Download Print this page

Dell Z9500 Configuration Manual

Dell Z9500 Configuration Manual

Z-series core and aggregation switche

Hide thumbs Also See for Z9500:

Command reference manual (1905 pages)

,

Reference manual (1849 pages)

,

Installation manual (47 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Installation Manual

Dell Networking Configuration Guide for the

Z9500 Switch

9.10(0.1)

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the Z9500 and is the answer not in the manual?

Questions and answers

Summary of Contents for Dell Z9500

Page 1 Dell Networking Configuration Guide for the Z9500 Switch 9.10(0.1)
Page 2 A WARNING indicates a potential for property damage, personal injury, or death. © 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell and the Dell logo are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Page 3: Table Of Contents
Configure the Overload Bit for a Startup Scenario..................48 Using HTTP for File Transfers.......................... 48 View Configuration Files........................... 49 Enabling Software Features on Devices Using a Command Option.............49 View Command History............................50 Upgrading Dell Networking OS..........................50 Verify Software Images Before Installation......................50 4 Management................................52 Configuring Privilege Levels........................... 52 Contents...
Page 4 Creating a Custom Privilege Level........................53 Removing a Command from EXEC Mode.....................53 Moving a Command from EXEC Privilege Mode to EXEC Mode............. 53 Allowing Access to CONFIGURATION Mode Commands.................53 Allowing Access to Different Modes.......................53 Applying a Privilege Level to a Username......................55 Applying a Privilege Level to a Terminal Line....................55 Configuring Logging..............................55 Audit and Security Logs.............................56...
Page 5 Configuring an Authentication-Fail VLAN.....................92 6 Access Control Lists (ACLs)..........................94 IP Access Control Lists (ACLs)..........................95 CAM Usage................................95 Implementing ACLs on Dell Networking OS....................96 IP Fragment Handling..............................98 IP Fragments ACL Examples..........................98 Layer 4 ACL Rules Examples..........................98 Configure a Standard IP ACL..........................99 Configuring a Standard IP ACL Filter......................100...
Page 6 ACL Resequencing..............................112 Resequencing an ACL or Prefix List.......................113 Route Maps................................114 Implementation Information.......................... 114 Important Points to Remember...........................114 Configuration Task List for Route Maps....................... 115 Configuring Match Routes..........................117 Configuring Set Conditions..........................118 Configure a Route Map for Route Redistribution..................119 Configure a Route Map for Route Tagging....................
Page 7 AS Path................................157 Next Hop................................157 Multiprotocol BGP..............................157 Implement BGP with Dell Networking OS......................158 Additional Path (Add-Path) Support......................158 Advertise IGP Cost as MED for Redistributed Routes................158 Ignore Router-ID in Best-Path Calculation....................159 Four-Byte AS Numbers............................159 AS4 Number Representation..........................159 AS Number Migration............................161 BGP4 Management Information Base (MIB)....................
Page 8 LAG HashingLAG Hashing Based on Bidirectional Flow................209 Unified Forwarding Table (UFT) Modes......................210 Configuring UFT Modes..........................210 11 Control Plane Policing (CoPP).........................211 Z9500 CoPP Implementation..........................213 Protocol-based Control Plane Policing....................... 213 Queue-based Control Plane Policing......................213 CoPP Example................................. 215 Configure Control Plane Policing........................216 Configuring CoPP for Protocols........................216...
Page 9 DCB Maps and its Attributes...........................237 Data Center Bridging: Default Configuration....................238 Configuring Priority-Based Flow Control......................238 Configuring Lossless Queues........................239 Configuring PFC in a DCB Map...........................240 PFC Configuration Notes..........................240 PFC Prerequisites and Restrictions....................... 241 Applying a DCB Map on a Port..........................242 Configuring PFC without a DCB Map........................
Page 10 Offline Diagnostics..............................271 Important Points to Remember........................271 Running Offline Diagnostics...........................271 Examples of Running Offline Diagnostics....................280 TRACE Logs................................287 Auto Save on Crash or Rollover........................287 Last Restart Reason..............................287 show hardware Commands..........................287 Environmental Monitoring........................... 290 Display Power Supply Status..........................290 Display Fan Status.............................
Page 11 Source Address Validation........................... 320 Enabling IP Source Address Validation......................320 DHCP MAC Source Address Validation......................321 Enabling IP+MAC Source Address Validation..................... 321 Viewing the Number of SAV Dropped Packets..................322 Clearing the Number of SAV Dropped Packets..................322 15 Equal Cost Multi-Path (ECMP)........................323 ECMP for Flow-Based Affinity..........................
Page 12 Configuring the Flex Hash Mechanism......................349 RDMA Over Converged Ethernet (RoCE) Overview..................350 Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces................351 19 Force10 Resilient Ring Protocol (FRRP)......................352 Protocol Overview..............................352 Ring Status................................. 353 Multiple FRRP Rings............................353 Important FRRP Points............................ 354 Important FRRP Concepts..........................355 Implementing FRRP...............................
Page 13 IGMP Snooping...............................374 IGMP Snooping Implementation Information....................374 Configuring IGMP Snooping.......................... 374 Removing a Group-Port Association......................375 Disabling Multicast Flooding.......................... 375 Specifying a Port as Connected to a Multicast Router................375 Configuring the Switch as Querier....................... 376 Fast Convergence after MSTP Topology Changes..................376 Designating a Multicast Router Interface......................376 22 Interfaces................................
Page 14 Assigning an IP Address to a Port Channel....................395 Deleting or Disabling a Port Channel......................395 Load Balancing Through Port Channels..................... 396 Changing the Hash Algorithm........................396 Bulk Configuration..............................397 Interface Range..............................397 Bulk Configuration Examples.........................397 Defining Interface Range Macros........................399 Define the Interface Range..........................399 Choosing an Interface-Range Macro......................
Page 15 Stateless Autoconfiguration........................... 432 IPv6 Headers..............................432 IPv6 Header Fields............................433 Extension Header Fields..........................435 Addressing................................. 436 Implementing IPv6 with Dell Networking OS....................437 Longest Prefix Match (LPM) Table and IPv6 /65 – /128 support..............437 ICMPv6..................................437 Path MTU Discovery.............................. 437 IPv6 Neighbor Discovery............................438 IPv6 Neighbor Discovery of MTU Packets....................
Page 16 Monitoring iSCSI Traffic Flows..........................456 Information Monitored in iSCSI Traffic Flows....................457 Detection and Auto-Configuration for Dell EqualLogic Arrays..............457 Configuring Detection and Ports for Dell Compellent Arrays..............458 Application of Quality of Service to iSCSI Traffic Flows................458 27 Intermediate System to Intermediate System..................... 459 IS-IS Protocol Overview............................
Page 17 Sample Configurations............................480 28 Link Aggregation Control Protocol (LACP)....................482 Introduction to Dynamic LAGs and LACP......................482 Important Points to Remember........................482 LACP Modes..............................483 Configuring LACP Commands........................483 LACP Configuration Tasks........................... 484 Creating a LAG..............................484 Configuring the LAG Interfaces as Dynamic....................484 Setting the LACP Long Timeout........................485 Monitoring and Debugging LACP.........................485 Shared LAG State Tracking..........................
Page 18 Management TLVs............................513 TIA-1057 (LLDP-MED) Overview......................... 514 TIA Organizationally Specific TLVs........................515 Configure LLDP...............................518 Related Configuration Tasks.......................... 519 Important Points to Remember........................519 LLDP Compatibility............................519 CONFIGURATION versus INTERFACE Configurations................... 519 Enabling LLDP.................................520 Disabling and Undoing LLDP......................... 520 Enabling LLDP on Management Ports.......................520 Disabling and Undoing LLDP on Management Ports................
Page 19 Enable Multiple Spanning Tree Globally......................556 Adding and Removing Interfaces........................556 Creating Multiple Spanning Tree Instances......................556 Influencing MSTP Root Selection........................557 Interoperate with Non-Dell Bridges........................558 Changing the Region Name or Revision......................558 Modifying Global Parameters..........................558 Modifying the Interface Parameters........................560 Configuring an EdgePort............................561 Flush MAC Addresses after a Topology Change....................561...
Page 20 Router Priority and Cost..........................579 OSPF with Dell Networking OS...........................580 Fast Convergence (OSPFv2, IPv4 Only)....................... 581 Multi-Process OSPFv2 with VRF........................581 RFC-2328 Compliant OSPF Flooding......................581 OSPF ACK Packing............................582 Setting OSPF Adjacency with Cisco Routers....................582 Configuration Information........................... 583 Configuration Task List for OSPFv2 (OSPF for IPv4)................. 583 Sample Configurations for OSPFv2......................594...
Page 21 Related Configuration Tasks.......................... 618 Enabling PIM-SSM..............................618 Use PIM-SSM with IGMP Version 2 Hosts......................618 Configuring PIM-SSM with IGMPv2......................619 39 Policy-based Routing (PBR)..........................620 Overview.................................. 620 Implementing PBR..............................621 Configuration Task List for Policy-based Routing..................622 PBR Exceptions (Permit)..........................624 Sample Configuration............................626 Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface 2/11View Redirect-List GOLD..................................
Page 22 Modifying Interface PVST+ Parameters......................657 Configuring an EdgePort............................658 PVST+ in Multi-Vendor Networks........................658 Enabling PVST+ Extend System ID........................659 PVST+ Sample Configurations..........................659 43 Quality of Service (QoS)..........................662 Implementation Information..........................664 Port-Based QoS Configurations.........................664 Setting dot1p Priorities for Incoming Traffic....................664 Honoring dot1p Priorities on Ingress Traffic....................
Page 23 Implementation Information..........................694 Configuration Information...........................694 Configuration Task List........................... 694 RIP Configuration Example..........................699 45 Remote Monitoring (RMON)...........................703 Implementation Information..........................703 Fault Recovery................................ 703 Setting the RMON Alarm..........................704 Configuring an RMON Event......................... 704 Configuring RMON Collection Statistics..................... 705 Configuring the RMON Collection History....................705 46 Rapid Spanning Tree Protocol (RSTP)......................707 Protocol Overview..............................
Page 24 Creating Access and Trunk Ports........................758 Enable VLAN-Stacking for a VLAN........................758 Configuring the Protocol Type Value for the Outer VLAN Tag.............. 759 Configuring Dell Networking OS Options for Trunk Ports..............759 Debugging VLAN Stacking..........................759 VLAN Stacking in Multi-Vendor Networks....................760 VLAN Stacking Packet Drop Precedence......................763 Enabling Drop Eligibility..........................
Page 25 Overview................................... 771 Implementation Information..........................771 Important Points to Remember........................772 Enabling and Disabling sFlow..........................772 Enabling and Disabling sFlow on an Interface....................772 Enabling sFlow Max-Header Size Extended..................... 773 sFlow Show Commands............................773 Displaying Show sFlow Global........................773 Displaying Show sFlow on an Interface.......................774 Displaying Show sFlow on a Linecard......................774 Configuring Specify Collectors...........................
Page 26 Assigning a VLAN Alias.............................793 Displaying the Ports in a VLAN........................793 Add Tagged and Untagged Ports to a VLAN....................793 Managing Overload on Startup........................... 794 Enabling and Disabling a Port using SNMP.......................794 Fetch Dynamic MAC Entries using SNMP......................795 Deriving Interface Indices.............................796 Monitor Port-Channels............................
Page 27 Configuring a Source IP Address for NTP Packets..................825 Configuring NTP Authentication........................826 Configuring a Custom-defined Period for NTP time Synchronization..........828 Dell Networking OS Time and Date........................829 Configuration Task List ..........................829 Setting the Time and Date for the Switch Software Clock..............829 Setting the Timezone............................
Page 28 Configuring Native VLANs............................ 851 Enabling Null VLAN as the Default VLAN......................852 59 Virtual Routing and Forwarding (VRF)......................853 VRF Overview................................853 VRF Configuration Notes............................854 DHCP.................................. 856 VRF Configuration..............................856 Loading VRF CAM.............................856 Creating a Non-Default VRF Instance......................857 Assigning an Interface to a VRF........................857 Assigning a Front-end Port to a Management VRF...................857 View VRF Instance Information........................858 Assigning an OSPF Process to a VRF Instance...................858...
Page 29 eVLT Configuration Step Examples......................895 PIM-Sparse Mode Configuration Example....................... 897 Verifying a VLT Configuration..........................897 Additional VLT Sample Configurations......................900 Troubleshooting VLT.............................902 Reconfiguring Stacked Switches as VLT......................903 Specifying VLT Nodes in a PVLAN........................904 Association of VLTi as a Member of a PVLAN....................904 MAC Synchronization for VLT Nodes in a PVLAN..................905 PVLAN Operations When One VLT Peer is Down..................905 PVLAN Operations When a VLT Peer is Restarted..................
Page 30 Network Management............................ 948 Multicast................................952 Open Shortest Path First (OSPF)........................952 Routing Information Protocol (RIP)......................953 MIB Location................................953 9.10(0.1)
Page 31: About This Guide
About this Guide This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. For complete information about all the CLI commands, see the Dell Command Line Reference Guide for your system.
Page 32: Configuration Fundamentals
In the Dell Networking OS, after you enter a command, the command is added to the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration, copy the running configuration to another location.
Page 33 For more information about privilege levels and security options, refer to the Privilege Levels Overview section in the Security chapter. The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
Page 34: Navigating Cli Modes
GRUB Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
Page 35 {ipv4 multicast | ipv6 unicast} (ROUTER BGP IPv4) Mode) Dell(conf-routerZ_bgpv6_af)# (for IPv6) ROUTER ISIS Dell(conf-router_isis)# router isis ISIS ADDRESS-FAMILY Dell(conf-router_isis-af_ipv6)# address-family ipv6 unicast (ROUTER ISIS Mode) ROUTER OSPF Dell(conf-router_ospf)# router ospf ROUTER OSPFV3 Dell(conf-ipv6router_ospf)# ipv6 router ospf ROUTER RIP Dell(conf-router_rip)#...
Page 36: The Do Command
You can enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the do command. The following example shows the output of the do command. Dell(conf)# do show ip interface brief Interface IP-Address...
Page 37: Undoing Commands
Dell(conf)# do show version Dell Real Time Operating System Software Dell Operating System Version: Dell Application Software Version: Copyright (c) 1999-2014 by Dell Inc. All Rights Reserved. Build Time: Wed Jul 2 11:24:04 2014 Build Path: /sites/eqx/work/swbuild01_1/build16/MERCED-MR-9-5-0/SW/SRC Dell Networking OS uptime is 2 hour(s), 20 minute(s) System image file is "rith-rainier"...
Page 38: Obtaining Help
Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands.
Page 39: Command History
NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks. The except keyword displays text that does not match the specified text. The following example shows this command used in combination with the show system brief command.
Page 40 NOTE: You can filter a single command output multiple times. The save option must be the last option entered. For example: Dell# command | grep regular-expression | except regular-expression | grep other- regular-expression | find regular-expression | save. Example of the except Keyword...
Page 41: Multiple Users In Configuration Mode
% Warning: User "<username>" on line vty0 "10.11.130.2" is in configuration mode If either of these messages appears, Dell Networking recommends coordinating with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes.
Page 42: Getting Started
This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
Page 43: Console Access
Console Access The device has two management ports available for system access: a serial RS-232 /RJ-45 console port and an out-of-band (OOB) Ethernet port to manage the switch with an IP address. Serial Console The RJ-45/RS-232 console port is labeled on the upper right-hand side, as you face the I/O side of the chassis. Figure 1.
Page 44: Default Configuration
Default Configuration Although a version of Dell Networking OS is pre-loaded onto the system, the system is not configured when you power up the system first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
Page 45: Configure The Management Port Ip Address
– encryption-type: specifies how you are inputting the password, is 0 by default, and is not required. 0 is for inputting the password in clear text. 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Getting Started...
Page 46: Configuring The Enable Password
Privilege mode. Managing the File System The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default but can be configured to store files elsewhere.
Page 47: Copy Files To And From The System
• To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file- destination syntax for a local file location. Table 3. Forming a copy Command...
Page 48: Save The Running-Configuration
To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP server to use a specific routing table. You can use the ip http vrf command to inform the HTTP server to use a specific routing table.
Page 49: View Configuration Files
Configure an HTTP client with a VRF that is used to connect to the HTTP server. CONFIGURATION MODE Dell(conf)#ip http vrf {management | <vrf-name>} View Configuration Files Configuration files have three commented lines at the beginning of the file, as shown in the following example, to help you track the last time any user made a change to the file, which user made the changes, and when the file was last saved to the startup-configuration.
Page 50: View Command History
Algorithm, after the image is transferred to the system but before the image is installed. The validation calculates a hash value of the downloaded image file on system’s flash drive, and, optionally, compares it to a Dell Networking published hash for that file.
Page 51 • hash-value: (Optional). Specify the relevant hash published on iSupport. • img-file: Enter the name of the Dell Networking software image file to validate Examples: Without Entering the Hash Value for Verification Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin MD5 hash for FTOS-SE-9.5.0.0.bin: 275ceb73a4f3118e1d6bcf7d75753459 SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin...
Page 52: Management
Management This chapter describes the different protocols or services used to manage the Dell Networking system. Topics: • Configuring Privilege Levels • Configuring Logging • Track Login Activity • Limit Concurrent Login Sessions • Log Messages in the Internal Buffer •...
Page 53: Creating A Custom Privilege Level
Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set. You can then customize privilege levels 2-14 by: • restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode •...
Page 54 CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...|| command} Example of EXEC Privilege Commands Dell(conf)#do show run priv privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence...
Page 55: Applying A Privilege Level To A Username
When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: •...
Page 56: Audit And Security Logs
• console and terminal lines • any configured syslog servers To disable logging, use the following commands. • Disable all logging except on the console. CONFIGURATION mode no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer •...
Page 57: Configuring Logging Format
May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security...
Page 58: Setting Up A Secure Connection To A Syslog Server
On the switch, enable the SSH server Dell(conf)#ip ssh server enable On the syslog server, create a reverse SSH tunnel from the syslog server to the Dell OS switch, using following syntax: ssh -R <remote port>:<syslog server>:<syslog server listen port> user@remote_host -nNf...
Page 59: Track Login Activity
Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events. When you log in using the console or VTY line, the system displays the last successful login details of the current user and the number of unsuccessful login attempts since your last successful login to the system, and whether the current user’s...
Page 60: Display Login Statistics
Example of the show login statistics user user-id command The show login statistics user user-id command displays the successful and failed login details of a specific user in the last 30 days or the custom defined time period. Dell# show login statistics user admin Management...
Page 61: Limit Concurrent Login Sessions
Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines. You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions.
Page 62: Enabling The System To Clear Existing Sessions
Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedure: •...
Page 63: Configuration Task List For System Log Management
Configuration Task List for System Log Management There are two configuration tasks for system log management: • Disable System Logging • Send System Messages to a Syslog Server Disabling System Logging By default, logging is enabled and log messages are sent to the logging buffer, all terminal lines, the console, and the syslog servers.
Page 64: Display The Logging Buffer And The Logging Configuration
EXEC privilege mode. When RBAC is enabled, the security logs are filtered based on the user roles. Only the security administrator and system administrator can view the security logs. Example of the show logging Command Dell#show logging syslog logging: enabled Console logging: level Debugging...
Page 65: Configuring A Unix Logging Facility Level
CONFIGURATION mode logging buffered size NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that Dell Networking OS saves to its logging history table.
Page 66: Synchronizing Log Messages
Dell# Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
Page 67: Enabling Timestamp On Syslog Messages
File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.
Page 68: Configuring Ftp Server Parameters
Example of Viewing FTP Configuration Dell#show running ftp ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands.
Page 69: Terminal Lines
The auxiliary line (aux) connects secondary devices such as modems. Denying and Permitting Access to a Terminal Line Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines. •...
Page 70: Configuring Login Authentication For Terminal Lines
You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, Dell Networking OS prompts the next method until all methods are exhausted, at which point the connection is terminated. The available authentication methods are: Prompt for the enable password.
Page 71: Setting Timeout For Exec Privilege Mode
Dell(config-line-vty)# Setting Timeout for EXEC Privilege Mode EXEC timeout is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set timeout, use the following commands.
Page 72: Lock Configuration Mode
Dell# Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message 2). You can set two types of lockst: auto and manual.
Page 73: Recovering From A Forgotten Password On The Z9000 System
Set the system parameters to ignore the enable password when the system reloads and reboot the environment. grub>set stconfigignore=true grub>save_env stconfigignore grub>reboot The Z9000 boots up with the factory default configuration. The default Dell Networking OS system prompt displays when the system boot up is complete. NOTE: Do not press any keys during the boot-up process.
Page 74: Ignoring The Startup Configuration And Booting From The Factory-Default Configuration
Recovering from a Failed Start on the Z9000 System A system that does not start correctly might be attempting to boot from a corrupted Dell Networking OS image or from a mis- specified location. In this case, you can restart the system and interrupt the boot process to point the system to another boot location. Use the set command, as described in the following steps.
Page 75: Restoring The Factory Default Settings
• After the restore is complete, the units power cycle immediately. The following example illustrates the restore factory-defaults command to restore the factory default settings. Dell#restore factory-defaults nvram *********************************************************************** Warning - Restoring factory defaults will delete the existing persistent settings (stacking, fanout, etc.) After restoration the unit(s) will be powercycled immediately.
Page 76 • If the primary boot line is A: and the A: partition contains a valid image, the primary boot line is set to A:, the secondary boot line is set to B: (if B: also contains a valid image), and default boot line is set to a Null String. •...
Page 77 file name : FTOS-SI-9-5-0-169.bin Server IP address : 10.16.127.35 BOOT_USER # Assign an IP address and network mask to the Management Ethernet interface. BOOT_USER # interface management ethernet ip address ip_address_with_mask For example, 10.16.150.106/16. Assign an IP address as the default gateway for the system. default-gateway gateway_ip_address For example, 10.16.150.254.
Page 78: 802.1X
802.1X employs Extensible Authentication Protocol (EAP) to transfer a device’s credentials to an authentication server (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure.
Page 79 The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network. It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator.
Page 80: Port-Authentication Process
The authenticator changes the port state to authorized if the server can authenticate the supplicant. In this state, network traffic can be forwarded normally. NOTE: The Dell Networking switches place 802.1X-enabled ports in the unauthorized state by default. Topics: •...
Page 81: Eap Over Radius
Success frame. If the identity information is invalid, the server sends an Access-Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. Figure 5. EAP Port-Authentication EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format.
Page 82: Configuring 802.1X
Configuring a Guest VLAN • Configuring an Authentication-Fail VLAN Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. •...
Page 83: Enabling 802.1X
Enabling 802.1X Enable 802.1X globally. Figure 7. 802.1X Enabled Enable 802.1X globally. CONFIGURATION mode dot1x authentication Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication Examples of Verifying that 802.1X is Enabled Globally and on an Interface Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command...
Page 84: Configuring Dot1X Profile
In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication [output omitted] interface TenGigabitEthernet 2/1 no ip address dot1x authentication no shutdown Dell# To view 802.1X configuration information for an interface, use the show dot1x interface command.
Page 85: Configuring The Static Mab And Mab Profile
Example of Static MAB and MAB Profile for an Interface Dell(conf-if-Te-2/1)#dot1x static-mab profile sample Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 21 switchport dot1x static-mab profile sample no shutdown Dell(conf-if-Te 2/1))#show dot1x interface TenGigabitEthernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable Port Control: Auto...
Page 86: Configuring Mac Addresses For A Do1X Profile
Example of Configuring a Critical VLAN for an Interface Dell(conf-if-Te-2/1)#dot1x critical-vlan 300 Dell(conf-if-Te 2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x critical-vlan 300 no shutdown Dell#show dot1x interface tengigabitethernet 2/1 802.1x information on Te 2/1: ------------------------------------------------------ Dot1x Status: Enable Port Control: AUTO...
Page 87: Configuring Request Identity Re-Transmissions
Dell(conf-dot1x-profile)#exit Dell(conf)# Configuring Request Identity Re-Transmissions When the authenticator sends a Request Identity frame and the supplicant does not respond, the authenticator waits for 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits can be configured.
Page 88: Forcibly Authorizing Or Unauthorizing A Port
EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-2/1)#dot1x tx-period 90 Dell(conf-if-range-Te-2/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-2/1)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable...
Page 89: Re-Authenticating A Port
Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-1/1)#dot1x reauthentication interval 7200 Dell(conf-if-Te-1/1)#dot1x reauth-max 10 Dell(conf-if-Te-1/1)#do show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status:...
Page 90: Configuring Timeouts
The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1)#do show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status:...
Page 91: Configuring Dynamic Vlan Assignment With Port Authentication
Tunnel-Private-Group-ID The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
Page 92: Guest And Authentication-Fail Vlans
Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data.
Page 93 Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown...
Page 94: Access Control Lists (Acls)
Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol [TCP], or user datagram protocol [UDP] packets) and an action to take (permit or deny).
Page 95: Ip Access Control Lists (Acls)
When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created.
Page 96: Implementing Acls On Dell Networking Os
If there is no need to shift the flow in the hardware, the counters are not affected. This is applicable to the following features: • L2 Ingress Access list • L2 Egress Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher. Access Control Lists (ACLs)
Page 97 In cases where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules. The order can range from 0 to 254. Dell Networking OS writes to the CAM ACL rules with lower-order numbers (order numbers closer to 0) before rules with higher-order numbers so that packets are matched as you intended.
Page 98: Ip Fragment Handling
For IP ACL, Dell Networking OS always applies implicit deny. You do not have to configure it. • For IP ACL, Dell Networking OS applies implicit permit for second and subsequent fragment just prior to the implicit deny. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments.
Page 99: Configure A Standard Ip Acl
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
Page 100: Configuring A Standard Ip Acl Filter
To delete a filter, use the no seq sequence-number command in IP ACCESS LIST mode. If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured.
Page 101: Configure An Extended Ip Acl
To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. The following examples shows how to view a standard ACL filter sequence for an interface. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example...
Page 102: Configuring Filters Without A Sequence Number
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
Page 103: Configure Layer 2 And Layer 3 Acls
Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode. If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. •...
Page 104: Guidelines For Configuring Acl Vlan Groups
NOTE: CAM optimization applies only when you use an ACL VLAN group; it does not apply if you apply an ACL on individual VLANs. Guidelines for Configuring ACL VLAN Groups Keep the following points in mind when you configure ACL VLAN groups: •...
Page 105: Allocating Acl Vlan Cam
ACL-VLAN-GROUP CONFIGURATION (conf-acl-vl-grp) mode member vlan vlan-range Verify the currently configured ACL VLAN groups on the switch. ACL-VLAN-GROUP CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan-group {group-name | detail} Dell#show acl-vlan-group detail Group Name : TestGroupSeventeenTwenty Egress IP Acl : SpecialAccessOnlyExpertsAllowed Vlan Members :...
Page 106: Configure Ingress Acls
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te1/1)#ip access-group abcd in Dell(conf-if-te1/1)#show config tengigabitethernet 1/1 no ip address...
Page 107: Configure Egress Acls
Dell#show ip accounting access-list Extended Ingress IP access list abcd on tengigabitethernet 1/1 seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.2 Configure Egress ACLs Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack —...
Page 108: Applying Egress Layer 3 Acls (Control-Plane)
(if configured) is applied. When the route prefix matches a filter, Dell Networking OS drops or forwards the packet based on the filter’s designated action. If the route prefix does not match any of the filters in the prefix list, the route is dropped (that is, implicit deny).
Page 109: Implementation Information
Configuring a prefix list • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following commands.
Page 110 To delete a filter, use the no seq sequence-number command in PREFIX LIST mode.If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured.
Page 111 [prefix-name] Examples of the show ip prefix-list Command The following example shows the show ip prefix-list detail command. Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0)
Page 112: Acl Resequencing
Dell(conf-router_rip)#show config router rip distribute-list prefix juba out network 10.0.0.0 Dell(conf-router_rip)#router ospf 34 Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode.
Page 113: Resequencing An Acl Or Prefix List
10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ...
Page 114: Route Maps
10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
Page 115: Configuration Task List For Route Maps
You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found.
Page 116 In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement.
Page 117: Configuring Match Routes
Dell(conf)#route-map force deny 20 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force deny 30 Dell(config-route-map)#match tag 1000 Configuring Match Routes To configure match criterion for a route map, use the following commands. • Match routes with the same AS-PATH numbers. CONFIG-ROUTE-MAP mode match as-path as-path-name •...
Page 118: Configuring Set Conditions
match metric metric-value • Match BGP routes based on the ORIGIN attribute. CONFIG-ROUTE-MAP mode match origin {egp | igp | incomplete} • Match routes specified as internal or external to OSPF, ISIS level-1, ISIS level-2, or locally generated. CONFIG-ROUTE-MAP mode match route-type {external [type-1 | type-2] | internal | level-1 | level-2 | local } •...
Page 119: Configure A Route Map For Route Redistribution
Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins.
Page 120: Continue Clause
[vman-qos | vman-dual-qos number] ecfmacl number [nlbclusteracl number] ipv4pbr number }openflow number | fcoe number} [ipv4udfenable] [iscsioptacl number] [vrfv4acl number] Dell(conf)#cam-acl l2acl 1 ipv4acl 8 ipv6acl 2 ipv4qos 0 l2qos 2 l2pt 0 ipmacacl 0 vman-qos 0 ecfmacl 0 ipv4udfenable View the currently configured CAM allocation.
Page 121 Ipv4Qos L2Qos L2PT IpMacAcl VmanQos EcfmAcl FcoeAcl iscsiOptAcl ipv4pbr vrfv4Acl Openflow fedgovacl nlbclusteracl: Dell# Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) 1 block = 256 entries L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos L2PT IpMacAcl VmanQos EcfmAcl FcoeAcl...
Page 122 Configure a UDF ID to parse packet headers using the specified number of offset and required bytes. CONFIGURATION-UDF TCAM mode key description udf-id id packetbase PacketBase offset bytes length bytes Dell(conf-udf-tcam)#key innerL3header udf-id 6 packetbase innerL3Header offset 0 length 2 View the UDF TCAM configuration. CONFIGURATION-UDF TCAM mode...
Page 123 CONFIGURATION-EXTENDED-ACCESS-LIST mode permit ip {source mask | any | host ip-address} {destination mask | any | host ip-address} udf-pkt-format name udf-qualifier-value name Dell(config-ext-nacl)#permit ip any any udf-pkt-format ipinip udf-qualifier-value ipnip_val1 12 View the UDF TCAM configuration. CONFIGURATION-UDF TCAM mode show config...
Page 124: Bare Metal Provisioning (Bmp)
Enhanced Behavior of the stop bmp Command The stop bmp command behaves as follows: • While Dell Networking OS image upgrade is in progress, it aborts the BMP process after the Dell Networking OS image is upgraded. • When applying configurations from the file, it aborts the BMP process after all configurations are applied in the system.
Page 125: Bidirectional Forwarding Detection (Bfd)
BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the route processor. Only session state changes are reported to the BFD Manager (on the route processor), which in turn notifies the routing protocols that are registered with it.
Page 126: Bfd Packet Format
The poll and final bits are used during the handshake and in Demand mode (refer Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Bidirectional Forwarding Detection (BFD)
Page 127: Bfd Sessions
Dell Networking OS does not currently support the echo function. Authentication An optional method for authenticating control packets. Type, NOTE: Dell Networking OS does not currently support the BFD authentication function. Authentication Length, Authentication Data Two important parameters are calculated using the values contained in the control packet.
Page 128: Bfd Three-Way Handshake
Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up. State...
Page 129 state change or change in a session parameter, the passive system sends a final response indicating the state change. After this, periodic control packets are exchanged. Figure 10. BFD Three-Way Handshake State Changes Bidirectional Forwarding Detection (BFD)
Page 130: Session State Changes
Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4.
Page 131: Configure Bfd For Static Routes
• Configure BFD for OSPFv3 • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Configure BFD for Static Routes BFD offers systems a link state detection mechanism for static routes. With BFD, systems are notified to remove static routes from the routing table as soon as the link state change occurs, rather than waiting until packets fail to reach their next hop.
Page 132: Configure Bfd For Ospf
R1(conf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 2.2.2.2 Te 4/24 To view detailed session information, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information.
Page 133 This delay should not be seen after a reload because OSPF will throttle neighbor establishment. Configuring BFD for OSPF is a two-step process: Enable BFD globally. Establish sessions with OSPF neighbors. Related Configuration Tasks • Changing OSPF Session Parameters • Disabling BFD for OSPF Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a...
Page 134 • Establish sessions with all OSPF neighbors. ROUTER-OSPF mode bfd all-neighbors • Establish sessions with OSPF neighbors on a single interface. INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions.
Page 135: Configure Bfd For Ospfv3
• Disable BFD sessions with all OSPFv3 neighbors. ROUTER-OSPFv3 mode no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: Enable BFD globally.
Page 136: Configure Bfd For Is-Is
• Disable BFD sessions with all OSPFv3 neighbors. ROUTER-OSPFv3 mode no bfd all-neighbors • Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all OSPFv3 neighbors at once or with all neighbors out of a specific interface. Sessions are only established when the OSPFv3 adjacency is in the Full state.
Page 137 Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 14. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands. •...
Page 138: Configure Bfd For Bgp
- CLI - ISIS - OSPF - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.2 2.2.2.1 Te 2/1 Changing IS-IS Session Parameters BFD sessions are configured with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured for all IS-IS sessions or all IS-IS sessions out of an interface.
Page 139 Prerequisites Before configuring BFD for BGP, you must first configure the following settings: Configure BGP on the routers that you want to interconnect, as described in Border Gateway Protocol IPv4 (BGPv4). Enable fast fall-over for BGP neighbors to reduce convergence time (the neighbor fall-over command), as described BGP Fast Fall-Over.
Page 140 BFD for BGP is supported only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies.
Page 141 ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
Page 142 Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown bfd all-neighbors The following example shows viewing all BFD neighbors.
Page 143 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: True Client Registered: BGP Uptime: 00:02:22 Statistics:...
Page 144 2.2.2.2 04:32:26 3.3.3.2 00:38:12 The following example shows viewing BFD information for a specified neighbor. The bold lines show the message displayed when you enable a BFD session with different configurations: • Message displays when you enable a BFD session with a BGP neighbor that inherits the global BFD session settings configured with the global bfd all-neighbors command.
Page 145: Configure Bfd For Vrrp
Peer active in peer-group outbound optimization Configure BFD for VRRP When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM). BFD sessions are established with all neighboring interfaces participating in VRRP. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the VRRP protocol that a link state change occurred.
Page 146 Examples of Viewing VRRP Sessions To view the established sessions, use the show bfd neighbors command. The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-te-4/25)#vrrp bfd all-neighbors Dell(conf-if-te-4/25)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI...
Page 147: Configuring Protocol Liveness
vrrp bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for a particular VRRP session. INTERFACE mode vrrp bfd neighbor ip-address interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the example in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors command example in Displaying BFD for BGP Information.
Page 148: Border Gateway Protocol Ipv4 (Bgpv4)
Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
Page 149 because they provide connections from one network to another. The ISP is considered to be “selling transit service” to the customer network, so thus the term Transit AS. When BGP operates inside an AS (AS1 or AS2, as seen in the following illustration), it is referred to as Internal BGP (IBGP Internal Border Gateway Protocol).
Page 150: Sessions And Peers
four routers connected in a full mesh have three peers each, six routers have five peers each, and eight routers in full mesh have seven peers each. Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible.
Page 151: Establish A Session
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established.
Page 152: Bgp Attributes
To illustrate how these rules affect routing, refer to the following illustration and the following steps. Routers B, C, D, E, and G are members of the same AS (AS100). These routers are also in the same Route Reflection Cluster, where Router D is the Route Reflector.
Page 153: Best Path Selection Criteria
In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 154 Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. Dell Networking OS deems the paths as equal and does not perform steps 9 through 11, if the following criteria is met: the IBGP multipath or EBGP multipath are configured (the maximum-path command).
Page 155: Weight
Weight The weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight is preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local preference (LOCAL_PREF) represents the degree of preference within the entire AS.
Page 156: Origin
BGP. In Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
Page 157: As Path
Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address...
Page 158: Implement Bgp With Dell Networking Os
BGP routes into BGP. Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones.
Page 159: Ignore Router-Id In Best-Path Calculation
Configure 4-byte AS numbers with the four-octet-support command. AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature. If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported.
Page 160 65526 appears as 65526 and the AS number 65546 appears as 1.10. Dynamic AS Number Notation Application Dell Networking OS applies the ASN notation type change dynamically to the running-config statements. When you apply or change an notation, the type selected is reflected immediately in the running-configuration and the show commands (refer to the following two examples).
Page 161: As Number Migration
Dell(conf-router_bgp)#sho conf router bgp 100 neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress.
Page 162 behavior to happen by allowing Router B to appear as if it still belongs to Router B’s old network (AS 200) as far as communicating with Router C is concerned. Figure 23. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature.
Page 163: Bgp4 Management Information Base (Mib)
• To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5.
Page 164: Configuration Information
To enable the BGP process and begin exchanging information, assign an AS number and use commands in ROUTER BGP mode to configure a BGP neighbor. By default, BGP is disabled. By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always- compare-med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled.
Page 165: Enabling Bgp
Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer.
Page 166 Disable 4-Byte support and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation. All AS numbers are displayed in ASPLAIN format.
Page 167 Active For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
Page 168: Configuring As4 Number Representations
Connections established 0; dropped 0 Last reset never No active TCP connection Dell# The following example shows verifying the BGP configuration using the show running-config bgp command.. Dell#show running-config bgp router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24...
Page 169: Configuring Peer Groups
NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot • Enable ASDOT+ AS Number representation. CONFIG-ROUTER-BGP mode...
Page 170 Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it. For information about configuring route policies for a peer group, refer to Filtering BGP Routes.
Page 171 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
Page 172: Configuring Bgp Fast Fall-Over
To verify that you enabled fast fall-over on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fall-over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5...
Page 173: Configuring Passive Peering
Local host: 200.200.200.200, Local port: 65519 Foreign host: 100.100.100.100, Foreign port: 179 Dell# To verify that fast fall-over is enabled on a peer-group, use the show ip bgp peer-group command (shown in bold). Dell#sh ip bgp peer-group Peer-group test fall-over enabled BGP version 4...
Page 174: Maintaining Existing As Numbers During An As Migration
When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor. To work around this, change the BGP configuration or change the order of the peer group configuration.
Page 175: Allowing An As Number To Appear In Its Own As Path
To disable this feature, use the no neighbor local-as command in CONFIGURATION ROUTER BGP mode. R2(conf-router_bgp)#show conf router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown...
Page 176: Enabling Neighbor Graceful Restart
This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 177 If you assign an non-existent or empty AS-PATH ACL, the software allows all routes. Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode. Dell#show ip bgp paths Total 30655 Paths Address...
Page 178: Regular Expressions As Filters
For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS. Regular...
Page 179: Redistributing Routes
Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in Dell(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#ex Dell(conf)#ex Dell#show ip as-path-access-lists...
Page 180: Enabling Additional Paths
One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. In Dell Networking OS, you can assign a COMMUNITY attribute to BGP routers by using an IP community list.
Page 181: Configuring An Ip Extended Community List
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
Page 182: Filtering Routes With Community Lists
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
Page 183: Manipulating The Community Attribute
In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. To send the COMMUNITY attribute to BGP neighbors, use the following command.
Page 184: Changing Med Attributes
--More-- Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands. •...
Page 185: Configuring The Local System Or A Different System To Be The Next Hop For Bgp-Learned Routes
bgp default local-preference value – value: the range is from 0 to 4294967295. The default is 100. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. A more flexible method for manipulating the LOCAL_PREF attribute value is to use a route map.
Page 186: Changing The Weight Attribute
You can create inbound and outbound policies. Each of the commands used for filtering has in and out parameters that you must apply. In Dell Networking OS, the order of preference varies depending on whether the attributes are applied for inbound updates or outbound updates.
Page 187 • AS-PATH ACLs (using the neighbor filter-list command) • route maps (using the neighbor route-map command) Prior to filtering BGP routes, create the prefix list, AS-PATH ACL, or route map. For configuration information about prefix lists, AS-PATH ACLs, and route maps, refer to Access Control Lists (ACLs).
Page 188: Filtering Bgp Routes Using Route Maps
Filtering BGP Routes Using Route Maps To filter routes using a route map, use these commands. Create a route map and assign it a name. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] Create multiple route map filters with a match or set action. CONFIG-ROUTE-MAP mode {match | set} For information about configuring route maps, see...
Page 189: Configuring Bgp Route Reflectors
EXEC Privilege mode. Aggregating Routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active.
Page 190: Configuring Bgp Confederations
In the show ip bgp command, aggregates contain an ‘a’ in the first column (shown in bold) and routes suppressed by the aggregate contain an ‘s’ in the first column. Dell#show ip bgp BGP table version is 0, local router ID is 10.101.15.13 Status codes: s suppressed, d damped, h history, * valid, >...
Page 191 (a numeric value) for routes that flap. When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or is decayed.
Page 192 – regexp regular-expression: enter a regular express to match on. By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival. You can change the path selection method to non-deterministic, that is, paths are compared in the order in which they arrived (starting with the most recent).
Page 193: Changing Bgp Timers
Changing BGP Timers To configure BGP timers, use either or both of the following commands. Timer values configured with the neighbor timers command override the timer values configured with the timers bgp command. When two neighbors, configured with different keepalive and holdtime values, negotiate for new values, the resulting values are as follows: •...
Page 194: Route Map Continue
The example enables inbound soft reconfiguration for the neighbor 10.108.1.1. All updates received from this neighbor are stored unmodified, regardless of the inbound policy. When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell>router bgp 100 neighbor 10.108.1.1 remote-as 200 neighbor 10.108.1.1 soft-reconfiguration inbound...
Page 195: Enabling Mbgp Configurations
The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer- group.
Page 196: Debugging Bgp
Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued.
Page 197: Capturing Pdus
Example of the show ip bgp neighbor Command to View Last and Bad PDUs Dell(conf-router_bgp)#do show ip bgp neighbors 1.1.1.2 BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 2.4.0.1 BGP state ESTABLISHED, in this state for 00:00:01...
Page 198: Pdu Counters
313511 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command. Border Gateway Protocol IPv4 (BGPv4)
Page 199: Sample Configurations
Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make the necessary changes.
Page 200 R1(conf-if-te-1/21)#int te 1/31 R1(conf-if-te-1/31)#ip address 10.0.3.31/24 R1(conf-if-te-1/31)#no shutdown R1(conf-if-te-1/31)#show config interface TengigabitEthernet 1/31 ip address 10.0.3.31/24 no shutdown R1(conf-if-te-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.168.128.0/24 R1(conf-router_bgp)#neighbor 192.168.128.2 remote 99 R1(conf-router_bgp)#neighbor 192.168.128.2 no shut R1(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 R1(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config...
Page 201 R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int te 3/11 R3(conf-if-te-3/11)#ip address 10.0.3.33/24 R3(conf-if-te-3/11)#no shutdown R3(conf-if-te-3/11)#show config interface TengigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int te 3/21 R3(conf-if-te-3/21)#ip address 10.0.2.3/24 R3(conf-if-te-3/21)#no shutdown R3(conf-if-te-3/21)#show config interface TengigabitEthernet 3/21...
Page 202 BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 96 bytes of memory 2 BGP AS-PATH entrie(s) using 74 bytes of memory 2 neighbor(s) using 8672 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.2 99 23 24 1 0 (0) 00:00:17 1Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2)
Page 203 R2#show ip bgp summary BGP router identifier 192.168.128.2, local AS number 99 BGP table version is 2, main routing table version 2 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory...
Page 204 Local host: 192.168.128.2, Local port: 65464 Foreign host: 192.168.128.1, Foreign port: 179 BGP neighbor is 192.168.128.3, remote AS 100, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.3 BGP state ESTABLISHED, in this state for 00:18:51 Last read 00:00:45, last write 00:00:44 Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue...
Page 205: Content Addressable Memory (Cam)
Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies.On a line card, there are one or two CAM (Dual-CAM) modules per port-pipe.
Page 206 This platform supports upto 256 CAM entries. Select 1 to configure 128 entries. Select 2 to configure 256 entries. Even though you can perform CAM carving to allocate the maximum number of NLB entries, Dell Networking recommends you to use a maximum of 64 NLB ARP entries.
Page 207: Test Cam Usage
Privilege mode. The Status column in the command output indicates whether or not you can enable the policy. Example of the test cam-usage Command Dell# test cam-usage service-policy input pcam linecard all linecard | Portpipe | CAM Partition | Available CAM | Estimated CAM per Port | Status...
Page 208: View Cam Usage
EcfmAcl Openflow -- linecard 1 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos L2PT IpMacAcl VmanQos EcfmAcl Openflow -- linecard 2 -- Current Settings(in block sizes) 1 block = 256 entries L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos...
Page 209: Return To The Default Cam Configuration
MPLS packets are treated as follows: • When MPLS IP packets are received, Dell Networking OS looks up to five labels deep for the IP header. • When an IP header is present, hashing is based on IP three tuples (source IP address, destination IP address, and IP protocol).
Page 210: Unified Forwarding Table (Uft) Modes
[Longest Prefix Match — LPM]) into a single flexible resource. Dell Networking OS supports several UFT modes to extract the forwarding tables, as required. By default, Dell Networking OS initializes the table sizes to UFT mode 2 profile, since it provides a reasonable shared memory for all the tables.
Page 211: Control Plane Policing (Copp)
Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Page 212 The following illustration shows an example of the difference between having CoPP implemented and not having CoPP implemented. Figure 25. Control Plane Policing Figure 26. CoPP Implemented Versus CoPP Not Implemented Topics: • Z9500 CoPP Implementation Control Plane Policing (CoPP)
Page 213: Z9500 Copp Implementation
Troubleshooting CoPP Operation Z9500 CoPP Implementation The Z9500 control plane consists of multi-core CPUs with internal queues for handling packets destined to the Route Processor, Control Processor, and line-card CPUs. On the Z9500, CoPP is implemented as a distributed architecture. In this architecture, CoPP operates simultaneously in both distributed and aggregated modes.
Page 214 ICMPv6 ICMP DHCP, LLDP, FEFD, 8021x 3200 CPU Queue Protocols Mapped to Route Processor Queues Rate Limit (in kbps) Unknown L3, L3 with Broadcast MAC destination address PIM DR, Multicast Catch All, iSCSI, IPv6 Multicast Catch All, IPv6 Multicast tunnels ARP request, NS, RS 1800 ARP reply, NA, RA...
Page 215: Copp Example
CoPP Example The illustrations in this section show the benefit of using CoPP compared to not using CoPP on a switch. The following illustration shows how CoPP rate limits protocol traffic destined to the control-plane CPU. Figure 27. Control Plane Policing Control Plane Policing (CoPP)
Page 216: Configure Control Plane Policing
NOTE: On the Z9500, CoPP does not convert the input rate of control-plane traffic from kilobits per second (kbps) to packets per second (pps) as on other Dell Networking switches. On other switch, CoPP converts the input kilobit-per-second rate to a packet-per-second rate, assuming 64 bytes as the average packet size.
Page 217 The basics for creating a CoPP service policy are to create a Layer 2, Layer 3, and/or an IPv6 ACL rule for the desired protocol type. Then, create a QoS input policy to rate-limit the protocol traffics according to the ACL. The ACL and QoS policies are finally assigned to a control-plane service policy for each port-pipe.
Page 218 Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit The following example shows creating the QoS input policy. Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos...
Page 219: Examples Of Configuring Copp For Protocols
Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit Example of Creating a QoS Rate-Limiting Input Policy Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 500 50 peak 1000 50...
Page 220: Configuring Copp For Cpu Queues
On the Z9500, the range of queue-number values is from 0 to 23. The twenty-four control–plane queues are divided into groups of eight queues for the Route Processor, Control Processor, and line-card CPUs as follows: •...
Page 221: Examples Of Configuring Copp For Cpu Queues
Examples of Configuring CoPP for CPU Queues Example of Creating a QoS Policy to Configure the Rate Limit Dell#conf Dell(conf)#qos-policy-input cpuq_1 cpu-qos Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 cpu-qos Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit Example of Assigning a QoS Policy to a CPU Queue...
Page 222 ICMPV6 RS Q2/Q10 CP/RP ICMPV6 VRRPV6 OSPFV3 2500 Viewing Per-Queue Protocol-Queue Mapping To view the protocol traffic assigned to a specified queue, use the show protocol-queue-mapping queue-id command. Dell#show protocol-queue-mapping queue-id 2 Protocol Queue EgPort CommitRate(kbps) Peak Rate(kbps) -------- ----- ------...
Page 223 ICMP NS Q2/Q10 CP/RP v6 ICMP RS Q2/Q10 CP/RP Viewing Complete Protocol-Queue Mapping To view the queues to which all protocol traffic is assigned, use the show protocol-queue-mapping command. Dell# show protocol-queue-mapping CommitRate Peak Rate CommitBurst PeakBurst Protocol Queue EgPort...
Page 224: Troubleshooting Copp Operation
To troubleshoot the reason for CPU packet loss, you can display statistics about system flows on the central switch (aggregated CoPP) or on a specified set of Z9500 ports by entering the show hardware system-flow layer2 [cp- Control Plane Policing (CoPP)
Page 225 | linecard slot-id portset port-pipe] command. The number of hits for each system flow is also displayed. Dell#show hardware system-flow layer2 linecard 2 port-set 0 ############## FP Entry for redirecting STP BPDU to CPU Port ################ EID 0x00000300: gid=0xa,...
Page 226: Viewing Per-Protocol Copp Counters
DstMac Offset: 88 Width: 48 DATA=0x00000180 c2000021 MASK=0x0000ffff ffffffff action={act=DropPrecedence, param0=1(0x1), param1=0(0), param2=0(0), param3=0(0)} action={act=Drop, param0=0(0), param1=0(0), param2=0(0), param3=0(0)} action={act=CosQCpuNew, param0=4(0x4), param1=0(0), param2=0(0), param3=0(0)} action={act=CopyToCpu, param0=1(0x1), param1=5(0x5), param2=0(0), param3=0(0)} policer= statistics={stat id 8 slice = 9 idx=2 entries=1}{Packets} --More-- ################# FP Entry for redirecting ARP Replies to RSM ############# --More-- ################# FP Entry for redirecting 802.1x frames to CPU Port ######### --More--...
Page 227 Z9500 line card and port set (distributed CoPP). There are three line cards (0-2) with fixed ports on the Z9500. Line card 0 uses two sets of ports (port pipes): 0 to 1; line cards 1 and 2 use three sets of ports: 0 to 2.
Page 228: Viewing Per-Queue Copp Counters
To clear the per-protocol counters of rate-limited control-plane traffic at the aggregated (switch) or line card and port set level, use the clear control-traffic protocol [cp—switch | linecard {0–2} portset {0–3}] counters command; for example: Dell#clear control-traffic protocol linecard 1 portset 2 counters Dell# Dell#clear control-traffic protocol cp-switch counters...
Page 229 Tx Counters displays the number of bytes transmitted to a control-plane CPU after queue-based rate limiting is applied. Drop Counters displays the number of bytes of control-plane traffic that have been dropped as a result of queue- based rate limiting. Dell#show control-traffic queue queue-id 0 counters Queue-ID RxBytes...
Page 230: Data Center Bridging (Dcb)
Data center bridging (DCB) refers to a set of enhancements to Ethernet local area networks used in data center environments, particularly with clustering and storage area networks. NOTE: Data center bridging (DCB) is enabled in Z9500 switch. Topics: • Ethernet Enhancements in Data Center Bridging •...
Page 231 Fibre Channel traffic, and a separate InfiniBand network for high-performance inter-processor computing within server clusters, only one DCB-enabled network is required in a data center. The Dell Networking switches that support a unified fabric and consolidate multiple network infrastructures use a single input/output (I/O) device called a converged network adapter (CNA).
Page 232: Priority-Based Flow Control
FCoE converged traffic with priority 3. • iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface. However, only four lossless queues are supported on an interface: one for Fibre Channel over Ethernet (FCoE) converged traffic and one for Internet Small Computer System Interface (iSCSI) storage traffic.
Page 233: Enhanced Transmission Selection
Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: – PFC enabled or disabled –...
Page 234: Data Center Bridging Exchange Protocol (Dcbx)
Data Center Bridging Exchange Protocol (DCBx) DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBx to exchange and negotiate parameters with peer devices. DCBx capabilities include: • Discovery of DCB capabilities on peer-device connections. •...
Page 235: Enhanced Transmission Selection
FCoE converged traffic with priority 3. • iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface. However, only four lossless queues are supported on an interface: one for Fibre Channel over Ethernet (FCoE) converged traffic and one for Internet Small Computer System Interface (iSCSI) storage traffic.
Page 236: Data Center Bridging Exchange Protocol (Dcbx)
Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: – PFC enabled or disabled –...
Page 237: Enabling Data Center Bridging
To enable DCB, enable either the iSCSI optimization configuration or the FCoE configuration. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For more information, refer to Ethernet Pause Frames.
Page 238: Data Center Bridging: Default Configuration
Before you configure PFC and ETS on a switch see the priority group setting taken into account the following default settings: DCB is enabled. PFC and ETS are globally enabled by default. The default dot1p priority-queue assignments are applied as follows: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 Queue : 0 Dell(conf)# PFC is not applied on specific dot1p priorities.
Page 239: Configuring Lossless Queues
4 maps to dot1p priorities 5, 6, and 7. Dell Networking OS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBx starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE, and CIN versions of PFC Type, Length, Value (TLV) are supported.
Page 240: Configuring Pfc In A Dcb Map
In Z9500, any pfc-dot1p priorities configured on a given interface need not be the same across the system. In other words, lossless queue limit is applicable on a per-port level and not on the global-config context. For example, one of the Te/Fo interfaces can have pfc-dot1p priorities as 2 and 3.
Page 241: Pfc Prerequisites And Restrictions
In a switch stack, configure all stacked ports with the same PFC configuration. • Dell Networking OS allows you to change the default dot1p priority-queue assignments only if the change satisfies the following requirements in DCB maps already applied to the interfaces: •...
Page 242: Applying A Dcb Map On A Port
Apply the DCB map on the Ethernet port to configure it INTERFACE dcb-map name with the PFC and ETS settings in the map; for example: Dell# interface tengigabitEthernet 1/1 Dell(config-if-te-1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port.
Page 243: Configuring Lossless Queuesexample
If the traffic congestion is on PORT B , Egress DROP is on PORT A or C, as the PFC is not enabled on PORT B. Refer the following configuration for queue to dot1p mapping: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 ->...
Page 244: Priority-Based Flow Control Using Dynamic Buffer Method
Table 15. Configuring Lossless Queues on a Port Interface Step Task Command Command Mode Enter INTERFACE Configuration mode. CONFIGURATION interface {tengigabitEthernet slot/ port | fortygigabitEthernet slot/ port} Open a DCB map and enter DCB map configuration INTERFACE dcb-map name mode. Disable PFC.
Page 245: Buffer Sizes For Lossless Or Pfc Packets
KB per queue is used when all ports are congested. By default, the system enables a maximum of 1 lossless queue on the Z9500 platform. This default behavior is impacted if you modify the total buffer available for PFC or assign static buffer configurations to the individual PFC queues.
Page 246: Operations On Untagged Packets
Table 16. Queue Assignments Internal- priority Queue Dot1p->Queue Mapping Configuration is retained at the default value. Default dot1p-queue mapping is, Dell#show qos dot1p-queue-mapping Dot1p Priority : 0 Queue : 2 Interface Configurations on server connected ports. Data Center Bridging (DCB)
Page 247: Snmp Support For Pfc And Buffer Statistics Tracking
Dell Networking OS Releases 9.3(0.0) and earlier provide CLI support to specify the priorities for which PFC is enabled on each port. This feature is applicable only for the tagged packets based on the incoming packet Dot1p and Dot1p based queue...
Page 248: Pfc And Ets Configuration Examples
PFC frames for that Dot1p. The packet Dot1p to Queue mapping for classification on the ingress must be same as the mapping of Dot1p to the Queue to be halted on the egress used for PFC honoring. Dell Networking OS ensures that these mappings are identical.
Page 249: Ets Prerequisites And Restrictions
• Allowing each group to exceed its minimum guaranteed bandwidth if another group is not fully using its allotted bandwidth. ETS Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure ETS bandwidth allocation or queue scheduling. • Configuring ETS bandwidth allocation or a queue scheduler for dot1p priorities in a priority group is applicable if the DCBx version used on a port is CIN (refer to Configuring...
Page 250: Ets Operation With Dcbx
4 maps to dot1p priorities 5, 6, and 7. Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same priority group.
Page 251: Hierarchical Scheduling In Ets Output Policies
Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling.
Page 252: Applying The Dcb Policies On Linecard
groups have strict-priority scheduling (such as groups 1 and 3 in the example), the strict priority group whose traffic is mapped to one queue takes precedence over the strict priority group whose traffic is mapped to two queues. Therefore, in this example, scheduling traffic to priority group 1 (mapped to one strict-priority queue) takes precedence over scheduling traffic to priority group 3 (mapped to two strict-priority queues).
Page 253: Dcbx Operation
Prerequisite: For DCBx, enable LLDP on all DCB devices. DCBx Operation DCBx performs the following operations: • Discovers DCB configuration (such as PFC and ETS) in a peer device. • Detects DCB mis-configuration in a peer device; that is, when DCB features are not compatibly configured on a peer device and the local switch.
Page 254: Dcb Configuration Exchange
On a DCBx port in a manual role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. When making a configuration change to a DCBx port in a Manual role, Dell Networking recommends shutting down the interface using the shutdown command, change the configuration, then re-activate the interface using the no shutdown command.
Page 255: Configuration Source Election
Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. • If a configuration source already exists, the received peer configuration is checked against the local port configuration. If the received configuration is compatible, the DCBx marks the port as DCBx-enabled.
Page 256: Dcbx Example
• The peer times out. • Multiple peers are detected on the link. If you configure a DCBx port to operate with a specific version (the DCBx version {cee | cin | ieee-v2.5} command in the Configuring DCBx), DCBx operations are performed according to the configured version, including fast and slow transmit timers and message formats.
Page 257: Configuring Dcbx
Configuring DCBx To configure DCBx, follow these steps. For DCBx, to advertise DCBx TLVs to peers, enable LLDP. For more information, refer to Link Layer Discovery Protocol (LLDP). Configure ToR- and FCF-facing interfaces as auto-upstream ports. Configure server-facing interfaces as auto-downstream ports. Configure a port to operate in a configuration-source role.
Page 258 NOTE: You can configure the transmission of more than one TLV type at a time; for example, advertise DCBx-tlv ets-conf ets-reco. You can enable ETS recommend TLVs (ets-reco) only if you enable ETS configuration TLVs (ets-conf). To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-tlv pfc ets-reco. On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers.
Page 259 • pfc: enables transmission of PFC TLVs. NOTE: You can configure the transmission of more than one TLV type at a time. You can only enable ETS recommend TLVs (ets-reco) if you enable ETS configuration TLVs (ets-conf). To disable TLV transmission, use the no form of the command;...
Page 260: Verifying The Dcb Configuration
• Enable DCBx debugging. EXEC PRIVILEGE mode debug DCBx {all | auto-detect-timer | config-exchng | fail | mgmt | resource | sem | tlv} – all: enables all DCBx debugging operations. – auto-detect-timer: enables traces for DCBx auto-detect timers. – config-exchng: enables traces for DCBx configuration exchanges. –...
Page 261 Queue : 0 0 0 1 2 3 3 3 The following example shows the show dcb command. Dell#sh dcb linecard 2 port-set 0 DCB Status: Enabled, PFC Queue Count: 2 linecard Total Buffer PFC Total Buffer PFC Shared Buffer PFC Available Buffer...
Page 262 The following example shows the show interface pfc statistics command. The following example shows the show interface ets summary command. The following example shows the show interface ets detail command. Dell#show interfaces fortyGige 0/36 ets detail Interface fortyGigE 0/36 Max Supported PG is 4...
Page 263 Admin is enabled PG-grp Priority# BW-% BW-COMMITTED BW-PEAK TSA % Rate(Mbps) Burst(KB) Rate(Mpbs) Burst(KB) ---------------------------------------------------------------------------------- 0,1,2,4,5,6,7 50 400 100 4000 400 ETS 50 - - - - ETS - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -...
Page 264 Number of ETS Error Configuration TLVs received. The following example shows the show linecard 2 port-set 0 backplane all pfc details command. Dell#show linecard 2 port-set 0 backplane all pfc details 2 port-set 0 backplane all Admin mode is On...
Page 265 The following example shows the show sfm 0 backplane all pfc details command Dell#show sfm 0 backplane all pfc details sfm 0 backplane all Admin mode is On Admin is enabled, Priority list is 3 Local is enabled, Priority list is 3...
Page 266: Qos Dot1P Traffic Classification And Queue Assignment
NOTE: Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS. However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces. If you use L2 class maps to map dot1p priority traffic to...
Page 267: Configuring The Dynamic Buffer Method
dot1p Value in Egress Queue Assignment the Incoming Frame Configuring the Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the switch. To configure the dynamic buffer capability, perform the following steps: Enable the DCB application. By default, DCB is enabled and link-level flow control is disabled on all interfaces. CONFIGURATION mode dcb enable Configure the shared PFC buffer size and the total buffer size.
Page 268: Sample Dcb Configuration
CONFIGURATION mode dcb-policy buffer-threshold linecard {linecard-number | all} port-set {port-pipe | all} backplane all dcb-policy-name Assign the DCB policy to the DCB buffer threshold profile on interfaces. This setting takes precedence over the default buffer-threshold setting. INTERFACE mode (conf-if-te) dcb-policy buffer-threshold buffer-threshold Configuring DCB buffer on SFM ports.
Page 269 • One lossless queue is used. Figure 35. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
Page 270: Pfc And Ets Configuration Command Examples
PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic. Enabling DCB Dell(conf)#dcb enable Configure DCB map and enable PFC, and ETS Apply DCB map to relevant interface dcb-map test...
Page 271: Debugging And Diagnostics
Debugging and Diagnostics This chapter describes the debugging and diagnostics tasks that you can perform on the switch. Topics: • Offline Diagnostics • TRACE Logs • Last Restart Reason • show hardware Commands • Environmental Monitoring • Troubleshooting Packet Loss •...
Page 272 Diagnostic results are printed to a file in the flash using the filename format TestReport-{CP | LP}-unit-id.txt. View the results of the diagnostic tests. EXEC Privilege mode show file flash://TestReport-{LP}-unit-id.txt Where unit-id specifies the Z9500 CPU: • Line-card CPU 0 is LP-0. •...
Page 273 00:10:30: %SYSTEM:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Fo 2/0 00:10:30: %SYSTEM:CP %IFMGR-1-DEL_PORT: Removed port: Fo 2/0-44, 00:10:31: %SYSTEM:CP %CHMGR-2-UNIT_DOWN: CP unit down - CP unit offline Dell# show system brief System MAC : 74:86:7a:ff:70:74 Reload-Type normal-reload [Next boot : normal-reload]...
Page 274 21762 Mar 06 2014 10:31:40 +00:00 TestReport-CP-unit.txt <<<<< Example of the Results of Offline/Online Diagnostics on a Standalone Switch Dell# show file flash://TestReport-{LP-unit-id}.txt Where unit-id specifies the Z9500 CPU: • Line-card CPU 0 is LP-0. • Line-card CPU 1 is LP-1.
Page 275 Starting test: fabricAccessTest ..+ Access Test for BCM unit 0 : PASSED + Access Test for BCM unit 1 : PASSED + Access Test for BCM unit 2 : PASSED + Access Test for BCM unit 3 : PASSED + Access Test for BCM unit 4 : PASSED + Access Test for BCM unit 5 : PASSED fabricAccessTest ..........
Page 276 Average temperature 45.3 C, maximum 47.6 C Spine[5]: Average temperature 45.7 C, maximum 47.6 C PSU Temperatures PSU[0] sensor[0] temperature 37.0 C PSU[0] sensor[1] temperature 30.0 C PSU[0] sensor[2] temperature 25.0 C PSU[1] sensor[0] temperature 32.0 C PSU[1] sensor[1] temperature 29.0 C PSU[1] sensor[2] temperature 23.0 C PSU[2] sensor[0] temperature 33.0 C PSU[2] sensor[1] temperature 30.0 C...
Page 277 Elapsed time : 00H:05M:21S Stop reason : after completion ------ Failed tests (level, times) ------ psuTest (0, 1) Sample Test Log for Line-Card CPU: TestReport-LP-0.txt Example of a Test Log for Line-Card CPU 0: TestReport-LP-0.txt Dell#show file flash://TestReport-LP-0.txt DELL DIAGNOSTICS-Z9500-CP00 PPID -- NA...
Page 278 : after completion ------ Failed tests (level, times) ------ portcardXELinkStatusTest (1, 1) Example of the show diag Command Dell# show diag linecard 0 detail Diag status of linecard member 0: -------------------------------------------------------------------------- linecard is currently offline. linecard alllevels diag issued at Mon Jan 20, 2014 02:33:48 AM.
Page 279 macPhyRegTest ..........PASS Starting test: pcieScanTest ..22 PCI devices installed out of 22 pcieScanTest ..........PASS portcardBcmIdTest ........... PASS Starting test: portcardBoardRevisionTest ..+ Access Test for BCM unit 0 : PASSED + Access Test for BCM unit 1 : PASSED + Access Test for BCM unit 2 : PASSED portcardBoardRevisionTest ........
Page 280: Examples Of Running Offline Diagnostics
00:10:30: %SYSTEM:CP %IFMGR-1-DEL_PORT: Removed port: Fo 2/0-44, 00:10:31: %SYSTEM:CP %CHMGR-2-UNIT_DOWN: CP unit down - CP unit offline Example of Verifying the Offline/Online Status of a Switch Dell# show system brief Stack MAC : 74:86:7a:ff:70:74 Reload-Type normal-reload [Next boot : normal-reload]...
Page 281 21762 Mar 06 2014 10:31:40 +00:00 TestReport-CP-unit.txt <<<<< Example of the Results of Offline/Online Diagnostics on a Standalone Switch Dell# show file flash://TestReport-{LP-unit-id}.txt Where unit-id specifies the Z9500 CPU: • Line-card CPU 0 is LP-0. • Line-card CPU 1 is LP-1.
Page 282 eepromTest ..........PASS Starting test: fabricAccessTest ..+ Access Test for BCM unit 0 : PASSED + Access Test for BCM unit 1 : PASSED + Access Test for BCM unit 2 : PASSED + Access Test for BCM unit 3 : PASSED + Access Test for BCM unit 4 : PASSED + Access Test for BCM unit 5 : PASSED fabricAccessTest ..........
Page 283 Average temperature 42.1 C, maximum 44.4 C Spine[4]: Average temperature 45.3 C, maximum 47.6 C Spine[5]: Average temperature 45.7 C, maximum 47.6 C PSU Temperatures PSU[0] sensor[0] temperature 37.0 C PSU[0] sensor[1] temperature 30.0 C PSU[0] sensor[2] temperature 25.0 C PSU[1] sensor[0] temperature 32.0 C PSU[1] sensor[1] temperature 29.0 C PSU[1] sensor[2] temperature 23.0 C...
Page 284 Elapsed time : 00H:05M:21S Stop reason : after completion ------ Failed tests (level, times) ------ psuTest (0, 1) Sample Test Log for Line-Card CPU: TestReport-LP-0.txt Example of a Test Log for Line-Card CPU 0: TestReport-LP-0.txt Dell#show file flash://TestReport-LP-0.txt DELL DIAGNOSTICS-Z9500-CP00 PPID -- NA...
Page 285 : after completion ------ Failed tests (level, times) ------ portcardXELinkStatusTest (1, 1) Example of the show diag Command Dell# show diag linecard 0 detail Diag status of linecard member 0: -------------------------------------------------------------------------- linecard is currently offline. linecard alllevels diag issued at Mon Jan 20, 2014 02:33:48 AM.
Page 286 macPhyRegTest ..........PASS Starting test: pcieScanTest ..22 PCI devices installed out of 22 pcieScanTest ..........PASS portcardBcmIdTest ........... PASS Starting test: portcardBoardRevisionTest ..+ Access Test for BCM unit 0 : PASSED + Access Test for BCM unit 1 : PASSED + Access Test for BCM unit 2 : PASSED portcardBoardRevisionTest ........
Page 287: Trace Logs
Dell Networking OS software tasks. Each TRACE message provides the date, time, and name of the Dell Networking OS process. All messages are stored in a ring buffer that you can save to a file either manually or automatically after failover.
Page 288 • View the modular packet buffers details per unit and the mode of allocation. show hardware stack-unit {0-11} buffer unit {0-1} total-buffer • Display buffer statistics for a specific interface. show hardware buffer interface interface{priority-group { id | all } | queue { id| all} ] buffer-info •...
Page 289 Internal Unit User Ports from User Ports from User Ports from User Ports from No User Ports No User Ports Port Number 0 to 31 on Unit 32 to 63 on Unit 64 to 95 on Unit 96 to 127 on on Unit 4 on Unit 5 Unit 3...
Page 290: Environmental Monitoring
Use the command output to verify the operation of installed power supplies. The current operational status (up or down), power supply type, fan status and speed, and power usage are displayed. A Z9500 power supply is sometimes referred to as a power entry module (PEM).
Page 291: Display Fan Status
40GBASE-SR4 7503825H006J Media not present or accessible To display more detailed information about the transceiver type, wavelength, and power reception on a Z9500 port, use the show interfaces command. Dell#show interfaces fortyGigE 2/16 fortyGigE 2/16 is down, line protocol is down...
Page 292 To display more diagnostic data when troubleshooting a transceiver, use the show interfaces tranceiver command. Additional information about QSFP temperature, voltage, and current alarm thresholds are displayed. Dell#show interfaces fortyGigE 2/168 transceiver QSFP 168 Serial ID Base Fields QSFP 168 Id...
Page 293: Recognize An Over-Temperature Condition
70% duty cycle (PWM) and a major over-temperature alarm is generated. Over-temperature alarms are logged. Use the show alarms command to display the currently logged alarms. To display the pre-configured sensor thresholds, use the show alarms threshold command. Dell#show alarms threshold -- System Core -- Temperature Limits (deg C)
Page 294: Troubleshoot An Over-Temperature Condition
M for major over-temperature, or S for shutdown. Minor threshold crossings do not cause alarms, but are used to trigger increases in the speed of the system fans as needed to keep the component temperature within the desired range. Dell#show environment thermal-sensors Thermal Sensor Readings (deg C)
Page 295: Troubleshooting Packet Loss
NOTE: The Z9500 fan trays and power supplies always blow air from the front (I/O side) to the back (Utility/power supply and fan side) of the switch. Ensure the air ducts are clean and that all fans (system fans and power-supply fans) are working correctly.
Page 296 Total EgMac Drops Total Egress Drops Dell#show hardware linecard 2 drops unit 0 UserPort PortNumber Ingress Drops IngMac Drops Total Mmu Drops EgMac Drops Egress Drops 41745 Internal Internal Internal Internal Internal Internal Internal Internal Internal Internal Internal Internal Debugging and Diagnostics...
Page 297: Displaying Dataplane Statistics
Example of show hardware drops interface interface Dell#show hardware drops interface tengigabitethernet 2/1 Drops in Interface Te 2/1: --- Ingress Drops Ingress Drops IBP CBP Full Drops PortSTPnotFwd Drops IPv4 L3 Discards Policy Discards Packets dropped by FP (L2+L3) Drops...
Page 298 To display input and output statistics on the party bus, which carries inter-process communication traffic between CPUs use the show hardware party-bus port {{0-7}|all} statistics command. Displaying Dataplane Statistics Displaying Party Bus Statistics Dell#show hardware linecard 2 cpu data-plane statistics HANSKVILLE Mib Counters: TR 64 byte frames = 3 TR 127 byte frames = 358...
Page 299: Displaying Line Card Counters
190,692,963,094 +190,692,963,094 12,017,817/s TDBGC10.xe0 2,881,121 +2,881,121 R127.xe0 2,756,973,184 +2,756,973,184 RPKT.xe0 2,756,973,184 +2,756,973,184 Dell#show hardware drops interface tengigabitethernet 1/1 Drops in Interface Te 1/1: --- Ingress Drops Ingress Drops IBP CBP Full Drops PortSTPnotFwd Drops IPv4 L3 Discards Debugging and Diagnostics...
Page 300: Accessing Application Core Dumps
Accessing Application Core Dumps Core dumps for an application crash are enabled by default. On the Z9500, core dumps are generated and stored in the local flash of the Z9500 Control Processor CPU. To access an application core-dump file, you must perform an FTP to the Control Processor CPU flash directory where the application core dump is stored in the format: /flash/CORE_DUMP_DIR/ f10cpu_application_timestamp.acore.gz:...
Page 301: Full Kernel Core Dumps
Where cpu specifies a Z9500 CPU and is one of the following values: cp (Control Processor), cp (Route Processor), lp0 (line- card processor 0), lp1 (line-card processor 1), or lp2 (line-card processor 2); timestamp is a text string in the format: yyyyddmmhhmmss (YearDayMonthHourMinuteSecond).
Page 302 tcpdump cp [capture-duration time | filter expression | max-file-count value | packet-count value | snap-length value | write-to path] Debugging and Diagnostics...
Page 303: Dynamic Host Configuration Protocol (Dhcp)
Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the network and it reclaims IP addresses that are no longer in use to prevent address exhaustion.
Page 304 The following table lists common DHCP options. Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Option 6 Server Specifies the domain name servers (DNSs) that are available to the client.
Page 305: Assign An Ip Address Using Dhcp
Option Number and Description Option 255 Signals the last option in the DHCP packet. Assign an IP Address using DHCP The following section describes DHCP and the client in a network. When a client joins a network: The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters.
Page 306: Implementation Information
If you configure IP source address validation on a member port of a virtual local area network (VLAN) and then to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message. If you first apply an ACL to a VLAN and then enable IP source address validation on one of its member ports, Dell Networking OS displays the second line in the following message.
Page 307: Configuring The Server For Automatic Address Allocation
After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address. This validation is a default behavior and is separate from IP+MAC source address validation.
Page 308: Specifying A Default Gateway
DHCP <POOL> default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses.
Page 309: Using Netbios Wins For Address Resolution
There is no limit on the number of manual bindings, but you can only configure one manual binding per host. NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host IP.
Page 310: Using Dhcp Clear Commands
You can configure an interface on the Dell Networking system to relay the DHCP messages to a specific DHCP server using the ip helper-address dhcp-address command from INTERFACE mode, as shown in the following illustration. Specify multiple DHCP servers by using the ip helper-address dhcp-address command multiple times.
Page 311 NOTE: DHCP Relay is not available on Layer 2 interfaces and VLANs. Figure 38. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int tengigabitethernet 1/3 TenGigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24...
Page 312: Configure The System To Be A Dhcp Client
The switch can obtain a dynamically assigned IP address from a DHCP server. A start-up configuration is not received. Use bare metal provisioning (BMP) to receive configuration parameters (Dell Networking OS version and a configuration file). BMP is enabled as a factory-default setting on a switch.
Page 313: Configure Secure Dhcp
VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel (LAG) interfaces as on a physical interface. DHCP Snooping A DHCP client can run on a switch simultaneously with the DHCP snooping feature as follows: •...
Page 314: Dhcp Snooping
The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the server. The server can use this information to: • track the number of address requests per relay agent. Restricting the number of addresses available per relay agent can harden a server against address exhaustion attacks.
Page 315: Enabling Dhcp Snooping
Enabling DHCP Snooping To enable DHCP snooping, use the following commands. Enable DHCP snooping globally. CONFIGURATION mode ip dhcp snooping Specify ports connected to DHCP servers as trusted. INTERFACE mode INTERFACE PORT EXTENDER mode ip dhcp snooping trust Enable DHCP snooping on a VLAN. CONFIGURATION mode ip dhcp snooping vlan name Enabling IPv6 DHCP Snooping...
Page 316 Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command.
Page 317: Configuring The Dhcp Secondary-Subnet
Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address...
Page 318: Drop Dhcp Packets On Snooped Vlans Only
(relay address) 11.1.1.1. To disable the DHCP relay secondary-subnet: Dell(conf)# no ip dhcp relay secondary-subnet Drop DHCP Packets on Snooped VLANs Only Binding table entries are deleted when a lease expires or the relay agent encounters a DHCPRELEASE.
Page 319: Configuring Dynamic Arp Inspection
Validate ARP frames against the DHCP snooping binding table. INTERFACE VLAN mode arp inspection Examples of Viewing the ARP Information To view entries in the ARP database, use the show arp inspection database command. Dell#show arp inspection database Protocol Address Age(min) Hardware Address Interface VLAN...
Page 320: Source Address Validation
Dynamic ARP inspection is supported on Layer 2 and Layer 3. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 26. Three Types of Source Address Validation Source Address Validation...
Page 321: Dhcp Mac Source Address Validation
INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. Dynamic Host Configuration Protocol (DHCP)
Page 322: Viewing The Number Of Sav Dropped Packets
Dell>clear ip dhcp snooping source-address-validation discard-counters To clear the number of SAV dropped packets on a particular interface, use the clear ip dhcp snooping source- address-validation discard-counters interface interface command. Dell>clear ip dhcp snooping source-address-validation discard-counters interface TenGigabitEthernet 1/1 Dynamic Host Configuration Protocol (DHCP)
Page 323: Equal Cost Multi-Path (Ecmp)
This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops. Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same.
Page 324: Link Bundle Monitoring
For example, link bundle monitoring percent threshold: %STKUNIT0-M:CP %IFMGR-5- BUNDLE_UNEVEN_DISTRIBUTION: Found uneven distribution inECMP-GROUPbundle 11. Example of Viewing Link Bundle Monitoring Dell# show link-bundle-distribution ecmp-group 1 Link-bundle trigger threshold - 60 ECMP bundle - 1 Utilization[In Percent] - 44 Alarm State - Active...
Page 325: Modifying The Ecmp Group Threshold
You can configure ecmp-group with id 2 for link bundle monitoring. This ecmp-group is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Dell(conf-ecmp-group-5)#show config ecmp-group 5 interface tengigabitethernet 1/2...
Page 326 The second portion comes from static physical configuration such as ingress and egress port numbers. • RTAG7 hashing also provides options to select between multiple hash algorithms that would result in balanced traffic distribution for various traffic patterns. Dell(conf)#hash-algorithm ecmp ? crc16 CRC16_BISYNC - 16 bit CRC16-bisync polynomial crc16cc...
Page 327: Flow-Based Hashing For Ecmp
of xor8 xor16 CR16 - 16 bit XOR] Flow-based Hashing for ECMP Flow-based hashing is one of RTAG7 hashing techniques to cater to ECMP routing in multi-tier networks. It addresses traffic polarization issues by ensuring proper flow distribution between ECMP members in the higher layers of a multi-tier network. It facilitates a dynamic hash function selection across different nodes in the network on a macro flow basis, by reducing route starvation and the unfair distribution of bandwidth between members.
Page 328 CRC16_BISYNC_AND_XOR8 - Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor8 xor16 CR16 - 16 bit XOR] Example to view show hash-algorithm: Dell(conf)#hash-algorithm ecmp flow-based-hashing crc16 Dell(conf)#end Dell#show hash-algorithm Hash-Algorithm linecard 0 Port-Set 0 Seed 185270328 Hg-Seed 185282673...
Page 329: Ecmp Support In L3 Host And Lpm Tables
EcmpFlowBasedHashingAlgo- crc16 EcmpAlgo- crc32MSB LagAlgo- crc32LSB HgAlgo- crc16 Figure 40. After Polarization Effect Traffic flow after enabling flow-based hashing When the flow-based hashing is enabled at all the nodes in the multi-tier network, traffic distribution is balanced at all tiers of the network nullifying the polarization effect.
Page 330 To verify ECMP support for IPv6 /128 route prefixes stored in the host table, use the show ipv6 cam command. The command output includes the ECMP field with IPv6 neighbor addresses. 1 indicates ECMP handling of destination routes. Dell# show ipv6 cam linecard 0 port-set 0 Neighbor Mac-Addr...
Page 331: Fip Snooping
FIP Snooping The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces orZ9500 switch.. Topics: •...
Page 332 FIP enables FCoE devices to discover one another, initialize and maintain virtual links over an Ethernet network, and access storage devices in a storage area network (SAN). FIP satisfies the Fibre Channel requirement for point-to-point connections by creating a unique virtual link for each connection between an FCoE end-device and an FCF via a transit switch. FIP provides functionality for discovering and logging into an FCF.
Page 333: Fip Snooping On Ethernet Bridges
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF.
Page 334 Z9500 switch.The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF switch. Figure 42. FIP Snooping on a Dell Networking Switch The following sections describe how to configure the FIP snooping feature on a switch: •...
Page 335: Using Fip Snooping
Example. Statistical information is available for FIP Snooping-related information. For available commands, refer to the FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure FIP snooping on a switch, ensure that certain conditions are met.
Page 336: Enabling The Fcoe Transit Feature
You must apply the CAM-ACL space for the FCoE region before enabling the FIP-Snooping feature. If you do not apply CAM-ACL space, the following error message is displayed: Dell(conf)#feature fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe.
Page 337: Configure The Fc-Map Value
• A maximum of eight VLANS are supported for FIP snooping on the switch. When enabled globally, FIP snooping processes FIP packets in traffic only from the first eight incoming VLANs. When enabled on a per-VLAN basis, FIP snooping is supported on up to eight VLANs.
Page 338: Fip Snooping Restrictions
Impact Description change occurs, the corresponding port-based ACLs are deleted. If a port is enabled for FIP snooping in ENode or FCF mode, the ENode/FCF MAC-based ACLs are deleted. FIP Snooping Restrictions The following restrictions apply when you configure FIP snooping. •...
Page 339: Fcoe Transit Configuration Example
Example of Enabling the FIP Snooping Feature on the Switch (FIP Snooping Bridge) Dell(conf)# feature fip-snooping Example of Enabling FIP Snooping on the FCoE VLAN Dell(conf)# interface vlan 10 Dell(conf-if-vl-10)# fip-snooping enable Example of Enabling an FC-MAP Value on a VLAN...
Page 340: Displaying Fip Snooping Information
Example of Configuring the ENode Server-Facing Port NOTE: A port is enabled by default for bridge-ENode links. Example of Configuring the FCF-Facing Port Example of Configuring FIP Snooping Ports as Tagged Members of the FCoE VLAN After FIP packets are exchanged between the ENode and the switch, a FIP snooping session is established. ACLs are dynamically generated for FIP snooping on the FIP snooping bridge/switch.
Page 341 Worldwide port name of the CNA port. Port WWNN Worldwide node name of the CNA port. The following example shows the show fip-snooping config command. Dell# show fip-snooping config FIP Snooping Feature enabled Status: Enabled FIP Snooping Global enabled Status: Enabled Global FC-MAP Value: 0X0EFC00...
Page 342 Fibre Channel session ID assigned by the FCF. The following example shows the show fip-snooping statistics interface vlan command (VLAN and port). The following example shows the show fip-snooping statistics port-channel command. Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests Number of Vlan Notifications...
Page 343 Number of Session failures due to Hardware Config Number of session failures due to hardware configuration that occurred on the interface. The following example shows the show fip-snooping system command. Dell# show fip-snooping system Global Mode : Enabled FCOE VLAN List (Operational) : 1, 100...
Page 344: Fips Cryptography
Disabling FIPS Mode Preparing the System Before you enable FIPS mode, Dell Networking recommends making the following changes to your system. Disable the Telnet server (only use secure shell [SSH] to access the system). Disable the FTP server (only use secure copy [SCP] to transfer files to and from the system).
Page 345: Enabling Fips Mode
SSH server (assuming it was enabled before enabling FIPS). For more information, refer to the SSH Server and SCP Commands section in the Security chapter of the Dell Networking OS Command Line Reference Guide.
Page 346 The following example shows the show system command. The following example shows the show system command on the Z9500. Dell#show system System MAC : 74:86:7a:ff:71:8c Reload-Type : normal-reload [Next boot : normal-reload] -- CP -- Status : active Next Boot...
Page 347 : Z9500LC12 - 12-port TE/FG (ZC) Hardware Rev : 1.0 Num Ports : 48 Up Time : 2 min, 8 sec Dell Networking OS Version : 1-0(0-4072) Jumbo Capable : yes Boot Flash : 3.2.1.0 Boot Selector : 3.2.0.0a Memory Size...
Page 348: Disabling Fips Mode
Current BootSelector-Boot: Backup BIOS Disabling FIPS Mode When you disable FIPS mode, the following changes occur: • The SSH server disables. • All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, close. • Any existing host keys (both RSA and RSA1) are deleted from system memory and NVRAM storage. •...
Page 349: Flex Hash
In Dell Networking OS Release 9.3(0.0), you can enable bins 2 and 3 by using the load-balance ingress-port enable command in Global Configuration mode. To configure the flex hash functionality, you must enable these bins.
Page 350: Rdma Over Converged Ethernet (Roce) Overview
CONFIGURATION mode Dell(conf)# load-balance flexhash ipv4/ipv6 ip-proto <protocol number> <description string> offset1 <offset1 value> [offset2 <offset2 value>] To delete the configured flex hash setting, use the no version of the command.
Page 351: Preserving 802.1Q Vlan Tag Value For Lite Subinterfaces
To provide lossless service for RRoCE, the QoS service policy must be configured in the ingress and egress directions on lite sub interfaces. Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces This functionality is supported on the platform. All the frames in a Layer 2 VLAN are identified using a tag defined in the IEEE 802.1Q standard to determine the VLAN to which the frames or traffic are relevant or associated.
Page 352: Force10 Resilient Ring Protocol (Frrp)
Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) and may require 4 to 5 seconds to reconverge.
Page 353: Ring Status
The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node. Ring Status The ring failure notification and the ring status checks provide two ways to ensure the ring remains up and active in the event of a switch or port failure.
Page 354: Important Frrp Points
Member VLAN Spanning Two Rings Connected by One Switch A member VLAN can span two rings interconnected by a common switch, in a figure-eight style topology. A switch can act as a Master node for one FRRP group and a Transit for another FRRP group, or it can be a Transit node for both rings.
Page 355: Important Frrp Concepts
• The Master node transmits ring status check frames at specified intervals. • You can run multiple physical rings on the same switch. • One Master node per ring — all other nodes are Transit. • Each node has two member interfaces — primary and secondary. •...
Page 356: Implementing Frrp
FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
Page 357: Configuring The Control Vlan
Ring ID: the range is from 1 to 255. Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer Be sure to follow these guidelines: •...
Page 358: Configuring And Adding The Member Vlans
no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to the Layer 2 chapter.
Page 359: Setting The Frrp Timers
Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode. timer {hello-interval|dead-interval} milliseconds – Hello-Interval: the range is from 50 to 2000, in increments of 50 (default is 500). –...
Page 360: Troubleshooting Frrp
Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the same control VLAN. •...
Page 361 tagged TenGigabitEthernet 2/14,31 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 2/14,31 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 2/14 secondary TenGigabitEthernet 2/31 control-vlan 101 member-vlan 201 mode transit no disable Example of R3 TRANSIT interface TenGigabitEthernet 3/14 no ip address switchport no shutdown...
Page 362: Garp Vlan Registration Protocol (Gvrp)
Dynamic VLANs are aged out after the LeaveAll timer expires three times without receipt of a Join message. To display status, use the show gvrp statistics {interface interface | summary} command. Dell(conf)#protocol spanning-tree pvst Dell(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST.
Page 363: Configure Gvrp
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, GVRP is configured on VLAN trunk ports.
Page 364: Enabling Gvrp On A Layer 2 Interface
GVRP Leave message. Additionally, the interface is not dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Example of the gvrp registration Command Dell(conf-if-te-1/21)#gvrp registration fixed 34,35 Dell(conf-if-te-1/21)#gvrp registration forbidden 45,46 Dell(conf-if-te-1/21)#show conf...
Page 365: Configure A Garp Timer
LeaveAll message so that other GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The Dell Networking OS default is 10000ms.
Page 366: Internet Group Management Protocol (Igmp)
IGMP Implementation Information • Dell Networking Operating System (OS) supports IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet.
Page 367: Leaving A Multicast Group
time. A host joins and leaves a multicast group by sending an IGMP message to its IGMP Querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table. IGMP messages are encapsulated in IP packets, as shown in the following illustration.
Page 368: Igmp Version 3
period and sends another query. If it still receives no response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. •...
Page 369 Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1. Include messages prevents traffic from all other sources in the group from reaching the subnet.
Page 370: Configure Igmp
Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
Page 371: Related Configuration Tasks
Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
Page 372: Viewing Igmp Groups
View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface...
Page 373: Adjusting The Igmp Querier Timeout Value
• Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a subnet, only one is elected to be the querier, which is the router that sends queries to the subnet.
Page 374: Igmp Snooping
If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end- point VLANs only.
Page 375: Removing A Group-Port Association
INTERFACE VLAN mode ip igmp fast-leave • View the configuration. INTERFACE VLAN mode show config Example of Configuration Output After Removing a Group-Port Association Dell(conf-if-vl-100)#show config interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown Dell(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN.
Page 376: Configuring The Switch As Querier
Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
Page 377: Interfaces
Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell 40G optics are set to error-disabled state.
Page 378: Port Numbering Convention
• VLAN Interfaces • Loopback Interfaces • Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Displaying Traffic Statistics on HiGig Ports • Link Bundle Monitoring • Monitoring HiGig Link Bundles •...
Page 379: Interface Types
NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. NOTE: The CLI output may be incorrectly displayed as 0 (zero) for the Rx/Tx power values. To obtain the correct power information, perform a simple network management protocol (SNMP) query.
Page 380: Resetting An Interface To Its Factory Default State
To view which interfaces are enabled for Layer 3 data transmission, use the show ip interfaces brief command in EXEC Privilege mode. In the following example, TenGigabitEthernet interface 1/6 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up. Dell#show ip interface brief Interface IP-Address...
Page 381: Enabling A Physical Interface
8 mac learning-limit 10 no-station-move no shutdown Reset an interface to its factory default state. CONFIGURATION mode default interface interface-type] Dell(conf)#default interface tengigabitethernet 1/5 Verify the configuration. INTERFACE mode show config Dell(conf-if-te-1/5)#show config interface TenGigabitEthernet 1/5 no ip address shutdown All the applied configurations are removed and the interface is set to the factory default state.
Page 382: Port-Pipes
Ethernet internal ports. A 40-Gigabit Ethernet internal port is also referred to as a HiGig port. On the Z9500, each NPU that constitutes a port pipe processes traffic from a set of front-end I/O ports. In the command-line interface, a Z9500 NPU is entered as unit unit-number.
Page 383: Configuring Layer 2 (Data Link) Mode
To set Layer 2 data transmissions through an individual interface, use the following command. • Enable Layer 2 data transmissions through an individual interface. INTERFACE mode switchport Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands.
Page 384: Configuring Layer 3 (Network) Mode
Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Te 1/2. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode.
Page 385: Egress Interface Selection (Eis)
View Basic Interface Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode. Dell>show ip int vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Broadcast address is 1.1.49.255...
Page 386: Management Interfaces
You can configure this interface using the CLI, but the configuration options on this interface are limited. You cannot configure Gateway addresses and IP addresses if it appears in the main routing table of Dell Networking OS. In addition, proxy ARP is not supported on this interface.
Page 387: Configuring A Management Interface On An Ethernet Port
To display the configuration for a given port, use the show interface command in EXEC Privilege mode, as shown in the following example. To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int TenGigabitEthernet 1/1 TenGigabitEthernet 1/1 is up, line protocol is up...
Page 388: Vlan Interfaces
You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
Page 389: Loopback Interfaces
—a link aggregation group (LAG) or port channel. A LAG is “a group of links that appear to a MAC client as if they were a single link” according to IEEE 802.3ad. In Dell Networking OS, a LAG is referred to as a port channel interface.
Page 390: Port Channel Benefits
Tengigabit Ethernet interface, all interfaces at 10000 Mbps are kept up, and all other interfaces that are not set to 10G speed or auto negotiate are disabled. Dell Networking OS brings up the interfaces that are set to auto negotiate so that their speed is identical to the speed of the first channel member in the port channel.
Page 391: Configuration Tasks For Port Channel Interfaces
Tengigabit Ethernet interface, all interfaces at 10000 Mbps are kept up, and all other interfaces that are not set to 10G speed or auto negotiate are disabled. Dell Networking OS brings up the interfaces that are set to auto negotiate so that their speed is identical to the speed of the first channel member in the port channel.
Page 392 To view the interface’s configuration, enter INTERFACE mode for that interface and use the show config command or from EXEC Privilege mode, use the show running-config interface interface command. When an interface is added to a port channel, Dell Networking OS recalculates the hash algorithm. To add a physical interface to a port, use the following commands.
Page 393: Reassigning An Interface To A New Port Channel
Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indicates the primary port.
Page 394: Configuring The Minimum Oper Up Links In A Port Channel
The default is 1. Example of Configuring the Minimum Oper Up Links in a Port Channel Dell#config t Dell(conf)#int po 1 Dell(conf-if-po-1)#minimum-links 5 Dell(conf-if-po-1)# Adding or Removing a Port Channel from a VLAN As with other interfaces, you can add Layer 2 port channel interfaces to VLANs. To add a port channel to a VLAN, place the port channel in Layer 2 mode (by using the switchport command).
Page 395: Assigning An Ip Address To A Port Channel
EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)# vlan tagged 2-5,100,4010 Dell#show interfaces switchport te 1/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged...
Page 396: Load Balancing Through Port Channels
Load balancing uses source and destination packet information to get the greatest advantage of resources by distributing traffic over multiple paths when transferring data to a destination. Dell Networking OS allows you to modify the hashing algorithms used for flows and for fragments. The load-balance and hash-algorithm commands are available for modifying the distribution algorithms.
Page 397: Bulk Configuration
Bulk Configuration Bulk configuration allows you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied and may be created if there is at least one valid interface within the range.
Page 398 The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range tengigabitethernet 2/1 - 23 , tengigabitethernet 2/1 - 23 , tengigab...
Page 399: Defining Interface Range Macros
The following example shows how to use commas to add VLAN and port-channel interfaces to the range. Example of Adding VLAN and Port-Channel Interface Ranges Dell(config-if-range-te-1/1-2)# interface range Vlan 2 – 100 , Port 1 – 25 Dell(config-if-range-te-1/1-2-vl-2-100-po-1-25)# no shutdown...
Page 400: Monitoring And Maintaining Interfaces
— Page down • q — Quit Dell#monitor interface Te 3/1 Dell uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.: 2s Interface: Te 3/1, Disabled, Link is Down, Linespeed is 1000 Mbit Traffic statistics: Current...
Page 401: Displaying Traffic Statistics On Higig Ports
You can display the queue statistics and buffer counters for backplane line-card (leaf) and switch fabric module (SFM - spine) NPU port queues on a Z9500 switch using the show commands described in this section. Transmit, receive, and drop counters are displayed.
Page 402: Monitoring Higig Link Bundles
Each NPU is a Trident chip. On the Z9500, backplane port channels operate as HiGig link bundles to transmit data traffic between line-card and SFM NPUs. There are 11 line-card and 6 SFM NPUs. The 6 SFM (spine) NPUs comprise the switch fabric module; the 11 line-card (leaf) NPUs are used across three Z9500 line cards.
Page 403: Enabling Higig Link-Bundle Monitoring
To enable the monitoring of HiGig link bundles, follow these steps. Enable the monitoring of traffic distribution on the member links in a HiGig link bundle (port-channel). CONFIGURATION mode Dell(conf)#hg-link-bundle-monitor {sfm npu-id hg-port—channel hg-port—channel-id | slot slot npuUnit npu-id hg-port—channel 0} enable Specify the trigger threshold for HiGig link-bundle monitoring.
Page 404: Splitting 40G Ports Without Reload
The following example shows that when you split an interface on a 16X40G module, the subsequent even numbered interface is removed from the configuration. Dell(conf)# stack-unit [stack-unit number] slot [slot number] port [port number] portmode quad speed 10G Warning: Enabling Quad mode on stack-unit 1 slot 3 port 15. Please verify whether the configs related to interface Fo 1/3/15 Fo 1/3/16 are cleaned up before proceeding further.
Page 405: Splitting Qsfp Ports To Sfp+ Ports
QSFP port cage. After you insert an SFP or SFP+ cable into a QSA connected to a 40 Gigabit port, Dell Networking OS assumes that all the four fanned-out 10 Gigabit ports have plugged-in SFP or SFP+ optical cables. However, the link UP event happens only for the first...
Page 406: Configuring Wavelength For 10-Gigabit Sfp+ Optics
Although it is possible to configure the remaining three 10 Gigabit ports, the Link UP event does not occur for these ports leaving the lanes unusable. Dell Networking OS perceives these ports to be in a Link Down state. You must not try to use these remaining three 10 Gigabit ports for actual data transfer or for any other related configurations.
Page 407: Link Dampening
TenGigabitEthernet 1/1 ip address 10.10.19.1/24 dampening 1 2 3 4 no shutdown To view dampening information on all or specific dampened interfaces, use the show interfaces dampening command from EXEC Privilege mode. Dell#show interfaces dampening Interface Supp Flaps Penalty Half-Life Reuse...
Page 408 The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
Page 409: Using Ethernet Pause Frames For Flow Control
Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it.
Page 410: Configure The Mtu Size On An Interface
The MTU range is from 592 to 9216, with a default of 9216. IP MTU automatically configures. The following table lists the various Layer 2 overheads found in the Dell Networking OS and the number of bytes. Table 36. Layer 2 Overhead...
Page 411: Auto-Negotiation On Ethernet Interfaces
Show autoneg configuration information Dell(conf-if-te-1/1-autoneg)#mode ? forced-master Force port to master mode forced-slave Force port to slave mode Dell(conf-if-te-1/1-autoneg)# For details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Interfaces...
Page 412: View Advanced Interface Information
Dell#show ip interface linecard 1 configured Dell#show ip interface tengigabitethernet 1 configured Dell#show ip interface br configured Dell#show ip interface br linecard 1 configured Dell#show ip interface br tengigabitethernet 1 configured Dell#show running-config interfaces configured Dell#show running-config interface tengigabitethernet 1 configured In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information.
Page 413: Dynamic Counters
Time since last interface status change: 1d23h42m Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
Page 414: Clearing Interface Counters
Example of the clear counters Command When you enter this command, confirm that you want Dell Networking OS to clear the interface counters for that interface. Dell#clear counters te 1/1 Clear counters on TenGigabitEthernet 1/1 [confirm]...
Page 415: Internet Protocol Security (Ipsec)
Internet Protocol Security (IPSec) Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel. •...
Page 416 crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth <key> encrypt <key> session-key outbound esp 257 auth <key> encrypt <key> match 0 tcp a::1 /128 0 a::2 /128 23 match 1 tcp a::1 /128 23 a::2 /128 0 match 2 tcp a::1 /128 0 a::2 /128 21 match 3 tcp a::1 /128 21 a::2 /128 0 match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32 23...
Page 417: Ipv4 Routing
IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature...
Page 418: Ip Addresses
NOTE: Even though Dell Networking OS listens to all ports, you can only use the ports starting from 35001 for IPv4 traffic. Ports starting from 0 to 35000 are reserved for internal use and you cannot use them for IPv4 traffic.
Page 419: Configuring Static Routes
– tag tag-value: the range is from 1 to 4294967295. (optional) Example of the show ip route static Command To view the configured routes, use the show ip route static command. Dell#show ip route static Destination Gateway Dist/Metric Last Change...
Page 420: Configure Static Routes For The Management Interface
Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface. Dell Networking OS also installs a next hop that is not on the directly connected subnet but which recursively resolves to a next hop on the interface's configured subnet.
Page 421: Resolution Of Host Names
The host table contains both statically configured and dynamically learnt host and IP addresses. If Dell Networking OS cannot resolve the domain, it tries the domain name assigned to the local system. If that does not resolve the partial domain, Dell Networking OS searches the list of domains configured.
Page 422: Configuring Dns With Traceroute
Configure this command up to six times to specify a list of possible domain names. Dell Networking OS searches the domain names in the order they were configured until a match is found or the list is exhausted.
Page 423: Arp
Dell Networking OS uses two forms of address resolution: address resolution protocol (ARP) and Proxy ARP. ARP runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, Dell Networking OS creates a forwarding table mapping the MAC addresses to their corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time.
Page 424: Enabling Proxy Arp
Gratuitous ARP can mean an ARP request or reply. In the context of ARP learning via gratuitous ARP on Dell Networking OS, the gratuitous ARP is a request. A gratuitous ARP request is an ARP request that is not needed according to the ARP specification, but one that hosts may send to: •...
Page 425: Arp Learning Via Arp Request
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address.
Page 426: Icmp
The following lists the configuration tasks for ICMP. • Enabling ICMP Unreachable Messages For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled.
Page 427: Udp Helper
IP address of packets to match those addresses. Configure UDP Helper To configure Dell Networking OS to direct UDP broadcast, enable UDP helper and specify the UDP ports for which traffic is forwarded. See Enabling UDP Helper Important Points to Remember •...
Page 428: Configurations Using Udp Helper
Time since last interface status change: 00:07:44 Configurations Using UDP Helper When you enable UDP helper and the destination IP address of an incoming packet is a broadcast address, Dell Networking OS suppresses the destination address of the packet. The following sections describe various configurations that employ UDP helper to direct broadcasts.
Page 429: Udp Helper With Subnet Broadcast Addresses
Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 54. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface.
Page 430: Udp Helper With No Configured Broadcast Addresses
To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Te 5/1 with IP DA (0xffffffff) will be sent on Te 5/2 Te 5/3 Vlan 3 01:44:54: Pkt rcvd on Te 7/1 is handed over for DHCP processing.
Page 431: Ipv6 Routing
NOTE: Even though Dell Networking OS listens to all ports, you can only use the ports starting from 1024 for IPv6 traffic. Ports from 0 to 1023 are reserved for internal use and you cannot use them for IPv6 traffic.
Page 432: Extended Address Space
(DHCP) servers via stateful auto-configuration. NOTE: Dell Networking OS provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). By default, RA response messages are sent when an RS message is received.
Page 433: Ipv6 Header Fields
• Payload Length (16 bits) • Next Header (8 bits) • Hop Limit (8 bits) • Source Address (128 bits) • Destination Address (128 bits) IPv6 provides for extension headers. Extension headers are used only if necessary. There can be no extension headers, one extension header or more than one extension header in an IPv6 packet.
Page 434 Payload Length (16 bits) The Payload Length field specifies the packet payload. This is the length of the data following the IPv6 header. IPv6 Payload Length only includes the data following the header, not the header itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required.
Page 435: Extension Header Fields
Source Address (128 bits) The Source Address field contains the IPv6 address for the packet originator. Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router. Extension Header Fields Extension headers are used only when necessary.
Page 436: Addressing
Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet’s Source IP Address only if the Destination IP Address is not a multicast address. The second byte contains the Option Data Length. The third byte specifies whether the information can change en route to the destination. The value is 1 if it can change; the value is 0 if it cannot change.
Page 437: Implementing Ipv6 With Dell Networking Os
In IPv6, every interface, whether using static or dynamic address assignments, also receives a local-link address automatically in the fe80::/64 subnet. Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. Longest Prefix Match (LPM) Table and IPv6 /65 – /128 support The LPM CAM table consists of two partitions: Partition I for IPv6 /65-/128 route-prefix entries and Partition II for IPv6 0/0-/64 and IPv4 0/0-0/32 route-prefix entries.
Page 438: Ipv6 Neighbor Discovery
NOTE: To avoid problems with network discovery, Dell Networking recommends configuring the static route last or assigning an IPv6 address to the interface and assigning an address to the peer (the forwarding router’s address) less than 10 seconds apart.
Page 439: Ipv6 Neighbor Discovery Of Mtu Packets
used as the last 24 bits. Other hosts on the link do not participate in the process, greatly increasing network bandwidth efficiency. Figure 59. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface.
Page 440 Dell(conf-if-te-1/1)#do debug ipv6 nd tengigabitethernet 1/1 ICMPv6 Neighbor Discovery packet debugging is on for tengigabitethernet 1/1 Dell(conf-if-te-1/1)#00:13:02 : : cp-ICMPV6-ND: Sending RA on Te 1/1 current hop limit=64, flags: M-, O-, router lifetime=1800 sec, reachable time=0 ms, retransmit time=0 ms...
Page 441: Secure Shell (Ssh) Over An Ipv6 Transport
Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide.
Page 442: Assigning An Ipv6 Address To An Interface
Assigning an IPv6 Address to an Interface Essentially, IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully. To assign an IPv6 address to an interface, use the ipv6 address command.
Page 443: Assigning A Static Ipv6 Route
Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router.
Page 444: Displaying Ipv6 Information
IPv6. For more information regarding SNMP commands, refer to the SNMP and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide. • snmp-server host • snmp-server user ipv6 • snmp-server community ipv6 • snmp-server community access-list-name ipv6 •...
Page 445: Showing Ipv6 Routes
– To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command. Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0...
Page 446: Showing The Running-Configuration For An Interface
– For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. – For the Management interface on the stack-unit, enter the keyword ManagementEthernet then the slot/port information. Example of the show running-config interface Command Dell#show run int Te 2/2 interface TenGigabitEthernet 2/2 no ip address ipv6 address 3:4:5:6::8/24...
Page 447: Clearing Ipv6 Routes
Clearing IPv6 Routes To clear routes from the IPv6 routing table, use the following command. • Clear (refresh) all or a specific route from the IPv6 routing table. EXEC mode clear ipv6 route {* | ipv6 address prefix-length} – *: all routes. –...
Page 448 The retransmission time range is from 100 to 4,294,967,295 milliseconds. 15 Display the configurations applied on the RA guard policy mode. POLICY LIST CONFIGURATION mode show config Example of the show config Command Dell(conf-ra_guard_policy_list)#show config ipv6 nd ra-guard policy test device-role router hop-limit maximum 251 mtu 1350...
Page 449: Configuring Ipv6 Ra Guard On An Interface
[interface slot/port | count value] The count range is from 1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide.
Page 450: Iscsi Optimization
In a data center network, Dell EqualLogic and Compellent iSCSI storage arrays are connected to a converged Ethernet network using the data center bridging exchange protocol (DCBx) through stacked and/or non-stacked Ethernet switches.
Page 451 • Auto-detection of EqualLogic storage arrays — the switch detects any active EqualLogic array directly attached to its ports. • Manual configuration to detect Compellent storage arrays where auto-detection is not supported. • Automatic configuration of switch ports after detection of storage arrays. •...
Page 452: Default Iscsi Optimization Values
Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 37. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Disabled. iSCSI CoS mode (802.1p priority queue mapping) dot1p priority 4 without the remark setting when you enable iSCSI.
Page 453 CONFIGURATION mode iscsi enable For a DCB environment: Configure iSCSI Optimization. EXEC Privilege mode iSCSI configuration: copy CONFIG_TEMPLATE/iSCSI_DCB_Config running-config. The configuration files are stored in the flash memory in the CONFIG_TEMPLATE file. NOTE: DCB/DCBx is enabled when you apply the iSCSI configuration in step 3. If you manually apply the iSCSI configuration by following steps 1 and 2, enable link layer discovery protocol (LLDP) before enabling iSCSI in step 2.
Page 454: Displaying Iscsi Optimization Information
Display detailed information on active iSCSI sessions on the switch. To display detailed information on specified iSCSI session, enter the session’s iSCSI ID. show iscsi sessions detailed [session isid] • Display all globally configured non-default iSCSI settings in the current Dell Networking OS session. show run iscsi iSCSI Optimization...
Page 455 VLT PEER2 Session 0: ----------------------------------------------------------------------------- Target: iqn.2001-05.com.equallogic:0-8a0906-0f60c2002-0360018428d48c94-iom011 iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 The following example shows the show iscsi session detailed command. VLT PEER1 Dell# show iscsi session detailed Session 0: -------------------------------------------------------- Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.101 3260 0...
Page 456: Enable And Disable Iscsi Optimization
Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort 10.10.0.53 33432 10.10.0.101 3260 Enable and Disable iSCSI Optimization The following describes enabling and disabling iSCSI optimizaiton. NOTE: iSCSI monitoring, auto-configuration and auto-detection is enabled by default. If you enable iSCSI, flow control is automatically enabled on all interfaces.
Page 457: Information Monitored In Iscsi Traffic Flows
The switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network. LLDP is enabled by default. For more information about LLDP, refer to Link Layer Discovery Protocol (LLDP).
Page 458: Configuring Detection And Ports For Dell Compellent Arrays
The following message displays the first time you use the iscsi profile-compellent command to configure a port connected to a Dell Compellent storage array and describes the configuration changes that are automatically performed: %SYSTEM:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports;...
Page 459: Intermediate System To Intermediate System
NOTE: This protocol supports routers passing both IP and OSI traffic, though the Dell Networking implementation supports only IP traffic. IS-IS is organized hierarchically into routing domains and each router or system resides in at least one area. In IS-IS, routers are designated as Level 1, Level 2 or Level 1-2 systems.
Page 460: Multi-Topology Is-Is
• area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI). • system address — the router’s MAC address. • N-selector — this is always 0. The following illustration is an example of the ISO-style address to show the address format IS-IS uses.
Page 461: Interface Support
Interface Support MT IS-IS is supported on physical Ethernet interfaces, physical synchronous optical network technologies (SONET) interfaces, port-channel interfaces (static and dynamic using LACP), and virtual local area network (VLAN) interfaces. Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement MT extensions. If a local router does not participate in certain MTs, it does not advertise those MT IDs in its IS-IS hellos (IIHs) and so does not include that neighbor within its LSPs.
Page 462: Implementation Information
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing; however, the ISO NET format is supported for addressing.
Page 463: Configuration Tasks For Is-Is
NOTE: When using the IS-IS routing protocol to exchange IPv6 routing information and to determine destination reachability, you can route IPv6 along with IPv4 while using a single intra-domain routing protocol. The configuration commands allow you to enable and disable IPv6 routing and to configure or remove IPv6 prefixes on links. Except where identified, the commands described in this chapter apply to both IPv4 and IPv6 versions of IS-IS.
Page 464 ISIS mode. To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 465 IS-IS: LSP checksum errors received : 0 IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: •...
Page 466 Use this command for IPv6 route computation only when you enable multi-topology. If using single-topology mode, to apply to both IPv4 and IPv6 route computations, use the spf-interval command in CONFIG ROUTER ISIS mode. Implement a wide metric-style globally. ROUTER ISIS AF IPV6 mode isis ipv6 metric metric-value [level-1 | level-2 | level-1-2] To configure wide or wide transition metric style, the cost can be between 0 and 16,777,215.
Page 467 Example of the show isis interface Command To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface TenGigabitEthernet 1/34 TenGigabitEthernet 1/34 is up, line protocol is up MTU 1497, Encapsulation SAP...
Page 468 Example of Viewing IS-IS Configuration (ROUTER ISIS Mode) To view the configuration, use the show config command in ROUTER ISIS mode or the show running-config isis command in EXEC Privilege mode. Dell#show running-config isis router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00...
Page 469 If you configure narrow, transition, or narrow transition metric style, the cost can be a number between 0 and 63. If you configure wide or wide transition metric style, the cost can be a number between 0 and 16,777,215. Dell Networking OS supports five different metric styles: narrow, wide, transition, narrow transition, and wide transition.
Page 470: Configuring The Distance Of A Route
Accept wide metrics: none Dell# Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with IS-IS enabled, you can assign a cost or metric that is used in the link state calculation.
Page 471: Changing The Is-Type
The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database...
Page 472 Another method of controlling routing information is to filter the information through a prefix list. Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS.
Page 473: Redistributing Ipv4 Routes
ROUTER ISIS-AF IPV6 mode distribute-list prefix-list-name in [interface] Enter the type of interface and the interface information: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. –...
Page 474: Redistributing Ipv6 Routes
redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: – process-id the range is from 1 to 65535. – level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. –...
Page 475: Configuring Authentication Passwords
Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system.
Page 476: Debugging Is-Is
– interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
Page 477: Is-Is Metric Styles
The following sections provide additional information about the IS-IS metric styles. • Configuring the IS-IS Metric Style • Configure Metric Values Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) •...
Page 478 Table 40. Metric Value When the Metric Style Changes Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide narrow default value (10) if the original value is greater than 63. A message is sent to the console. wide transition truncated value (the truncated value appears in the LSP only).
Page 479: Leaks From One Level To Another
Moving to transition and then to another metric style produces different results. Table 41. Metric Value when the Metric Style Changes Multiple Times Beginning Metric Style Next Metric Style Resulting Metric Value Next Metric Style Final Metric Value wide transition truncated value wide original value is...
Page 480: Sample Configurations
Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: • Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface. Enable the ip router isis and ipv6 router isis commands on the interface.
Page 481 TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17...
Page 482: Link Aggregation Control Protocol (Lacp)
Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards.
Page 483: Lacp Modes
LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state.
Page 484: Lacp Configuration Tasks
Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface TenGigabitethernet 3/15 Dell(conf-if-te-3/15)#no shutdown Dell(conf-if-te-3/15)#port-channel-protocol lacp Dell(conf-if-te-3/15-lacp)#port-channel 32 mode active Dell(conf)#interface TenGigabitethernet 3/16 Dell(conf-if-te-3/16)#no shutdown Dell(conf-if-te-3/16)#port-channel-protocol lacp Dell(conf-if-te-3/16-lacp)#port-channel 32 mode active Dell(conf)#interface TenGigabitethernet 4/15 Dell(conf-if-te-4/15)#no shutdown...
Page 485: Setting The Lacp Long Timeout
Dell(conf)#interface TenGigabitethernet 4/16 Dell(conf-if-te-4/16)#no shutdown Dell(conf-if-te-4/16)#port-channel-protocol lacp Dell(conf-if-te-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static channel-member configuration in LAG 32. Setting the LACP Long Timeout PDUs are exchanged between port channel (LAG) interfaces to maintain LACP sessions.
Page 486: Shared Lag State Tracking
Figure 63. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To achieve this functionality, you must group LAG 1 and LAG 2 into a single entity, called a failover group.
Page 487: Important Points About Shared Lag State Tracking
2d1h45m: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Po 2 To view the status of a failover group member, use the show interface port-channel command. Dell#show interface port-channel 2 Port-channel 2 is up, line protocol is down (Failover-group 1 is down)
Page 488: Lacp Basic Configuration Example
• If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names.
Page 489 0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64-byte pkts, 121 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts...
Page 490 Figure 66. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP)
Page 491 Figure 67. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP)
Page 492 Figure 68. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 2/31 Alpha(conf-if-te-2/31)#no ip address Alpha(conf-if-te-2/31)#no switchport Alpha(conf-if-te-2/31)#shutdown Alpha(conf-if-te-2/31)#port-channel-protocol lacp Alpha(conf-if-te-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-te-2/31-lacp)#no shut Alpha(conf-if-te-2/31)#show config interface GigabitEthernet 2/31 no ip address port-channel-protocol LACP port-channel 10 mode active...
Page 493 Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int tengig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-te-3/21)#port-channel-protocol lacp Bravo(conf-if-te-3/21-lacp)#port-channel 10 mode active Bravo(conf-if-te-3/21-lacp)#no shut Bravo(conf-if-te-3/21)#end interface TenGigabitEthernet 3/21...
Page 494 Figure 69. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP)
Page 495 Figure 70. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP)
Page 496 Figure 71. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode.
Page 497: Layer 2
Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries •...
Page 498: Configuring A Static Mac Address
Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior: When configuring the MAC learning limit on a port or VLAN, the configuration is accepted (becomes part of running-config and show mac learning-limit interface) before the system verifies that sufficient CAM space exists.
Page 499: Setting The Mac Learning Limit
Entries created before this option is set are not affected. Dell Networking OS Behavior: If you do not configure the dynamic option, the system does not detect station moves in which a MAC address learned from a MAC-limited port is learned on another port on the same system.
Page 500: Mac Learning-Limit Station-Move
EXEC Privilege mode show mac learning-limit Dell Networking OS Behavior: The systems do not generate a station-move violation log entry for physical interfaces or port- channels when you configure mac learning-limit or when you configure mac learning-limit station-move- violation log. Dell Networking OS detects a station-move violation only when you configure mac learning-limit dynamic and logs the violation only when you configure the mac learning-limit station-move-violation log, as shown in the following example.
Page 501: Setting Station Move Violation Actions
Setting Station Move Violation Actions no-station-move is the default behavior. You can configure the system to take an action if a station move occurs using one the following options with the mac learning-limit command. To display a list of interfaces configured with MAC learning limit or station move violation actions, use the following commands.
Page 502: Disabling Mac Address Learning On The System
MAC address is disassociated with one port and reassociated with another port in the ARP table, the no mac-address-table station-move refresh-arp command should not be configured on the Dell Networking switch at the time that NIC teaming is being configured on the server.
Page 503: Configure Redundant Pairs
Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces.
Page 504 Apply all other configurations to each interface in the redundant pair such that their configurations are identical, so that transition to the backup interface in the event of a failure is transparent to rest of the network. Figure 74. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command.
Page 505: Important Points About Configuring Redundant Pairs
TenGigabitEthernet 3/42 no shutdown interface TenGigabitEthernet 3/42 no ip address switchport no shutdown Dell(conf-if-range-te-3/41-42)# Dell(conf-if-range-te-3/41-42)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned YES Manual up TenGigabitEthernet 3/42 unassigned NO Manual up down [output omitted]...
Page 506: Far-End Failure Detection
Port-channel 2 Standby Port-channel 1 Active Dell# Dell(conf-if-po-1)#switchport backup interface tengigabitethernet 1/2 Apr 9 00:16:29: %STKUNIT0-M:CP %IFMGR-5-L2BKUP_WARN: Do not run any Layer2 protocols on Po 1 and Te 1/2 Dell(conf-if-po-1)# Far-End Failure Detection Far-end failure detection (FEFD) is a protocol that senses remote data link errors in a network. FEFD responds by sending a unidirectional report that triggers an echoed response after a specified time interval.
Page 507: Fefd State Changes
You can enable FEFD globally or on a per-interface basis. Interface FEFD configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. • FEFD is not supported on Fibre Channel and copper Ethernet ports.
Page 508: Configuring Fefd
Te 1/3 Normal 3 Admin Shutdown Te 1/4 Normal 3 Admin Shutdown Dell#show run fefd fefd-global mode normal fefd-global interval 3 Enabling FEFD on an Interface To enable, change, or disable FEFD on an interface, use the following commands. •...
Page 509: Debugging Fefd
Dell(conf-if-te-1/1)#shutdown 2w1d22h: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Te 1/1 Dell(conf-if-te-1/1)#2w1d22h : FEFD state on Te 1/1 changed from ANY to Unknown 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/1 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 4/1...
Page 510 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Te 1/1) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Te 4/1) Sender hold time -- 3 (second) 2w1d22h : FEFD packet received on interface Te 4/1 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Te 1/1) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Te 4/1) Sender hold time -- 3 (second) Layer 2...
Page 511: Link Layer Discovery Protocol (Lldp)
Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Page 512: Optional Tlvs
IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 77. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Link Layer Discovery Protocol (LLDP)
Page 513: Management Tlvs
Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80- C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
Page 514: Tia-1057 (Lldp-Med) Overview
• LLDP-MED Network Connectivity Device — any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: •...
Page 515: Tia Organizationally Specific Tlvs
TIA Organizationally Specific TLVs The Dell Networking system is an LLDP-MED Network Connectivity Device (Device Type 4). Network connectivity devices are responsible for: • transmitting an LLDP-MED capability TLV to endpoint devices • storing the information that endpoint devices advertise The following table describes the five types of TIA-1057 Organizationally Specific TLVs.
Page 516 • The possible values of the LLDP-MED device type are shown in the following. The Dell Networking system is a network connectivity device, which is Type 4. When you enable LLDP-MED in Dell Networking OS (using the advertise med command), the system begins transmitting this TLV.
Page 517 An integer represents the application type (the Type integer shown in the following table), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED network policy TLV is generated for each application type that you specify with the Dell Networking OS CLI (Advertising TLVs).
Page 518: Configure Lldp
• Power Value — Dell Networking advertises the maximum amount of power that can be supplied on the port. By default the power is 15.4W, which corresponds to a power value of 130, based on the TIA-1057 specification. You can advertise a different power value using the max-milliwatts option with the power inline auto | static command.
Page 519: Related Configuration Tasks
Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000.
Page 520: Enabling Lldp
LLDP multiplier configuration Negate a command or set its defaults show Show LLDP configuration Dell(conf-if-te-1/3-lldp)# Enabling LLDP LLDP is disabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs.
Page 521: Advertising Tlvs
CONFIGURATION mode. protocol lldp Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode. management-interface Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no. Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. •...
Page 522: Viewing The Lldp Configuration
Dell(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description hello 10 no disable Dell(conf-lldp)# Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/31 Dell(conf-if-te-1/31)#show config interface TenGigabitEthernet 1/31 no ip address switchport no shutdown Dell(conf-if-te-1/31)#protocol lldp Dell(conf-if-te-1/31-lldp)#show config protocol lldp...
Page 523: Viewing Information Advertised By Adjacent Lldp Agents
Information valid for next 120 seconds Time since last information change of this neighbor: 01:50:16 Remote MTU: 1554 Remote System Desc: Dell Networks Real Time Operating System Software Dell Operating System Version: 1.0. Dell Application Software Version: 9.4.0.0. Copyright (c) 1999-2014...
Page 524: Configuring Lldpdu Intervals
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval. CONFIGURATION mode or INTERFACE mode hello Example of Viewing LLDPDU Intervals R1(conf)#protocol lldp R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id...
Page 525: Configuring The Time To Live Value
protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? Rx only Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config...
Page 526: Debugging Lldp
To stop viewing the LLDP TLVs sent and received by the system, use the no debug lldp command. Figure 83. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: •...
Page 527 • received and transmitted LLDP-MED TLVs Table 50. LLDP Configuration MIB Objects MIB Object LLDP Variable LLDP MIB Object Description Category LLDP adminStatus lldpPortConfigAdminStatus Whether you enable the local Configuration LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplier Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value.
Page 528 TLV Type TLV Name TLV Variable System LLDP MIB Object port ID Local lldpLocPortId Remote lldpRemPortId Port Description port description Local lldpLocPortDesc Remote lldpRemPortDesc System Name system name Local lldpLocSysName Remote lldpRemSysName System Description system description Local lldpLocSysDesc Remote lldpRemSysDesc System Capabilities system capabilities Local...
Page 529 TLV Type TLV Name TLV Variable System LLDP MIB Object port and protocol VLAN Local lldpXdot1LocProtoVlanEn enabled abled Remote lldpXdot1RemProtoVlanE nabled PPVID Local lldpXdot1LocProtoVlanId Remote lldpXdot1RemProtoVlanI VLAN Name Local lldpXdot1LocVlanId Remote lldpXdot1RemVlanId VLAN name length Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName VLAN name Local lldpXdot1LocVlanName Remote...
Page 530 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Remote lldpXMedRemMediaPolic yVlanID L2 Priority Local lldpXMedLocMediaPolicy Priority Remote lldpXMedRemMediaPolic yPriority DSCP Value Local lldpXMedLocMediaPolicy Dscp Remote lldpXMedRemMediaPolic yDscp Location Identifier Location Data Format Local lldpXMedLocLocationSub type Remote lldpXMedRemLocationSu btype Location ID Data Local lldpXMedLocLocationInf...
Page 531 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedRemXPoEPSEPo Remote werAv lldpXMedRemXPoEPDPo werReq Link Layer Discovery Protocol (LLDP)
Page 532: Microsoft Network Load Balancing
Windows Server 2003 operating systems. Microsoft NLB clustering allows multiple servers running Microsoft Windows to be represented by one MAC and one IP address to provide transparent failover and load-balancing. The Dell Networking OS does not recognize server clusters by default; you must configure NLB functionality on a switch to support server clusters.
Page 533: Nlb Benefits
In the multicast NLB mode, a static ARP configuration command is configured to associate the cluster IP address with a multicast cluster MAC address. In multicast NLB mode, data is forwarded to all servers in the cluster based on the port specified using the Layer 2 multicast command: mac-address-table static <multicast_mac>...
Page 534: Configuring Nlb On A Switch
Configuring NLB on a Switch You can enable NLB functionality to operate in unicast or multicast mode on a switch. To enable NLB unicast mode: Enter the ip vlan-flooding command to enable Layer 3 unicast data traffic routed through a VLAN port to be flooded on all member ports of the VLAN connected to a server cluster.
Page 535: Multicast Source Discovery Protocol (Msdp)
Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Page 536: Anycast Rp
RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected.
Page 537: Implementation Information
RPs becomes the active RP in more than one area. New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446. Configure Multicast Source Discovery Protocol Configuring MSDP is a four-step process.
Page 538 Figure 86. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP)
Page 539 Figure 87. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP)
Page 540 Figure 88. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP)
Page 541: Enable Msdp
Figure 89. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. Enable MSDP. CONFIGURATION mode ip multicast-msdp Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3(conf)#do show ip msdp summary...
Page 542: Manage The Source-Active Cache
00:10:44 Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking OS caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the reverse path forwarding (RPF) and policy check.
Page 543: Clearing The Source-Active Cache
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries.
Page 544 Figure 90. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP)
Page 545 Figure 91. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP)
Page 546: Specifying Source-Active Messages
If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check. Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50...
Page 547: Limiting The Source-Active Messages From A Peer
24.0.50.2 200.0.0.50 10.0.50.2 00:13:49 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 00:13:49 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 10.0.50.2 Rpf-Fail 00:33:18 229.0.50.65...
Page 548: Preventing Msdp From Caching A Remote Source
R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands. OPTIONAL: Cache sources that the SA filter denies in the rejected SA cache.
Page 549: Logging Changes In Peership States
ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter R1(conf)#do show run acl ip access-list extended mylocalfilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 seq 10 deny ip any any R1(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr...
Page 550: Clearing Peer Statistics
Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode clear ip msdp peer peer-address Example of the clear ip msdp peer Command and Verifying Statistics are Cleared...
Page 551: Msdp With Anycast Rp
MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than one active group to use RP mapping. PIM-SM allows only active groups to use RP mapping, which has several implications: • traffic concentration: PIM-SM allows only one active group to RP mapping which means that all traffic for the group must, at least initially, travel over the same part of the network.
Page 552: Configuring Anycast Rp
RPs use MSDP to peer with each other using a unique address. Figure 93. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address.
Page 553: Reducing Source-Active Message Flooding
Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source. CONFIGURATION mode ip msdp peer Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs flood source-active messages to all of their peers away from the RP.
Page 554: Multiple Spanning Tree Protocol (Mstp)
Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Page 555: Spanning Tree Variations
Implementation Information MSTP is implemented as follows in Dell Networking OS: • The Dell Networking OS MSTP implementation is based on IEEE 802.1Q-2003 and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP.
Page 556: Enable Multiple Spanning Tree Globally
• Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters • Configuring an EdgePort • Flush MAC Addresses after a Topology Change • Debugging and Verifying MSTP Configurations •...
Page 557: Influencing Mstp Root Selection
All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100...
Page 558: Interoperate With Non-Dell Bridges
For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for the name and revision number must match on all Dell Networking OS devices. If there are non-Dell devices that participate in MSTP, ensure these values match on all devices.
Page 559 NOTE: Dell Networking recommends that only experienced network administrators change MSTP parameters. Poorly planned modification of MSTP parameters can negatively affect network performance. To change the MSTP parameters, use the following commands on the root bridge. Change the forward-delay parameter.
Page 560: Modifying The Interface Parameters
Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port.
Page 561: Configuring An Edgeport
To verify that EdgePort is enabled, use the show config command from INTERFACE mode. Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes.
Page 562: Mstp Sample Configurations
MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 95. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs.
Page 563: Debugging And Verifying Mstp Configurations
Create VLANs mapped to MSTP instances tag interfaces to the VLANs. SFTOS Example Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
Page 564 – Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti...
Page 565: Multicast Features
Because protocol control traffic in the Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic.
Page 566: First Packet Forwarding For Lossless Multicast
All initial multicast packets are forwarded to receivers to achieve lossless multicast. In previous versions, when the Dell Networking system is an RP, all initial packets are dropped until PIM creates an (S,G) entry. When the system is an RP and a Source DR, these initial packet drops represent a loss of native data, and when the system is an RP only, the initial packets drops represent a loss of register packets.
Page 567 Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the Dell Networking OS clears the multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
Page 568 entry is created only for group 239.0.0.1. VLAN 300 has no access list limiting Receiver 1, so both IGMP reports are accepted and two corresponding entries are created in the routing table. Figure 96. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration.
Page 569 Location Description • no shutdown • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface TenGigabitEthernet 2/31 •...
Page 570 Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from being overload by limiting that rate at which new groups can be joined. Hosts whose IGMP requests are denied will use the retry mechanism built into IGMP so that they’re membership is delayed rather than permanently denied.
Page 571 Figure 97. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 57. Preventing a Source from Transmitting to a Group — Description Location Description 1/21 • Interface TenGigabitEthernet 1/21 •...
Page 572 Location Description • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11 • Interface TenGigabitEthernet 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31 • Interface TenGigabitEthernet 2/31 • ip pim sparse-mode •...
Page 573 To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
Page 574: Open Shortest Path First (Ospfv2 And Ospfv3)
Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS).
Page 575: Area Types
area within the AS may not see the details of another area’s topology. AS areas are known by their area number or the router’s IP address. Figure 98. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0.
Page 576: Networks And Neighbors
Each router has a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router’s IP address reflect each other.
Page 577 The following example shows different router designations. Figure 99. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
Page 578: Designated And Backup Designated Routers
IP address that all OSPF routers on the network segment are listening on. These router designations are not the same ad the router IDs described earlier. The DRs and BDRs are configurable in Dell Networking OS. If you do not define DR or BDR, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR.
Page 579: Router Priority And Cost
• Type 7: External LSA — Routers in an NSSA do not receive external LSAs from ABRs, but are allowed to send external routing information for redistribution. They use Type 7 LSAs to tell the ABRs about these external routes, which the ABR then translates to Type 5 external LSAs and floods as normal to the rest of the OSPF network.
Page 580: Ospf With Dell Networking Os
Figure 100. Priority and Cost Examples OSPF with Dell Networking OS The Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within the that 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes.
Page 581: Fast Convergence (Ospfv2, Ipv4 Only)
Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. Dell Networking OS allows you to accept and originate LSAs as soon as they are available to speed up route information propagation.
Page 582: Ospf Ack Packing
In Dell Networking OS, the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in Dell Networking OS. In contrast, the OSPF dead interval on a Cisco router is, by default, four times as long as the hello interval.
Page 583: Configuration Information
Set the time interval between when the switch receives a topology change and starts a shortest path first (SPF) calculation. Use timers spf delay holdtime Example Dell# Dell#conf Dell(conf)#router ospf 1 Dell(conf-router_ospf-1)#timer spf 2 5 Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#show config router ospf 1 timers spf 2 5 Dell(conf-router_ospf-1)#...
Page 584 In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described.
Page 585 EXEC mode show ip ospf process-id Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs...
Page 586 Example of Enabling OSPFv2 and Assigning an Area to an Interface Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode.
Page 587 ID Router Network S-Net S-ASBR Type-7 Subtotal 2.2.2.2 3.3.3.3 Dell# To view information on areas, use the show ip ospf process-id command in EXEC Privilege mode. Configuring LSA Throttling Timers Configured link-state advertisement (LSA) timers replace the standard transmit and acceptance times for LSAs.
Page 588 When disabled, the parameter is set at 0. NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Examples of the fast-converge Command In the following examples, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold).
Page 589 To change OSPFv2 parameters on the interfaces, use any or all of the following commands. • Change the cost associated with OSPF traffic on the interface. CONFIG-INTERFACE mode ip ospf cost – cost: The range is from 1 to 65535 (the default depends on the interface speed). •...
Page 590: Configuring Virtual Links
Example of Changing and Verifying the cost Parameter and Viewing Interface Status To view interface configurations, use the show config command in CONFIGURATION INTERFACE mode. To view interface status in the OSPF process, use the show ip ospf interface command in EXEC mode. The bold lines in the example show the change on the interface.
Page 591 Use EITHER the Authentication Key or the Message Digest (MD5) key. Example of Viewing Virtual Links Use the show ip ospf process-id virtual-links command to view the virtual link. Dell#show ip ospf 1 virtual-links Virtual Link to router 192.168.253.5 is up Run as demand circuit Transit area 0.0.0.1, via interface TengigabitEthernet 13/16, Cost of using 2...
Page 592 Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3...
Page 593 – packet: view OSPF packet information. – spf: view SPF information. – database-timers rate-limit: view the LSAs currently in the queue. Example of Viewing OSPF Configuration Dell#show run ospf router ospf 4 router-id 4.4.4.4 Open Shortest Path First (OSPFv2 and OSPFv3)
Page 594: Sample Configurations For Ospfv2
4.4.4.0/28 area 1 ipv6 router ospf 999 default-information originate always router-id 10.10.10.10 Dell# Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations.
Page 595: Configuration Task List For Ospfv3 (Ospf For Ipv6)
Set the time interval between when the switch receives a topology change and starts a shortest path first (SPF) calculation. timers spf delay holdtime Example Dell#conf Dell(conf)#ipv6 router ospf 1 Dell(conf-ipv6-router_ospf)#timer spf 2 5 Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#show config ipv6 router ospf 1...
Page 596: Applying Cost For Ospfv3
ipv6 unicast routing Applying cost for OSPFv3 Change in bandwidth directly affects the cost of OSPF routes. • Explicitly specify the cost of sending a packet on an interface. INTERFACE mode ipv6 ospf interface-cost – interface-cost:The range is from 1 to 65535. Default cost is based on the bandwidth. •...
Page 597: Assigning Ospfv3 Process Id And Router Id Globally
– process-id: the process ID number assigned. – area-id: the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf {process ID} The range is from 0 to 65535.
Page 598: Redistributing Routes
Interface: identifies the specific interface that is passive. – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. – For a port channel interface, enter the keywords port-channel then a number. –...
Page 599: Ospfv3 Authentication Using Ipsec
Transport mode. It is possible to insert the ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Page 600 • Manual key configuration is supported in an authentication or encryption policy (dynamic key configuration using the internet key exchange [IKE] protocol is not supported). • In an OSPFv3 authentication policy: – AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension headers. –...
Page 601 show crypto ipsec policy • Display the security associations set up for OSPFv3 interfaces in authentication policies. show crypto ipsec sa ipv6 Configuring IPsec Encryption on an Interface To configure, remove, or display IPsec encryption on an interface, use the following commands. Prerequisite: Before you enable IPsec encryption on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF...
Page 602 The security policy index (SPI) value must be unique to one IPSec security policy (authentication or encryption) on the router. Configure the same authentication policy (the same SPI and key) on each interface in an OPSFv3 link. If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command, you cannot use the area authentication command in the area at the same time.
Page 603 In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold). The following example shows the show crypto ipsec policy command. Dell#show crypto ipsec policy Crypto IPSec client security policy data Policy name...
Page 604: Troubleshooting Ospfv3
Crypto IPSec client security policy data Policy name : OSPFv3-1-500 Policy refcount Inbound AH SPI : 500 (0x1F4) Outbound AH SPI : 500 (0x1F4) Inbound AH Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Outbound AH Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Transform set : ah-md5-hmac Crypto IPSec client security policy data Policy name : OSPFv3-0-501 Policy refcount...
Page 605 EXEC Privilege mode show ipv6 ospf [vrf vrf-name] database • View the configuration of OSPFv3 neighbors. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] neighbor • View debug messages for all OSPFv3 interfaces. EXEC Privilege mode debug ipv6 ospf [vrf vrf-name] [event | packet] {type slot/port} –...
Page 606: Pay As You Grow
A Z9500 switch with a 36 40G-port license has only the ports on line card 0 enabled. See the Port Numbering figure in this section for exact port location. You can purchase a license for additional Z9500 port configurations: •...
Page 607 If the system service and license service tags do not match, the license cannot be installed. To generate the correct license service tag for the desired port license, contact your local Dell Networking support team or the Dell Networking Technical Assistance Center.
Page 608 {flash://filepath | ftp://userid:password@host-ip/filepath | scp:// userid:password@hostip/filepath | tftp://host-ip/filepath | usbflash://filepath} EXEC Privilege mode After you enter the command, the current Z9500 port configuration and license status are displayed. Enter Yes at the prompt to continue the installation; for example: ??? Dell# install license ftp://122.3.12.34:/dell_license/z9500_J_Smith.xml...
Page 609: Displaying License Information
/ (/dev/md0a)... done rebooting... Displaying License Information To check the status of the currently installed Z9500 license and display the number of enabled ports, use the show license command. • Display the license for the current Z9500 port configuration.
Page 610 ExampleDisplay of show system brief Output a Newly Installed License You can also display information on the currently If you have installed Z9500 a new license by entering but have not yet reloaded the switch, the following information is displayed. show system brief command. In the Linecard Info section, the Status column displays the licensed ( online ) and unlicensed ( unlicensed ) line cards.
Page 611: Pim Sparse-Mode (Pim-Sm)
The SPT-Threshold is zero, which means that the last-hop designated router (DR) joins the shortest path tree (SPT) to the source after receiving the first multicast packet. • Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. •...
Page 612: Refuse Multicast Traffic
RP to prune its SPT to the source with a Prune message. Dell Networking OS Behavior: When the router creates an SPT to the source, there are then two paths between the receiver and the source, the SPT and the RPT. Until the router can prune itself from the RPT, the receiver receives duplicate multicast packets which may cause disruption.
Page 613: Related Configuration Tasks
You can influence the selection of the Rendezvous Point by enabling PIM-Sparse mode on a Loopback interface and assigning a low IP address. To display PIM neighbors for each interface, use the show ip pim neighbor command EXEC Privilege mode. Dell#show ip pim neighbor Neighbor Interface Uptime/Expires...
Page 614: Configuring S,G Expiry Timers
5 permit ip 10.1.2.0/24 225.1.1.0/24 seq 10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf)#ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running-configuration pim command from EXEC Privilege mode. PIM Sparse-Mode (PIM-SM)
Page 615: Configuring A Static Rendezvous Point
226.1.1.1 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segment.
Page 616: Creating Multicast Boundaries And Domains
CONFIGURATION mode ip pim graceful-restart nsf – (option) restart-time: the time the Dell Networking system requires to restart. The default value is 180 seconds. – (option) stale-entry-time: the maximum amount of time that the Dell Networking system preserves entries from a restarting neighbor.
Page 617: Pim Source-Specific Mode (Pim-Ssm)
SPT. PIM-SSM uses IGMPv3. Because receivers subscribe to a source and group, the RP and shared tree is unnecessary; only SPTs are used. On Dell Networking systems, it is possible to use PIM-SM with IGMPv3 to achieve the same result, but PIM-SSM eliminates the unnecessary protocol overhead.
Page 618: Configure Pim-Ssm
• When an SSM map is in place and Dell Networking OS cannot find any matching access lists for a group, it continues to create (*,G) entries because there is an implicit deny for unspecified groups in the ACL.
Page 619: Configuring Pim-Ssm With Igmpv2
If you do not specify the group option, the display is a list of groups currently in the IGMP group table that has a group-to- source mapping. To display the list of sources mapped to a group currently in the IGMP group table, use the show ip igmp groups group detail command.
Page 620: Policy-Based Routing (Pbr)
Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look up an entry in a routing table.
Page 621: Implementing Pbr
• If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel ID for a redirect rule.
Page 622: Configuration Task List For Policy-Based Routing
The following example creates a redirect list by the name of ‘xyz’. Dell(conf)#ip redirect-list ? WORD Redirect-list name (max 16 chars) Dell(conf)#ip redirect-list xyz To set the rules for the redirect list, use the following command in Configuration redirect-list mode. You can enter the command multiple times and create a sequence of redirect rules.
Page 623 Dell(conf-redirect-list)# NOTE: Starting with the Dell Networking OS version 9.4(0.0), you can use multiple recursive routes with the same source- address and destination-address combination in a redirect policy on a router. A recursive route is a route for which the immediate next-hop address is learned dynamically through a routing protocol and acquired through a route lookup in the routing table.
Page 624: Pbr Exceptions (Permit)
The Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Because the order of rules is important, ensure that you configure any necessary sequence numbers.
Page 625 Dell(conf-if-te-1/0)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. The Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration, use the following command in EXEC mode: Table 61.
Page 626: Sample Configuration
ARP status for the specified next-hop. Showing CAM PBR Configuration Example: Dell#show cam pbr linecard 1 port-set 0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN, Bit 0 - FIN...
Page 627: Gold
Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 tcp any any Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp any host 144.144.144.144 Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the Status of the Track Objects (Up/Down):...
Page 628 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp any any Dell(conf-redirect-list)#redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp any any...
Page 629 Verify the Applied Redirect Rules: Dell#show ip redirect-list explicit_tunnel IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144, Track 1 [up], Next-...
Page 630: Port Monitoring
Mirroring is used for monitoring Ingress or Egress or both Ingress and Egress traffic on a specific port(s). This mirrored traffic can be sent to a port where a network sniffer can connect and monitor the traffic. Dell Networking OS supports the following mirroring techniques: •...
Page 631: Important Points To Remember
• In general, a monitoring port should have no ip address and no shutdown as the only configuration; Dell Networking OS permits a limited set of commands for monitoring ports. You can display these commands using the ? command. A monitoring port also may not be a member of a VLAN.
Page 632: Examples Of Port Monitoring
MD port and monitored packets on the MG port. Dell Networking OS Behavior: The switch continues to mirror outgoing traffic even after an MD participating in spanning tree protocol (STP) transitions from the forwarding to blocking.
Page 633 Dell(conf-if-te-1/2)#show config interface TengigabitEthernet 1/2 no ip address no shutdown Dell(conf-if-te-1/2)#exit Dell(conf)# monitor session 0 Dell(conf-mon-sess-0)#source tengig 1/1 dest tengig 1/2 direction rx Dell(conf-mon-sess-0)#exit Dell(conf)# do show monitor session 0 SessionID Source Destination Direction Mode Type --------- ------ ----------- --------- ----...
Page 634: Configuring Monitor Multicast Queue
Verify information about monitor configurations. EXEC mode EXEC Privilege mode show run monitor session Dell#show run monitor session monitor multicast-queue 7 Dell# Remote Port Mirroring While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switch/router, remote port mirroring allows you to monitor Layer 2 and Layer 3 ingress and/or egress traffic on multiple source ports on different switches and forward the mirrored traffic to multiple destination ports on different switches.
Page 635: Remote Port Mirroring Example
Remote port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time- saving and efficient way. In a remote-port mirroring session, monitored traffic is tagged with a VLAN ID and switched on a user-defined, non-routable L2 VLAN.
Page 636: Configuring Remote Port Mirroring
Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches). Configuration Notes When you configure remote port mirroring, the following conditions apply: •...
Page 637: Displaying Remote-Port Mirroring Configurations
Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination...
Page 638: Configuring The Sample Remote Port Mirroring
Configuring the sample Source Remote Port Mirroring Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged te 0/4 Dell(conf-if-vl-10)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source te 0/5 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged te 0/7 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20...
Page 639 Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 0/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 0/28-29 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disable Dell(conf-mon-sess-3)#exit Dell(conf)#end Dell# Dell#show monitor session SessID Source Destination...
Page 640: Encapsulated Remote Port Monitoring
NOTE: When configuring ERPM, follow these guidelines • The Dell Networking OS supports ERPM source session only. Encapsulated packets terminate at the destination IP address or at the analyzer. • You can configure up to four ERPM source sessions on switch.
Page 641 Enter the no disable command to activate the no disable ERPM session.. The following example shows an ERPM configuration . Dell(conf)#monitor session 0 type erpm Dell(conf-mon-sess-0)#source tengigabitethernet 0/9 direction rx Dell(conf-mon-sess-0)#source port-channel 1 direction tx Dell(conf-mon-sess-0)#erpm source-ip 1.1.1.1 dest-ip 7.1.1.2...
Page 642 The next example shows the configuration of an ERPM session in which VLAN 11 is monitored as the source interface and a MAC ACL filters the monitored ingress traffic. Dell(conf)#mac access-list standard flow Dell(config-std-macl)#seq 5 permit 00:00:0a:00:00:0b count monitor Dell#show running-config interface vlan 11 interface Vlan 11...
Page 643: Private Vlans (Pvlan)
Private VLANs (PVLAN) The private VLAN (PVLAN) feature is supported on Dell Networking OS. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide.
Page 644: Using The Private Vlan Commands
– A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. – A primary VLAN has one or more promiscuous ports. – A primary VLAN might have one or more trunk ports, or none. •...
Page 645: Configuration Task List
NOTE: The outputs of the show arp and show vlan commands provide PVLAN data. For more information, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN.
Page 646: Creating A Primary Vlan
(ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface TengigabitEthernet 2/1 Dell(conf-if-te-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface TengigabitEthernet 2/2 Dell(conf-if-te-2/2)#switchport mode private-vlan host Dell(conf)#interface TengigabitEthernet 2/3...
Page 647: Creating A Community Vlan
• Specified with this command even before they have been created. • Amended by specifying the new secondary VLAN to be added to the list. Add promiscuous ports as tagged or untagged interfaces. INTERFACE VLAN mode tagged interface or untagged interface Add PVLAN trunk ports to the VLAN only as tagged interfaces.
Page 648: Creating An Isolated Vlan
The following example shows the use of the PVLAN commands that are used in VLAN INTERFACE mode to configure the PVLAN member VLANs (primary, community, and isolated VLANs). Dell#conf Dell(conf)# interface vlan 10 Dell(conf-vlan-10)# private-vlan mode primary Dell(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Dell(conf-vlan-10)# untagged Te 2/1 Dell(conf-vlan-10)# tagged Te 2/3 Dell(conf)# interface vlan 101 Dell(conf-vlan-101)# private-vlan mode community...
Page 649: Private Vlan Configuration Example
The following example shows a private VLAN topology. Figure 106. Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500: • Te 1/1 and Te 1/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000.
Page 650: Inspecting The Private Vlan Configuration
[interface interface] This command is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN.
Page 651 In the following example, notice the addition of the PVLAN codes – P, I, and C – in the left column. The following example shows viewing the VLAN status. Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs,...
Page 652: Per-Vlan Spanning Tree Plus (Pvst+)
Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview PVST+ is a variation of spanning tree —...
Page 653: Implementation Information
• The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multivendor network, verify that the costs are values you intended.
Page 654: Configure Per-Vlan Spanning Tree Plus
PVST+ in Multi-Vendor Networks • Enabling PVST+ Extended System ID • PVST+ Sample Configurations Enabling PVST+ When you enable PVST+, Dell Networking OS instantiates STP on each active VLAN. Enter PVST context. PROTOCOL PVST mode protocol spanning-tree pvst Enable PVST+. PROTOCOL PVST mode...
Page 655: Influencing Pvst+ Root Selection
no disable vlan 100 bridge-priority 4096 Influencing PVST+ Root Selection As shown in the previous per-VLAN spanning tree illustration, all VLANs use the same forwarding topology because R2 is elected the root, and all TenGigabitEthernet ports have the same cost. The following per-VLAN spanning tree illustration changes the bridge priority of each bridge so that a different forwarding topology is generated for each VLAN.
Page 656: Modifying Global Pvst+ Parameters
The default is 15 seconds. • Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. Per-VLAN Spanning Tree Plus (PVST+)
Page 657: Modifying Interface Pvst+ Parameters
The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you intended.
Page 658: Configuring An Edgeport
BPDU and an untagged PVST+ BPDU. Dell Networking systems do not expect PVST+ BPDU (tagged or untagged) on an untagged port. If this situation occurs, Dell Networking OS places the port in an Error-Disable state. This behavior might result in the network not converging. To prevent...
Page 659: Enabling Pvst+ Extend System Id
If you enable PVST+ on the Dell Networking switch in this network, P1 and P2 receive BPDUs from each other. Ordinarily, the Bridge ID in the frame matches the Root ID, a loop is detected, and the rules of convergence require that P2 move to blocking state because it has the lowest port ID.
Page 660 no shutdown interface TengigabitEthernet 1/32 no ip address switchport no shutdown protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TengigabitEthernet 1/22,32 no shutdown interface Vlan 200 no ip address tagged TengigabitEthernet 1/22,32 no shutdown interface Vlan 300 no ip address...
Page 661 no ip address tagged TengigabitEthernet 3/12,22 no shutdown interface Vlan 200 no ip address tagged TengigabitEthernet 3/12,22 no shutdown interface Vlan 300 no ip address tagged TengigabitEthernet 3/12,22 no shutdown protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Per-VLAN Spanning Tree Plus (PVST+)
Page 662: Quality Of Service (Qos)
This chapter describes how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 66. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features Feature...
Page 663 Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict-Priority Egress Queueing Weighted Random Early Detection Create WRED Profiles Egress Figure 110. Dell Networking QoS Architecture Topics: • Implementation Information • Port-Based QoS Configurations • Policy-Based QoS Configurations •...
Page 664: Implementation Information
Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value. You cannot assign a dot1p value to an individual interface in a port-channel.
Page 665: Configuring Port-Based Rate Policing
Dell Networking OS Behavior: Rate shaping is effectively rate limiting because of its smaller buffer size. Rate shaping on tagged ports is slightly greater than the configured rate and rate shaping on untagged ports is slightly less than configured rate.
Page 666: Policy-Based Qos Configurations
Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
Page 667 CLASS MAP mode match {ip | ipv6 | ip-any} After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. Link the class-map to a queue.
Page 668 CLASS MAP mode match mac After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five access-lists. Match-all class-maps allow only one. You can match against only one VLAN ID.
Page 669 Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Determining the Order in Which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities).
Page 670 To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. In the following example, traffic is classified in two Queues, 1 and 2.
Page 671: Create A Qos Policy
NOTE: To avoid issues misconfiguration causes, Dell Networking recommends configuring either DCBX or Egress QoS features, but not both simultaneously. If you enable both DCBX and Egress QoS at the same time, the DCBX configuration is applied and unexpected behavior occurs on the Egress QoS.
Page 672 QoS policy (using the service-queue from POLICY-MAP- IN mode). If you apply the QoS policy to a queue other than the one specified in the informational message, Dell Networking OS replaces the first 3–bits in the DSCP field with the queue ID you specified.
Page 673 When you assign a percentage to one queue, note that this change also affects the amount of bandwidth that is allocated to other queues. Therefore, whenever you are allocating bandwidth to one queue, Dell Networking recommends evaluating your bandwidth requirements for all other queues as well.
Page 674: Create Policy Maps
Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values. When you configure trust DSCP, the matched packets and matched bytes counters are not incremented in the show qos statistics.
Page 675 Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature. The following table specifies the queue to which the classified traffic is sent based on the dot1p value.
Page 676 • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior detects when an ACL exists in the CAM rather than writing it to the CAM multiple times.
Page 677: Dscp Color Maps
INTERFACE mode service-queue Specifying an Aggregate QoS Policy To specify an aggregate QoS policy, use the following command. • Specify an aggregate QoS policy. POLICY-MAP-OUT mode policy-aggregate Applying an Output Policy Map to an Interface To apply an output policy map to an interface, use the following command. •...
Page 678: Displaying Dscp Color Maps
20,30 Dscp-color-map mapTWO yellow 16,55 Display a specific DSCP color map. Dell# show qos dscp-color-map mapTWO Dscp-color-map mapTWO yellow 16,55 Displaying a DSCP Color Policy Configuration To display the DSCP color policy configuration for one or all interfaces, use the show qos dscp-color-policy {summary [interface] | detail {interface}} command in EXEC mode.
Page 679: Enabling Qos Rate Adjustment
Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
Page 680: Weighted Random Early Detection
NOTE: On the Z9500, WRED and Explicit Congestion Notification (ECN) marking are supported on front-end I/O and backplane high-Gigabit ports. When you enable WRED, packets are dropped during times of network congestion based on the configured minimum and maximum WRED thresholds. ECN marks packets for later transmission (instead of dropping them) when the network recovers from a heavy traffic condition.
Page 681: Creating Wred Profiles
After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile. Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it.
Page 682: Displaying Default And Configured Wred Profiles
DSCP is a 6–bit field. Dell Networking uses the first three bits (LSB) of this field (DP) to determine the drop precedence. • DP values of 110 and 100, 101 map to yellow; all other values map to green. •...
Page 683: Explicit Congestion Notification
MCAST MCAST MCAST Dell# Explicit Congestion Notification Explicit Congestion Notification (ECN) enhances and extends WRED functionality by marking packets for later transmission instead of dropping them when a threshold value is exceeded. Use ECN for WRED to reduce the packet transmission rate in a congested, heavily-loaded network.
Page 684: Example: Color-Marking Non-Ecn Packets In One Traffic Class
• match ip access-group • match ip dscp • match ip precedence • match ip vlan By default, all packets are marked for green handling if the rate-police and trust-diffserv commands are not used in an ingress policy map. All packets marked for red handling or “violate” are dropped. In the class map, in addition to color-marking matching packets for yellow handling, you can also configure a DSCP value for matching packets.
Page 685: Configuring Weights And Ecn For Wred
ip access-list standard dscp_40 seq 5 permit any dscp 40 ip access-list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access-list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40 class-map match-any class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow...
Page 686: Global Service Pools With Wred And Ecn Settings
In a best-effort network topology, data packets are transmitted in a manner in which latency or throughput is not maintained to be at an effective level. Packets are dropped when the network experiences a large traffic load. This best-effort network deployment is not suitable for applications that are time-sensitive, such as video on demand (VoD) or voice over IP (VoIP) applications.
Page 687: Benefits Of Using A Configurable Weight For Wred With Ecn
Benefits of Using a Configurable Weight for WRED with On the Z9500, using a configurable weight for WRED and ECN allows you to specify how the average queue size is calculated. In WRED, the average queue size determines when a threshold is exceeded and packets are dropped; in WRED with ECN, the average queue size determines when packets are marked for later transmission and when the transmission rate is reduced on an interface during times of network congestion.
Page 688: Setting Average Queue Size Using A Weight
On the Z9500, you can configure the weight factor that determines the average queue size for WRED and ECN packet handling by using the wred weight command.
Page 689: Configuring Wred And Ecn Attributes
WRED/ECN configurations for backplane port queues are applied to all backplane ports and cannot be specified separately on each backplane port. This behavior occurs to prevent system-level complexities in enabling this support for backplane ports. Also, WRED/ECN is not supported for multicast packets. The following table describes the WRED and ECN operations performed on a queue and service pool for various WRED with ECN scenarios.
Page 690: Pre-Calculating Available Qos Cam Space
Pre-Calculating Available QoS CAM Space Before Dell Networking OS version 7.3.1, there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; from 1 to 16 entries might be used per rule depending upon its complexity).
Page 691: Snmp Support For Buffer Statistics Tracking
Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 linecard 0 port-set 0 linecard | port pipe Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status =====================================================================...
Page 692: Enabling Buffer Statistics Tracking
} | queue { ucast{id | all}{ mcast {id | all} | all} to view buffer statistics tracking resource information for a specific interface. EXEC/EXEC Privilege mode Dell# show hardware buffer-stats-snapshot resource interface fortyGigE 0/0 queue all Unit 0 unit: 0 port: 1 (interface Fo 0/0) ---------------------------------------...
Page 693: Routing Information Protocol (Rip)
Routing Information Protocol (RIP) The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections.
Page 694: Implementation Information
Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the defaults for RIP in Dell Networking OS.
Page 695 After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode.
Page 696 A prefix list is applied to incoming or outgoing routes. Those routes must meet the conditions of the prefix list; if not, Dell Networking OS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process.
Page 697 Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send version or the ip rip receive version commands in INTERFACE mode.
Page 698 Default routes are not enabled in RIP unless specified. Use the default-information originate command in ROUTER RIP mode to generate a default route into RIP. In Dell Networking OS, default routes received in RIP updates from other routes are advertised if you configure the default-information originate command.
Page 699: Rip Configuration Example
Enable debugging of RIP. Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command.
Page 700 • Configuring RIPv2 on Core 2 • Core 2 RIP Output • RIP Configuration on Core 3 • Core 3 RIP Output • RIP Configuration Summary Figure 113. RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core 2 RIP Output The examples in the section show the core 2 RIP output.
Page 701 O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, >...
Page 702 version 2 Core3(conf-router_rip)# Core 3 RIP Output The examples in this section show the core 2 RIP output. • To display Core 3 RIP database, use the show ip rip database command. • To display Core 3 RIP setup, use the show ip route command. •...
Page 703: Remote Monitoring (Rmon)
Remote Monitoring (RMON) RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment.
Page 704: Setting The Rmon Alarm
SNMP trap. If the 1.3.6.1.2.1.2.2.1.20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be triggered again. Dell(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 1 owner nms1 Configuring an RMON Event To add an event in the RMON event table, use the rmon event command in GLOBAL CONFIGURATION mode.
Page 705: Configuring Rmon Collection Statistics
This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode.
Page 706 The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john, both the sampling interval and the number of buckets use their respective defaults. Dell(conf-if-mgmt)#rmon collection history controlEntry 20 owner john Remote Monitoring (RMON)
Page 707: Rapid Spanning Tree Protocol (Rstp)
STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 74. Spanning Tree Variations Dell Networking OS Supports...
Page 708: Rstp And Vlt
Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs.
Page 709: Enabling Rapid Spanning Tree Protocol Globally
To disable RSTP globally for all Layer 2 interfaces, enter the disable command from PROTOCOL SPANNING TREE RSTP mode. To verify that RSTP is enabled, use the show config command from PROTOCOL SPANNING TREE RSTP mode. The bold line indicates that RSTP is enabled. Dell(conf-rstp)#show config protocol spanning-tree rstp Rapid Spanning Tree Protocol (RSTP)
Page 710 To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4...
Page 711: Adding And Removing Interfaces
Max-age — the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. NOTE: Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance. Rapid Spanning Tree Protocol (RSTP)
Page 712 Change the hello-time parameter. PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. •...
Page 713: Enabling Snmp Traps For Root Elections And Topology Changes
Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps, use the following command. • Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port priority values. •...
Page 714: Configuring An Edgeport
To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode. Rapid Spanning Tree Protocol (RSTP)
Page 715: Configuring Fast Hellos For Link State Detection
PROTOCOL RSTP mode hello-time milli-second interval The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.2233...
Page 716: Security
Security This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Topics: • Role-Based Access Control •...
Page 717: Overview Of Rbac
The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user can enter and the actions the user can perform. This allows for greater flexibility in assigning permissions for each command to each role and as a result, it is easier and much more efficient to administer user rights.
Page 718 To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles.
Page 719: User Roles
If the user role is in use, you cannot delete the user role. Create a new user role CONFIGURATION mode userrole name [inherit existing-role-name] Verify that the new user role has inherited the security administrator permissions. Dell(conf)#do show userroles EXEC Privilege mode Security...
Page 720 Note that the netadmin role is not listed in the Role access: secadmin,sysadmin, which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Dell#show role mode exec show users...
Page 721 The following example allows the security administrator (secadmin) to configure the spanning tree protocol. Note command is protocol spanning-tree. Dell(conf)#role configure addrole secadmin protocol spanning-tree Example: Allow Security Administrator to Access Interface Mode The following example allows the security administrator (secadmin) to access Interface mode.
Page 722: Aaa Authentication And Authorization For Roles
CONFIGURATION mode. Example The following example creates a user name that is authenticated based on a user role. Dell (conf) #username john password 0 password role secadmin The following example deletes a user role. NOTE:...
Page 723 NOTE: Authentication services only validate the user ID and password combination. To determine which commands are permitted for users, configure authorization. For information about how to configure authorization for roles, see Configure AAA Authorization for Roles. To configure AAA authentication, use the aaa authentication command in CONFIGURATION mode. aaa authentication login {method-list-name | default} method […...
Page 724 For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled “Force10-avpair”. The value is a string in the following format: protocol : attribute sep value “attribute”...
Page 725: Role Accounting
The following example shows you how to configure AAA accounting to monitor commands executed by the users who have a secadmin user role. Dell(conf)#aaa accounting command role secadmin default start-stop tacacs+ Applying an Accounting Method to a Role To apply an accounting method list to a role executed by a user with that user role, use the accounting command in LINE mode.
Page 726: Display Information About User Roles
Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line...
Page 727: Aaa Accounting
AAA Accounting Accounting, authentication, and authorization (AAA) accounting is part of the AAA security model. For details about commands related to AAA security, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services.
Page 728 – tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null Username Sessions When you activate AAA accounting, the Dell Networking OS software issues accounting records for all users on the system, including users whose username string is NULL because of protocol translation.
Page 729: Aaa Authentication
Configuring AAA Authentication Login Methods • Enabling AAA Authentication • Enabling AAA Authentication - RADIUS For a complete list of all commands related to login authentication, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Security...
Page 730 If the first method list does not respond or returns an error, Dell Networking OS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking OS does not apply the next method list.
Page 731 Using AAA authentication, the switch acts as a RADIUS or TACACS+ client to send authentication requests to a TACACS+ or RADIUS server. • TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$. •...
Page 732: Obscuring Passwords And Keys
Every command in Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can configure up to 16 privilege levels in Dell Networking OS. Dell Networking OS is pre-configured with three privilege levels and you can configure 13 more. The three pre-configured levels are: •...
Page 733: Configuration Task List For Privilege Levels
Password. By default, commands in Dell Networking OS are assigned to different privilege levels. You can access those commands only if you have access to that privilege level. For example, to reach the protocol spanning-tree command, log in to the router, enter the enable command for privilege level 15 (this privilege level is the default level for the command) and then enter CONFIGURATION mode.
Page 734 Configuring the Enable Password Command To configure Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the command, Dell Networking OS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a privilege level. You can always change a password for any privilege level.
Page 735 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell Networking OS CLI keyword (up to five keywords allowed). • reset: return the command to its default privilege mode.
Page 736 8. In EXEC Privilege mode, john can access only the commands listed. In CONFIGURATION mode, john can access only the snmp-server commands. apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'. Login: john Password: Dell#show priv Current privilege level is 8 Dell#? configure Configuring from terminal disable Turn off privileged commands enable...
Page 737 The system boots up with factory default configuration. The default Dell> system prompt displays when the system boots. Copy the startup-config into the running-config. To display the content of the startup-config, remove the previous authentication configuration and set the new authentication parameters.
Page 738: Radius
For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command.
Page 739: Configuration Task List For Radius
• Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication.
Page 740 If you do not configure these optional parameters, the global default values for all RADIUS host are applied. To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If you configure multiple RADIUS server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. Security...
Page 741: Monitoring Radius
When Dell Networking OS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response. If you want to change an optional parameter setting for a specific host, use the radius-server host command. To change...
Page 742: Tacacs
TACACS+ Remote Authentication • Specifying a TACACS+ Server Host For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the TACACS hosts specified.
Page 743: Tacacs+ Remote Authentication
Dell(conf)#do show run tacacs+ tacacs-server key 7 d05206c308f4d35b tacacs-server host 10.10.10.10 timeout 1 Dell(conf)#tacacs-server key angeline Dell(conf)#%SYSTEM-P:CP Dell SEC-5-LOGIN_SUCCESS: Login successful for user admin on vty0 (10.11.9.209) %SYSTEM-P:CP% SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) %SYSTEM-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line vty0 (10.11.9.209)
Page 744 Example of Connecting with a TACACS+ Server Host To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. If you configure multiple TACACS+ server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured.
Page 745: Command Authorization
Enabling SCP and SSH Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication.
Page 746: Using Scp With Ssh To Copy A Software Image
Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : enabled.
Page 747: Removing The Rsa Host Keys And Zeroizing Storage
Examples The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes. Dell(conf)#ip ssh rekey volume 4096...
Page 748: Configuring The Ssh Server Cipher List
Example of Configuring a Cipher List The following example shows you how to configure a cipher list. Dell(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr Configuring the HMAC Algorithm for the SSH Server To configure the HMAC algorithm for the SSH server, use the ip ssh server mac hmac-algorithm command in CONFIGURATION mode.
Page 749: Configuring The Hmac Algorithm For The Ssh Client
The following example shows you how to configure a HMAC algorithm list. Dell(conf)# ip ssh server mac hmac-sha1-96 Configuring the HMAC Algorithm for the SSH Client To configure the HMAC algorithm for the SSH client, use the ip ssh mac hmac-algorithm command in CONFIGURATION mode.
Page 750: Configuring The Ssh Client Cipher List
Secure Shell (SSH) is enabled by default using the SSH Password Authentication method. Enabling SSH Authentication by Password Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Networking system. This setup is the simplest method of authentication and uses SSH version 1.
Page 751 Create a list of IP addresses and usernames that are permitted to SSH in a file called rhosts. Refer to the second example. Copy the file shosts and rhosts to the Dell Networking system. Disable password authentication and RSA authentication, if configured...
Page 752 • SSH from the chassis to the SSH client. ssh ip_address Example of Client-Based SSH Authentication Dell#ssh 10.16.127.201 ? Encryption cipher to use (for v2 clients only) User name option HMAC algorithm to use (for v2 clients only) SSH server port option (default 22)
Page 753: Troubleshooting Ssh
Dell(conf)#ip telnet server enable Dell(conf)#no ip telnet server enable VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 76. VTY Access...
Page 754: Vty Line Remote Authentication And Authorization
Dell Networking OS retrieves the access class from the VTY line. The Dell Networking OS takes the access class from the VTY line and applies it to ALL users. Dell Networking OS does not need to know the identity of the incoming user and can immediately apply the access class. If the authentication method is RADIUS, TACACS+, or line, and you have configured an access class for the VTY line, Dell Networking OS immediately applies it.
Page 755: Vty Mac-Sa Filter Support
VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address. To apply a MAC ACL on a VTY line, use the same access-class command as IP ACLs.
Page 756: Service Provider Bridging
Service Provider Bridging Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q —...
Page 757: Important Points To Remember
Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLAN-Stack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN. •...
Page 758: Creating Access And Trunk Ports
Enabling VLAN-Stacking for a VLAN. Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands.
Page 759: Configuring The Protocol Type Value For The Outer Vlan Tag
The default is 9100. To display the S-Tag TPID for a VLAN, use the show running-config command from EXEC privilege mode. Dell Networking OS displays the S-Tag TPID only if it is a non-default value. Configuring Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic.
Page 760: Vlan Stacking In Multi-Vendor Networks
While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID. Systems may use any 2-byte value; Dell Networking OS uses 0x9100 (shown in the following) while non-Dell Networking systems might use a different value.
Page 761 Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Figure 116. Single and Double-Tag TPID Match Service Provider Bridging...
Page 762 Figure 117. Single and Double-Tag First-byte TPID Match Service Provider Bridging...
Page 763: Vlan Stacking Packet Drop Precedence
Figure 118. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested.
Page 764: Honoring The Incoming Dei Value
By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop precedence. Precedence can have one of three colors.
Page 765: Dynamic Mode Cos For Vlan Stacking
1:8 expansion in these content addressable memory (CAM) tables. Dell Networking OS Behavior: For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence.
Page 766: Mapping C-Tag To S-Tag Dot1P Values
qos-policy-input 3 layer2 rate-police 40 Likewise, in the following configuration, packets with dot1p priority 0–3 are marked as dot1p 7 in the outer tag and queued to Queue 3. Rate policing is according to qos-policy-input 3. All other packets will have outer dot1p 0 and hence are queued to Queue 1.
Page 767 Dell Networking OS Behavior: In Dell Networking OS versions prior to 8.2.1.0, the MAC address that Dell Networking systems use to overwrite the Bridge Group Address on ingress was non-configurable. The value of the L2PT MAC address was the Dell Networking-unique MAC address, 01-01-e8-00-00-00.
Page 768: Implementation Information
Figure 121. VLAN Stacking with L2PT Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when you enable VLAN stacking. • L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command.
Page 769: Specifying A Destination Mac Address For Bpdus
Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command.
Page 770: Debugging Layer 2 Protocol Tunneling
Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Provider Backbone Bridging IEEE 802.1ad—Provider Bridges amends 802.1Q—Virtual Bridged Local Area Networks so that service providers can use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider.
Page 771: Sflow
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe.
Page 772: Important Points To Remember
Configuration and EIS modes respectively. • Dell Networking OS exports all sFlow packets to the collector. A small sampling rate can equate to many exported packets. A backoff mechanism is automatically applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect.
Page 773: Enabling Sflow Max-Header Size Extended
Example of the show sflow command when the sflow max-header-size extended is configured globally Example of viewing the sflow max-header-size extended on an Interface Mode Example of the show running-config sflow Command sFlow Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Globally •...
Page 774: Displaying Show Sflow On An Interface
Display sFlow configuration information and statistics on the specified interface. EXEC mode show sflow stack—unit slot-number Example of Viewing sFlow Configuration (Line Card) Dell#show sflow linecard 1 linecard 1 Samples rcvd from h/w Total UDP packets exported UDP packets exported via RPM...
Page 775: Back-Off Mechanism
Confirm that extended information packing is enabled. show sflow Examples of Verifying Extended sFlow The bold line shows that extended sFlow settings are enabled on all three types. Dell#show sflow sFlow services are enabled Global default sampling rate: 4096 Global default counter polling interval: 15...
Page 776: Important Points To Remember
To export extended-gateway data, BGP must learn the IP destination address. • If the IP destination address is not learned via BGP the Dell Networking system does not export extended-gateway data. • If the IP source address is learned via IGP, srcAS and srcPeerAS are zero.
Page 777 IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description where the source and destination IP addresses are learned by different routing protocols, and for cases where is source is reachable over ECMP. Exported Exported Extended gateway data is packed. sFlow...
Page 778: Simple Network Management Protocol (Snmp)
The Simple Network Management Protocol (SNMP) is designed to manage devices on IP networks by monitoring device operation, which might require administrator intervention. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd). Topics: •...
Page 779: Implementation Information
The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version 3 as defined by RFC 2571. •...
Page 780: Creating A Community
SNMP agents do not respond to requests from management stations that are not part of the community. Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message. You must specify whether members of the community may only retrieve values (read), or retrieve and alter values (read-write).
Page 781: Reading Managed Object Values
You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable objects using the snmpwalk command.
Page 782: Writing Managed Object Values
You may use up to 55 characters. The default is None. • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text...
Page 783: Subscribing To Managed Object Value Updates Using Snmp
SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system.
Page 784: Enabling A Subset Of Snmp Traps
PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
Page 785: Copy Configuration Files Using Snmp
• copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses; however, you can substitute IPv6 addresses for the IPv4 addresses in all of the examples.
Page 786 • If copySourceFileType is filename. set to running-config or startup-config, copySrcFileName is not required. 1 = Dell Networking OS file copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 Specifies the type of file to copy to. 2 = running-config • If copySourceFileType is...
Page 787: Copying A Configuration File
CONFIGURATION mode snmp-server community community-name rw Copy the f10-copy-config.mib MIB from the Dell iSupport web page to the server to which you are copying the configuration file. On the server, use the snmpset command as shown in the following example.
Page 788: Copying The Startup-Config Files To The Running-Config
• Copy the running-config to the startup-config from the UNIX machine. snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Examples of Copying Configuration Files The following examples show the command syntax using MIB object names and the same command using the object OIDs. In both cases, a unique index number follows the object.
Page 789: Copying The Startup-Config Files To The Server Via Tftp
/home/myfilename copyServerAddress.4 a 11.11.11.11 Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP.
Page 790: Obtaining A Value For Mib Objects
MIB Object Values Description 3 = failed copyTimeStarted .1.3.6.1.4.1.6027.3.5.1.1.1.1.12 Time value Specifies the point in the up- time clock that the copy operation started. copyTimeCompleted .1.3.6.1.4.1.6027.3.5.1.1.1.1.13 Time value Specifies the point in the up- time clock that the copy operation completed. 1 = bad filename copyFailCause .1.3.6.1.4.1.6027.3.5.1.1.1.1.14...
Page 791: Mib Support To Display The Available Memory Size On Flash
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory.
Page 792: Viewing The Software Core Files Generated By The System
MIB Object Description chSysCoresTimeCreated 1.3.6.1.4.1.6027.3.25.1.2.8.1.3 Contains the time at which core files are created. chSysCoresStackUnitNumber 1.3.6.1.4.1.6027.3.25.1.2.8.1.4 Contains information that includes which stack unit or processor the core file was originated from. chSysCoresProcess 1.3.6.1.4.1.6027.3.25.1.2.8.1.5 Contains information that includes the process names that generated each core file.
Page 793: Assigning A Vlan Alias
MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Add Tagged and Untagged Ports to a VLAN The value dot1qVlanStaticEgressPorts object is an array of all VLAN members.
Page 794: Managing Overload On Startup
Create an SNMP community on the Dell system. CONFIGURATION mode snmp-server community From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. EXEC Privilege mode show interface Or, from the management system, use the snmpwwalk command to identify the interface index.
Page 795: Fetch Dynamic Mac Entries Using Snmp
Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs regarding 802.1d, as 802.1d itself does not define them.
Page 796: Deriving Interface Indices
The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface. Dell Networking OS converts this binary index number to decimal, and displays it in the output of the show interface command.
Page 797: Monitor Port-Channels
Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG. Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior.
Page 798: Storm Control
Storm control allows you to control unknown-unicast, muticast, and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports unknown-unicast, muticast, and broadcast control for Layer 2 and Layer 3 traffic.
Page 799: Configuring Storm Control From Configuration Mode
INTERFACE mode storm-control broadcast packets_per_second in • Configure the packets per second of multicast traffic allowed on C-Series or S-Series interface (ingress only) network only. INTERFACE mode storm-control multicast packets_per_second in • Shut down the port if it receives the PFC/LLFC packets more than the configured rate. INTERFACE mode storm-control pfc-llfc pps in shutdown NOTE:...
Page 800: Spanning Tree Protocol (Stp)
CPU utilization and memory consumption. Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 86. Dell Networking OS Supported Spanning Tree Protocols...
Page 801: Related Configuration Tasks
• The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time.
Page 802: Configuring Interfaces For Layer 2 Mode
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 122. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. If the interface has been assigned an IP address, remove it.
Page 803: Enabling Spanning Tree Protocol Globally
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally;...
Page 804 To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode. Dell(conf)#protocol spanning-tree 0 Dell(config-span)#show config protocol spanning-tree 0...
Page 805: Adding An Interface To The Spanning Tree Group
STP. NOTE: Dell Networking recommends that only experienced network administrators change the spanning tree parameters. Poorly planned modification of the spanning tree parameters can negatively affect network performance. The following table displays the default values for STP.
Page 806: Modifying Interface Stp Parameters
Change the hello-time parameter (the BPDU transmission interval). PROTOCOL SPANNING TREE mode hello-time seconds NOTE: With large configurations (especially those with more ports) Dell Networking recommends increasing the hello- time. The range is from 1 to 10. the default is 2 seconds.
Page 807: Enabling Portfast
BPDU violation. The following example shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking system is configured with Portfast. If the switch is connected to the hub, the BPDUs that the switch generates might trigger an undesirable topology change.
Page 808 – Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). – Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 124. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: •...
Page 809: Selecting Stp Root
Te 1/6 Root 128.263 128 20000 FWD 20000 P2P Te 1/7 ErrDis 128.264 128 20000 EDS 20000 P2P Dell(conf-if-te-1/7)#do show ip interface brief tengigabitEthernet 1/7 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7 unassigned YES Manual up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge.
Page 810: Root Guard Scenario
Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface.
Page 811: Enabling Snmp Traps For Root Elections And Topology Changes
– Rapid Spanning Tree Protocol (RSTP) – Multiple Spanning Tree Protocol (MSTP) – Per-VLAN Spanning Tree Plus (PVST+) • When enabled on a port, root guard applies to all VLANs configured on the port. • You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure root guard on a port on which loop guard is already configured, the following error message displays: •...
Page 812: Configuring Loop Guard
As shown in STP topology 3 (bottom middle), after you enable loop guard on an STP port or port-channel on Switch C, if no BPDUs are received and the max-age timer expires, the port transitions from a blocked state to a Loop-Inconsistent state (instead of to a Forwarding state).
Page 813: Displaying Stp Guard Configuration
BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU. • Verify the STP guard configured on port or port-channel interfaces. show spanning-tree 0 guard [interface interface] Example of Viewing STP Guard Configuration Dell#show spanning-tree 0 guard Interface Name Instance Sts Guard type...
Page 814: Supportassist
SupportAssist requires Dell Networking OS 9.9(0.0) and SmartScripts 9.7 or later to be installed on the Dell Networking device. For more information on SmartScripts, see Dell Networking Open Automation guide.
Page 815: Configuring Supportassist Using A Configuration Wizard
Dell end user license agreement, available at: www.dell.com/aeula, you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy, available at: www.dell.com/privacypolicycountryspecific,...
Page 816 Dell and/or to Dells affiliates, subcontractors or business partners. When making such transfers, Dell shall ensure appropriate protection is in place to safeguard the Collected Data being transferred in connection with SupportAssist.
Page 817: Configuring Supportassist Activity
{full-transfer} start now Dell#support-assist activity full-transfer start now Configuring SupportAssist Activity SupportAssist Activity mode allows you to configure and view the action-manifest file for a specific activity. To configure SupportAssist activity, use the following commands. Move to the SupportAssist Activity mode for an activity. Allows you to configure customized details for a specific activity.
Page 818: Configuring Supportassist Company
Configure the address information for the company. SUPPORTASSIST COMPANY mode [no] address [city company-city] [{province | region | state} name] [country company-country] [{postalcode | zipcode] company-code] Dell(conf-supportassist-cmpy-test)#address city MyCity state MyState country MyCountry Dell(conf-supportassist-cmpy-test)# Configure the street address information for the company. SUPPORTASSIST COMPANY mode [no] street-address {address1}[address2]…[address8]...
Page 819: Configuring Supportassist Server
SupportAssist Server mode allows you to configure server name and the means of reaching the server. By default, a SupportAssist server URL has been configured on the device. Configuring a URL to reach the SupportAssist remote server should be done only under the direction of Dell SupportChange. To configure SupportAssist server, use the following commands.
Page 820: Viewing Supportassist Configuration
Aug 10 2015 11:15:26 PST Aug 10 2015 11:15:28 PST Display the current configuration and changes from the default values. EXEC Privilege mode show running-config support-assist Dell# show running-config support-assist support-assist activity full-transfer enable activity-manifest install testing contact-company name My Company...
Page 821 Dell end user license agreement, available at: www.dell.com/aeula, you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy, available at: www.dell.com/privacypolicycountryspecific, in order to enable the performance of all of the various functions of SupportAssist during your entitlement to receive related repair services from Dell,.
Page 822: System Time And Date
System time and date settings and the network time protocol (NTP) are supported on Dell Networking OS. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings.
Page 823: Protocol Overview
Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to synchronize and serve as a client to the NTP host.
Page 824: Configure The Network Time Protocol
NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networking system synchronizes. To specify multiple servers, enter the command multiple times. You may specify an unlimited number of servers at the expense of CPU resources.
Page 825: Configuring Ntp Broadcasts
2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.496884 Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, Dell Networking OS drops any NTP packets sent to that interface.
Page 826: Configuring Ntp Authentication
NTP authentication begins when the first NTP packet is created following the configuration of keys. NTP authentication in Dell Networking OS uses the message digest 5 (MD5) algorithm and the key is embedded in the synchronization packet that is sent to an NTP time source.
Page 827 ntp server [vrf] <vrf-name> {hostname | ipv4-address |ipv6-address} [ key keyid] [prefer] [version number] Configure the IP address of a server and the following optional parameters: • – vrf-name : Enter the name of the VRF through which the NTP server is reachable. –...
Page 828: Configuring A Custom-Defined Period For Ntp Time Synchronization
Filter dispersion — the error in calculating the minimum delay from a set of sample data from a peer. To view the NTP configuration, use the show running-config ntp command in EXEC privilege mode. The following example shows an encrypted authentication key (in bold). All keys are encrypted. Dell#show running ntp ntp authenticate ntp authentication-key 345 md5 5A60910F3D211F02 ntp server 11.1.1.1 version 3...
Page 829: Dell Networking Os Time And Date
Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings. • Setting the Time and Date for the Switch Software Clock •...
Page 830: Set Daylight Saving Time
Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis.
Page 831 <cr> Dell(conf)#clock summer-time pacific recurring Dell(conf)#02:10:57: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "Summer time starts 00:00:00 Pacific Sat Mar 14 2009 ; Summer time ends 00:00:00 pacific Sat Nov 7 2009" to "Summer time starts 02:00:00 Pacific Sun Mar 8 2009;Summer time ends 02:00:00 pacific Sun Nov 1 2009"...
Page 832: Tunneling
If the tunnel mode is IPv6 or IPIP, you can use either an IPv6 address or an IPv4 address for the logical address of the tunnel, but in IPv6IP mode, the logical address must be an IPv6 address. The following sample configuration shows a tunnel configured in IPv6 mode (carries IPv6 and IPv4 traffic). Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel source 30.1.1.1 Dell(conf-if-tu-1)#tunnel destination 50.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#ip address 1.1.1.1/24...
Page 833: Configuring Tunnel Keepalive Settings
Dell(conf-if-tu-1)#ipv6 address 1abd::1/64 Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#tunnel keepalive 1.1.1.2 attempts 4 interval 6 Dell(conf-if-tu-1)#show config interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel destination 40.1.1.2 tunnel source 40.1.1.1 tunnel keepalive 1.1.1.2 attempts 4 interval 6...
Page 834: Configuring Tunnel Allow-Remote Decapsulation
The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config interface Tunnel 1...
Page 835: Guidelines For Configuring Multipoint Receive-Only Tunnels
Dell(conf-if-tu-1)#tunnel allow-remote 40.1.1.2 Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel source anylocal tunnel allow-remote 40.1.1.2 tunnel mode ipip decapsulate-any no shutdown Guidelines for Configuring Multipoint Receive- Only Tunnels • You can configure up to eight remote end-points for a multipoint receive-only tunnel. The maximum number of remote end-points supported for all multipoint receive-only tunnels on the switch depends on the hardware table size to setup termination.
Page 836: Upgrade Procedures
Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes.
Page 837: Uplink Failure Detection (Ufd)
Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
Page 838: How Uplink Failure Detection Works
• In Step C, UFD on S1 disables the link to the server. The server then stops using the link to S1 and switches to using its link to S2 to send traffic upstream to R1. Figure 129. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces.
Page 839: Ufd And Nic Teaming
protection or recovery procedures they have in place to establish alternate connectivity paths, as shown in the following illustration. Figure 130. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state.
Page 840: Configuring Uplink Failure Detection
– If you assign a port channel as an upstream interface, the port channel interface enters a Link-Down state when the number of port-channel member interfaces in a Link-Up state drops below the configured minimum number of members parameter. • If one of the upstream interfaces in an uplink-state group goes down, either a user-configurable set of downstream ports or all the downstream ports in the group are put in an Operationally Down state with an UFD Disabled error.
Page 841: Clearing A Ufd-Disabled Interface
NOTE: Downstream interfaces in an uplink-state group are put into a Link-Down state with an UFD-Disabled error message only when all upstream interfaces in the group go down. To revert to the default setting, use the no downstream disable links command. (Optional) Enable auto-recovery so that UFD-disabled downstream ports in the uplink-state group come up when a disabled upstream port in the group comes back up.
Page 842: Displaying Uplink Failure Detection
Example of Syslog Messages Before and After Entering the clear ufd-disable uplink-state-group Command (S50) The following example message shows the Syslog messages that display when you clear the UFD-Disabled state from all disabled downstream interfaces in an uplink-state group by using the clear ufd-disable uplink-state-group group- id command.
Page 843 Status: Enabled, Up Uplink State Group: 7 Status: Enabled, Up Uplink State Group: 16 Status: Disabled, Up Dell# show uplink-state-group 16 Uplink State Group: 16 Status: Disabled, Up Dell#show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled...
Page 844: Sample Configuration: Uplink Failure Detection
Dell(conf)# uplink-state-group 3 00:08:11: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed uplink state group Admin state to up: Group 3 Dell(conf-uplink-state-group-3)# downstream tengigabitethernet 1/1-2,5,9,11-12 Dell(conf-uplink-state-group-3)# downstream disable links 2 Dell(conf-uplink-state-group-3)# upstream tengigabitethernet 1/3-4 00:10:00: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 1/1...
Page 845 Dell# show running-config uplink-state-group uplink-state-group 3 description Testing UFD feature downstream disable links 2 downstream TenGigabitEthernet 1/1-2,5,9,11-12 upstream TenGigabitEthernet 1/3-4 Dell# show uplink-state-group 3 Uplink State Group: 3 Status: Enabled, Up Dell# show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled...
Page 846: Virtual Lans (Vlans)
Interfaces chapter. • VLAN Stacking in the Service Provider Bridging chapter. For a complete listing of all commands related to Dell Networking OS VLANs, refer to these Dell Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) •...
Page 847: Default Vlan
Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination and source MAC addresses. That information is preserved as the frame moves through...
Page 848: Configuration Task List
The following example shows the structure of a frame with a tag header. The VLAN ID is inserted in the tag header. Figure 131. Tagged Frame Format The tag header contains some key information that Dell Networking OS uses: • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes).
Page 849: Assigning Interfaces To A Vlan
(T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use the following commands.
Page 850: Moving Untagged Interfaces
Dell#config Dell(conf)#interface vlan 4 Dell(conf-if-vlan)#tagged po 1 Dell(conf-if-vlan)#show conf interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs NUM Status Ports Inactive Active Po1(So 0/0-1) Te 1/1 Active...
Page 851: Assigning An Ip Address To A Vlan
You cannot assign an IP address to the Default VLAN (VLAN 1). To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. In Dell Networking OS, you can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic. For more information, refer to Bulk Configuration.
Page 852: Enabling Null Vlan As The Default Vlan
This presents a vulnerability because both interfaces are initially placed in the native VLAN, VLAN 1, and for that period customers are able to access each other's networks. Dell Networking OS has a Null VLAN to eliminate this vulnerability. When you enable the Null VLAN, all ports are placed into it by default, so even if you activate the physical ports of multiple customers, no traffic is allowed to traverse the links until each port is place in another VLAN.
Page 853: Virtual Routing And Forwarding (Vrf)
Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist within the same router at the same time.
Page 854: Vrf Configuration Notes
VRF. Dell Networking OS uses both the VRF name and VRF ID to manage VRF instances. The VRF name and VRF ID number are assigned using the ip vrf command. The VRF ID is displayed in show ip vrf command output.
Page 855 Table 88. Software Features Supported on VRF Feature/Capability Support Status for Default VRF Support Status for Non-default VRF Configuration rollback for commands introduced or modified LLDP protocol on the port 802.1x protocol on the VLAN port OSPF, RIP, ISIS, BGP on physical and logical interfaces NOTE: OSPF supported on all VRF...
Page 856: Dhcp
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF sFlow VRRP on physical and logical interfaces VRRPV3 Secondary IP Addresses Following IPv6 capabilities Basic OSPFv3 IS-IS Multicast Ingress/Egress Storm-Control (per- interface/global) DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be on the same VRF instance. VRF Configuration The VRF configuration tasks are: Enabling VRF in Configuration Mode...
Page 857: Creating A Non-Default Vrf Instance
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). • Create a non-default VRF instance by specifying a name and VRF ID number, and enter VRF configuration mode. CONFIGURATION ip vrf vrf-name vrf-id The VRF ID range is from 1 to 63.
Page 858: View Vrf Instance Information
View VRF Instance Information To display information about VRF configuration, enter the show ip vrf command. To display information on all VRF instances (including the default VRF 0), do not enter a value for vrf-name. • Display the interfaces assigned to a VRF instance. EXEC show ip vrf [vrf-name] Assigning an OSPF Process to a VRF Instance...
Page 859: Configuring Management Vrf
Task Command Syntax Command Mode ip vrf forwarding vrf1 ip address 10.1.1.1/24 vrrp-group 10 virtual-address 10.1.1.100 no shutdown View VRRP command show vrrp vrf vrf1 ------------------ output for the VRF vrf1 TenGigabitEthernet 1/13, IPv4 VRID: 10, Version: 2, Net: 10.1.1.1 VRF: 2 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local)
Page 860: Configuring A Static Route
• ipv6 address <ipv6-address> — Configure IPv6 address on an interface NOTE: The command line help still displays relevant details corresponding to each of these commands. However, these interface range or interface group commands are not supported when Management VRF is configured. Configuring a Static Route •...
Page 861 Figure 134. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 3/1 no ip address switchport no shutdown interface TenGigabitEthernet 1/1 ip vrf forwarding blue ip address 10.0.0.1/24...
Page 862 ip address 30.0.0.1/24 no shutdown interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown...
Page 863 Te 1/1, Vl 128 orange Te 1/2, Vl 192 green Te 1/3, Vl 256 Dell#show ip ospf 1 neighbor Neighbor ID State Dead Time Address Interface Area 1.0.0.2 FULL/DR 00:00:32 1.0.0.2 Vl 128 Dell#sh ip ospf 2 neighbor Neighbor ID...
Page 864: Route Leaking Vrfs
Vl 192 110/2 00:10:41 Dell#show ip route vrf green Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1,...
Page 865: Configuring Route Leaking Without Filtering Criteria
NOTE: In Dell Networking OS, you can configure at most one route-export per VRF as only one set of routes can be exposed for leaking. However, you can configure multiple route-import targets because a VRF can accept routes from multiple VRFs.
Page 866 VRF-Green ip vrf VRF-shared ip route-export ip route-import ip route-import Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red 11.1.1.1/32 via 111.1.1.1 110/0 00:00:10 111.1.1.0/24 Direct, Te 1/11 0/0...
Page 867 Dell# show ip route vrf VRF-Blue 22.2.2.2/32 via 122.2.2.2 110/0 00:00:11 122.2.2.0/24 Direct, Te 1/12 0/0 22:39:61 Dell# show ip route vrf VRF-Green 33.3.3.3/32 via 133.3.3.3 110/0 00:00:11 133.3.3.0/24 Direct, Te 1/13 0/0 22:39:61 Dell# show ip route vrf VRF-Shared 44.4.4.4/32...
Page 868: Configuring Route Leaking With Filtering
A non-default VRF named VRF-red is created and the interface is assigned to this VRF. Define a route-map export_ospfbgp_protocol. Dell(config)route-map export_ospfbgp_protocol permit 10 Define the matching criteria for the exported routes. Dell(config-route-map)match source-protocol ospf Dell(config-route-map)match source-protocol bgp This action specifies that the route-map contains OSPF and BGP as the matching criteria for exporting routes from vrf-red.
Page 869 1:1 import_ospf_protocol !this action accepts only OSPF routes from VRF-red even though both OSPF as well as BGP routes are shared The show VRF commands displays the following output: Dell# show ip route vrf VRF-Blue 122.2.2.0/24 Direct, Te 1/22 22:39:61 22.2.2.2/32 via 122.2.2.2...
Page 870: Virtual Link Trunking (Vlt)
Assures high availability. CAUTION: Dell Networking does not recommend enabling Stacking and VLT simultaneously. If you enable both features at the same time, unexpected behavior occurs. As shown in the following example, VLT presents a single logical Layer 2 domain from the perspective of attached devices that have a virtual link trunk terminating on separate chassis in the VLT domain.
Page 871: Vlt On Core Switches
The following example shows stacking at the access, VLT in aggregation, and Layer 3 at the core. The aggregation layer is mostly in the L2/L3 switching/routing layer. For better resiliency in the aggregation, Dell Networking recommends running the internal gateway protocol (IGP) on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system.
Page 872: Enhanced Vlt
Enhanced VLT An enhanced VLT (eVLT) configuration creates a port channel between two VLT domains by allowing two different VLT domains, using different VLT domain ID numbers, connected by a standard link aggregation control protocol (LACP) LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four switches, increasing the number of available ports and allowing for dual redundancy of the VLT.
Page 873: Configure Virtual Link Trunking
If you include PVST on the system, configure it before VLT. Refer to PVST Configuration. • Dell Networking strongly recommends that the VLTi (VLT interconnect) be a static LAG and that you disable LACP on the VLTi. • Ensure that the spanning tree root bridge is at the Aggregation layer. Refer to...
Page 874: Configuration Notes
MAC address. You can configure the primary role. – In a VLT domain, the peer switches must run the same Dell Networking OS software version. – Separately configure each VLT peer switch with the same VLT domain ID and the VLT version. If the system detects mismatches between VLT peer switches in the VLT domain ID or VLT version, the VLT Interconnect (VLTi) does not activate.
Page 875 The range is from 1 to 5 seconds. DSCP marking on heartbeat messages is CS6. – In order that the chassis backup link does not share the same physical path as the interconnect trunk, Dell Networking recommends using the management ports on the chassis and traverse an out-of-band management network. The backup link can use user ports, but not the same ports the interconnect trunk uses.
Page 876: Primary And Secondary Vlt Peers
– Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches. – Dell Networking does not recommend enabling peer-routing if the CAM is full. To enable peer-routing, a minimum of two local DA spaces for wild-card functionality are required.
Page 877: Rstp And Vlt
can configure another peer as the Primary Peer using the VLT domain domain-id role priority priority-value command. If the VLTi link fails, the status of the remote VLT Primary Peer is checked using the backup link. If the remote VLT Primary Peer is available, the Secondary Peer disables all VLT ports to prevent loops.
Page 878: Vlt Ipv6
VLT IPv6 The following features have been enhanced to support IPv6: • VLT Sync — Entries learned on the VLT interface are synced on both VLT peers. • Non-VLT Sync — Entries learned on non-VLT interfaces are synced on both VLT peers. •...
Page 879: Pim-Sparse Mode Support On Vlt
PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources. Figure 137.
Page 880: Vlt Routing
domain. This does not apply to server-side L2 VLT ports because they do not connect to any PIM routers. These VLT ports can be members of multiple PIM-enabled L3 VLANs for compatibility with IGMP. To route traffic to and from the multicast source and receiver, enable PIM on the L3 side connected to the PIM router using the ip pim sparse-mode command.
Page 881 NOTE: If the CAM is full, do not enable peer-routing. NOTE: The peer routing and peer-routing-timeout is applicable for both IPv6/ IPv4. Configuring VLT Unicast To enable and configure VLT unicast, follow these steps. Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode. CONFIGURATION mode vlt domain domain-id Enable peer-routing.
Page 882: Non-Vlt Arp Sync
Run RSTP on both VLT peer switches. The primary VLT peer controls the RSTP states, such as forwarding and blocking, on both the primary and secondary peers. Dell Networking recommends configuring the primary VLT peer as the RSTP primary root device and configuring the secondary VLT peer as the RSTP secondary root device.
Page 883: Preventing Forwarding Loops In A Vlt Domain
Preventing Forwarding Loops in a VLT Domain During the bootup of VLT peer switches, a forwarding loop may occur until the VLT configurations are applied on each switch and the primary/secondary roles are determined. To prevent the interfaces in the VLT interconnect trunk and RSTP-enabled VLT ports from entering a Forwarding state and creating a traffic loop in a VLT domain, take the following steps.
Page 884: Configuring Vlt
Configuring VLT To configure VLT, use the following procedure. Prerequisites: Before you begin, make sure that both VLT peer switches are running the same Dell Networking OS version and are configured for RSTP as described in RSTP Configuration. For VRRP operation, ensure that you configure VRRP groups and L3 routing on...
Page 885 Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain, use the following steps. Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode. CONFIGURATION mode vlt domain domain-id The domain ID range is from 1 to 1000. Configure the same domain ID on the peer switch to allow for common peering.
Page 886 Configuring a VLT Backup Link To configure a VLT backup link, use the following command. Specify the management interface to be used for the backup link through an out-of-band management network. CONFIGURATION mode interface managementethernet slot/port Enter the slot (0-1) and the port (0). Configure an IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X) and mask (/x) on the interface.
Page 887 Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. (Optional) When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch.
Page 888 INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Ensure that the port channel is active.
Page 889 Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch.
Page 890 CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command in the Enabling VLT and Creating a VLT Domain. Place the interface in Layer 2 mode. INTERFACE PORT-CHANNEL mode switchport 10 Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device.
Page 891 Example of Configuring VLT In the following sample VLT configuration steps, VLT peer 1 is Dell-2, VLT peer 2 is Dell-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers.
Page 892 In the Top of Rack unit, configure LACP in the physical ports (shown for VLT peer 1 only. Repeat steps for VLT peer 2. The bold vlt-peer-lag port-channel 2 indicates that port-channel 2 is the port-channel id configured in VLT peer 2). Dell-2#show running-config interface tengigabitethernet 1/4 interface TenGigabitEthernet 1/4...
Page 893: Pvst+ Configuration
The PVST+ instance running in Secondary peer does not control the VLT-LAGs. Dell Networking recommends configuring the primary VLT peer as the primary root device for all the configured PVST+ Instances and configuring the secondary VLT peer as the secondary root device for all the configured PVST+ Instances.
Page 894: Evlt Configuration Example
Configure both ends of the VLT interconnect trunk with identical PVST+ configurations. When you enable VLT, the show spanning-tree pvst brief command output displays VLT information. Dell#show spanning-tree pvst vlan 1000 brief VLAN 1000 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 90b1.1cf4.9b79...
Page 895: Evlt Configuration Step Examples
Figure 138. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9 Domain_1_Peer1(conf)#vlt domain 1000 Domain_1_Peer1(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer1(conf-vlt-domain)# back-up destination 10.16.130.11 Domain_1_Peer1(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a:00:0a Domain_1_Peer1(conf-vlt-domain)# unit-id 0 Configure eVLT on Peer 1.
Page 896 Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2. Domain_1_Peer2(conf)#interface range tengigabitethernet 1/28 - 29 Domain_1_Peer2(conf-if-range-te-1/28-29)# port-channel-protocol LACP Domain_1_Peer2(conf-if-range-te-1/28-29)# port-channel 100 mode active Domain_1_Peer2(conf-if-range-te-1/28-29)# no shutdown In Domain 2, configure the VLT domain and VLTi on Peer 3.
Page 897: Pim-Sparse Mode Configuration Example
PIM-Sparse Mode Configuration Example The following sample configuration shows how to configure the PIM Sparse mode designated router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT.
Page 898 HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: 34998 HeartBeat Messages Sent: 1030 HeartBeat Messages Received: 1014 The following example shows the show vlt brief command. Dell#show vlt brief VLT Domain Brief ------------------ Domain ID Role : Secondary Role Priority : 32768...
Page 899 Peer-Routing-Timeout timer : 0 seconds Multicast peer-routing timeout : 150 seconds Dell# The following example shows the show vlt detail command. Dell_VLTpeer1# show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLANs ------------ ----------- ------------ ----------- -------------...
Page 900: Additional Vlt Sample Configurations
ICL Hello's Sent: ICL Hello's Received: Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------- HeartBeat Messages Sent: HeartBeat Messages Received: 978 ICL Hello's Sent: ICL Hello's Received: The following example shows the show spanning-tree rstp command. The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2.
Page 901 Dell_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 Dell_VLTpeer1(conf-vlt-domain)#exit Configure the backup link. Dell_VLTpeer1(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer1(conf-if-ma-0/0)#ip address 10.11.206.23/ Dell_VLTpeer1(conf-if-ma-0/0)#no shutdown Dell_VLTpeer1(conf-if-ma-0/0)#exit Configure the VLT interconnect (VLTi). Dell_VLTpeer1(conf)#interface port-channel 100 Dell_VLTpeer1(conf-if-po-100)#no ip address Dell_VLTpeer1(conf-if-po-100)#channel-member fortyGigE 1/48,52 Dell_VLTpeer1(conf-if-po-100)#no shutdown Dell_VLTpeer1(conf-if-po-100)#exit Configure the port channel to an attached device. Dell_VLTpeer1(conf)#interface port-channel 110 Dell_VLTpeer1(conf-if-po-110)#no ip address Dell_VLTpeer1(conf-if-po-110)#switchport...
Page 902: Troubleshooting Vlt
Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 90. Troubleshooting VLT Description Behavior at Peer Up...
Page 903: Reconfiguring Stacked Switches As Vlt
ID must be “1’. Version ID mismatch A syslog error message and A syslog error message and Verify the Dell Networking OS an SNMP trap are generated. an SNMP trap are generated. software versions on the VLT peers is compatible. For more information, refer to the Release Notes for this release.
Page 904: Specifying Vlt Nodes In A Pvlan
Specifying VLT Nodes in a PVLAN You can configure VLT peer nodes in a private VLAN (PVLAN). VLT enables redundancy without the implementation of Spanning Tree Protocol (STP), and provides a loop-free network with optimal bandwidth utilization. Because the VLT LAG interfaces are terminated on two different nodes, PVLAN configuration of VLT VLANs and VLT LAGs are symmetrical and identical on both the VLT peers.
Page 905: Mac Synchronization For Vlt Nodes In A Pvlan
information is synchronized with the other peer and VLTi is either added or removed from the VLAN based on the validation of the VLAN parity. For VLT VLANs, the association between primary VLAN and secondary VLANs is examined on both the peers. Only if the association is identical on both the peers, VLTi is configured as a member of those VLANs.
Page 906: Interoperation Of Vlt Nodes In A Pvlan With Arp Requests
Interoperation of VLT Nodes in a PVLAN with ARP Requests When an ARP request is received, and the following conditions are applicable, the IP stack performs certain operations. • The VLAN on which the ARP request is received is a secondary VLAN (community or isolated VLAN). •...
Page 907: Configuring A Vlt Vlan Or Lag In A Pvlan
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Synchronization Peer1 Peer2 Peer1 Peer2 • Primary X • Primary X Promiscuous Promiscuous Primary Primary - Secondary - Secondary (Community) (Community) - Secondary - Secondary (Isolated) (Isolated) Promiscuous Trunk Primary Normal Promiscuous...
Page 908: Associating The Vlt Lag Or Vlt Vlan In A Pvlan
Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned). Remove an IP address from the interface.
Page 909: Proxy Arp Capability On Vlt Peer Nodes
switchport mode private-vlan {host | promiscuous | trunk} • host (isolated or community VLAN port) • promiscuous (intra-VLAN communication port) • trunk (inter-switch PVLAN hub port) Access INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces. CONFIGURATION mode interface vlan vlan-id Enable the VLAN.
Page 910: Working Of Proxy Arp For Vlt Peer Nodes
the ARP-requested IP address is different from the received interface IP subnet. For example, if you configure VLAN 100 and 200 on the VLT peers, and if you configured the VLAN 100 IP address as 10.1.1.0/24 and you configured the VLAN 200 IP address as 20.1.1.0/24, the proxy ARP is not performed if the VLT node receives an ARP request for 20.1.1.0/24 on VLAN 100.
Page 911: Configuring Vlan-Stack Over Vlt
ID Verify the VLAN-stack configurations. EXEC Privilege show running-config Sample configuration of VLAN-stack over VLT (Peer 1) Configure the VLT domain Dell(conf)#vlt domain 1 Dell(conf-vlt-domain)#peer-link port-channel 1 Dell(conf-vlt-domain)#back-up destination 10.16.151.116 Dell(conf-vlt-domain)#primary-priority 100 Dell(conf-vlt-domain)#system-mac mac-address 00:00:00:11:11:11 Dell(conf-vlt-domain)#unit-id 0...
Page 912 Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown...
Page 913 Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown...
Page 914: Vlt Proxy Gateway
Layer 3 (L3) end point in another VLT domain. Enable the VLT proxy gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide.
Page 915: Guidelines For Enabling The Vlt Proxy Gateway
The core or Layer 3 routers C and D in local VLT Domain and C1 and D1 in the remote VLT Domain are then part of a Layer 3 cloud. Figure 139. Sample Configuration for a VLT Proxy Gateway Guidelines for Enabling the VLT Proxy Gateway Keep the following points in mind when you enable a VLT proxy gateway: •...
Page 916: Enabling The Vlt Proxy Gateway
There are only a few MAC addresses for each unit transmitted. All currently active MAC addresses are carried on the newly defined TLV. • Dell Networking devices not configured with VLT proxy gateway process standard TLVs and ignore TLVs configured with VLT proxy gateway. VLT Proxy Gateway...
Page 917 The LLDP organizational TLV passes local destination MAC address information to peer VLT domain devices so they can act as a proxy gateway. To enable proxy gateway LLDP, two configurations are required: • You must configure the global proxy gateway LLDP to enable the proxy-gateway LLDP TLV. •...
Page 918 VLT Domain Proxy Gateway LLDP mode, in both C and D (VLT domain 1) and C1 and D1 (VLT domain 2). This behavior is applicable only in the LLDP configuration and not required in the static configuration. Sample Configuration Dell(conf-vlt-domain)#proxy-gateway lldp Dell(conf-vlt-domain-pxy-gw-lldp)#vlt-peer-mac transmit •...
Page 919: Configuring An Lldp Vlt Proxy Gateway
Sample Configuration LLDP Method Dell(conf-vlt-domain)#proxy-gateway ll Dell(conf-vlt-domain-pxy-gw-lldp)#peer-domain-link port-channel 1 exclude-vlan 10 Sample Configuration Static Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address <xx:xx:xx:xx:xx:xx> exclude-vlan 10 • Packet duplication may happen with “Exclude-VLAN” configuration – Assume you used the exclude-vlan option (called VLAN 10) in C and D and in C1 and D1; If packets for VLAN 10 with C’s MAC address (C is in VLT domain 1) gets an L3 hit at C1 in VLT domain 2, they are switched to both D1 (via ICL) and C via inter DC link.
Page 920: Virtual Router Redundancy Protocol (Vrrp)
Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
Page 921: Vrrp Benefits
Figure 141. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End- station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables.
Page 922: Vrrp Configuration
For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID) identifies a VRRP group.
Page 923 Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-te-1/1)#show conf interface TenGigabitEthernet 1/1 ip address 10.10.10.1/24 vrrp-group 111...
Page 924 Though a single VRRP group can contain virtual IP addresses belonging to multiple IP subnets configured on the interface, Dell Networking recommends configuring virtual IP addresses belonging to the same IP subnet for any one VRRP group. – For example, an interface (on which you enable VRRP) contains a primary IP address of 50.1.1.1/24 and a secondary IP address of 60.1.1.1/24.
Page 925 NOTE: In the following example, the primary IP address and the virtual IP addresses are on the same subnet. Dell(conf-if-te-1/1)#show conf interface TenGigabitEthernet 1/1 ip address 10.10.10.1/24 vrrp-group 111 priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 vrrp-group 222 no shutdown The following example shows the same VRRP group (VRID 111) configured on multiple interfaces on different subnets.
Page 926: Configuring Vrrp Authentication
Configuring VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, Dell Networking OS includes the password in its VRRP transmission. The receiving router uses that password to verify the transmission.
Page 927 MASTER. NOTE: To avoid throttling VRRP advertisement packets, Dell Networking OS recommends increasing the VRRP advertisement interval to a value higher than the default value of one second. If you do change the time interval between VRRP advertisements on one router, change it on all participating routers.
Page 928 Track an Interface or Object You can set Dell Networking OS to monitor the state of any interface according to the virtual group. Each VRRP group can track up to 12 interfaces and up to 20 additional objects, which may affect the priority of the VRRP group.
Page 929 Examples of Configuring and Viewing the track Command The following example shows how to configure tracking using the track command. Dell(conf-if-te-1/1)#vrrp-group 111 Dell(conf-if-te-1/1-vrid-111)#track Tengigabitethernet 1/2 The following example shows how to verify tracking using the show conf command. Dell(conf-if-te-1/1-vrid-111)#show conf...
Page 930: Setting Vrrp Initialization Delay
2 - Up IPv6 route, 2040::/64, priority-cost 20, 00:02:11 3 - Up IPv6 route, 2050::/64, priority-cost 30, 00:02:11 The following example shows verifying the VRRP configuration on an interface. Dell#show running-config interface tengigabitethernet 1/8 interface TenGigabitEthernet 1/8 no ip address...
Page 931: Sample Configurations
• When the system reloads, VRRP waits 600 seconds (10 minutes) to bring up VRRP on all interfaces that are up and configured for VRRP. • When an interface comes up and becomes operational, the system waits 300 seconds (5 minutes) to bring up VRRP on that interface.
Page 932 Figure 142. VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.1/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf interface TenGigabitEthernet 2/31 ip address 10.1.1.1/24 vrrp-group 99...
Page 933 TenGigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 817, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:63 Virtual IP address: 10.1.1.3 Authentication: (none)
Page 934 10.1.1.3 Authentication: (none) Figure 143. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following example shows configuring VRRP for IPv6 Router 2 and Router 3.
Page 935: Vrrp In A Vrf Configuration
R2(conf-if-te-1/1-vrid-10)#virtual-address fe80::10 R2(conf-if-te-1/1-vrid-10)#virtual-address 1::10 R2(conf-if-te-1/1-vrid-10)#no shutdown R2(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 no shutdown R2(conf-if-te-1/1)#end R2#show vrrp ------------------ TenGigabitEthernet 1/1, IPv6 VRID: 10, Version: 3, Net:fe80::201:e8ff:fe6a:c59f VRF: 0 default-vrf State: Master, Priority: 100, Master: fe80::201:e8ff:fe6a:c59f (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 135...
Page 936 VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two switches. The default gateway to reach the Internet in each VRF is a static route with the next hop being the virtual IP address configured in VRRP.
Page 937 Figure 144. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 S1(conf)#ip vrf VRF-1 1 S1(conf)#ip vrf VRF-2 2 S1(conf)#ip vrf VRF-3 3 S1(conf)#interface TenGigabitEthernet 1/1 S1(conf-if-te-1/1)#ip vrf forwarding VRF-1 S1(conf-if-te-1/1)#ip address 10.10.1.5/24 S1(conf-if-te-1/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177.
Page 938 S1(conf-if-te-1/3-vrid-105)#virtual-address 20.1.1.5 S1(conf-if-te-1/3)#no shutdown Dell#show vrrp tengigabitethernet 2/8 ------------------ TenGigabitEthernet 2/8, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 0 default State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 119, Gratuitous ARP sent: 1...
Page 939 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-vl-300-vrid-101)#priority 255 S1(conf-if-vl-300-vrid-101)#virtual-address 20.1.1.5 S1(conf-if-vl-300)#no shutdown Dell#show vrrp vrf vrf1 vlan 400 ------------------ Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local)
Page 940 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S2(conf-if-vl-300-vrid-101)#priority 100 S2(conf-if-vl-300-vrid-101)#virtual-address 20.1.1.5 S2(conf-if-vl-300)#no shutdown Dell#show vrrp vrf vrf1 vlan 400 ------------------ Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local)
Page 941 [vrf instance] Examples of Verifying the Configuration and Status on the VRRP in a VRF The following example shows viewing the configuration of VRRP in a VRF (interface). Dell#show running-config track interface tengigabitethernet 1/4 interface TenGigabitEthernet 1/4 ip vrf forwarding red ip address 192.168.0.1/24...
Page 942: Standards Compliance
This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click “Browse and search IETF documents,”...
Page 943: Rfc And I-D Compliance
9,216 bytes RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols.
Page 944: Border Gateway Protocol (Bgp)
A Border Gateway Protocol 4 (BGP-4) 7.8.1 draft-ietf-idrrestart- 06 Graceful Restart Mechanism for BGP 7.8.1 General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 95. General IPv4 Protocols Full Name Z-Series S-Series Internet Protocol 7.6.1...
Page 945 Full Name Z-Series S-Series Using ARP to 7.6.1 Implement Transparent Subnet Gateways DOMAIN NAMES - 7.6.1 IMPLEMENTATION SPECIFICATION (client) A Standard for the 7.6.1 Transmission of IP Datagrams over IEEE 802 Networks Path MTU 7.6.1 Discovery Network Time 7.6.1 Protocol (Version 3) Specification, Implementation and Analysis...
Page 946: General Ipv6 Protocols
Protection Against 7.6.1 a Variant of the Tiny Fragment Attack General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 96. General IPv6 Protocols Full Name Z-Series S-Series 7.8.1 Extensions to...
Page 947: Intermediate System To Intermediate System (Is-Is)
IPv6 Router 8.3.12.0 Advertisement Flags Option Intermediate System to Intermediate System (IS-IS) The following table lists the Dell Networking OS support per platform for IS-IS protocol. Table 97. Intermediate System to Intermediate System (IS-IS) RFC# Full Name S-Series 1142...
Page 948: Network Management
Point-to-point operation over LAN in link-state routing protocols draft-kaplan-isis-e xt-eth-02 Extended Ethernet Frame Size Support Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 98. Network Management RFC# Full Name S4810...
Page 949 RFC# Full Name S4810 2558 Definitions of Managed Objects for the Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) Interface Type 2570 Introduction and Applicability Statements for 7.6.1 Internet Standard Management Framework 2571 An Architecture for Describing Simple Network 7.6.1 Management Protocol (SNMP) Management Frameworks 2572 Message Processing and Dispatching for the...
Page 950 RFC# Full Name S4810 3273 Remote Network Monitoring Management 7.6.1 Information Base for High Capacity Networks (64 bits): Ethernet Statistics High-Capacity Table, Ethernet History High-Capacity Table 3416 Version 2 of the Protocol Operations for the 7.6.1 Simple Network Management Protocol (SNMP) 3418 Management Information Base (MIB) for the 7.6.1...
Page 951 RFC# Full Name S4810 IEEE 802.1AB The LLDP Management Information Base 7.7.1 extension module for IEEE 802.1 organizationally defined discovery information. (LLDP DOT1 MIB and LLDP DOT3 MIB) IEEE 802.1AB The LLDP Management Information Base 7.7.1 extension module for IEEE 802.3 organizationally defined discovery information.
Page 952: Multicast
Multicast The following table lists the Dell Networking OS support per platform for Multicast protocol. Table 99. Multicast RFC# Full Name Z-Series S-Series 1112 Host Extensions for IP 7.8.1 Multicasting 2236 Internet Group 7.8.1 Management Protocol, Version 2 3376 Internet Group 7.8.1...
Page 953: Routing Information Protocol (Rip)
Routing Information Protocol (RIP) The following table lists the Dell Networking OS support per platform for RIP protocol. Table 101. Routing Information Protocol (RIP) RFC# Full Name S-Series 1058 Routing Information Protocol 7.8.1 2453 RIP Version 7.8.1 4191 Default Router Preferences and More-Specific 8.3.12.0...

Save PDF