Download  Print this page

Dell Z9000 Configuration Manual

10/25/40/50/100gbe throughput.
Hide thumbs
Table of Contents


Dell Configuration Guide for the Z9000


   Also See for Dell Z9000

   Summary of Contents for Dell Z9000

  • Page 1 Dell Configuration Guide for the Z9000 System 9.7(0.0)
  • Page 2 WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell and the Dell logo are trademarks of Dell Inc.
  • Page 3: Table Of Contents

    Contents 1 About this Guide....................31 .............................. 31 Audience ............................31 Conventions ..........................31 Related Documents 2 Configuration Fundamentals................32 ......................32 Accessing the Command Line ............................32 CLI Modes ........................34 Navigating CLI Modes ..........................37 The do Command ...........................38 Undoing Commands ............................ 39 Obtaining Help .......................
  • Page 4: Table Of Contents

    Configuring Login Authentication for Terminal Lines ..................72 Setting Time Out of EXEC Privilege Mode ................73 Using Telnet to get to Another Network Device ......................74 Lock CONFIGURATION Mode ..................74 Viewing the Configuration Lock Status ............75 Recovering from a Forgotten Password on the Z9000 System...
  • Page 5: Table Of Contents

    ..........76 Recovering from a Forgotten Enable Password on the Z9000 ............... 77 Recovering from a Failed Start on the Z9000 System ....................78 Restoring the Factory Default Settings ....................78 Important Points to Remember ............... 78 Restoring Factory Default Environment Variables 5 802.1X........................
  • Page 6: Table Of Contents

    ............................109 IP Prefix Lists ...................... 109 Implementation Information ..................109 Configuration Task List for Prefix Lists ..........................113 ACL Resequencing .................... 114 Resequencing an ACL or Prefix List ............................115 Route Maps .......................116 Implementation Information ......................116 Important Points to Remember ..................116 Configuration Task List for Route Maps ......................
  • Page 7: Table Of Contents

    ............................176 AS Path ............................176 Next Hop ..........................177 Multiprotocol BGP ..................177 Implement BGP with Dell Networking OS ....................177 Additional Path (Add-Path) Support ..............177 Advertise IGP Cost as MED for Redistributed Routes ..............178 Ignore Router-ID for Some Best-Path Calculations ........................178...
  • Page 8: Table Of Contents

    ....................200 Regular Expressions as Filters ........................201 Redistributing Routes ......................202 Enabling Additional Paths ....................202 Configuring IP Community Lists ................204 Configuring an IP Extended Community List ..................205 Filtering Routes with Community Lists .................. 205 Manipulating the COMMUNITY Attribute ......................
  • Page 9: Table Of Contents

    ....................238 Configure Control Plane Policing ....................239 Configuring CoPP for Protocols ................... 241 Configuring CoPP for CPU Queues ......................242 CoPP for OSPFv3 Packets ....................245 Configuring CoPP for OSPFv3 ........................246 Show Commands 12 Dynamic Host Configuration Protocol (DHCP)........248 ....................248 DHCP Packet Format and Options ....................
  • Page 10: Table Of Contents

    ..................271 Configuring the Hash Algorithm Seed ........................271 Link Bundle Monitoring ....................272 Managing ECMP Group Paths ....................272 Creating an ECMP Group Bundle ..................273 Modifying the ECMP Group Threshold 14 Enabling FIPS Cryptography................ 274 .......................... 274 Configuration Tasks ........................274 Preparing the System ..........................
  • Page 11: Table Of Contents

    17 Internet Group Management Protocol (IGMP).........294 ....................294 IGMP Implementation Information ........................294 IGMP Protocol Overview ..........................294 IGMP Version 2 ..........................296 IGMP Version 3 ..........................299 Configure IGMP ...................... 299 Related Configuration Tasks ....................300 Viewing IGMP Enabled Interfaces .......................300 Selecting an IGMP Version ........................301 Viewing IGMP Groups ..........................301...
  • Page 12: Table Of Contents

    ......................319 Enabling a Physical Interface ..........................319 Physical Interfaces ................320 Configuration Task List for Physical Interfaces ......................320 Overview of Layer Modes ..................320 Configuring Layer 2 (Data Link) Mode ..................321 Configuring Layer 2 (Interface) Mode ..................321 Configuring Layer 3 (Network) Mode ..................
  • Page 13: Table Of Contents

    ............340 Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port ....................341 Important Points to Remember ......................342 Support for LM4 Optics ........................342 Example Scenarios ..........................346 Link Dampening ....................346 Important Points to Remember ......................346 Enabling Link Dampening ........................
  • Page 14: Table Of Contents

    IPv6 Headers ........................381 IPv6 Header Fields ......................382 Extension Header Fields ........................... 383 Addressing ..................385 Implementing IPv6 with Dell Networking OS .............................. 387 ICMPv6 ..........................387 Path MTU Discovery ........................388 IPv6 Neighbor Discovery ................. 389 IPv6 Neighbor Discovery of MTU Packets ..................
  • Page 15: Table Of Contents

    ................. 393 Assigning an IPv6 Address to an Interface ..................... 393 Assigning a Static IPv6 Route ......................394 Configuring Telnet with IPv6 ...........................394 SNMP over IPv6 ......................394 Showing IPv6 Information ......................395 Showing an IPv6 Interface ........................396 Showing IPv6 Routes ..............
  • Page 16: Table Of Contents

    ..........................428 LACP Modes ....................428 Configuring LACP Commands ........................429 LACP Configuration Tasks ..........................429 Creating a LAG ................430 Configuring the LAG Interfaces as Dynamic ....................430 Setting the LACP Long Timeout ....................431 Monitoring and Debugging LACP ....................... 431 Shared LAG State Tracking ..................
  • Page 17: Table Of Contents

    ......................... 461 802.1AB (LLDP) Overview ........................461 Protocol Data Units ............................462 Optional TLVs ........................462 Management TLVs ......................464 TIA-1057 (LLDP-MED) Overview .....................465 TIA Organizationally Specific TLVs ..........................469 Configure LLDP ...................... 469 Related Configuration Tasks ....................470 Important Points to Remember ........................
  • Page 18: Table Of Contents

    Adding and Removing Interfaces ..................515 Creating Multiple Spanning Tree Instances ..................... 517 Influencing MSTP Root Selection ............... 517 Interoperate with Non-Dell Networking OS Bridges ..................518 Changing the Region Name or Revision ......................518 Modifying Global Parameters ....................519 Modifying the Interface Parameters ........................520...
  • Page 19: Table Of Contents

    ................554 Designated and Backup Designated Routers ....................554 Link-State Advertisements (LSAs) ......................556 Router Priority and Cost ......................556 OSPF with Dell Networking OS ...........................557 Graceful Restart ..................558 Fast Convergence (OSPFv2, IPv4 Only) ....................558 Multi-Process OSPFv2 (IPv4 only) ..................
  • Page 20: Table Of Contents

    OSPFv3 Authentication Using IPsec ......................590 Troubleshooting OSPFv3 32 Policy-based Routing (PBR)................. 592 ............................592 Overview ............. 594 Implementing Policy-based Routing with Dell Networking OS ................594 Configuration Task List for Policy-based Routing ......................597 PBR Exceptions (Permit) ........................600 Sample Configuration Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface 2/11View ........................601...
  • Page 21: Table Of Contents

    Configuring the Encapsulated Remote Port Mirroring ........... 628 Changes to Default BehaviorConfiguration steps for ERPM ................630 ERPM Behavior on a typical Dell Networking OS ..........630 Decapsulation of ERPM packets at the Destination IP/ Analyzer 36 Private VLANs (PVLAN)..................632 ........................632 Private VLAN Concepts ....................633...
  • Page 22: Table Of Contents

    ....................649 PVST+ in Multi-Vendor Networks ....................649 Enabling PVST+ Extend System ID ......................650 PVST+ Sample Configurations 38 Quality of Service (QoS)................652 ......................654 Implementation Information ...................... 654 Port-Based QoS Configurations ................655 Setting dot1p Priorities for Incoming Traffic ................655 Honoring dot1p Priorities on Ingress Traffic ..................656 Configuring Port-Based Rate Policing ..................
  • Page 23: Table Of Contents

    40 Remote Monitoring (RMON)................697 ......................697 Implementation Information ...........................697 Fault Recovery ......................698 Setting the rmon Alarm ......................699 Configuring an RMON Event ................... 700 Configuring RMON Collection Statistics ................700 Configuring the RMON Collection History 41 Rapid Spanning Tree Protocol (RSTP)............702 ..........................
  • Page 24: Table Of Contents

    Creating Access and Trunk Ports ....................757 Enable VLAN-Stacking for a VLAN ..........757 Configuring the Protocol Type Value for the Outer VLAN Tag ............757 Configuring Dell Networking OS Options for Trunk Ports ......................758 Debugging VLAN Stacking ................. 759 VLAN Stacking in Multi-Vendor Networks ..................762 VLAN Stacking Packet Drop Precedence ......................
  • Page 25: Table Of Contents

    ..................769 Enabling Layer 2 Protocol Tunneling ..............769 Specifying a Destination MAC Address for BPDUs ......................769 Setting Rate-Limit BPDUs ..................770 Debugging Layer 2 Protocol Tunneling ......................770 Provider Backbone Bridging 45 sFlow......................... 771 ............................771 Overview ......................771 Implementation Information ....................
  • Page 26: Table Of Contents

    ............793 Copying the Startup-Config Files to the Running-Config ............793 Copying the Startup-Config Files to the Server via FTP ............794 Copying the Startup-Config Files to the Server via TFTP ............... 794 Copy a Binary File to the Startup-Configuration .................795 Additional MIB Objects to View Copy Statistics .....................
  • Page 27: Table Of Contents

    Disabling NTP on an Interface ..............826 Configuring a Source IP Address for NTP Packets ....................826 Configuring NTP Authentication ....................830 Dell Networking OS Time and Date ......................830 Configuration Task List ............830 Setting the Time and Date for the Switch Software Clock ......................... 830 Setting the Timezone ......................831...
  • Page 28: Table Of Contents

    ....................843 Assigning Interfaces to a VLAN ...................... 845 Moving Untagged Interfaces .................... 846 Assigning an IP Address to a VLAN ........................846 Configuring Native VLANs ..................847 Enabling Null VLAN as the Default VLAN 53 Virtual Link Trunking (VLT)................848 ............................
  • Page 29: Table Of Contents

    ..............888 PVLAN Operations When One VLT Peer is Down ..............889 PVLAN Operations When a VLT Peer is Restarted ...........889 Interoperation of VLT Nodes in a PVLAN with ARP Requests ..889 Scenarios for VLAN Membership and MAC Synchronization With VLT Nodes in PVLAN ..................891 Configuring a VLT VLAN or LAG in a PVLAN ....................
  • Page 30: Table Of Contents

    ......................940 Hardware Watchdog Timer ......................940 show hardware Commands ....................... 943 Environmental Monitoring ..............................943 ................943 Recognize an Over-Temperature Condition ............... 944 Troubleshoot an Over-Temperature Condition ................... 944 Recognize an Under-Voltage Condition ................944 Troubleshoot an Under-Voltage Condition ............................ 945 Buffer Tuning ........................
  • Page 31: About This Guide

    About this Guide This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. The Z9000 platform is available with Dell Networking OS version and beyond. Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for configuring protocols on Dell Networking systems.
  • Page 32: Configuration Fundamentals

    In Dell Networking OS, after you enable a command, it is entered into the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration, copy the running configuration to another location.
  • Page 33 • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information. • EXEC Privilege mode has commands to view configurations, clear counters, manage configuration files, run diagnostics, and enable or disable debug operations.
  • Page 34: Navigating Cli Modes

    GRUB Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
  • Page 35 CLI Command Mode Prompt Access Command NOTE: Access all of the following modes from CONFIGURATION mode. AS-PATH ACL Dell(config-as-path)# ip as-path access-list Gigabit Ethernet Interface interface (INTERFACE modes) Dell(conf-if-gi-1/1)# 10 Gigabit Ethernet Interface interface (INTERFACE modes) Dell(conf-if-te-0/0)# 40 Gigabit Ethernet Interface...
  • Page 36 ECMP Dell(conf-ecmp-group- ecmp-group ecmp-group-id)# Dell(conf-mgmt-eis)# management egress- interface-selection FRRP Dell(conf-frrp-ring-id)# protocol frrp LLDP Dell(conf-lldp)# or protocol lldp (CONFIGURATION or INTERFACE Dell(conf-if—interface- Modes) lldp)# LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE line console orline vty Dell(config-line-console) or Dell(config-line-vty) Configuration Fundamentals...
  • Page 37: The Do Command

    INTERFACE, SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the do command. The following example shows the output of the do command. Dell(conf)#do show system brief Stack MAC : 00:01:e8:00:66:64 Reload-Type...
  • Page 38: Undoing Commands

    For example, to delete an IP address configured on an interface, use the no ip address ip-address command. NOTE: Use the help or ? command as described in Obtaining Help. Example of Viewing Disabled Commands Dell(conf)#interface tengigabitethernet 4/17 Dell(conf-if-te-4/17)#ip address Dell(conf-if-te-4/17)#show config interface TenGigabitEthernet 4/17 ip address no shutdown...
  • Page 39: Obtaining Help

    Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands.
  • Page 40: Command History

    Deletes all characters from the cursor to the end of the word. Command History Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands.
  • Page 41 Dell(conf)#do show system brief | grep 0 not present NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks.
  • Page 42: Multiple Users In Configuration Mode

    Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the connection was established.
  • Page 43: Getting Started

    When you power up the chassis, the system performs a power-on self test (POST) during which the line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking Operating System (OS). Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
  • Page 44: Accessing The Cli Interface And Running Scripts Using Ssh

    SSH for secure, protected communication with the device. You can open an SSH session and run commands or script files. This method of connectivity is supported with S4810, S4048–ON, S3048–ON, S4820T, and Z9000 switches and provides a reliable, safe communication mechanism. Getting Started...
  • Page 45: Entering Cli Commands Using An Ssh Connection

    Entering CLI commands Using an SSH Connection You can run CLI commands by entering any one of the following syntax to connect to a switch using the preconfigured user credentials using SSH: ssh username@hostname <CLI Command> echo <CLI Command> | ssh admin@hostname The SSH server transmits the terminal commands to the CLI shell and the results are displayed on the screen non-interactively.
  • Page 46: Default Configuration

    A version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
  • Page 47: Configure A Management Route

    0 is for inputting the password in clear text. 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Configuring the Enable Password Access EXEC Privilege mode using the enable command.
  • Page 48: Configuration File Management

    To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location. Table 3. Forming a...
  • Page 49: Mounting An Nfs File System

    27952672 bytes successfully copied Example of Importing a File to the Local System core1#$//copy ftp://myusername:mypassword@ Dell-EF- flash:// Destination file name [Dell-EF-]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands.
  • Page 50 • The usbflash command is supported on the device. Refer to your system’s Release Notes for a list of approved USB vendors. Example of Copying a File to current File System Dell#copy tftp:// nfsmount:// Destination file name [dv-maa-s4810-test]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!.!
  • Page 51: Save The Running-configuration

    Configure the Overload Bit for a Startup Scenario For information about setting the router overload bit for a specific period of time after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide.
  • Page 52 “Startup-config last updated,” you have made changes that have not been saved and are preserved after a system reboot. Example of the show running-config Command Dell#show running-config Current Configuration ... ! Version 9.4(0.0) ! Last configuration change at Tue Mar 11 21:33:56 2014 by admin...
  • Page 53: Managing The File System

    Dell# Managing the File System The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default but can be configured to store files elsewhere.
  • Page 54: Enabling Software Features On Devices Using A Command Option

    This command will be stored in running-configuration and will precede all other VRF-related configurations. NOTE: The MXL and Z9000 platforms currently do not support VRF. These platforms support only the management and default VRFs, which are available by default. As a result, the feature vrf command is not available for these platforms.
  • Page 55: View Command History

    [12/5 10:57:13]: CMD-(CLI):boot system rpm0 primary flash://FTOS- CB- Upgrading Dell Networking OS NOTE: To upgrade Dell Networking Operating System (OS), refer to the Release Notes for the version you want to load on the system. Using HTTP for File Transfers Stating with Release 9.3(0.1), you can use HTTP to copy files or configuration details to a remote server.
  • Page 56 The published hash for that file is displayed next to the software image file on the iSupport page. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy command. Run the verify {md5 | sha256} [ flash://]img-file [hash-value] command. For example, verify sha256 flash://FTOS-SE-
  • Page 57: Management

    Management This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1.
  • Page 58: Moving A Command From Exec Privilege Mode To Exec Mode

    Moving a Command from EXEC Privilege Mode to EXEC Mode To move a command from EXEC Privilege to EXEC mode for a privilege level, use the privilege exec command from CONFIGURATION mode. In the command, specify the privilege level of the user or terminal line and specify all keywords in the command to which you want to allow access.
  • Page 59 CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...|| command} Example of EXEC Privilege Commands Dell(conf)#do show run priv privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence...
  • Page 60: Applying A Privilege Level To A Username

    NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: •...
  • Page 61: Audit And Security Logs

    no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer • Disable logging to terminal lines. CONFIGURATION mode no logging monitor • Disable console logging. CONFIGURATION mode no logging console Audit and Security Logs This section describes how to configure, display, and clear audit and security logs. The following is the configuration task list for audit and security logs: •...
  • Page 62 For information about the logging extended command, see Enabling Audit and Security Logs Dell#show logging auditlog May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 ( May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 ( May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (
  • Page 63: Configuring Logging Format

    • 1 – Displays syslog message format as described in RFC 5424, The SYSLOG Protocol Example of Configuring the Logging Message Format Dell(conf)#logging version ? <0-1> Select syslog version (default = 0) Dell(conf)#logging version 1 Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server.
  • Page 64: Log Messages In The Internal Buffer

    Configure logging to a local host. locahost is “” or “::1”. If you do not, the system displays an error when you attempt to enable role-based only AAA authorization. Dell(conf)# logging localhost tcp port Dell(conf)#logging tcp 5140 Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
  • Page 65: Sending System Messages To A Syslog Server

    • Disable console logging. CONFIGURATION mode no logging console Sending System Messages to a Syslog Server To send system messages to a specified syslog server, use the following command. The following syslog standards are supported: RFC 5424 The SYSLOG Protocol, R.Gerhards and Adiscon GmbH, March 2009, obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over UDP.
  • Page 66: Display The Logging Buffer And The Logging Configuration

    Specify the size of the logging buffer. CONFIGURATION mode logging buffered size NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. •...
  • Page 67: Configuring A Unix Logging Facility Level

    %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB, 1 ports) %TSM-6-PORT_CONFIG: Port link status for LC 5 => portpipe 0: OK portpipe 1: N/A %CHMGR-5-LINECARDUP: Line card 5 is up %CHMGR-5-CHECKIN: Checkin from line card 12 (type S12YC12, 12 ports) %TSM-6-PORT_CONFIG: Port link status for LC 12 =>...
  • Page 68: Synchronizing Log Messages

    Dell# Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
  • Page 69: File Transfer Services

    File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.
  • Page 70: Configuring Ftp Server Parameters

    0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the system.
  • Page 71: Terminal Lines

    0 access-class myvtyacl Dell Networking OS Behavior: Prior to Dell Networking OS version, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and authorization (AAA) to the line. Then users are denied access only after they enter a username and password.
  • Page 72: Setting Time Out Of Exec Privilege Mode

    Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set time out, use the following commands.
  • Page 73: Using Telnet To Get To Another Network Device

    EXEC Privilege telnet [ip-address] If you do not enter an IP address, Dell Networking OS enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported.
  • Page 74: Lock Configuration Mode

    Dell# Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message You can set two types of lockst: auto and manual.
  • Page 75: Recovering From A Forgotten Password On The Z9000 System

    The Z9000 boots up with the factory default configuration. The default Dell Networking OS system prompt displays when the system boot up is complete. NOTE: Do not press any keys during the boot-up process. Copy the startup-config into the running-config.
  • Page 76: Recovering From A Forgotten Enable Password On The Z9000

    Log onto the system using the console. Power-cycle the chassis by switching off all of the power modules and then switching them back on. Press any key to abort the boot process. You enter grub on the Z9000, as indicated by the grub> prompt.
  • Page 77: Recovering From A Failed Start On The Z9000 System

    Recovering from a Failed Start on the Z9000 System A system that does not start correctly might be attempting to boot from a corrupted Dell Networking OS image or from a mis-specified location. In this case, you can restart the system and interrupt the boot process to point the system to another boot location.
  • Page 78: Restoring The Factory Default Settings

    After the restore is complete, the units power cycle immediately. The following example illustrates the restore factory-defaults command to restore the factory default settings. Dell#restore factory-defaults stack-unit 0 nvram *********************************************************************** Warning - Restoring factory defaults will delete the existing persistent settings (stacking, fanout, etc.) After restoration the unit(s) will be powercycled immediately.
  • Page 79 default boot lines are set to a Null String. If both the partitions contain invalid images, then primary, secondary, and default boot line values are set to a Null string. When you use the Network boot procedure to boot the device, the boot loader checks if the primary partition contains a valid image.
  • Page 80 grub> reboot Management...
  • Page 81 (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over- RADIUS to communicate with the server.
  • Page 82: The Port-authentication Process

    It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator. •...
  • Page 83 The supplicant responds with its identity in an EAP Response Identity frame. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests that the supplicant prove that it is who it claims to be, using a specified method (an EAP- Method).
  • Page 84: Eap Over Radius

    The Type value for EAP messages is 79. Figure 5. EAP Over RADIUS RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.
  • Page 85: Important Points To Remember

    Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
  • Page 86 Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication [output omitted]...
  • Page 87: Configuring Request Identity Re-transmissions

    Configuring Request Identity Re-Transmissions If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits are configurable.
  • Page 88: Forcibly Authorizing Or Unauthorizing A Port

    Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator re- transmits an EAP Request Identity frame: • after 90 seconds and a maximum of 10 times for an unresponsive supplicant •...
  • Page 89: Re-authenticating A Port

    Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1)#show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status:...
  • Page 90: Configuring Timeouts

    The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-1/1)#dot1x reauthentication interval 7200 Dell(conf-if-Te-1/1)#dot1x reauth-max 10 Dell(conf-if-Te-1/1)#do show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status: Enable Port Control:...
  • Page 91: Configuring Dynamic Vlan Assignment With Port Authentication

    The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using Tunnel-Private-Group-ID The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
  • Page 92: Guest And Authentication-fail Vlans

    Authentication). Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data.
  • Page 93: Configuring A Guest Vlan

    INTERFACE mode. View your configuration using the show config command from INTERFACE mode or using the show dot1x interface command from EXEC Privilege mode. Example of Viewing Guest VLAN Configuration Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 2/1 switchport...
  • Page 94 TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown Dell(conf-if-Te-2/1)# Example of Viewing Configured Authentication...
  • Page 95: Access Control Lists (acls)

    When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands.
  • Page 96: Cam Usage

    Privilege mode. The following example shows the output when executing this command. The status column indicates whether you can enable the policy. Example of the Command test cam-usage Dell#test cam-usage service-policy input TestPolicy linecard all Linecard|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status -------------------------------------------------------------------------- IPv4Flow| 232|...
  • Page 97: Implementing Acls On Dell Networking Os

    Implementing ACLs on Dell Networking OS You can assign one IP ACL per interface with Dell Networking OS. If you do not assign an IP ACL to an interface, it is not used by the software in any other capacity.
  • Page 98: Ip Fragment Handling

    0 to 254. Dell Networking OS writes to the CAM ACL rules with lower-order numbers (order numbers closer to 0) before rules with higher-order numbers so that packets are matched as you intended. By default, all ACL rules have an order of 255.
  • Page 99: Layer 4 Acl Rules Examples

    In this first example, TCP packets from host with TCP destination port equal to 24 are permitted. All others are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit tcp host any eq 24 Dell(conf-ext-nacl)#deny ip any any fragment Dell(conf-ext-nacl) Example of Permitting Only First Fragments and Non-Fragmented Packets from a Specified Host In the following example, the TCP packets that are first fragments or non-fragmented from host
  • Page 100: Configure A Standard Ip Acl

    To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
  • Page 101: Configuring A Standard Ip Acl Filter

    To delete a filter, use the no seq sequence-number command in IP ACCESS LIST mode. If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of 5.
  • Page 102: Configure An Extended Ip Acl

    To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. The following examples shows how to view a standard ACL filter sequence for an interface. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example seq 15 deny udp any any eq 111...
  • Page 103: Configuring Filters Without A Sequence Number

    Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
  • Page 104: Configure Layer 2 And Layer 3 Acls

    When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them. •...
  • Page 105: Assign An Ip Acl To An Interface

    • L2 egress access list If a rule is simply appended, existing counters are not affected. Table 6. L2 and L3 Filtering on Switched Packets L2 ACL Behavior L3 ACL Behavior Decision on Targeted Traffic Deny Deny L3 ACL denies. Deny Permit L3 ACL permits.
  • Page 106: Counting Acl Hits

    Example of Applying ACL Rules to Ingress Traffic and Viewing ACL Configuration To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te1/1)#ip access-group abcd in Access Control Lists (ACLs)
  • Page 107: Configure Egress Acls

    1/1 no ip address ip access-group abcd in no shutdown Dell(conf-if-te1/1)#end Dell#configure terminal Dell(conf)#ip access-list extended abcd Dell(config-ext-nacl)#permit tcp any any Dell(config-ext-nacl)#deny icmp any any Dell(config-ext-nacl)#permit Dell(config-ext-nacl)#end Dell#show ip accounting access-list Extended Ingress IP access list abcd on tengigabitethernet 1/1...
  • Page 108: Applying Egress Layer 3 Acls (control-plane)

    To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface TenGigabitEthernet 1/1 Dell(conf-if-te-1/1)#ip access-group abcd out Dell(conf-if-te-1/1)#show config TenGigabitEthernet 1/1 no ip address...
  • Page 109: Ip Prefix Lists

    (if configured) is applied. When the route prefix matches a filter, Dell Networking OS drops or forwards the packet based on the filter’s designated action. If the route prefix does not match any of the filters in the prefix list, the route is dropped (that is, implicit deny).
  • Page 110 Configuring a prefix list • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following commands.
  • Page 111 If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The Dell Networking OS assigns filters in multiples of five.
  • Page 112 The following example shows the show ip prefix-list detail command. Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny le 32 (hit count: 0) seq 6 deny ge 23 (hit count: 0)
  • Page 113: Acl Resequencing Dell(conf-router_rip)#router ospf 34 Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode. CONFIGURATION mode router ospf •...
  • Page 114: Resequencing An Acl Or Prefix List

    The example shows the resequencing of an IPv4 access-list beginning with the number 2 and incrementing by 2. Dell(config-ext-nacl)# show config ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host seq 5 permit ip any host
  • Page 115: Route Maps

    Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host seq 4 permit ip any host remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit ip any host
  • Page 116: Implementation Information

    Implementation Information The Dell Networking OS implementation of route maps allows route maps with the no match or no set commands. When there is no match command, all traffic matches the route map and the set command applies. Important Points to Remember •...
  • Page 117 You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found.
  • Page 118: Configuring Match Routes

    In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement. If there is a match anywhere, the route is permitted.
  • Page 119 • Match routes with the same AS-PATH numbers. CONFIG-ROUTE-MAP mode match as-path as-path-name • Match routes with COMMUNITY list attributes in their path. CONFIG-ROUTE-MAP mode match community community-list-name [exact] • Match routes whose next hop is a specific interface. CONFIG-ROUTE-MAP mode match interface interface The parameters are: –...
  • Page 120: Configuring Set Conditions

    CONFIG-ROUTE-MAP mode match origin {egp | igp | incomplete} • Match routes specified as internal or external to OSPF, ISIS level-1, ISIS level-2, or locally generated. CONFIG-ROUTE-MAP mode match route-type {external [type-1 | type-2] | internal | level-1 | level-2 | local } •...
  • Page 121: Configure A Route Map For Route Redistribution

    Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins.
  • Page 122: Configure A Route Map For Route Tagging

    30! Logging of ACL Processes This functionality is supported on the Z9000 platform. To assist in the administration and management of traffic that traverses the device after being validated by the configured ACLs, you can enable the generation of logs for access control list (ACL) processes.
  • Page 123: Guidelines For Configuring Acl Logging

    You can enable logging separately for each of these FP entries, which relate to each of the ACL entries configured in an ACL. Dell Networking OS saves a table that maps each ACL entry that matches the ACL name on the received packet, sequence number of the rule, and the interface index in the database.
  • Page 124: Configuring Acl Logging

    251 indices available for ACL logging. Configuring ACL Logging This functionality is supported on the Z9000 platform. To configure the maximum number of ACL log messages to be generated and the frequency at which these messages must be generated, perform the following steps: NOTE: This example describes the configuration of ACL logging for standard IP access lists.
  • Page 125: Flow-based Monitoring Support For Acls

    [log [interval minutes]] Flow-Based Monitoring Support for ACLs Flow-based monitoring is supported on the Z9000 platform. Flow-based monitoring conserves bandwidth by monitoring only the specified traffic instead of all traffic on the interface. It is available for Layer 2 and Layer 3 ingress traffic. You can specify traffic using standard or extended access-lists.
  • Page 126 The show monitor session session-id command has been enhanced to display the Type field in the output, which indicates whether a particular session is enabled for flow-monitoring. Example Output of the show Command Dell(conf-mon-sess-0)#do show monitor session 0 SessID Source...
  • Page 127: Enabling Flow-based Monitoring

    Layer 3 ingress and egress traffic. You can specify traffic using standard or extended access-lists. Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define access-list rules that include the keyword monitor. Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor. CONFIGURATION mode ip access-list...
  • Page 128 ------ ------ ----------- ---- --------- -------- Te 1/1 Te 1/2 Flow Access Control Lists (ACLs)
  • Page 129: Access Control List (acl) Vlan Groups And Content Addressable Memory (cam)

    VLANs and when Layer 2 or Layer 3 ACLs are applied on a set of ports. In releases of Dell Networking OS that do not support the CAM optimization functionality, when an ACL is applied on a VLAN, the ACL rules are configured with the rule-specific parameters and the VLAN as additional attributes in the ACL region.
  • Page 130: Guidelines For Configuring Acl Vlan Groups

    • The description of the ACL group is added or removed. Guidelines for Configuring ACL VLAN groups ACL VLAN groups are supported on the Z9000 platform. Keep the following points in mind when you configure ACL VLAN groups: • The interfaces, to which the ACL VLAN group is applied, function as restricted interfaces. The ACL VLAN group name is used to identify the group of VLANs that is used to perform hierarchical filtering.
  • Page 131: Configuring Acl Vlan Groups And Configuring Fp Blocks For Vlan Parameters

    The maximum number of VLANs that you can configure as a member of ACL VLAN groups is limited to 512 on the Z9000 switch if two slices are allocated. If only one virtual flow processing slice is allocated, the maximum number of VLANs that you can configure as a member of an ACL VLAN group is 256 for the Z9000 switch.
  • Page 132: Configuring Fp Blocks For Vlan Parameters

    {VLAN-range} Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name. CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan-group {group name | detail} Dell#show acl-vlan-group detail Group Name : TestGroupSeventeenTwenty Egress IP Acl : SpecialAccessOnlyExpertsAllowed...
  • Page 133: Viewing Cam Usage

    | OUT-L2 ACL Viewing CAM Usage This functionality is supported on the Z9000 platform. View the amount of CAM space available, used, and remaining in each partition (including IPv4Flow and Layer 2 ACL sub- partitions) using the show cam-usage command in EXEC Privilege mode Display Layer 2, Layer 3, ACL, or all CAM usage statistics.
  • Page 134: Allocating Fp Blocks For Vlan Processes

    16384 Allocating FP Blocks for VLAN Processes This functionality is supported on the Z9000 platform. The VLAN ContentAware Processor (VCAP) application is a preingress CAP that modifies the VLAN settings before packets are forwarded. To support the ACL CAM optimization functionality, the CAM carving feature is enhanced.
  • Page 135 You can configure only two of these features at a time. • To allocate the number of FP blocks for VLAN open flow operations, use the cam-acl-vlan vlanopenflow <0-2> command. • To allocate the number of FP blocks for VLAN iSCSI counters, use the cam-acl-vlan vlaniscsi <0-2>...
  • Page 136: Bidirectional Forwarding Detection (bfd)

    BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the route processor module (RPM). Only session state changes are reported to the BFD Manager (on the RPM), which in turn notifies the routing protocols that are registered with it.
  • Page 137: Bfd Packet Format

    NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client. BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet.
  • Page 138 Required Min Echo The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication An optional method for authenticating control packets.
  • Page 139: Bfd Sessions

    Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up.
  • Page 140: Session State Changes

    handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated. The passive system receives the control packet and changes its state to Up. Both systems agree that a session has been established. However, because both members must send a control packet — that requires a response —...
  • Page 141 BFD is not supported on multi-hop and virtual links. • Protocol Liveness is supported for routing protocols only. • Dell Networking OS supports only OSPF, OSPFv3, IS-IS, BGP, and VRRP protocols as BFD clients. Configure BFD This section contains the following procedures. •...
  • Page 142: Configure Bfd For Physical Ports

    • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol.
  • Page 143 Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 11. Establishing a BFD Session on Physical Ports Enter interface mode.
  • Page 144 on interface Te 4/24 (diag: 0) Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role (active). Dell Networking recommends maintaining the default values. To view session parameters, use the show bfd neighbors detail command.
  • Page 145: Configure Bfd For Static Routes

    Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 7 Disabling and Re-Enabling BFD BFD is enabled on all interfaces by default, though sessions are not created unless explicitly configured. If you disable BFD, all of the sessions on that interface are placed in an Administratively Down state ( the first message example), and the remote systems are notified of the session state change (the second message example).
  • Page 146 Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 12. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes...
  • Page 147: Configure Bfd For Ospf

    • Change parameters for all static route sessions. CONFIGURATION mode ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information Disabling BFD for Static Routes If you disable BFD, all static route BFD sessions are torn down.
  • Page 148 Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state.
  • Page 149 INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS...
  • Page 150: Configure Bfd For Ospfv3

    • Disable BFD sessions with all OSPF neighbors. ROUTER-OSPF mode no bfd all-neighbors • Disable BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: Enable BFD globally.
  • Page 151: Configure Bfd For Is-is

    • Change parameters for all OSPFv3 sessions. ROUTER-OSPFv3 mode bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for OSPFv3 sessions on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a...
  • Page 152 Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 14. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands.
  • Page 153 The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * Te 2/1...
  • Page 154: Configure Bfd For Bgp

    INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces.
  • Page 155 Figure 15. Establishing Sessions with BGP Neighbors The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command). • By establishing a BFD session with a specified BGP neighbor (the neighbor {ip-address | peer- group-name} bfd command) BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays.
  • Page 156 typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. Enable BFD globally. CONFIGURATION mode bfd enable Specify the AS number and enter ROUTER BGP configuration mode. CONFIGURATION mode router bgp as-number Add a BGP neighbor or peer group in a remote AS.
  • Page 157 ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
  • Page 158 Examples of the BFD show Commands The following example shows verifying a BGP configuration. R2# show running-config bgp router bgp 2 neighbor remote-as 1 neighbor no shutdown neighbor remote-as 1 neighbor no shutdown neighbor remote-as 1 neighbor no shutdown bfd all-neighbors The following example shows viewing all BFD neighbors.
  • Page 159 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/2 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3...
  • Page 160 Down Admin Down The following example shows viewing BFD summary information. The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down...
  • Page 161: Configure Bfd For Vrrp

    Connections established 1; dropped 0 Last reset never Local host:, Local port: 63805 Foreign host:, Foreign port: 179 E1200i_ExaScale# R2# show ip bgp neighbors BGP neighbor is, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID BGP state ESTABLISHED, in this state for 00:05:33 Neighbor is using BGP neighbor mode BFD configuration...
  • Page 162 Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 16. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. •...
  • Page 163 The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-te-4/25)#vrrp bfd all-neighbors Dell(conf-if-te-4/25)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients *
  • Page 164: Configuring Protocol Liveness

    vrrp bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for a particular VRRP session. INTERFACE mode vrrp bfd neighbor ip-address interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the example in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors command example in Displaying BFD for BGP...
  • Page 165 debug bfd detail • Examine the control packets in hexadecimal format. CONFIGURATION debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command. R1(conf-if-te-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor on interface Te 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor on Te 4/24 TX packet dump:...
  • Page 166: Border Gateway Protocol Ipv4 (bgpv4)

    Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
  • Page 167 Figure 17. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easily detected and discarded.
  • Page 168: Sessions And Peers

    Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers.
  • Page 169: Establish A Session

    Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established.
  • Page 170: Bgp Attributes

    Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix, route reflector rules are applied after the router makes its best path decision. •...
  • Page 171: Best Path Selection Criteria

    In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
  • Page 172 Figure 20. BGP Best Path Selection Best Path Selection Details Prefer the path with the largest WEIGHT attribute. Prefer the path with the largest LOCAL_PREF attribute. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. Routes originated with the Originated via a network or redistribute commands are preferred over routes originated with the aggregate-address command.
  • Page 173: Weight

    Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. Dell Networking OS deems the paths as equal and does not perform steps 9 through 11, if the following criteria is met: the IBGP multipath or EBGP multipath are configured (the maximum-path command).
  • Page 174: Multi-exit Discriminators (meds)

    and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B. Figure 21. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path.
  • Page 175: Origin

    BGP. In Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
  • Page 176: Next Hop

    NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path...
  • Page 177: Multiprotocol Bgp

    For some peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. Dell Networking OS supports configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost.
  • Page 178: Ignore Router-id For Some Best-path Calculations

    MED: 100 Ignore Router-ID for Some Best-Path Calculations Dell Networking OS allows you to avoid unnecessary BGP best-path transitions between external paths under certain conditions. The bgp bestpath router-id ignore command reduces network disruption caused by routing and forwarding plane changes and allows for faster convergence.
  • Page 179: As4 Number Representation

    If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported. ASPLAIN is the method Dell Networking OS has used for all previous Dell Networking OS versions. ASPLAIN remains the default method with Dell Networking OS. With the ASPLAIN notation, a 32-bit binary AS number is translated into a decimal value.
  • Page 180: As Number Migration

    100 bgp asnotation asdot+ bgp four-octet-as-support neighbor local-as 65057 <output truncated> Dell(conf-router_bgp)#do show ip bgp BGP table version is 31571, local router ID is <output truncated> AS-PLAIN Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf router bgp 100 bgp four-octet-as-support neighbor local-as 65057...
  • Page 181 Figure 23. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer.
  • Page 182: Bgp4 Management Information Base (mib)

    (SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell website. NOTE: For the Force10-BGP4-V2-MIB and other MIB documentation, refer to the Dell iSupport web page. Important Points to Remember •...
  • Page 183: Configuration Information

    ROUTER BGP mode to configure a BGP neighbor. By default, BGP is disabled. By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). Border Gateway Protocol IPv4 (BGPv4)
  • Page 184: Enabling Bgp

    Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer.
  • Page 185 Assign an AS number and enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number • as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format). Only one AS is supported per system. NOTE: If you enter a 4-Byte AS number, 4-Byte AS support is enabled automatically.
  • Page 186 Active For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
  • Page 187 The third line of the show ip bgp neighbors output contains the BGP State. If anything other than ESTABLISHED is listed, the neighbor is not exchanging information and routes. For more information about using the show ip bgp neighbors command, refer to the Dell Networking OS Command Line Interface Reference Guide.
  • Page 188: Configuring As4 Number Representations

    Term Description ASPLAIN the method Dell Networking OS used for all previous Dell Networking OS versions. It remains the default method with Dell Networking OS. With the ASPLAIN notation, a 32–bit binary AS number is translated into a decimal value.
  • Page 189 NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot • Enable ASDOT+ AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot+ Examples of the bgp asnotation Commands The following example shows the bgp asnotation asplain command output.
  • Page 190: Configuring Peer Groups

    Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy. A maximum of 256 peer groups are allowed on the system.
  • Page 191 remote-as 18505 neighbor no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
  • Page 192: Configuring Bgp Fast Fall-over

    ESTABLISHED state move to the IDLE state. To view the status of peer groups, use the show ip bgp peer-group command in EXEC Privilege mode, as shown in the following example. Dell>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4...
  • Page 193 To verify that you enabled fast fall-over on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fall-over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors BGP neighbor is, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID
  • Page 194: Configuring Passive Peering

    When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor. To work around this, change the BGP configuration or change the order of the peer group configuration.
  • Page 195: Maintaining Existing As Numbers During An As Migration

    CONFIG-ROUTER-BGP mode neighbor peer-group-name subnet subnet-number mask The peer group responds to OPEN messages sent on this subnet. Enable the peer group. CONFIG-ROUTER-BGP mode neighbor peer-group-name no shutdown Create and specify a remote peer for BGP neighbor. CONFIG-ROUTER-BGP mode neighbor peer-group-name remote-as as-number Only after the peer group responds to an OPEN message sent on the subnet does its BGP state change to ESTABLISHED.
  • Page 196: Allowing An As Number To Appear In Its Own As Path

    network network bgp four-octet-as-support neighbor remote-as 65123 neighbor filter-list Laura in neighbor no shutdown neighbor remote-as 65123 neighbor no shutdown neighbor remote-as 65192 neighbor local-as 6500 neighbor no shutdown neighbor remote-as 65123 neighbor update-source Loopback 0 neighbor no shutdown neighbor remote-as 65123...
  • Page 197: Enabling Graceful Restart

    Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB. If you configure your system to do so, Dell Networking OS can perform the following actions during a hot failover: •...
  • Page 198: Enabling Neighbor Graceful Restart

    BGP graceful restart is active only when the neighbor becomes established. Otherwise, it is disabled. Graceful-restart applies to all neighbors with established adjacency. With the graceful restart feature, Dell Networking OS enables the receiving/restarting mode by default. In Receiver-Only mode, graceful restart saves the advertised routes of peers that support this capability when they restart.
  • Page 199 Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode. Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path...
  • Page 200: Regular Expressions As Filters

    For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS. Regular Expression Definition ^ (caret) Matches the beginning of the input string.
  • Page 201: Redistributing Routes

    Dell(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor remote-as 32 neighbor shutdown Dell(conf-router_bgp)#neigh filter-list 1 in Dell(conf-router_bgp)#ex Dell(conf)#ip as-path access-list Eagle Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in...
  • Page 202: Enabling Additional Paths

    One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. In Dell Networking OS, you can assign a COMMUNITY attribute to BGP routers by using an IP community list. After you create an IP community list, you can apply routing decisions to all routers meeting the criteria in the IP community list.
  • Page 203 All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 — BGP Extended Communities Attribute.
  • Page 204: Configuring An Ip Extended Community List

    To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
  • Page 205: Filtering Routes With Community Lists

    In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. To send the COMMUNITY attribute to BGP neighbors, use the following command. •...
  • Page 206 To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbor or peer group.
  • Page 207: Changing Med Attributes

    209 7170 1455 i --More-- Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands.
  • Page 208: Changing The Next_hop Attribute

    CONFIG-ROUTER-BGP mode bgp default local-preference value – value: the range is from 0 to 4294967295. The default is 100. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. A more flexible method for manipulating the LOCAL_PREF attribute value is to use a route map.
  • Page 209: Changing The Weight Attribute

    AS-Path ACLs filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map.
  • Page 210 For inbound and outbound updates the order of preference is: • prefix lists (using the neighbor distribute-list command) • AS-PATH ACLs (using the neighbor filter-list command) • route maps (using the neighbor route-map command) Prior to filtering BGP routes, create the prefix list, AS-PATH ACL, or route map. For configuration information about prefix lists, AS-PATH ACLs, and route maps, refer to Access Control Lists...
  • Page 211: Filtering Bgp Routes Using Route Maps

    • If the prefix list contains no filters, all routes are permitted. • If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes.
  • Page 212: Filtering Bgp Routes Using As-path Information

    BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information.
  • Page 213: Aggregating Routes

    BGP mode or the show running-config bgp in EXEC Privilege mode. Aggregating Routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active.
  • Page 214: Configuring Bgp Confederations

    When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or is decayed. However, if the route flaps again, it is assigned another penalty.
  • Page 215 • history entry — an entry that stores information on a downed route • dampened path — a path that is no longer advertised • penalized path — a path that is assigned a penalty To configure route flap dampening parameters, set dampening parameters using a route map, clear information on route dampening and return suppressed routes to active state, view statistics on route flapping, or change the path selection from the default mode (deterministic) to non-deterministic, use the following commands.
  • Page 216 – regexp regular-expression: enter a regular express to match on. By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival. You can change the path selection method to non- deterministic, that is, paths are compared in the order in which they arrived (starting with the most recent).
  • Page 217: Changing Bgp Timers 18508 117265 25069 780266 20 00:38:50 102759 Dell> To view which routes are dampened (non-active), use the show ip bgp dampened-routes command in EXEC Privilege mode. Changing BGP Timers To configure BGP timers, use either or both of the following commands.
  • Page 218 When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell>router bgp 100 neighbor remote-as 200 neighbor soft-reconfiguration inbound...
  • Page 219: Route Map Continue

    The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer-group.
  • Page 220: Bgp Regular Expression Optimization

    Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide.
  • Page 221: Storing Last And Bad Pdus

    Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued.
  • Page 222: Capturing Pdus

    To change the maximum buffer size, use the capture bgp-pdu max-buffer-size command. To view the captured PDUs, use the show capture bgp-pdu neighbor command. Dell#show capture bgp-pdu neighbor Incoming packet capture enabled for BGP neighbor Available buffer size 40958758, 26 packet(s) captured using 680 bytes...
  • Page 223: Pdu Counters

    243295 313511 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command. Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions.
  • Page 224 The following illustration shows the configurations described on the following examples. These configurations show how to create BGP areas using physical and virtual links. They include setting up the interfaces and peers groups with each other. Figure 24. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0...
  • Page 225 R1(conf-if-te-1/31)#show config interface TengigabitEthernet 1/31 ip address no shutdown R1(conf-if-te-1/31)#router bgp 99 R1(conf-router_bgp)#network R1(conf-router_bgp)#neighbor remote 99 R1(conf-router_bgp)#neighbor no shut R1(conf-router_bgp)#neighbor update-source loop 0 R1(conf-router_bgp)#neighbor remote 100 R1(conf-router_bgp)#neighbor no shut R1(conf-router_bgp)#neighbor update-source loop 0 R1(conf-router_bgp)#show config router bgp 99 network
  • Page 226 Example of Enabling BGP (Router 3) R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config interface Loopback 0 ip address no shutdown R3(conf-if-lo-0)#int te 3/11 R3(conf-if-te-3/11)#ip address R3(conf-if-te-3/11)#no shutdown R3(conf-if-te-3/11)#show config interface TengigabitEthernet 3/11 ip address no shutdown R3(conf-if-lo-0)#int te 3/21...
  • Page 227 neighbor no shutdown neighbor remote-as 100 neighbor peer-group BBB neighbor update-source Loopback 0 neighbor no shutdown R1#show ip bgp summary BGP router identifier, local AS number 99 BGP table version is 1, main routing table version 1 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory...
  • Page 228 R2(conf-router_bgp)# neighbor no shut R2(conf-router_bgp)#show conf router bgp 99 network neighbor AAA peer-group neighbor AAA no shutdown neighbor BBB peer-group neighbor BBB no shutdown neighbor remote-as 99 neighbor peer-group CCC neighbor update-source Loopback 0 neighbor no shutdown neighbor remote-as 100 neighbor peer-group BBB neighbor update-source Loopback 0...
  • Page 229 Received 93 messages, 0 in queue 5 opens, 0 notifications, 5 updates 83 keepalives, 0 route refresh requests Sent 99 messages, 0 in queue 5 opens, 4 notifications, 5 updates 85 keepalives, 0 route refresh requestsCapabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2)
  • Page 230: Content Addressable Memory (cam)

    Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation...
  • Page 231 Use the cam-acl-egress command to allocate the space for egress L2, IPV4 and IPV6 ACL. The total number of available FP blocks is 4. Allocate atleast one group of L2ACL and IPV4 ACL. Dell(conf)#do show cam-acl-egress -- Chassis Egress Cam ACL --...
  • Page 232: Test Cam Usage

    CAM space required. The Status column in the command output indicates whether or not the policy can be enabled. Example of the test cam-usage Command Dell#test cam-usage service-policy input test-cam-usage stack-unit 7 po 0 Stack-Unit | Portpipe | CAM Partition | Available CAM | Estimated CAM per Port | Status...
  • Page 233: View Cam-acl Settings

    NOTE: If you select the CAM profile from CONFIGURATION mode, the output of this command does not reflect any changes until you save the running-configuration and reload the chassis. Example of show running-config cam-profile Command Dell#show running-config cam-profile cam-profile default microcode default Dell# View CAM-ACL Settings Thisshow cam-acl command shows the cam-acl setting that will be loaded after the next reload.
  • Page 234 The default values for the show cam-acl command are: Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) 1 block = 128 entries...
  • Page 235: View Cam Usage

    View CAM Usage View the amount of CAM space available, used, and remaining in each ACL partition using the show cam-usage command from EXEC Privilege mode. Example of the show cam-usage Command Dell#show cam-usage Stackunit|Portpipe| CAM Partition | Total CAM Used CAM...
  • Page 236: Troubleshoot Cam Profiling

    If three resets do not bring up the card, or if the system is running an Dell Networking OS version prior to version, the system presents an error message. In this case, manually adjust the CAM configuration on the card to match the system configuration.
  • Page 237: Control Plane Policing (copp)

    Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level. CoPP increases security on the system by protecting the routing processor from unnecessary or DoS traffic, giving priority to important control plane and management traffic.
  • Page 238: Configure Control Plane Policing

    Figure 26. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied.
  • Page 239: Configuring Copp For Protocols

    queue rate limit value. You must complete queue bandwidth tuning carefully because the system cannot open up to handle any rate, including traffic coming at the line rate. CoPP policies are assigned on a per-protocol or a per-queue basis, and are assigned in CONTROL- PLANE mode to each port-pipe.
  • Page 240 Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit The following example shows creating the QoS input policy. Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos...
  • Page 241: Configuring Copp For Cpu Queues

    Examples of Configuring CoPP for CPU Queues The following example shows creating the QoS policy. Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit Control Plane Policing (CoPP)
  • Page 242: Copp For Ospfv3 Packets

    However there are about 20 well known protocol streams that have to share these 4 CMIC queues. Before 9.4.(0.0)Dell Networking OS used only 8 queues most of the queues are shared to multiple protocols. So, increasing the number of CMIC queues will reduce the contention among the protocols for the queue bandwidth.
  • Page 243 points, and the queue (0 – 3) taken by the CPU bound data streams are uniform. In back-plane ports, queue 0 – 3 will carry both the front-end bound data streams as well as the CPU bound data streams which is acceptable but the well-known protocol streams must not be mixed with the data streams on queues 0 –...
  • Page 244 NDP Packets Neighbor discovery protocol has 4 types of packets NS, NA, RA, RS. These packets need to be taken to CPU for neighbor discovery. • Unicast NDP packets: – Packets hitting the L3 host/route table and discovered as local terminated packets/CPU bound traffic.
  • Page 245: Configuring Copp For Ospfv3

    VRRPv3, BGPv6, and ICMPv6. This functionality is supported on the S4810, S4820T, S6000, MXL, and Z9000 platforms. You can use the ipv6 access-list name cpu-qos permit ospfv3 or the ipv6 access-list name cpu-qos ospfv3 command to allow CoPP traffic for OSPFv3. The control plane management support for IPv6 ICMPv6 packets is enhanced to enable more number of CPU queues on port to be available and other COPP improvements have been implemented.
  • Page 246: Show Commands

    Create a QoS input policy for the router and assign the policing. CONFIGURATION mode Dell(conf)#qos-policy-input ospfv3_rate cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 1500 16 peak 1500 16 Create a QoS class map to differentiate the control-plane traffic and assign to the ACL. CONFIGURATION mode...
  • Page 247 Dell# Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue- mapping command. Dell#show ip protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) -------- -------- -------- ------- ----- ------ -----------...
  • Page 248: Dynamic Host Configuration Protocol (dhcp)

    Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error- prone process when hosts often join, leave, and change locations on the network and it reclaims IP addresses that are no longer in use to prevent address exhaustion.
  • Page 249 Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Option 6 Server Specifies the domain name servers (DNSs) that are available to the client. Domain Name Option 15 Specifies the domain name that clients should use when resolving hostnames via...
  • Page 250: Assign An Ip Address Using Dhcp

    Option Number and Description Identifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Option 82 Snooping Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database.
  • Page 251 (VLAN) and then attempt to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message. If you first apply an ACL to a VLAN and then attempt enable IP source address validation on one of its member ports, Dell Networking OS displays the second line in the following message.
  • Page 252: Configure The System To Be A Dhcp Server

    Configure the System to be a DHCP Server A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The following table lists the key responsibilities of DHCP servers.
  • Page 253 DHCP <POOL> mode show config After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address.
  • Page 254: Specifying A Default Gateway

    DHCP <POOL> default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses.
  • Page 255: Debugging The Dhcp Server

    NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host IP.
  • Page 256 shown in the following illustration. Specify multiple DHCP servers by using the ip helper-address dhcp-address command multiple times. When you configure the ip helper-address command, the system listens for DHCP broadcast messages on port 67. The system rewrites packets received from the client and forwards them via unicast to the DHCP servers;...
  • Page 257: Configure The System To Be A Dhcp Client

    The switch can obtain a dynamically assigned IP address from a DHCP server. A start-up configuration is not received. Use bare metal provisioning (BMP) to receive configuration parameters (Dell Networking OS version and a configuration file). BMP is enabled as a factory-default setting on a switch.
  • Page 258: Dhcp Client On A Management Interface

    DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as the following describes. Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. It periodically synchronizes the lease file with the standby unit.
  • Page 259: Configure Secure Dhcp

    • If you enable DHCP snooping globally on a switch and you enable a DHCP client on an interface, the trust port, source MAC address, and snooping table validations are not performed on the interface by DHCP snooping for packets destined to the DHCP client daemon. The following criteria determine packets destined for the DHCP client: –...
  • Page 260: Option 82

    Option 82 RFC 3046 (the relay agent information option, or Option 82) is used for class-based IP address assignment. The code for the relay agent information option is 82, and is comprised of two sub-options, circuit ID and remote ID. Circuit ID This is the interface on which the client-originated message is received.
  • Page 261 OS version extends DHCP snooping to Layer 2 and you do not have to enable relay agent to snoop on Layer 2 interfaces. Dell Networking OS Behavior: Binding table entries are deleted when a lease expires or when the relay agent encounters a DHCPRELEASE. Line cards maintain a list of snooped VLANs. When the binding table is exhausted, DHCP packets are dropped on snooped VLANs, while these packets are forwarded across non-snooped VLANs.
  • Page 262 Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command.
  • Page 263 Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address...
  • Page 264: Drop Dhcp Packets On Snooped Vlans Only

    To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic...
  • Page 265: Configuring Dynamic Arp Inspection

    Validate ARP frames against the DHCP snooping binding table. INTERFACE VLAN mode arp inspection Examples of Viewing the ARP Database and Packets To view entries in the ARP database, use the show arp inspection database command. Dell#show arp inspection database Protocol Address Age(min) Hardware Address Interface VLAN...
  • Page 266: Source Address Validation

    Layer 3 only. However, Dell Networking OS version extends DAI to Layer 2. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 13. Three Types of Source Address Validation...
  • Page 267: Enabling Ip Source Address Validation

    DHCP MAC source address validation (SAV) validates a DHCP packet’s source hardware address against the client hardware address field (CHADDR) in the payload. Dell Networking OS ensures that the packet’s source MAC address is checked against the CHADDR field in the DHCP header only for packets from snooped VLANs.
  • Page 268: Viewing The Number Of Sav Dropped Packets

    INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address-validation [interface] command in EXEC Privilege mode.
  • Page 269: Clearing The Number Of Sav Dropped Packets

    To clear the number of SAV dropped packets, use the clear ip dhcp snooping source-address- validation discard-counters command. Dell>clear ip dhcp snooping source-address-validation discard-counters To clear the number of SAV dropped packets on a particular interface, use the clear ip dhcp snooping source-address-validation discard-counters interface interface command.
  • Page 270: Equal Cost Multi-path (ecmp)

    0 lag checksum 0 nh-ecmp checksum 0 Dell Networking OS Behavior: In the Dell Networking OS versions prior to, the ExaScale default hash-algorithm is 0. Beginning with Dell Networking OS version, the default hash-algorithm is 24.
  • Page 271: Configuring The Hash Algorithm Seed

    This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops. Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same. When configured, the same seed is set for ECMP, LAG, and NH, and is used for incoming traffic only.
  • Page 272: Managing Ecmp Group Paths

    This is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Example of Viewing Link Bundle Monitoring Dell# show link-bundle-distribution ecmp-group 1 Link-bundle trigger threshold - 60 ECMP bundle - 1 Utilization[In Percent] - 44 Alarm State - Active Interface...
  • Page 273: Modifying The Ecmp Group Threshold

    You can configure ecmp-group with id 2 for link bundle monitoring. This ecmp-group is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Dell(conf-ecmp-group-5)#show config ecmp-group 5 interface tengigabitethernet 1/2...
  • Page 274: Enabling Fips Cryptography

    Enabling FIPS Cryptography This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
  • Page 275: Enabling Fips Mode

    FIPS mode, generates new host-keys, and re-enables the SSH server (assuming it was enabled before enabling FIPS). For more information, refer to the SSH Server and SCP Commands section in the Security chapter of the Dell Networking OS Command Line Reference Guide. Enabling FIPS Cryptography...
  • Page 276: Monitoring Fips Mode Status

    : S4810 - 52-port GE/TE/FG (SE) Master priority : 0 Hardware Rev : 3.0 Num Ports : 64 Up Time : 7 hr, 3 min Dell Networking OS Version : 4810-8-3-7-1061 Jumbo Capable : yes POE Capable : no FIPS Mode : enabled...
  • Page 277 • New 1024–bit RSA and RSA1 host key-pairs are created. To disable FIPS mode, use the following command. • To disable FIPS mode from a console port. CONFIGURATION mode no fips mode enable The following Warning message displays: WARNING: Disabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy all configured host keys.
  • Page 278: Force10 Resilient Ring Protocol (frrp)

    Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) may require 4 to 5 seconds to reconverge.
  • Page 279: Ring Status

    The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node. Ring Status The ring failure notification and the ring status checks provide two ways to ensure the ring remains up and active in the event of a switch or port failure.
  • Page 280: Multiple Frrp Rings

    Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability. You can configure multiple rings with a single switch connection; a single ring can have multiple FRRP groups; multiple rings can be connected with a common link.
  • Page 281 Concept Explanation Control VLAN Each ring has a unique Control VLAN through which tagged ring health frames (RHF) are sent. Control VLANs are used only for sending RHF, and cannot be used for any other purpose. Member VLAN Each ring maintains a list of member VLANs. Member VLANs must be consistent across the entire ring.
  • Page 282: Implementing Frrp

    • FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
  • Page 283: Configuring The Control Vlan

    Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer Be sure to follow these guidelines: •...
  • Page 284: Configuring And Adding The Member Vlans

    VLAN ID: The VLAN identification of the control VLAN. Configure the Master node. CONFIG-FRRP mode. mode master Identify the Member VLANs for this FRRP group. CONFIG-FRRP mode. member-vlan vlan-id {range} VLAN-ID, Range: VLAN IDs for the ring’s member VLANS. Enable FRRP. CONFIG-FRRP mode.
  • Page 285: Setting The Frrp Timers

    interface primary interface slot/port secondary interface slot/port control- vlan vlan id Interface: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Slot/Port, Range: Slot and Port ID for the interface.
  • Page 286: Viewing The Frrp Configuration

    EXEC PRIVELEGED mode. clear frrp Viewing the FRRP Configuration To view the configuration for the FRRP group, use the following command. • Show the configuration for this FRRP group. CONFIG-FRRP mode. show configuration Viewing the FRRP Information To view general FRRP information, use one of the following commands. •...
  • Page 287 switchport no shutdown interface TenGigabitEthernet 1/34 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 1/24,34 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 1/24,34 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 1/24 secondary TenGigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master...
  • Page 288 no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 3/14,21 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 3/14,21 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 3/21 secondary TenGigabitEthernet 3/14 control-vlan 101 member-vlan 201 mode transit no disable Force10 Resilient Ring Protocol (FRRP)
  • Page 289: Garp Vlan Registration Protocol (gvrp)

    GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP) is supported on Dell Networking OS. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
  • Page 290: Configure Gvrp

    GVRP information exchanged. In the following example, that type of port is referred to as a VLAN trunk port, but it is not necessary to specifically identify to the Dell Networking OS that the port is a trunk port.
  • Page 291: Enabling Gvrp Globally

    To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command.
  • Page 292: Configure A Garp Timer

    The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The Dell Networking OS default is 10000ms. Example of the garp timer Command...
  • Page 293 LeaveAll Timer 5000 Dell(conf)# Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. GARP VLAN Registration Protocol (GVRP)
  • Page 294: Internet Group Management Protocol (igmp)

    3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports 95 interfaces on S4810 and S4820 and an unlimited number of groups on all other platforms.
  • Page 295 Figure 31. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group.
  • Page 296: Igmp Version 3

    response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. •...
  • Page 297 Figure 33. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. The first unsolicited report from the host indicates that it wants to receive traffic for group The host’s second report indicates that it is only interested in traffic from group, source
  • Page 298 Figure 34. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. Host 1 sends a message indicating it is leaving group and that the included filter for and are no longer necessary.
  • Page 299: Configure Igmp

    Figure 35. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. Enable multicast routing using the ip multicast-routing command. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Version •...
  • Page 300: Viewing Igmp Enabled Interfaces

    Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
  • Page 301: Viewing Igmp Groups

    View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface...
  • Page 302: Adjusting The Igmp Querier Timeout Value

    INTERFACE mode ip igmp query-interval • Adjust the maximum response time. INTERFACE mode ip igmp query-max-resp-time • Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a subnet, only one is elected to be the querier, which is the router that sends queries to the subnet.
  • Page 303: Enabling Igmp Immediate-leave

    If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end-point VLANs only.
  • Page 304: Removing A Group-port Association

    • Specifying a Port as Connected to a Multicast Router • Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell(conf)#ip igmp snooping enable Dell(conf)#do show running-config igmp ip igmp snooping enable Dell(conf)# Removing a Group-Port Association To configure or view the remove a group-port association feature, use the following commands.
  • Page 305: Specifying A Port As Connected To A Multicast Router

    • Configure the switch to only forward unregistered packets to ports on a VLAN that are connected to mrouter ports. CONFIGURATION mode no ip igmp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN, use the following commands. •...
  • Page 306: Fast Convergence After Mstp Topology Changes

    The following describes the fast convergence feature. When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
  • Page 307: Protocol Separation

    routes. If SSH is specified as a management application, SSH links to and from an unknown destination uses the management default route. Protocol Separation When you configure the application application-type command to configure a set of management applications with TCP/UDP port numbers to the OS, the following table describes the association between applications and their port numbers.
  • Page 308: Enabling And Disabling Management Egress Interface Selection

    can configure two default routes, one configured on the management port and the other on the front- end port. Two tables, namely, Egress Interface Selection routing table and default routing table, are maintained. In the preceding table, the columns Client and Server indicate that the applications can act as both a client and a server within the switch.
  • Page 309: Handling Of Management Route Configuration

    When the feature is disabled using the no management egress-interface-selection command, the following operations are performed: • All management application configuration is removed. • All routes installed in the management EIS routing table are removed. Handling of Management Route Configuration When the EIS feature is enabled, the following processing occurs: •...
  • Page 310: Handling Of Switch-destined Traffic

    The fallback route between the management and data networks is used in such a case. At any given time, end users can access Dell Networking OS applications using either ip1 or ip2. Return Internet Group Management Protocol (IGMP)
  • Page 311: Handling Of Transit Traffic (traffic Separation)

    traffic for such end-user-originated sessions destined to management port ip1 is handled using the EIS route lookup. Handling of Transit Traffic (Traffic Separation) This is forwarded traffic where destination IP is not an IP address configured in the switch. • Packets received on the management port with destination on the front-end port is dropped.
  • Page 312: Behavior Of Various Applications For Switch-initiated Traffic

    This phenomenon occurs where traffic is transiting the switch. Traffic has not originated from the switch and is not terminating on the switch. • Drop the packets that are received on the front-end data port with destination on the management port.
  • Page 313: Behavior Of Various Applications For Switch-destined Traffic

    Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled EIS Behavior Default Behavior EIS Behavior Default Behavior EIS Behavior Default Behavior radius EIS Behavior Default Behavior Sflow-collector Default Behavior Snmp (SNMP Mib response and EIS Behavior Default Behavior SNMP Traps) EIS Behavior Default Behavior...
  • Page 314: Interworking Of Eis With Various Applications

    Default Behavior: Route lookup is done in the default routing table and appropriate egress port is selected. Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled EIS Behavior Default Behavior http EIS Behavior Default Behavior EIS Behavior Default Behavior Snmp (snmp mib response) EIS Behavior Default Behavior...
  • Page 315: Designating A Multicast Router Interface

    To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address.
  • Page 316: Interfaces

    Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the Z9000 platform. Basic Interface Configuration •...
  • Page 317: Interface Types

    NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. NOTE: The CLI output may be incorrectly displayed as 0 (zero) for the Rx/Tx power values. To obtain the correct power information, perform a simple network management protocol (SNMP) query.
  • Page 318 EXEC Privilege mode. In the following example, TenGigabitEthernet interface 1/6 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up. Dell#show ip interface brief Interface IP-Address...
  • Page 319: Enabling A Physical Interface

    INTERFACE mode, use the exit command or end command. You cannot delete a physical interface. Physical Interfaces The Management Ethernet interface is a single RJ-45 Fast Ethernet port on each unit of the Z9000 The interface provides dedicated management access to the system.
  • Page 320: Configuration Task List For Physical Interfaces

    • Clearing Interface Counters Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode.
  • Page 321: Configuring Layer 2 (interface) Mode

    Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface.
  • Page 322: Configuring Layer 3 (interface) Mode

    Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode. Dell>show ip int vlan 58 Vlan 58 is up, line protocol is up Internet address is Broadcast address is
  • Page 323 The dedicated Management interface provides management access to the system. You can configure this interface with Dell Networking OS, but the configuration options on this interface are limited. You cannot configure Gateway addresses and IP addresses if it appears in the main routing table of Dell Networking OS.
  • Page 324: Configuring Management Interfaces On The S-series

    To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int TenGigabitEthernet 1/1 TenGigabitEthernet 1/1 is up, line protocol is up Description: This is the Managment Interface...
  • Page 325: Vlan Interfaces

    NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
  • Page 326: Null Interfaces

    (LAG) or port channel. A LAG is “a group of links that appear to a MAC client as if they were a single link” according to IEEE 802.3ad. In Dell Networking OS, a LAG is referred to as a port channel interface. Interfaces...
  • Page 327: Port Channel Benefits

    NOTE: If you are using either 10G ports or 40G ports, the platform supports up to 16 members per LAG. As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel.
  • Page 328: Mbps Interfaces In Port Channels

    Dell Networking OS determines if the first interface specified (TenGig 1/1) is up. After it is up, the common speed of the port channel is 1000 Mb/s. Dell Networking OS disables those interfaces configured with speed 10000 Mb/s or whose speed is 10000 Mb/s as a result of auto- negotiation.
  • Page 329: Adding A Physical Interface To A Port Channel

    NOTE: Port channels can contain a mix of Gigabit Ethernet and 10/100/1000 Ethernet interfaces, but Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port channel (refer to 10/100/1000 Mbps Interfaces in Port Channels).
  • Page 330 Time since last interface status change: 04:31:57 Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs).
  • Page 331: Reassigning An Interface To A New Port Channel

    Each time you add or remove a channel member from a port channel, Dell Networking OS recalculates the hash algorithm for the port channel.
  • Page 332: Configuring The Minimum Oper Up Links In A Port Channel

    EXEC mode Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)# vlan tagged 2-5,100,4010 Dell#show interfaces switchport te 1/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged...
  • Page 333: Assigning An Ip Address To A Port Channel

    Dell Networking OS allows you to modify the hashing algorithms used for flows and for fragments. The load-balance and hash-algorithm commands are available for modifying the distribution algorithms.
  • Page 334: Changing The Hash Algorithm

    For packets without a Layer 3 header, Dell Networking OS automatically uses load-balance mac source-dest-mac. Do not configure IP hashing or MAC hashing at the same time. If you configure an IP and MAC hashing scheme at the same time, the MAC hashing scheme takes precedence over the IP hashing scheme.
  • Page 335: Bulk Configuration

    [ecmp{crc16|crc16cc|crc32LSB|crc32MSB|crc-upper|dest-ip|lsb| xor1|xor2|xor4|xor8|xor16}] Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh-ecmp checksum 26 Dell(conf)# The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crc- lower. This command takes the lower 32 bits of the hash key to compute the egress port. Other options for ECMP hash-algorithms are: •...
  • Page 336: Bulk Configuration Examples

    The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range tengigabitethernet 2/1 - 23 , tengigabitethernet 2/1...
  • Page 337: Defining Interface Range Macros

    The following example shows how to use commas to add VLAN and port-channel interfaces to the range. Example of Adding VLAN and Port-Channel Interface Ranges Dell(config-if-range-te-1/1-2)# interface range Vlan 2 – 100 , Port 1 – 25 Dell(config-if-range-te-1/1-2-so-5/1-vl-2-100-po-1-25)# no shutdown Defining Interface Range Macros You can define an interface-range macro to automatically select a range of interfaces for configuration.
  • Page 338: Define The Interface Range

    The following example shows how to define an interface-range macro named “test” to select Fast Ethernet interfaces 5/1 through 5/4. Example of the define interface-range Command for Macros Dell(config)# define interface-range test gigabitethernet 5/1 - 4 Choosing an Interface-Range Macro To use an interface-range macro, use the following command.
  • Page 339: Maintenance Using Tdr

    Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs. TDR sends a signal onto the physical cable and examines the reflection of the signal that returns.
  • Page 340: Splitting Qsfp Ports To Sfp+ Ports

    – stack-unit: enter the stack member unit identifier of the stack member to reset. The range is from 0 to 11 – number: enter the port number of the 40G port to be split. The Z9000 range is from 0 to 31. Important Points to Remember •...
  • Page 341 Similarly, you can enable the fan-out mode to configure the QSFP port on a device to act as an SFP or SFP+ port. As the QSA enables a QSFP or QSFP+ port to be used as an SFP or SFP+ port, Dell Networking OS does not immediately detect the QSA after you insert it into a QSFP port cage.
  • Page 342: Support For Lm4 Optics

    NOTE: In the following show interfaces tengigbitethernet commands, the ports 1,2, and 3 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports.
  • Page 343 5,6, and 7 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports. This is a software limitation for this release.
  • Page 344 = 0.000C QSFP 0 Voltage High Alarm threshold = 0.000V QSFP 0 Bias High Alarm threshold = 0.000mA Dell#show interfaces fortyGigE 0/12 transceiver QSFP 0 Serial ID Base Fields QSFP 0 Id = 0x0d QSFP 0 Ext Id = 0x00...
  • Page 345 NOTE: In the following show inventory media command output, the port numbers 1, 2, 3, 5, 6, and 7 ports are actually inactive. However, Dell Networking OS still shows that optical cables are inserted into these ports. This is a software limitation for this release.
  • Page 346: Link Dampening

    QSFP 4x10GBASE-CR1-3M APF12420031B3P QSFP 4x10GBASE-CR1-3M APF12420031B3P QSFP 40GBASE-SR4 Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes. Every time an interface changes a state or flaps, routing protocols are notified of the status of the routes that are affected by the change in state.
  • Page 347 The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
  • Page 348: Link Bundle Monitoring

    Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it.
  • Page 349: Enabling Pause Frames

    As a workaround, apply the new settings, execute shut then no shut on the interface, and then check the running-config of the port. NOTE: If you disable rx flow control, Dell Networking recommends rebooting the system. The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes.
  • Page 350: Port-pipes

    1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is from 592 to 12000, with a default of 1500. IP MTU automatically configures. The following table lists the various Layer 2 overheads found in Dell Networking OS and the number of bytes.
  • Page 351: Auto-negotiation On Ethernet Interfaces

    NOTE: As a best practice, Dell Networking recommends keeping auto-negotiation enabled. Only disable auto-negotiation on switch ports that attach to devices not capable of supporting negotiation or where connectivity issues arise from interoperability issues.
  • Page 352 NOTE: The show interfaces status command displays link status, but not administrative status. For both link and administrative status, use the show ip interface [interface | brief | linecard slot-number] [configuration] command. Dell#show interfaces status Port Description Status Speed Duplex Vlan...
  • Page 353: Set Auto-negotiation Options

    Dell(conf-if-gi-1/1)# For details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command.
  • Page 354: View Advanced Interface Information

    Dell#show ip interface stack-unit 1 configured Dell#show ip interface tengigabitEthernet 1 configured Dell#show ip interface br configured Dell#show ip interface br stack-unit 1 configured Dell#show ip interface br tengigabitEthernet 1 configured Dell#show running-config interfaces configured Dell#show running-config interface tengigabitEthernet 1 configured In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information.
  • Page 355 Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h40m Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#rate-interval 100 Dell#sho