv6 | ip-any} After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. Link the class-map to a queue.
  • Page 702 To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. In the following example, traffic is classified in two Queues, 1 and 2.
  • Page 703: Dot1P To Queue Mapping Requirement

    (as in TABLE 1). If a custom dot1p to queue mapping is present it should be reconfigured to the default dot1p to queue mapping. • Currently Dell Networking OS supports matching only the following TCP flags: • •...
  • Page 704: Create A Qos Policy

    In the existing software, ECE/CWR TCP flag qualifiers are not supported. • Because this functionality forcibly marks all the packets matching the specific match criteria as ‘yellow’, Dell Networking OS does not support Policer based coloring and this feature concurrently.
  • Page 705 Setting a dot1p Value for Egress Packets Configuring Policy-Based Rate Policing To configure policy-based rate policing, use the following command. • Configure rate police ingress traffic. QOS-POLICY-IN mode rate-police Setting a dot1p Value for Egress Packets To set a dot1p value for egress packets, use the following command. •...
  • Page 706: Dscp Color Maps

    When you assign a percentage to one queue, note that this change also affects the amount of bandwidth that is allocated to other queues. Therefore, whenever you are allocating bandwidth to one queue, Dell Networking recommends evaluating your bandwidth requirements for all other queues as well.
  • Page 707 The following example creates a DSCP color map profile, color-awareness policy, and applies it to interface te 1/11. Create the DSCP color map profile, bat-enclave-map, with a yellow drop precedence , and set the DSCP values to 9,10,11,13,15,16 Dell(conf)# qos dscp-color-map bat-enclave-map Dell(conf-dscp-color-map)# dscp yellow 9,10,11,13,15,16 Dell (conf-dscp-color-map)# exit Assign the color map, bat-enclave-map to interface .
  • Page 708: Create Policy Maps

    20,30 Dscp-color-map mapTWO yellow 16,55 Display a specific DSCP color map. Dell# show qos dscp-color-map mapTWO Dscp-color-map mapTWO yellow 16,55 Displaying a DSCP Color Policy Configuration To display the DSCP color policy configuration for one or all interfaces, use the show qos dscp-color-policy {summary [interface] | detail {interface}} command in EXEC mode.
  • Page 709 Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values. When you configure trust DSCP, the matched packets and matched bytes counters are not incremented in the show qos statistics.
  • Page 710 Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature. The following table specifies the queue to which the classified traffic is sent based on the dot1p value. Table 75. Default dot1p to Queue Mapping...
  • Page 711 • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior detects when an ACL exists in the CAM rather than writing it to the CAM multiple times.
  • Page 712: Enabling Qos Rate Adjustment

    Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
  • Page 713: Queue Classification Requirements For Pfc Functionality

    2 which will be honored in switch A. You will not get the below CLI errors after adding this support: Dell(conf)#qos-policy-input qos-input Dell(conf-qos-policy-in)#set mac-dot1p 5 % Error: Dot1p marking is not allowed on L3 Input Qos Policy. Quality of Service (QoS)
  • Page 714: Weighted Random Early Detection

    Dell(conf-qos-policy-in)# You will also be able to mark both DSCP and Dot1p in the L3 Input Qos Policy: Dell(conf)#qos-policy-input qos-input Dell(conf-qos-policy-in)#set mac-dot1p 2 Dell(conf-qos-policy-in)#set ip-dscp 5 Dell Dell(conf-qos-policy-in)# Weighted Random Early Detection Weighted random early detection (WRED) is a congestion avoidance mechanism that drops packets to prevent buffering resources from being consumed.
  • Page 715: Applying A Wred Profile To Traffic

    After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile. Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it.
  • Page 716: Displaying Egress-Queue Statistics

    Pre-Calculating Available QoS CAM Space Before Dell Networking OS version 7.3.1, there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; from 1 to 16 entries might be used per rule depending upon its complexity).
  • Page 717: Specifying Policy-Based Rate Shaping In Packets Per Second

    In releases of Dell Networking OS earlier than Release 9.3(0.0), you can configure only the maximum shaping attributes, such as the peak rate and the peak burst settings. You can now specify the committed or minimum burst and committed rate attributes. The committed burst and committed rate values can be defined either in bytes or pps.
  • Page 718: Configuring Policy-Based Rate Shaping

    Dell(config-qos-policy-out)# rate shape Kbps peak-rate burst-KB Configure the committed rate and committed burst size in pps. QOS-POLICY-OUT mode Dell(config-qos-policy-out)# rate shape pps peak-rate burst-packets committed pps committed- rate burst-packets Alternatively, configure the committed rate and committed burst size in bytes.
  • Page 719: Global Service Pools With Wred And Ecn Settings

    The weight factor is set to zero by default, which causes the same behavior as dropping of packets by WRED during network loads or also called instantaneous ECN marking. In a topology in which congestion of the network varies over time, you can specify a weight to enable a smooth, seamless averaging of packets to handle the sudden overload of packets based on the previous time sampling performed.
  • Page 720: Configuring Wred And Ecn Attributes

    Color-Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: • Quality of Service (QoS)
  • Page 721: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Multiple Traffic Class

    In the existing software, ECE/CWR TCP flag qualifiers are not supported. • Because this functionality forcibly marks all the packets matching the specific match criteria as ‘yellow’, Dell Networking OS does not support Policer based coloring and this feature concurrently.
  • Page 722 • You can now use the ‘ecn’ match qualifier along with the above TCP flag for classification. The following combination of match qualifiers is acceptable to be configured for the Dell Networking OS software through L3 ACL command: Quality of Service (QoS)
  • Page 723: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Single Traffic Class

    By default, all packets are considered as ‘green’ (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as ‘yellow’ alone will be provided. By default Dell Networking OS drops all the ‘RED’ or ‘violate’ packets. The following combination of marking actions to be specified match sequence of the class-map command: •...
  • Page 724: Applying Layer 2 Match Criteria On A Layer 3 Interface

    To apply a Layer 2 policy on a Layer 3 interface: Configure an interface with an IP address or a VLAN sub-interface CONFIGURATION mode Dell(conf)# interface fo 1/4 INTERFACE mode Dell(conf-if-fo-1/4)# ip address 90.1.1.1/16 Configure a Layer 2 QoS policy with Layer 2 (Dot1p or source MAC-based) match criteria.
  • Page 725: Managing Hardware Buffer Statistics

    The trigger can either be software-based or based on a predetermined threshold event. Software- based triggers are supported, which are the values derived from the show command output in the Max Use count mode. In Dell Networking OS Release 9.3(0.0), only the Max Use count mode of operation is supported for the computation of maximum counter values.
  • Page 726 } | queue { ucast{id | all}{ mcast {id | all} | all} to view buffer statistics tracking resource information for a specific interface. EXEC/EXEC Privilege mode Dell# show hardware buffer-stats-snapshot resource interface fortyGigE 0/0 queue all Unit 0 unit: 0 port: 1 (interface Fo 0/0) ---------------------------------------...
  • Page 727: Routing Information Protocol (Rip)

    Routing Information Protocol (RIP) The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter.
  • Page 728: Implementation Information

    Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the defaults for RIP in Dell Networking OS.
  • Page 729 After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode.
  • Page 730 RIP updates from other sources. To control the source of RIP route information, use the following commands. • Define a specific router to exchange RIP information between it and the Dell Networking system. ROUTER RIP mode Routing Information Protocol (RIP)
  • Page 731 Those routes must meet the conditions of the prefix list; if not, Dell Networking OS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process.
  • Page 732 Default routes are not enabled in RIP unless specified. Use the default-information originate command in ROUTER RIP mode to generate a default route into RIP. In Dell Networking OS, default routes received in RIP updates from other routes are advertised if you configure the default-information originate command.
  • Page 733 • always: Enter the keyword always to always generate a default route. • value The range is from 1 to 16. • route-map-name: The name of a configured route map. To confirm that the default route configuration is completed, use the show config command in ROUTER RIP mode. Summarize Routes Routes in the RIPv2 routing table are summarized by default, thus reducing the size of the routing table and improving routing efficiency in large networks.
  • Page 734: Rip Configuration Example

    Enable debugging of RIP. Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command.
  • Page 735 RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-te-1/1/2/1)# Core2(conf-if-te-1/1/2/1)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config router rip network 10.0.0.0 version 2 Core2(conf-router_rip)#...
  • Page 736 Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- 10.11.10.0/24 Direct, Te 2/11/1 00:02:26 10.11.20.0/24 Direct, Te 2/3/1 00:02:02 10.11.30.0/24 via 10.11.20.1, Te 1/1/1/1 120/1 00:01:20 10.200.10.0/24 Direct, Te 2/4/1 00:03:03 10.300.10.0/24 Direct, Te 2/5/1 00:02:42 192.168.1.0/24 via 10.11.20.1, Te 1/1/1/1 120/1 00:01:20 192.168.2.0/24 via 10.11.20.1, Te 1/1/1/1...
  • Page 737 Core 3 RIP Output The examples in this section show the core 2 RIP output. • To display Core 3 RIP database, use the show ip rip database command. • To display Core 3 RIP setup, use the show ip route command. •...
  • Page 738 Default version control: receive version 2, send version 2 Interface Recv Send TenGigabitEthernet 1/1/1/1 2 2 TenGigabitEthernet 1/1/1/2 2 2 TenGigabitEthernet 1/1/1/3 2 2 TenGigabitEthernet 1/1/1/4 2 2 Routing for Networks: 10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.2 00:00:22...
  • Page 739 ip address 192.168.2.1/24 no shutdown router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.0 Routing Information Protocol (RIP)
  • Page 740: Remote Monitoring (Rmon)

    RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment.
  • Page 741: Setting The Rmon Alarm

    1, which is configured with the RMON event command. Possible events include a log entry or an SNMP trap. If the 1.3.6.1.2.1.2.2.1.20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be triggered again. Dell(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 1 owner nms1 Configuring an RMON Event To add an event in the RMON event table, use the rmon event command in GLOBAL CONFIGURATION mode.
  • Page 742: Configuring Rmon Collection Statistics

    The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode.
  • Page 743 The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john, both the sampling interval and the number of buckets use their respective defaults. Dell(conf-if-mgmt)#rmon collection history controlEntry 20 owner john Remote Monitoring (RMON)
  • Page 744: Rapid Spanning Tree Protocol (Rstp)

    STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 78. Spanning Tree Variations Dell Networking OS Supports...
  • Page 745: Rstp And Vlt

    Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs.
  • Page 746: Enabling Rapid Spanning Tree Protocol Globally

    To disable RSTP globally for all Layer 2 interfaces, enter the disable command from PROTOCOL SPANNING TREE RSTP mode. To verify that RSTP is enabled, use the show config command from PROTOCOL SPANNING TREE RSTP mode. The bold line indicates that RSTP is enabled. Dell(conf-rstp)#show config protocol spanning-tree rstp no disable...
  • Page 747 To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4...
  • Page 748: Adding And Removing Interfaces

    Max-age — the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. NOTE: Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance. Rapid Spanning Tree Protocol (RSTP)
  • Page 749 Change the hello-time parameter. PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. •...
  • Page 750: Enabling Snmp Traps For Root Elections And Topology Changes

    The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps, use the following command. •...
  • Page 751: Influencing Rstp Root Selection

    Configure EdgePort only on links connecting to an end station. If you enable EdgePort on an interface connected to a network, it can cause loops. Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
  • Page 752: Configuring Fast Hellos For Link State Detection

    To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode. Dell(conf-if-te-1/1/2/1)#show config...
  • Page 753: Software-Defined Networking (Sdn)

    Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide. Software-Defined Networking (SDN)
  • Page 754: Security

    Security This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Topics: • AAA Accounting •...
  • Page 755 Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null Username Sessions When you activate AAA accounting, the Dell Networking OS software issues accounting records for all users on the system, including users whose username string is NULL because of protocol translation.
  • Page 756: Aaa Authentication

    Dell Networking uses local usernames/passwords (stored on the Dell Networking system) or AAA for login authentication. With AAA, you can specify the security protocol or mechanism for different login methods and different users. In Dell Networking OS, AAA uses a list of authentication methods, called method lists, to define the types of authentication and the sequence in which they are applied.
  • Page 757: Configuration Task List For Aaa Authentication

    If the first method list does not respond or returns an error, Dell Networking OS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking OS does not apply the next method list.
  • Page 758 To view the configuration, use the show config command in LINE mode or the show running-config in EXEC Privilege mode. NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH).
  • Page 759 Using AAA authentication, the switch acts as a RADIUS or TACACS+ client to send authentication requests to a TACACS+ or RADIUS server. • TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$. •...
  • Page 760: Obscuring Passwords And Keys

    Limiting access to the system is one method of protecting the system and your network. However, at times, you might need to allow others access to the router and you can limit that access to a subset of commands. In Dell Networking OS, you can configure a privilege level for users who need limited access to the system.
  • Page 761: Configuration Task List For Privilege Levels

    Enabling and Disabling Privilege Levels (optional) For a complete listing of all commands related to Dell Networking OS privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system.
  • Page 762 Configuring the Enable Password Command To configure Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the command, Dell Networking OS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a privilege level. You can always change a password for any privilege level.
  • Page 763 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell Networking OS CLI keyword (up to five keywords allowed). • reset: return the command to its default privilege mode.
  • Page 764 8. In EXEC Privilege mode, john can access only the commands listed. In CONFIGURATION mode, john can access only the snmp- server commands. apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'. Login: john Password: Dell#show priv Current privilege level is 8 Dell#? configure Configuring from terminal disable Turn off privileged commands enable...
  • Page 765: Radius

    For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command.
  • Page 766: Configuration Task List For Radius

    Idle Time Every session line has its own idle-time. If the idle-time value is not changed, the default value of 30 minutes is used. RADIUS specifies idle-time allow for a user during a session before timeout. When a user logs in, the lower of the two idle-time values (configured or default) is used.
  • Page 767 • Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication.
  • Page 768 To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If you configure multiple RADIUS server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. When Dell Networking OS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
  • Page 769: Tacacs

    TACACS+ Remote Authentication • Specifying a TACACS+ Server Host For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the TACACS hosts specified.
  • Page 770 If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method.
  • Page 771: Tacacs+ Remote Authentication

    Example of Connecting with a TACACS+ Server Host To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. If you configure multiple TACACS+ server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. Security...
  • Page 772: Command Authorization

    Enabling SCP and SSH Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication. SSH is enabled by default.
  • Page 773: Using Scp With Ssh To Copy A Software Image

    Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : enabled.
  • Page 774: Removing The Rsa Host Keys And Zeroizing Storage

    To remove the generated RSA host keys and zeroize the key storage location, use the crypto key zeroize rsa command in CONFIGURATION mode. Dell(conf)#crypto key zeroize rsa Configuring When to Re-generate an SSH Key You can configure the time-based or volume-based rekey threshold for an SSH session. If both threshold types are configured, the session rekeys when either one of the thresholds is reached.
  • Page 775: Configuring The Ssh Server Key Exchange Algorithm

    Examples The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes. Dell(conf)#ip ssh rekey volume 4096...
  • Page 776: Configuring The Ssh Server Cipher List

    Secure Shell (SSH) is enabled by default using the SSH Password Authentication method. Enabling SSH Authentication by Password Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Networking system. This setup is the simplest method of authentication and uses SSH version 1.
  • Page 777 The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2. On the SSH client (Unix machine), generate an RSA key, as shown in the following example. Copy the public key id_rsa.pub to the Dell Networking system. Disable password authentication if enabled.
  • Page 778 Create a list of IP addresses and usernames that are permitted to SSH in a file called rhosts. Refer to the second example. Copy the file shosts and rhosts to the Dell Networking system. Disable password authentication and RSA authentication, if configured...
  • Page 779: Troubleshooting Ssh

    Dell(conf)#ip telnet server enable Dell(conf)#no ip telnet server enable VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 80. VTY Access...
  • Page 780: Vty Line Local Authentication And Authorization

    Dell Networking OS retrieves the access class from the VTY line. The Dell Networking OS takes the access class from the VTY line and applies it to ALL users. Dell Networking OS does not need to know the identity of the incoming user and can immediately apply the access class. If the authentication method is RADIUS, TACACS+, or line, and you have configured an access class for the VTY line, Dell Networking OS immediately applies it.
  • Page 781: Vty Mac-Sa Filter Support

    (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address.
  • Page 782: Overview Of Rbac

    Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user can enter and the actions the user can perform.
  • Page 783 To enable role-based only AAA authorization, enter the following command in Configuration mode: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles.
  • Page 784: User Roles

    If the user role is in use, you cannot delete the user role. Create a new user role CONFIGURATION mode userrole name [inherit existing-role-name] Verify that the new user role has inherited the security administrator permissions. Dell(conf)#do show userroles EXEC Privilege mode Security...
  • Page 785 Note that the netadmin role is not listed in the Role access: secadmin,sysadmin, which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Dell#show role mode exec show users...
  • Page 786 The following example allows the security administrator (secadmin) to configure the spanning tree protocol. Note command is protocol spanning-tree. Dell(conf)#role configure addrole secadmin protocol spanning-tree Example: Allow Security Administrator to Access Interface Mode The following example allows the security administrator (secadmin) to access Interface mode.
  • Page 787: Aaa Authentication And Authorization For Roles

    CONFIGURATION mode. Example The following example creates a user name that is authenticated based on a user role. Dell (conf) #username john password 0 password role secadmin The following example deletes a user role. NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to username that has a privilege Dell (conf) #no username john The following example adds a user, to the secadmin user role.
  • Page 788 To configure AAA authentication, use the aaa authentication command in CONFIGURATION mode. aaa authentication login {method-list-name | default} method [… method4] Configure AAA Authorization for Roles Authorization services determine if the user has permission to use a command in the CLI. Users with only privilege levels can use commands in privilege-or-role mode (the default) provided their privilege level is the same or greater than the privilege level of those commands.
  • Page 789 For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled “Force10-avpair”. The value is a string in the following format: protocol : attribute sep value “attribute”...
  • Page 790: Role Accounting

    The following example shows you how to configure AAA accounting to monitor commands executed by the users who have a secadmin user role. Dell(conf)#aaa accounting command role secadmin default start-stop tacacs+ Applying an Accounting Method to a Role To apply an accounting method list to a role executed by a user with that user role, use the accounting command in LINE mode.
  • Page 791: Display Information About User Roles

    Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line...
  • Page 792: Two Factor Authentication (2Fa)

    Enable challenge response authentication for SSHv2. CONFIGURATION mode ip ssh challenge-response-authentication enable View the configuration. EXEC mode show ip ssh Dell# show ip ssh SSH server : enabled. SSH server version : v1 and v2. SSH server vrf : default.
  • Page 793: Sms-Otp Mechanism

    You can configure the Dell Networking OS to drop ICMP reply messages. When you configure the drop icmp command, the system drops the ICMP reply messages from the front end and management interfaces. By default, the Dell Networking OS responds to all the ICMP messages.
  • Page 794 Information reply (16) Address mask request (17) Address mask reply (18) NOTE: The Dell Networking OS does not suppress the ICMP message type echo request (8). Table 82. Suppressed ICMPv6 message types ICMPv6 message types Destination unreachable (1) Time exceeded (3)
  • Page 795: Service Provider Bridging

    Service Provider Bridging Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks.
  • Page 796: Important Points To Remember

    To switch traffic, add these interfaces to a non-default VLAN-Stack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN. • This limitation becomes relevant if you enable the port as a multi-purpose port (carrying single-tagged and double-tagged traffic).
  • Page 797: Creating Access And Trunk Ports

    Enabling VLAN-Stacking for a VLAN. Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands.
  • Page 798: Enable Vlan-Stacking For A Vlan

    The default is 9100. To display the S-Tag TPID for a VLAN, use the show running-config command from EXEC privilege mode. Dell Networking OS displays the S-Tag TPID only if it is a non-default value. Configuring Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic.
  • Page 799: Debugging Vlan Stacking

    While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID. Systems may use any 2- byte value; Dell Networking OS uses 0x9100 (shown in the following) while non-Dell Networking systems might use a different value.
  • Page 800 R4. The TPID on the outer tag is 0x9100. R2’s TPID must also be 0x9100, and it is, so R2 forwards the frame. Given the matching-TPID requirement, there are limitations when you employ Dell Networking systems at network edges, at which, frames are either double tagged on ingress (R4) or the outer tag is removed on egress (R3).
  • Page 801 Figure 115. Single and Double-Tag TPID Match Service Provider Bridging...
  • Page 802 Figure 116. Single and Double-Tag First-byte TPID Match Service Provider Bridging...
  • Page 803: Vlan Stacking Packet Drop Precedence

    Figure 117. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested.
  • Page 804: Honoring The Incoming Dei Value

    By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop precedence. Precedence can have one of three colors.
  • Page 805: Marking Egress Packets With A Dei Value

    {green | yellow} {0 | 1} Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [interface slot/port/subport ] in EXEC Privilege mode. Dell#show interface dei-mark Default CFI/DEI Marking: 0 Interface Drop precedence CFI/DEI --------------------------------...
  • Page 806: Mapping C-Tag To S-Tag Dot1P Values

    (CAM) tables. Dell Networking OS Behavior: For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence.
  • Page 807: Layer 2 Protocol Tunneling

    • vman-qos-dual-fp: mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p. This method requires twice as many CAM entries as vman-qos and FP blocks in multiples of 2. The default is: 0 FP blocks for vman-qos and vman-qos-dual-fp. The new CAM configuration is stored in NVRAM and takes effect only after a save and reload.
  • Page 808 Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge.
  • Page 809: Implementation Information

    Figure 120. VLAN Stacking with L2PT Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when you enable VLAN stacking. • L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command.
  • Page 810: Specifying A Destination Mac Address For Bpdus

    Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command.
  • Page 811: Debugging Layer 2 Protocol Tunneling

    Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Provider Backbone Bridging IEEE 802.1ad—Provider Bridges amends 802.1Q—Virtual Bridged Local Area Networks so that service providers can use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider.
  • Page 812: Sflow

    Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe.
  • Page 813: Important Points To Remember

    • Dell Networking OS exports all sFlow packets to the collector. A small sampling rate can equate to many exported packets. A backoff mechanism is automatically applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect.
  • Page 814: Enabling And Disabling Sflow On An Interface

    Hu 1/2/1: configured rate 131072, actual rate 131072 Dell# If you did not enable any extended information, the show output displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20...
  • Page 815: Sflow Show Commands

    Example of the show sflow command when the sflow max-header-size extended is configured globally Example of viewing the sflow max-header-size extended on an Interface Mode Example of the show running-config sflow Command sFlow Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Globally •...
  • Page 816: Displaying Show Sflow On A Stack-Unit

    :16384 Counter polling interval Extended max header size :128 Samples rcvd from h/w The following example shows the show running-config interface command. Dell#show running-config interface tengigabitethernet 1/1/6/1 interface TenGigabitEthernet 1/1/6/1 no ip address switchport sflow ingress-enable sflow sample-rate 8192 no shutdown Displaying Show sFlow on a Stack-unit To view sFlow statistics on a specified Stack-unit, use the following command.
  • Page 817: Back-Off Mechanism

    Confirm that extended information packing is enabled. show sflow Examples of Verifying Extended sFlow The bold line shows that extended sflow setting is enabled for extended switch. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768...
  • Page 818: Important Points To Remember

    To export extended-gateway data, BGP must learn the IP destination address. • If the IP destination address is not learned via BGP the Dell Networking system does not export extended-gateway data. • If the IP source address is learned via IGP, srcAS and srcPeerAS are zero.
  • Page 819 IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description Exported Exported Extended gateway data is packed. sFlow...
  • Page 820: Simple Network Management Protocol (Snmp)

    The Simple Network Management Protocol (SNMP) is designed to manage devices on IP networks by monitoring device operation, which might require administrator intervention. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including Get and a limited number of Set operations (such as set vlan and copy cmd). Topics: •...
  • Page 821: Protocol Overview

    The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version 3 as defined by RFC 2571. •...
  • Page 822: Configuration Task List For Snmp

    The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these configurations use SNMP version 2c.
  • Page 823: Important Points To Remember

    Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message. You must specify whether members of the community may only retrieve values (read), or retrieve and alter values (read-write).
  • Page 824 Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level priv Use the SNMPv3 authPriv Security Level Dell(conf)#snmp-server host 1.1.1.1 traps {oid tree} version 3 noauth ? WORD SNMPv3 user name Simple Network Management Protocol (SNMP)
  • Page 825: Reading Managed Object Values

    You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address.
  • Page 826: Configuring Contact And Location Information Using Snmp

    You may use up to 55 characters. The default is None. • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text You may use up to 55 characters.
  • Page 827: Enabling A Subset Of Snmp Traps

    PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
  • Page 828: Enabling An Snmp Agent To Notify Syslog Server Failure

    Example of Dell Networking Enterprise-specific SNMP Traps Enabling an SNMP Agent to Notify Syslog Server Failure You can configure a network device to send an SNMP trap if an audit processing failure occurs due to loss of connectivity with the syslog server.
  • Page 829: Copy Configuration Files Using Snmp

    • copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses; however, you can substitute IPv6 addresses for the IPv4 addresses in all of the examples.
  • Page 830: Copying A Configuration File

    CONFIGURATION mode snmp-server community community-name rw Copy the f10-copy-config.mib MIB from the Dell iSupport web page to the server to which you are copying the configuration file. On the server, use the snmpset command as shown in the following example.
  • Page 831: Copying Configuration Files Via Snmp

    NOTE: You can use the entire OID rather than the object name. Use the form: OID.index i object-value. To view more information, use the following options in the snmpset command. • -c: View the community, either public or private. • -m: View the MIB files for the SNMP command.
  • Page 832: Copying The Startup-Config Files To The Server Via Ftp

    FTOS-COPY-CONFIG-MIB::copySrcFileType.7 = INTEGER: runningConfig(3) FTOS-COPY-CONFIG-MIB::copyDestFileType.7 = INTEGER: startupConfig(2) The following example shows how to copy configuration files from a UNIX machine using OID. >snmpset -c public -v 2c 10.11.131.162 .1.3.6.1.4.1.6027.3.5.1.1.1.1.2.8 i 3 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5.8 i 2 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.2.8 = INTEGER: 3 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.5.8 = INTEGER: 2 Copying the Startup-Config Files to the Server via FTP To copy the startup-config to the server via FTP from the UNIX machine, use the following command.
  • Page 833: Copy A Binary File To The Startup-Configuration

    Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP.
  • Page 834: Obtaining A Value For Mib Objects

    Transceiver or DAC cable IDPROM user info Dell Networking provides MIB objects to display the information for 25G, 40G, 50G, 100G Optical Transceiver or DAC cable IDPROM. The following table lists the related MIB objects, OID and description for the same: Table 89.
  • Page 835 1.3.6.1.4.1.6027.3.11.1.3.1.1.16 Specifies Temperature value of the Optics inserted SNMP Example Output (Single Interface) Dell$ snmpwalk -v 2c -c public -m all -M 10.16.150.140 .1.3.6.1.4.1.6027.3.11.1.3 | grep 2112517 DELL-NETWORKING-IF-EXTENSION-MIB::dellNetIfTransDeviceName.2112517 = STRING: "stack-unit-1 port-31" DELL-NETWORKING-IF-EXTENSION-MIB::dellNetIfTransPort.2112517 = STRING: "Fo 1/31" DELL-NETWORKING-IF-EXTENSION-MIB::dellNetIfTransOpticsPresent.2112517 = INTEGER: true(1) DELL-NETWORKING-IF-EXTENSION-MIB::dellNetIfTransOpticsType.2112517 = STRING: "40GBASE-LR4"...
  • Page 836: Mib Support To Display The Available Memory Size On Flash

    MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory.
  • Page 837: Viewing The Software Core Files Generated By The System

    The output above displays that the software core files generated by the system. MIB Support for PFC Storm Control Dell Networking provides MIB objects to display the information for PFC Storm Control. The OIDs specific to PFC Storm Control are show storm-control pfc status appended to the dellNetFpStatsMib.
  • Page 838 MIB Object Description dellNetFpPfcStormControlDurationInDiscard 1.3.6.1.4.1.6027.3.27.1.21.1.1.1.2 Number of milli-seconds the queue is in State discard state. dellNetFpPfcStormControlDroppedPacketsI 1.3.6.1.4.1.6027.3.27.1.21.1.1.1.3 Number of packets dropped on ingress. ngress dellNetFpPfcStormControlDroppedPacketsE 1.3.6.1.4.1.6027.3.27.1.21.1.1.1.4 Number of packets dropped on egress. gress dellNetFpPfcStormControlCumulativeDropp 1.3.6.1.4.1.6027.3.27.1.21.1.1.1.5 Cumulative number of packets dropped on edPacketsIngress ingress.
  • Page 839: Mib Support For Pfc No-Drop-Priority L2Dlf Drop

    MIB Support for PFC no-drop-priority L2Dlf Drop Dell Networking provides MIB objects to display the information for PFC no-drop-priority L2Dlf Drop which can be used to access counter information. The OIDs specific to PFC no-drop-priority L2Dlf Drop are appended to the dellNetFpStatsMib. These statistics can also be obtained by using the CLI command: show hardware pfc-nodrop-priority l2-dlf drops stack-unit <>...
  • Page 840: Mib Support For Monitoring The Overall Buffer Usage For Lossy And Lossless Traffic Per Xpe

    MIB Support for Monitoring the overall buffer usage for lossy and lossless traffic per XPE Dell Networking provides MIB objects to display the information for Monitoring the overall buffer usage for lossy and lossless traffic per show hardware buffer service-pool buffer-info . The following table XPE.
  • Page 841: Snmp Support For Wred Green/Yellow/Red Drop Counters

    SNMP Support for WRED Green/Yellow/Red Drop Counters Dell Networking provides MIB objects to display the information for WRED Green (Green Drops)/Yellow (Yellow Drops)/Red (Out of Profile show qos statistics wred-profile . The following Drops) Drop Counters. These statistics can also be obtained by using the CLI command: table lists the related MIB objects, OID and description for the same: Table 95.
  • Page 842: Mib Support To Display The Available Partitions On Flash

    MIB Support to Display the Available Partitions on Flash Dell Networking provides MIB objects to display the information of various partitions such as /flash, /tmp, /usr/pkg, and /f10/ConfD. The dellNetFlashStorageTable table contains the list of all partitions on disk. The following table lists the related MIB objects: Table 96.
  • Page 843: Mib Support To Display The Ecn Marked Packets

    .1.3.6.1.4.1.6027.3.26.1.4.8.1.6.5 = STRING: "/f10/phonehome" MIB Support to Display the ECN Marked Packets Dell Networking provides MIB objects to display the number packets marked with ECN and the numbers of ECN marked packets that got dropped. Table 97. MIB Objects for Displaying the Details of ECN Marked Packets...
  • Page 844: Mib Support To Display Egress Queue Statistics

    MIB Support to Display Egress Queue Statistics Dell Networking OS provides MIB objects to display the information of the ECMP group count information. The following table lists the related MIB objects: Table 99. MIB Objects to display ECMP Group Count...
  • Page 845 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.10.1.1.0.24.0.0.0.0 = "" SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.10.1.1.1.32.1.4.10.1.1.1.1.4.10.1.1.1 = Hex- STRING: 4C 76 25 F4 AB 02 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.10.1.1.2.32.1.4.127.0.0.1.1.4.127.0.0.1 = "" SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.20.1.1.0.24.0.0.0.0 = "" SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.20.1.1.1.32.1.4.20.1.1.1.1.4.20.1.1.1 = Hex- STRING: 4C 76 25 F4 AB 02 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.20.1.1.2.32.1.4.127.0.0.1.1.4.127.0.0.1 = "" SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.30.1.1.0.24.0.0.0.0 = "" SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.30.1.1.1.32.1.4.30.1.1.1.1.4.30.1.1.1 = Hex- STRING: 4C 76 25 F4 AB 02 SNMPv2-SMI::enterprises.6027.3.9.1.5.1.9.1.1.4.30.1.1.2.32.1.4.127.0.0.1.1.4.127.0.0.1 = ""...
  • Page 846: Mib Support To Display The Fec Ber Details

    SNMPv2-SMI::enterprises.6027.3.9.1.7.0 = Gauge32: 1 SNMPv2-SMI::enterprises.6027.3.9.1.8.0 = Gauge32: 2047 MIB Support to Display the FEC BER Details Dell Networking provides MIB objects to display the FEC BER details. Table 100. MIB Objects for Displaying the Details of FEC BER MIB Object...
  • Page 847 dellNetFpIngPortSTPnotFwdDrops 1.3.6.1.4.1.6027.3.27.1.3.1.3 Packets dropped due to Spanning Tree State not in forwarding state. dellNetFpIngIPv4L3Discards 1.3.6.1.4.1.6027.3.27.1.3.1.4 IPv4 L3 Discards dellNetFpIngPolicyDiscards 1.3.6.1.4.1.6027.3.27.1.3.1.5 Packet dropped due to policy discards. dellNetFpIngPacketsDroppedByDELLNETFP 1.3.6.1.4.1.6027.3.27.1.3.1.6 Packets dropped by forwarding plane. dellNetFpIngL2L3Drops 1.3.6.1.4.1.6027.3.27.1.3.1.7 L2 L3 packets dropped. dellNetFpIngPortBitMapZeroDrops 1.3.6.1.4.1.6027.3.27.1.3.1.8 Port bitmap zero drop condition.
  • Page 848: Viewing The Fec Ber Details

    dellNetFpWredOutOfProfileDrops 1.3.6.1.4.1.6027.3.27.1.3.1.31 Wred Out-Of-Profile Drops Counter. Viewing the FEC BER Details • To view the FEC BER details using SNMP, use the following command: ~ $ snmpwalk -c public -v 2c 10.16.210.151 1.3.6.1.4.1.6027.3.27.1.3.1.25 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.25.2097166 = Counter64: 0 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.25.2097678 = Counter64: 0 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.25.2098180 = Counter64: 0 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.25.2098308 = Counter64: 0 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.25.2098436 = Counter64: 0...
  • Page 849 SNMPv2-SMI::enterprises.6027.3.27.1.3.1.27.2110990 = STRING: "0.0E0" SNMPv2-SMI::enterprises.6027.3.27.1.3.1.27.2111502 = STRING: "0.0E0" SNMPv2-SMI::enterprises.6027.3.27.1.3.1.27.2112014 = STRING: "0.0E0" SNMPv2-SMI::enterprises.6027.3.27.1.3.1.27.2112526 = STRING: "0.0E0" SNMPv2-SMI::enterprises.6027.3.27.1.3.1.27.2113038 = STRING: "0.0E0" SNMPv2-SMI::enterprises.6027.3.27.1.3.1.27.2113540 = STRING: "0.0E0" SNMPv2-SMI::enterprises.6027.3.27.1.3.1.27.2113668 = STRING: "0.0E0" <Output Truncated> NOTE: The associated MIB is DELL-NETWORKING-FPSTATS-MIB.mib. Simple Network Management Protocol (SNMP)
  • Page 850: Mib Support For Entaliasmappingtable

    MIB Support for LAG Dell Networking provides a method to retrieve the configured LACP information (Actor and Partner). Actor (local interface) is to designate the parameters and flags pertaining to the sending node, while the term Partner (remote interface) is to designate the sending node’s view of its peer parameters and flags.
  • Page 851 MIB Object Description dot3adAgg 1.2.840.10006.300.43.1.1 dot3adAggTable 1.2.840.10006.300.43.1.1.1 Contains information about every Aggregator that is associated with a system. dot3adAggEntry 1.2.840.10006.300.43.1.1.1.1 Contains a list of Aggregator parameters and indexed by the ifIndex of the Aggregator. dot3adAggMACAddress 1.2.840.10006.300.43.1.1.1.1.1 Contains a six octet read–only value carrying the individual MAC address assigned to the Aggregator.
  • Page 852: Viewing The Lag Mib

    > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.1107787786 = STRING: "My VLAN" [Dell system output] Dell#show int vlan 10 Vlan 10 is down, line protocol is down Vlan alias name is: My VLAN Address is 00:01:e8:cc:cc:ce, Current address is 00:01:e8:cc:cc:ce...
  • Page 853: Displaying The Ports In A Vlan

    Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Add Tagged and Untagged Ports to a VLAN The value dot1qVlanStaticEgressPorts object is an array of all VLAN members.
  • Page 854: Managing Overload On Startup

    Create an SNMP community on the Dell system. CONFIGURATION mode snmp-server community From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. EXEC Privilege mode show interface Or, from the management system, use the snmpwwalk command to identify the interface index.
  • Page 855: Fetch Dynamic Mac Entries Using Snmp

    Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs regarding 802.1d, as 802.1d itself does not define them. As a switchport must belong a VLAN (the default VLAN or a configured VLAN), all MAC address learned on a switchport are associated with a VLAN.
  • Page 856: Deriving Interface Indices

    SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.4.1000.0.1.232.6.149.172.1 = INTEGER: 1 Deriving Interface Indices The Dell Networking OS assigns an interface index to each (configured and unconfigured) physical and logical interface, and displays it in the output of the show interface command. The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface.
  • Page 857: Monitor Port-Channels

    Flash Partition The system image can also be retrieved by performing an SNMP walk on the following OID: MIB Object is chSysSwModuleTable and the OID is 1.3.6.1.4.1.6027.3.10.1.2.8. Dell#show interface Tengigabitethernet 1/1/2/1 TenGigabitEthernet 1/1/2/1 is up, line protocol is up Monitor Port-Channels To check the status of a Layer 2 port-channel, use f10LinkAggMib (.1.3.6.1.4.1.6027.3.2).
  • Page 858: Troubleshooting Snmp Operation

    SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. • When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the output for echo replies may be incorrectly displayed.
  • Page 859 Table 105. SNMP OIDs for Transceiver Monitoring Field (OID) Description SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.1 Device Name SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.2 Port SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.3 Optics Type SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.4 Vendor Name SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.5 Part Number SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.6 Serial Number SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.7 Transmit Power SNMPv2-SMI::enterprises.6027.3.11.1.3.1.1.8 Receive Power Simple Network Management Protocol (SNMP)
  • Page 860: Storm Control

    Storm control allows you to control unknown-unicast, muticast, and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports unknown-unicast, muticast, and broadcast control for Layer 2 and Layer 3 traffic.
  • Page 861: Configuring Storm Control From Configuration Mode

    • The storm control is calculated in packets per second. • Configure storm control. INTERFACE mode • Configure the packets per second of broadcast traffic allowed on an interface (ingress only). INTERFACE mode storm-control broadcast packets_per_second in • Configure the packets per second of multicast traffic allowed on C-Series or S-Series interface (ingress only) network only. INTERFACE mode storm-control multicast packets_per_second in •...
  • Page 862: Detect Pfc Storm

    This command triggers a queue drop state on the interface with PFC storm, so that the traffic through other ports and priorities are not affected. For more information about the above commands, see the Dell Networking OS Command Line Reference Guide. Restore Queue Drop State You can restore the queue drop triggered due to the storm control PFC detection to the normal state.
  • Page 863 -------------------------------------------------------------------------------- Te 0/0 Te 0/1 Te 0/2 Te 0/3 Te 0/4 Te 0/5 Te 0/80 Dell# Storm Control...
  • Page 864: Spanning Tree Protocol (Stp)

    Layer 2 loops, which can occur in a network due to poor network design and without enabling protocols like xSTP, can cause unnecessarily high switch CPU utilization and memory consumption. Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 106. Dell Networking OS Supported Spanning Tree Protocols...
  • Page 865: Configure Spanning Tree

    • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time.
  • Page 866: Configuring Interfaces For Layer 2 Mode

    Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 121. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. If the interface has been assigned an IP address, remove it.
  • Page 867: Enabling Spanning Tree Protocol Globally

    Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1/1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally;...
  • Page 868 The port is not in the portfast mode To confirm that a port is participating in Spanning Tree, use the show spanning-tree 0 brief command from EXEC privilege mode. Dell#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462...
  • Page 869: Adding An Interface To The Spanning Tree Group

    STP. NOTE: Dell Networking recommends that only experienced network administrators change the spanning tree parameters. Poorly planned modification of the spanning tree parameters can negatively affect network performance. The following table displays the default values for STP.
  • Page 870: Modifying Interface Stp Parameters

    PROTOCOL SPANNING TREE mode hello-time seconds NOTE: With large configurations (especially those with more ports) Dell Networking recommends increasing the hello- time. The range is from 1 to 10. the default is 2 seconds. • Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology).
  • Page 871: Enabling Portfast

    Disabled state when receiving the BPDU, the physical interface remains up and spanning-tree will only drop packets after a BPDU violation. The following example shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking system is configured with Portfast.
  • Page 872 • Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 123. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU.
  • Page 873: Selecting Stp Root

    Te 1/1/6/1 Root 128.263 128 20000 FWD 20000 P2P Te 1/1/7/1 ErrDis 128.264 128 20000 EDS 20000 P2P Dell(conf-if-te-1/1/7/1)#do show ip interface brief tengigabitEthernet 1/1/7/1 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/1/7/1 unassigned YES Manual up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge.
  • Page 874: Root Guard Scenario

    Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
  • Page 875: Enabling Snmp Traps For Root Elections And Topology Changes

    • Spanning Tree Protocol (STP) • Rapid Spanning Tree Protocol (RSTP) • Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree Plus (PVST+) • When enabled on a port, root guard applies to all VLANs configured on the port. • You cannot enable root guard and loop guard at the same time on an STP port.
  • Page 876: Stp Loop Guard

    Example of Configuring all Spanning Tree Types to be Hitless Dell(conf)#redundancy protocol xstp Dell#show running-config redundancy redundancy protocol xstp Dell# STP Loop Guard The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault.
  • Page 877: Configuring Loop Guard

    Figure 125. STP Loop Guard Prevents Forwarding Loops Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. •...
  • Page 878: Displaying Stp Guard Configuration

    BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU. • Verify the STP guard configured on port or port-channel interfaces. show spanning-tree 0 guard [interface interface] Example of Viewing STP Guard Configuration Dell#show spanning-tree 0 guard Interface Name Instance Sts Guard type...
  • Page 879: Supportassist

    SupportAssist requires Dell Networking OS 9.9(0.0) and SmartScripts 9.7 or later to be installed on the Dell Networking device. For more information on SmartScripts, see Dell Networking Open Automation guide.
  • Page 880: Configuring Supportassist Using A Configuration Wizard

    Dell end user license agreement, available at: www.dell.com/aeula, you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy, available at: www.dell.com/privacypolicycountryspecific,...
  • Page 881 If you are downloading SupportAssist on behalf of a company or other legal entity, you are further certifying to Dell that you have appropriate authority to provide this consent on behalf of that entity. If you do not consent to the collection, transmission and/or use of the Collected Data, you may not download, install or otherwise use SupportAssist.
  • Page 882: Configuring Supportassist Activity

    {full-transfer | core-transfer} start now Dell#support-assist activity full-transfer start now Dell#support-assist activity core-transfer start now Configuring SupportAssist Activity SupportAssist Activity mode allows you to configure and view the action-manifest file for a specific activity. To configure SupportAssist activity, use the following commands.
  • Page 883: Configuring Supportassist Company

    Configure the address information for the company. SUPPORTASSIST COMPANY mode [no] address [city company-city] [{province | region | state} name] [country company-country] [{postalcode | zipcode] company-code] Dell(conf-supportassist-cmpy-test)#address city MyCity state MyState country MyCountry Dell(conf-supportassist-cmpy-test)# Configure the street address information for the company. SUPPORTASSIST COMPANY mode [no] street-address {address1}[address2]…[address8]...
  • Page 884: Configuring Supportassist Person

    Configure the time frame for contacting the person. SUPPORTASSIST PERSON mode [no] time-zone zone +-HH:MM[start-time HH:MM] [end-time HH:MM] Dell(conf-supportassist-pers-john_doe)#time-zone zone +01:24 start-time 12:00 end-time 23:00 Dell(conf-supportassist-pers-john_doe)# Configuring SupportAssist Server SupportAssist Server mode allows you to configure server name and the means of reaching the server. By default, a SupportAssist server URL has been configured on the device.
  • Page 885: Viewing Supportassist Configuration

    SUPPORTASSIST SERVER mode [no] proxy-ip-address {ipv4-address | ipv6-address}port port-number [ username userid password [encryption-type] password ] Dell(conf-supportassist-serv-default)#proxy-ip-address 10.0.0.1 port 1024 username test password 0 test1 Dell(conf-supportassist-serv-default)# Enable communication with the SupportAssist server. SUPPORTASSIST SERVER mode [no] enable Dell(conf-supportassist-serv-default)#enable Dell(conf-supportassist-serv-default)# Configure the URL to reach the SupportAssist remote server.
  • Page 886 Dell end user license agreement, available at: www.dell.com/aeula, you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy, available at: www.dell.com/privacypolicycountryspecific, in order to enable the performance of all of the various functions of SupportAssist during your entitlement to receive related repair services from Dell,.
  • Page 887: System Time And Date

    System time and date settings and the network time protocol (NTP) are supported on Dell Networking OS. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings.
  • Page 888: Protocol Overview

    Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to synchronize and serve as a client to the NTP host.
  • Page 889: Enabling Ntp

    NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networking system synchronizes. To specify multiple servers, enter the command multiple times. You may specify an unlimited number of servers at the expense of CPU resources.
  • Page 890: Disabling Ntp On An Interface

    Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, Dell Networking OS drops any NTP packets sent to that interface. To disable NTP on an interface, use the following command.
  • Page 891 To configure NTP authentication, use the following commands. Enable NTP authentication. CONFIGURATION mode ntp authenticate Set an authentication key. CONFIGURATION mode ntp authentication-key number md5 key Configure the following parameters: • number: the range is from 1 to 4294967295. This number must be the same as the number in the ntp trusted-key command.
  • Page 892 Filter dispersion — the error in calculating the minimum delay from a set of sample data from a peer. To view the NTP configuration, use the show running-config ntp command in EXEC privilege mode. The following example shows an encrypted authentication key (in bold). All keys are encrypted. Dell#show running ntp ntp authenticate ntp authentication-key 345 md5 5A60910F3D211F02 ntp server 11.1.1.1 version 3...
  • Page 893: Configuring A Custom-Defined Period For Ntp Time Synchronization

    The range for threshold-value is from 0 to 999. Dell(conf)#ntp offset-threshold 9 Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings.
  • Page 894: Setting The Timezone

    Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis.
  • Page 895: Setting Recurring Daylight Saving Time

    60 minutes. Example of the clock summer-time Command Dell(conf)#clock summer-time pacific date Mar 14 2009 00:00 Nov 7 2009 00:00 Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009"...
  • Page 896 Examples of the clock summer-time recurring Command The following example shows the clock summer-time recurring command. Dell(conf)#clock summer-time pacific recurring Mar 14 2009 00:00 Nov 7 2009 00:00 ? Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009"...
  • Page 897: Tunneling

    If the tunnel mode is IPv6 or IPIP, you can use either an IPv6 address or an IPv4 address for the logical address of the tunnel, but in IPv6IP mode, the logical address must be an IPv6 address. The following sample configuration shows a tunnel configured in IPv6 mode (carries IPv6 and IPv4 traffic). Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel source 30.1.1.1 Dell(conf-if-tu-1)#tunnel destination 50.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#ip address 1.1.1.1/24...
  • Page 898: Configuring Tunnel Keepalive Settings

    Dell(conf-if-tu-1)#ipv6 address 1abd::1/64 Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#tunnel keepalive 1.1.1.2 attempts 4 interval 6 Dell(conf-if-tu-1)#show config interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel destination 40.1.1.2 tunnel source 40.1.1.1 tunnel keepalive 1.1.1.2 attempts 4 interval 6...
  • Page 899: Configuring A Tunnel Interface

    The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered tengigabitethernet 1/1/1/1 Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1/1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config interface Tunnel 1...
  • Page 900: Configuring Tunnel Source Anylocal Decapsulation

    The following sample configuration shows how to use the tunnel source anylocal command. Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ipv6 address 1abd::1/64 Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source anylocal Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#tunnel allow-remote 40.1.1.2 Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config interface Tunnel 1 ip address 1.1.1.1/24...
  • Page 901: Uplink Failure Detection (Ufd)

    Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
  • Page 902: How Uplink Failure Detection Works

    Figure 128. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
  • Page 903: Ufd And Nic Teaming

    Figure 129. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the upstream port bandwidth to the downstream port bandwidth in the same uplink-state group.
  • Page 904: Configuring Uplink Failure Detection

    • If one of the upstream interfaces in an uplink-state group goes down, either a user-configurable set of downstream ports or all the downstream ports in the group are put in an Operationally Down state with an UFD Disabled error. The order in which downstream ports are disabled is from the lowest numbered port to the highest.
  • Page 905: Clearing A Ufd-Disabled Interface

    NOTE: Downstream interfaces in an uplink-state group are put into a Link-Down state with an UFD-Disabled error message only when all upstream interfaces in the group go down. To revert to the default setting, use the no downstream disable links command. (Optional) Enable auto-recovery so that UFD-disabled downstream ports in the uplink-state group come up when a disabled upstream port in the group comes back up.
  • Page 906: Displaying Uplink Failure Detection

    Example of Syslog Messages Before and After Entering the clear ufd-disable uplink-state-group Command (S50) The following example message shows the Syslog messages that display when you clear the UFD-Disabled state from all disabled downstream interfaces in an uplink-state group by using the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
  • Page 907 The following example shows viewing the uplink state group status. The following example shows viewing the interface status with UFD information. Dell#show interfaces tengigabitethernet 1/15/1 TenGigabitEthernet 1/15/1 is up, line protocol is down (error-disabled[UFD]) Hardware is Force10Eth, address is 00:01:e8:32:7a:47...
  • Page 908: Sample Configuration: Uplink Failure Detection

    Dell(conf)# uplink-state-group 3 00:08:11: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed uplink state group Admin state to up: Group 3 Dell(conf-uplink-state-group-3)# downstream tengigabitethernet 1/1-2,5,9,11-12/1 Dell(conf-uplink-state-group-3)# downstream disable links 2 Dell(conf-uplink-state-group-3)# upstream tengigabitethernet 1/3-4/1 00:10:00: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 1/1/1...
  • Page 909: Upgrade Procedures

    Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes.
  • Page 910: Virtual Lans (Vlans)

    Interfaces chapter. • VLAN Stacking in the Service Provider Bridging chapter. For a complete listing of all commands related to Dell Networking OS VLANs, refer to these Dell Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) •...
  • Page 911: Default Vlan

    T Te 1/1/1/1 Port-Based VLANs Port-based VLANs are a broadcast domain defined by different ports or interfaces. In Dell Networking OS, a port-based VLAN can contain interfaces from different line cards within the chassis. Dell Networking OS supports 4094 port-based VLANs.
  • Page 912: Vlans And Port Tagging

    Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination and source MAC addresses. That information is preserved as the frame moves through the network. The following example shows the structure of a frame with a tag header.
  • Page 913: Assigning Interfaces To A Vlan

    (T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use the following commands.
  • Page 914: Moving Untagged Interfaces

    Inactive Active Po1(So 0/0-1) Te 1/1/1 Active Po1(So 0/0-1) Te 1/2/1 Dell#config Dell(conf)#interface vlan 4 Dell(conf-if-vlan)#tagged po 1 Dell(conf-if-vlan)#show conf interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs...
  • Page 915: Assigning An Ip Address To A Vlan

    You cannot assign an IP address to the Default VLAN (VLAN 1). To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. In Dell Networking OS, you can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic. For more information, refer to Bulk Configuration.
  • Page 916: Enabling Null Vlan As The Default Vlan

    This presents a vulnerability because both interfaces are initially placed in the native VLAN, VLAN 1, and for that period customers are able to access each other's networks. Dell Networking OS has a Null VLAN to eliminate this vulnerability. When you enable the Null VLAN, all ports are placed into it by default, so even if you activate the physical ports of multiple customers, no traffic is allowed to traverse the links until each port is place in another VLAN.
  • Page 917: Virtual Link Trunking (Vlt)

    Virtual Link Trunking (VLT) Virtual link trunking (VLT) allows physical links between two Dell switches to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR). As a result, the two physical switches appear as a single switch to the connected devices.
  • Page 918 Figure 132. VLT providing multipath VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology. To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT is established, you may use rapid spanning tree protocol (RSTP) to prevent loops from forming with new links that are incorrectly connected and outside the VLT domain.
  • Page 919 Agility in VM Migration under VLT domain. CAUTION: Dell Networking does not recommend enabling Stacking and VLT simultaneously. If you enable both features at the same time, unexpected behavior may occur. As shown in the following example, VLT presents a single logical Layer 2 domain from the perspective of attached devices that have a virtual link trunk terminating on separate chassis in the VLT domain.
  • Page 920: Vlt Terminology

    End devices (such as switches, servers, and so on) connected to a VLT domain consider the two VLT peers as a single logical switch. • Although VLT does not require spanning tree protocols, Dell Networking recommends enabling RSTP before configuring VLT to avoid possible loops from forming due to incorrect configuration.
  • Page 921: Layer-2 Traffic In Vlt Domains

    Layer-2 Traffic in VLT Domains In a VLT domain, the MAC address of any host connected to the VLT peers is synchronized between the VLT nodes. In the following example, VLAN 10 is spanned across three VLT domains. Figure 134. Layer-2 Traffic in VLT Domains If Host 1 from a VLT domain sends a frame to Host 2 in another VLT domain, the frame can use any link shown to reach Host 2.
  • Page 922: Interspersed Vlans

    Interspersed VLANs In Dell Networking OS, the same VLAN across many racks can be extended by configuring layer-3 VLANs across the VLT nodes and the ToR switches. Spanning the VLANs in an eVLT architecture could interconnect and aggregate multiple racks with the same VLAN. With routed VLT, you can configure a VLAN as layer 3 in a VLT domain and as layer 2 VLAN in all other VLT domains.
  • Page 923: Enhanced Vlt

    Figure 135. VLT on Core Switches The aggregation layer is mostly in the L2/L3 switching/routing layer. For better resiliency in the aggregation, Dell Networking recommends running the internal gateway protocol (IGP) on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system.
  • Page 924: Configure Virtual Link Trunking

    PVST Configuration. • Dell Networking strongly recommends that the VLTi (VLT interconnect) be a static LAG and that you disable LACP on the VLTi. • Ensure that the spanning tree root bridge is at the Aggregation layer. Refer to RSTP and VLT for guidelines to avoid traffic loss, if you enable RSTP on the VLT device.
  • Page 925: Configuration Notes

    VLT port-channel link between the VLT peer connected to the source and ToR is down, traffic is duplicated due to route inconsistency between peers. To avoid this scenario, Dell Networking recommends configuring both the source and the receiver on a spanned VLT VLAN.
  • Page 926 • If the size of the MTU for VLTi members is less than 1496 bytes, MAC addresses may not synchronize between VLT peers. Dell Networking does not recommend using an MTU size lower than the default of 1554 bytes for VLTi members.
  • Page 927 Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches. • Dell Networking does not recommend enabling peer-routing if the CAM is full. To enable peer-routing, a minimum of two local DA spaces for wild-card functionality are required.
  • Page 928: Primary And Secondary Vlt Peers

    • VRRP elects the router with the highest priority as the master in the VRRP group. To ensure VRRP operation in a VLT domain, configure VRRP group priority on each VLT peer so that a peer is either the master or backup for all VRRP groups configured on its interfaces.
  • Page 929: Vlt Bandwidth Monitoring

    • Configure any ports at the edge of the spanning tree’s operating domain as edge ports, which are directly connected to end stations or server racks. Disable RSTP on ports connected directly to Layer 3-only routers not running STP or configure them as edge ports. •...
  • Page 930: Vlt Port Delayed Restoration

    VLT Port Delayed Restoration When a VLT node boots up, if the VLT ports have been previously saved in the start-up configuration, they are not immediately enabled. To ensure MAC and ARP entries from the VLT per node are downloaded to the newly enabled VLT node, the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic.
  • Page 931 Figure 137. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches.
  • Page 932: Vlt Routing

    Each VLT peer runs its own PIM protocol independently of other VLT peers. To ensure the PIM protocol states or multicast routing information base (MRIB) on the VLT peers are synced, if the incoming interface (IIF) and outgoing interface (OIF) are Spanned, the multicast route table is synced between the VLT peers.
  • Page 933 Figure 138. Packets without peer routing enabled If you enable peer routing, a VLT node acts as a proxy gateway for its connected VLT peer as shown in the image below. Even though the gateway address of the packet is different, Peer-1 routes the packet to its destination on behalf of Peer-2 to avoid sub-optimal routing. Figure 139.
  • Page 934 • You can reduce the number of VLTi port channel members based on your specific design. With peer routing, you need not configure VRRP for the participating VLANs. As both VLT nodes act as a gateway for its peer, irrespective of the gateway IP address, the traffic flows upstream without any latency.
  • Page 935: Non-Vlt Arp Sync

    The advantages of syncing the multicast routes between VLT peers are: • VLT resiliency — After a VLT link or peer failure, if the traffic hashes to the VLT peer, the traffic continues to be routed using multicast until the PIM protocol detects the failure and adjusts the multicast distribution tree. •...
  • Page 936: Rstp Configuration

    Run RSTP on both VLT peer switches. The primary VLT peer controls the RSTP states, such as forwarding and blocking, on both the primary and secondary peers. Dell Networking recommends configuring the primary VLT peer as the RSTP primary root device and configuring the secondary VLT peer as the RSTP secondary root device.
  • Page 937: Configuring Vlt

    Configuring VLT To configure VLT, use the following procedure. Prerequisites: Before you begin, make sure that both VLT peer switches are running the same Dell Networking OS version and are configured for RSTP as described in the RSTP Configuration section. For VRRP operation, ensure that you configure VRRP groups and L3 routing on each VLT...
  • Page 938 Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the stack/slot/port/subport information. • For a 25-Gigabit Ethernet interface, enter the keyword twentyFiveGigE then the stack/slot/port/subport information. •...
  • Page 939 (Optional) After you configure a VLT domain on each peer switch and connect (cable) the two VLT peers on each side of the VLT interconnect, the system elects a primary and secondary VLT peer device (see Primary and Secondary VLT Peers).
  • Page 940 Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. (Optional) When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch.
  • Page 941: No Ip Address

    To explicitly configure the default values on each peer switch, use the unit-id command. Configure a different unit ID (0 or 1) on each peer switch. Unit IDs are used for internal system operations. Use this command to minimize the time required for the VLT system to determine the unit ID assigned to each peer switch when one peer switch reboots.
  • Page 942 Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. Enter the port-channel number that acts as the interconnect trunk.
  • Page 943 When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch. To explicitly configure the default values on each peer switch, use the following command.
  • Page 944 NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring VLTs used as facing hosts/ switches with LACP. Ensure both peers use the same port channel ID. Configure the peer-link port-channel in the VLT domains of each peer unit.
  • Page 945 Example of Configuring VLT In the following sample VLT configuration steps, VLT peer 1 is Dell-2, VLT peer 2 is Dell-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers.
  • Page 946 TenGigabitEthernet 1/1/4/1 no ip address port-channel-protocol LACP port-channel 2 mode active no shutdown configuring VLT peer lag in VLT Dell-2#show running-config interface port-channel 2 interface Port-channel 2 no ip address switchport vlt-peer-lag port-channel 2 no shutdown Dell-2#show interfaces port-channel 2 brief...
  • Page 947: Pvst+ Configuration

    Secondary peer does not control the VLT-LAGs. Dell Networking recommends configuring the primary VLT peer as the primary root device for all the configured PVST+ Instances and configuring the secondary VLT peer as the secondary root device for all the configured PVST+ Instances.
  • Page 948: Peer Routing Configuration Example

    Dell-1 is configured as the VLT primary. • As the Router ID of Dell-1 is the highest in the topology (highest loopback address of 172.17.1.1), Dell-1 is the OSPF Designated Router. • As the Router ID of Dell-2 is the second highest in the topology (172.16.1.1), Dell-2 is the OSPF Backup Designated Router.
  • Page 949: Dell-1 Switch Configuration

    Figure 140. Peer Routing Configuration Example Dell-1 Switch Configuration In the following output, RSTP is enabled with a bridge priority of 0. This ensures that Dell-1 becomes the root bridge. Dell#1#show run | find protocol protocol spanning-tree pvst no disable vlan 1,20,800,900 bridge-priority 0 The following output shows the existing VLANs.
  • Page 950 Used_for_VLT_Keepalive ip address 10.10.10.1/24 no shutdown (The management interfaces are part of a default VRF and are isolated from the switch’s data plane.) In Dell-1, te 0/0 and te 0/1 are used for VLTi. Dell#1#sh run int te0/0 interface TenGigabitEthernet 0/0...
  • Page 951 2 no shutdown Vlan 20 is used in Dell-1, Dell-2, and R1 to form OSPF adjacency. When OSPF is converged, the routing tables in all devices are synchronized. Dell#1#sh run int vlan 20 interface Vlan 20 description OSPF PEERING VLAN ip address 192.168.20.1/29...
  • Page 952 While the passive-interface default command prevents all interfaces from establishing an OSPF neighborship, the no passive-interface vlan 20 command enables the interface for VLAN 20, the OSPF peering VLAN, to establish OSPF adjacencies. The following output displays that Dell-1 forms neighborship with Dell-2 and R1. Dell#1#show ip ospf neighbor...
  • Page 953: Dell-2 Switch Configuration

    00001A The above output shows that the 90:b1:1c:f4:2c:bd MAC address belongs to Dell-1. The 90:b1:1c:f4:29:f3 MAC address belongs to Dell-2. Also note that these MAC addresses are marked with LOCAL_DA. This means, these are the local destination MAC addresses used by hosts when routing is required.
  • Page 954 2 no shutdown Vlan 20 is used in Dell-1, Dell-2, and R1 to form OSPF adjacency. When OSPF is converged, the routing tables in all devices are synchronized. Dell-2#sh run int vlan 20 interface Vlan 20 description OSPF PEERING VLAN ip address 192.168.20.2/29...
  • Page 955 The peer-routing command enables peer routing between VLT peers in VLT domain 1. The IP address configured with the backup- destination command is the management IP address of the VLT peer (Dell-1). A priority value of 55000 makes Dell-2 as the secondary VLT peer.
  • Page 956: R1 Configuration

    Vl 20 172.15.1.1 FULL/DROTHER 00:00:33 192.168.20.3 Vl 20 The following output displays the routes learned using OSPF. Dell-2 also learns the routes to the loopback addresses on R1 through OSPF. Dell-2#show ip route ospf Destination Gateway Dist/Metric Last Change -----------...
  • Page 957: Access Switch A1 Configurations And Verification

    3.3.3.0 0.0.0.255 area 0 network 4.4.4.0 0.0.0.255 area 0 (The above subnets correspond to loopback interfaces lo2, lo3 and lo4. These three loopback interfaces are advertised to the VLT pair, Dell#1 and Dell#2) network 172.15.1.0 0.0.0.255 area 0 network 192.168.20.0 0.0.0.7 area 0...
  • Page 958: Evlt Configuration Example

    Dell#2’s MAC address as the destination address in the Ethernet frame’s header When A1 sends a packet to R1, the VLT peers act as the default gateway for each other. If the packet reaches Dell-1, irrespective of the default gateway used, Dell-1 routes the packet to R1.
  • Page 959 Domain_1_Peer1(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer1(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 1. Domain_1_Peer1(conf)#interface range tengigabitethernet 1/1/6/1 - 1/1/6/2 Domain_1_Peer1(conf-if-range-te-1/1/6/1-2)# port-channel-protocol LACP Domain_1_Peer1(conf-if-range-te-1/1/6/1-2)# port-channel 100 mode active Domain_1_Peer1(conf-if-range-te-1/1/6/1-2)# no shutdown Next, configure the VLT domain and VLTi on Peer 2. Domain_1_Peer2#configure Domain_1_Peer2(conf)#interface port-channel 1 Domain_1_Peer2(conf-if-po-1)# channel-member TenGigabitEthernet 1/1/8/1-1/1/8/2...
  • Page 960: Pim-Sparse Mode Configuration Example

    Domain_1_Peer4#no shutdown Domain_2_Peer4(conf)#vlt domain 200 Domain_2_Peer4(conf-vlt-domain)# peer-link port-channel 1 Domain_2_Peer4(conf-vlt-domain)# back-up destination 10.18.130.12 Domain_2_Peer4(conf-vlt-domain)# system-mac mac-address 00:0b:00:0b:00:0b Domain_2_Peer4(conf-vlt-domain)# peer-routing Domain_2_Peer4(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4. Domain_2_Peer4(conf)#interface range tengigabitethernet 1/1/3/1 - 1/1/3/2 Domain_2_Peer4(conf-if-range-te-1/1/3/1-2)# port-channel-protocol LACP Domain_2_Peer4(conf-if-range-te-1/1/3/1-2)# port-channel 100 mode active...
  • Page 961: Verifying A Vlt Configuration

    Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode show vlt backup-link •...
  • Page 962 HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: 34998 HeartBeat Messages Sent: 1030 HeartBeat Messages Received: 1014 The following example shows the show vlt brief command. Dell#show vlt brief VLT Domain Brief ------------------ Domain ID Role : Secondary Role Priority : 32768...
  • Page 963 Local System MAC address: 00:01:e8:8a:df:bc Local System Role Priority: 32768 Dell_VLTpeer2# show vlt role VLT Role ---------- VLT Role: Secondary System MAC address: 00:01:e8:8a:df:bc System Role Priority: 32768 Local System MAC address: 00:01:e8:8a:df:e6 Local System Role Priority: 32768 The following example shows the show running-config vlt command. Dell_VLTpeer1# show running-config vlt vlt domain 30 peer-link port-channel 60...
  • Page 964: Additional Vlt Sample Configurations

    Po 111 128.112 128 200000 DIS(vlt) 4096 0001.e88a.d656 128.112 Po 120 128.121 128 2000 FWD(vlt) 4096 0001.e88a.d656 128.121 Dell_VLTpeer2# show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e88a.dff8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e88a.dff8 We are the root Configured hello time 2, max age 20, forward delay 15...
  • Page 965 Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Vlan-stack, H - Hyperpull tagged NUM Status Description Q Ports Active U Po110(Fo 1/8) T Po100(Fo 1/5,6) Configuring Virtual Link Trunking (VLT Peer 2) Enable VLT and create a VLT domain with a backup-link VLT interconnect (VLTi).
  • Page 966: Troubleshooting Vlt

    Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 108. Troubleshooting VLT Description Behavior at Peer Up...
  • Page 967: Reconfiguring Stacked Switches As Vlt

    Description Behavior at Peer Up Behavior During Run Time Action to Take information, refer to the Release Notes for this release. VLT LAG ID is not configured on A syslog error message is A syslog error message is Verify the VLT LAG ID is one VLT peer generated.
  • Page 968: Association Of Vlti As A Member Of A Pvlan

    Keep the following points in mind when you configure VLT nodes in a PVLAN: • Configure the VLTi link to be in trunk mode. Do not configure the VLTi link to be in access or promiscuous mode. • You can configure a VLT LAG or port channel to be in trunk, access, or promiscuous port modes when you include the VLT LAG in a PVLAN.
  • Page 969: Pvlan Operations When One Vlt Peer Is Down

    PVLAN Operations When One VLT Peer is Down When a VLT port moves to the Admin or Operationally Down state on only one of the VLT nodes, the VLT Lag is still considered to be up. All the PVLAN MAC entries that correspond to the operationally down VLT LAG are maintained as synchronized entries in the device. These MAC entries are removed when the peer VLT LAG also becomes inactive or a change in PVLAN configuration occurs.
  • Page 970 Table 109. VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Synchronization Peer1 Peer2 Peer1 Peer2 Trunk Trunk Primary Primary Trunk Trunk Primary Normal Trunk Trunk Normal Normal Promiscuous Trunk Primary...
  • Page 971: Configuring A Vlt Vlan Or Lag In A Pvlan

    VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Synchronization Peer1 Peer2 Peer1 Peer2 - Primary VLAN Y - Primary VLAN X Promiscuous Access Primary Secondary Trunk Access Primary/Normal Secondary Configuring a VLT VLAN or LAG in a PVLAN You can configure the VLT peers or nodes in a private VLAN (PVLAN).
  • Page 972: Associating The Vlt Lag Or Vlt Vlan In A Pvlan

    vlt domain domain-id The range of domain IDs is from 1 to 1000. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number (Optional) To configure a VLT LAG, enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down.
  • Page 973: Proxy Arp Capability On Vlt Peer Nodes

    The list of secondary VLANs can be: • Specified in comma-delimited (VLAN-ID,VLAN-ID) or hyphenated-range format (VLAN-ID-VLAN-ID). • Specified with this command even before they have been created. • Amended by specifying the new secondary VLAN to be added to the list. Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes.
  • Page 974: Vlt Nodes As Rendezvous Points For Multicast Resiliency

    VLT nodes start performing Proxy ARP when the ICL link goes down. When the VLT peer comes up, proxy ARP stops for the peer VLT IP addresses. When the peer node is rebooted, the IP address synchronized with the peer is not flushed. Peer down events cause the proxy ARP to commence.
  • Page 975: Configuring Vlan-Stack Over Vlt

    Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown...
  • Page 976 Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 interface Port-channel 20 no ip address switchport vlan-stack trunk vlt-peer-lag port-channel 20 no shutdown Dell# Configure the VLAN as a VLAN-Stack VLAN and add the VLT LAG as Members to the VLAN...
  • Page 977 Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown...
  • Page 978: Ipv6 Peer Routing In Vlt Domains Overview

    V Po1(Te 1/1/3-5/1) Dell# IPv6 Peer Routing in VLT Domains Overview VLT enables the physical links between two devices that are called VLT nodes or peers, and within a VLT domain, to be considered as a single logical link to external devices that are connected using LAG bundles to both the VLT peers. This capability enables redundancy without the implementation of Spanning tree protocol (STP), thereby providing a loop-free network with optimal bandwidth utilization.
  • Page 979: Synchronization Of Ipv6 Nd Entries In A Non-Vlt Domain

    Synchronization of IPv6 ND Entries in a Non-VLT Domain Layer 3 VLT provides a higher resiliency at the Layer 3 forwarding level. Routed VLT allows you to replace VRRP with routed VLT to route the traffic from Layer 2 access nodes. With ND synchronization, both the VLT nodes perform Layer 3 forwarding on behalf of each other. Synchronization of NDPM entries learned on non-VLT interfaces between the non-VLT nodes.
  • Page 980: Sample Configuration Of Ipv6 Peer Routing In A Vlt Domain

    Figure 142. Sample Configuration of IPv6 Peer Routing in a VLT Domain Sample Configuration of IPv6 Peer Routing in a VLT Domain Consider a sample scenario as shown in the following figure in which two VLT nodes, Unit1 and Unit2, are connected in a VLT domain using an ICL or VLTi link.
  • Page 981 Figure 143. Sample Configuration of IPv6 Peer Routing in a VLT Domain Neighbor Solicitation from VLT Hosts Consider a case in which NS for VLT node1 IP reaches VLT node1 on the VLT interface and NS for VLT node1 IP reaches VLT node2 due to LAG level hashing in the ToR.
  • Page 982 Consider a situation in which NA for VLT node1 reaches VLT node1 on a non-VLT interface and NA for VLT node1 reaches VLT node2 on a non-VLT interface. When VLT node1 receives NA on a VLT interface, it learns the Host MAC address on the received interface. This learned neighbor entry is synchronized to VLT node2 as it is learned on ICL.
  • Page 983 Non-VLT host to Non-VLT host traffic flow When VLT node receives traffic from non-VLT host intended to the non-VLT host, it does neighbor entry lookup and routes traffic over ICL interface. If traffic reaches wrong VLT peer, it routes the traffic over ICL. Router Solicitation When VLT node receives router Solicitation on VLT interface/non-VLT interface it consumes the packets and will send RA back on the received interface.
  • Page 984: Vlt Proxy Gateway

    The virtual link trucking (VLT) proxy gateway feature allows a VLT domain to locally terminate and route L3 packets that are destined to a Layer 3 (L3) end point in another VLT domain. Enable the VLT proxy gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide. Topics: •...
  • Page 985: Guidelines For Enabling The Vlt Proxy Gateway

    Figure 144. Sample Configuration for a VLT Proxy Gateway Guidelines for Enabling the VLT Proxy Gateway Keep the following points in mind when you enable a VLT proxy gateway: • Proxy gateway is supported only for VLT; for example, across a VLT domain. •...
  • Page 986: Enable Vlt Proxy Gateway

    TLV. • Dell Networking devices not configured with VLT proxy gateway process standard TLVs and ignore TLVs configured with VLT proxy gateway. The LLDP organizational TLV passes local destination MAC address information to peer VLT domain devices so they can act as a proxy gateway.
  • Page 987 • You must configure the interface proxy gateway LLDP to enable or disable a proxy-gateway LLDP TLV on specific interfaces. • The interface is typically a VLT port-channel that connects to a remote VLT domain. • The new proxy gateway TLV is carried on the physical links under the port channel only. •...
  • Page 988: Lldp Vlt Proxy Gateway In A Square Vlt Topology

    C and D (VLT domain 1) and C1 and D1 (VLT domain 2). This behavior is applicable only in the LLDP configuration and not required in the static configuration. Sample Configuration Dell(conf-vlt-domain)#proxy-gateway lldp Dell(conf-vlt-domain-pxy-gw-lldp)#vlt-peer-mac transmit • Assume the inter-chassis link (ICL) between C1 and D1 is shutdown and if D1 is the secondary VLT, one half of the inter DC link goes down.
  • Page 989: Configuring A Static Vlt Proxy Gateway

    VLT domains [C and D in VLT domain 1 and C1 and D1 in VLT domain 2]. Sample Configuration LLDP Method Dell(conf-vlt-domain)#proxy-gateway ll Dell(conf-vlt-domain-pxy-gw-lldp)#peer-domain-link port-channel 1 exclude-vlan 10 Sample Configuration Static Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address <xx:xx:xx:xx:xx:xx> exclude-vlan 10 •...
  • Page 990: Vlt Domain Configuration

    VLT Domain Configuration Dell-1 and Dell-2 constitute VLT domain 120. Dell-3 and Dell-4 constitute VLT domain 110. These two VLT domains are connected using a VLT LAG P0 50. To know how to configure the interfaces in VLT domains, see the Configuring VLT section.
  • Page 991: Dell-2 Vlt Configuration

    1 router-id 4.4.4.4 network 10.10.100.0/30 area 0 network 10.10.101.0/30 area 0 The following output shows that Dell-2 and VLT domain 110 form OSPF neighborship with Dell-1. Dell-1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface Area 2.2.2.2...
  • Page 992: Dell-3 Vlt Configuration

    ! proxy-gateway static remote-mac-address 00:01:e8:d8:93:07 remote-mac-address 00:01:e8:d8:93:e5 These MAC addresses are the system L2 interface addresses for each switch at the remote site, Dell-1 and Dell-2. interface TenGigabitEthernet 0/8 description "To Dell-1 10Gb" no ip address interface TenGigabitEthernet 0/9 description "To Dell-1 10Gb"...
  • Page 993: Dell-4 Vlt Configuration

    ! proxy-gateway static remote-mac-address 00:01:e8:d8:93:07 remote-mac-address 00:01:e8:d8:93:e5 These MAC addresses are the system L2 interface addresses for each switch at the remote site, Dell-1 and Dell-2. interface Vlan 102 description ospf peering vlan to DELL-3 ip address 10.10.102.2/30 ip ospf network point-to-point no shutdown The following is the OSPF configuration on Dell-4.
  • Page 994: Virtual Extensible Lan (Vxlan)

    Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview The switch acts as the VXLAN gateway and performs the VXLAN Tunnel End Point (VTEP) functionality. VXLAN is a technology where in the data traffic from the virtualized servers is transparently transported over an existing legacy network.
  • Page 995: Components Of Vxlan Network

    Provide an interface for cloud orchestration in cloud data center management. In VXLAN with NSX, Dell Networking OS supports physical interface or Port channel as access port. Dell supports only physical interface as network port and does not support Port channel/VLAN as network port.
  • Page 996: Functional Overview Of Vxlan Gateway

    VXLAN Hypervisor It is the VTEP that connects the Virtual Machines (VM) to the underlay legacy network to the physical infrastructure. Service Node(SN) It is also another VTEP, but it is fully managed by NSX. The purpose of SN is to be the central replication engine for flooded packets Legacy TOR It is a TOR switch, which performs routing or switching decisions.
  • Page 997: Components Of Vxlan Frame Format

    Components of VXLAN Frame Format Some of the important fields of the VXLAN frame format are described below: Outer Ethernet The Outer Ethernet Header consists of the following components: Header: • Destination Address: Generally, it is a first hop router's MAC address when the VTEP is on a different address. •...
  • Page 998 To view the certificate, use the following command: • show file flash://vtep-cert.pem The output appears similar to the following example: -----BEGIN CERTIFICATE----- MIID3jCCAsagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMxFTATBgNVBAMMDHd3dy5kZWxsLmNvb TENMAsGA1UECgwERGVsbDEYMBYGA1UECwwPRGVsbCBOZXR3b3JraW5nMREwDwYDVQQHDAhTQU4gSm9zZTETMBEGA1UECA wKQ2FsaWZvcm5pYTEiMCAGCSqGSIb3DQEJARYTc29tZW9uZUBleGFtcGxlLmNvbTAeFw0xNTExMjAwMzA0NTNaFw0yNTE xMTcwMzA0NTNaMIGZMQswCQYDVQQGEwJVUzEVMBMGA1UEAwwMd3d3LmRlbGwuY29tMQ0wCwYDVQQKDAREZWxsMRgwFgYD VQQLDA9EZWxsIE5ldHdvcmtpbmcxETAPBgNVBAcMCFNBTiBKb3NlMRMwEQYDVQQIDApDYWxpZm9ybmlhMSIwIAYJKoZIh vcNAQkBFhNzb21lb25lQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGaGq3Cv4/ RpuoiuePrnayORRhzEW/H2Ypv8OKEcew1gySmFz24LQttzSHo4AO+qF3LkILvFW2RaHZ1mxbmm95d3PnZ8fXg2wgPz+ +T6coHGYH0o0+LkHVBb3IIXd/CSp+TBRzAwWMPS7tnaRv1UqiJtm6/RjcJghbf6zcQWUcg2CTtKe5ej/ rS2tIU9EBGCzL3xs6DRB3lvScgmuckc5L18qWqNHRWMdKFgKwHKUOOvHakPFs9RNJNy5Sxwfe/kgkVmqA/ KWiRIecLIgmgYjKu2E0uC3URpuydoN7UwPSeigXWeR3JyhzfFVEr5LtyXVpo9zS2JGyygKtzZBpke1wIDAQABoy8wLTAM BgNVHRMEBTADAQH/MB0GA1UdDgQWBBTaOaPuXmtLDTJVv++VYBiQr9gHCTANBgkqhkiG9w0BAQUFAAOCAQEAn5E/ w3BLQrX3e3Jv3EUFftGV0NABXOQxb/ODH4doA/68nQcvW7GZgpwoxe77YQH+C/uBNFwSBFxsu9ZkXhKu2q8wrCd +cnuaNu7Kq2V0DGSdR7eIkDTHkflttHbMmRfStHLetk3bA0HgXTW5c+vFn79EX/nJqxIvkl5ADT7k5JZR +j6i9eskgUlvBuV5OOZKzh29Gy4sjXvdYL5GirZFon8iZNY5FON +WlpcLJ9GjMvVfwvJx7exVs9cqXvm6UZ4Bf262STKbm+Q4qz30tyjDdF1xDBcBjL83UcEvSW65V/ sSFKBohqu40EWXIBJ0QbKvFWv91rbjkgtsrHVTdohrA== -----END CERTIFICATE----- Copy and paste the generated certificate to the NSX.
  • Page 999: Configuring Vxlan Gateway

    You can create a logical network by creating a logical switch. The logical network acts as the forwarding domain for workloads on the physical as well as virtual infrastructure. Figure 151. Create Logical Switch Create Logical Switch Port A logical switch port provides a logical connection point for a VM interface (VIF) and a L2 gateway connection to an external network. It binds the virtual access ports in the GW to logical network (VXLAN) and VLAN.
  • Page 1000: Advertising Vxlan Access Ports To Controller

    Fail Mode : secure Port List Fo 1/4/1 Te 1/1/1/1 Te 1/1/2/1 Po 2 The following example shows the show vxlan vxlan-instance logical-network command. Dell#show vxlan vxlan-instance 1 logical-network Instance Total LN count Name VNID bffc3be0-13e6-4745-9f6b-0bcbc5877f01 4656 1000 Virtual Extensible LAN (VXLAN)

Table of Contents