Download  Print this page

Dell C9000 Series Networking Configuration Manual

Hide thumbs
   
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990

Advertisement

Dell Networking Configuration Guide
for the C9000 Series
Version 9.10(0.0)

Advertisement

Table of Contents
loading

  Also See for Dell C9000 Series

  Summary of Contents for Dell C9000 Series

  • Page 1 Dell Networking Configuration Guide for the C9000 Series Version 9.10(0.0)
  • Page 2 WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell ™...
  • Page 3: Table Of Contents

    Contents 1 About this Guide........................37 Audience.............................37 Conventions..........................37 Related Documents......................... 38 2 Configuration Fundamentals....................39 Accessing the Command Line....................39 CLI Modes..........................40 Navigating CLI Modes......................42 The do Command........................45 Undoing Commands....................... 46 Obtaining Help..........................46 Entering and Editing Commands..................47 Command History........................48 Filtering show Command Outputs..................48 Multiple Users in Configuration Mode.................50 3 Getting Started........................
  • Page 4 Upgrading the Dell Networking OS..................62 4 Switch Management......................63 Configuring Privilege Levels....................63 Creating a Custom Privilege Level.................. 63 Removing a Command from EXEC Mode..............63 Moving a Command from EXEC Privilege Mode to EXEC Mode......64 Allowing Access to CONFIGURATION Mode Commands........64 Allowing Access to the Following Modes..............
  • Page 5 Using Telnet to Access Another Network Device............. 85 Lock CONFIGURATION Mode....................86 Viewing the Configuration Lock Status................. 86 Recovering from a Forgotten Password ................87 Ignoring the Startup Configuration and Booting from the Factory-Default Configuration..........................88 Recovering from a Failed Start....................88 Restoring Factory-Default Settings..................
  • Page 6 Configuring Multi-Supplicant AuthenticationRestricting Multi-Supplicant Authentication........................121 MAC Authentication Bypass....................122 MAB in Single-host and Multi-Host Mode..............123 MAB in Multi-Supplicant Authentication Mode............123 Configuring MAC Authentication Bypass..............124 Dynamic CoS with 802.1X....................125 6 Access Control Lists (ACLs)....................127 IP Access Control Lists (ACLs)..................... 128 CAM Usage.........................128 User-Configurable CAM Allocation................130 Allocating CAM for Ingress ACLs on the Port Extender...........
  • Page 7 Configuring Match Routes....................157 Configuring Set Conditions.................... 159 Configure a Route Map for Route Redistribution............160 Configure a Route Map for Route Tagging..............160 Continue Clause........................161 Configuring a UDF ACL......................161 Hot-Lock Behavior.........................163 7 Bidirectional Forwarding Detection (BFD)...............164 How BFD Works........................164 BFD Packet Format......................166 BFD Sessions........................168 BFD Three-Way Handshake...................
  • Page 8 Ignore Router-ID for Some Best-Path Calculations..........203 Four-Byte AS Numbers....................203 AS4 Number Representation..................204 AS Number Migration......................206 BGP4 Management Information Base (MIB).............. 208 Important Points to Remember..................208 Configuration Information....................209 BGP Configuration.........................209 Enabling BGP........................210 Configuring AS4 Number Representations..............214 Configuring Peer Groups....................216 Configuring BGP Fast Fail-Over..................
  • Page 9 Storing Last and Bad PDUs.....................247 Capturing PDUs........................ 248 PDU Counters........................250 Sample Configurations......................250 9 Content Addressable Memory (CAM)................260 CAM Allocation........................260 Test CAM Usage........................262 View CAM-ACL Settings....................... 262 View CAM Usage........................263 Return to the Default CAM Configuration................264 CAM Optimization......................... 265 Applications for CAM Profiling....................
  • Page 10 QoS dot1p Traffic Classification and Queue Assignment..........296 SNMP Support for PFC and Buffer Statistics Tracking............297 DCB Maps and its Attributes....................298 DCB Map: Configuration Procedure................298 Important Points to Remember..................299 Applying a DCB Map on a Port..................299 Configuring PFC without a DCB Map................300 Configuring Lossless Queues..................
  • Page 11 Configuring the Dynamic Buffer Method................. 338 12 Debugging and Diagnostics.....................340 Offline Diagnostics........................ 340 Running Port Extender Offline Diagnostics on the Switch........341 Running Offline Diagnostics on a Standalone Switch..........348 TRACE Logs..........................371 Auto Save on Reload, Crash, or Rollover..............371 Uploading Trace Logs...................... 371 Last Restart Reason........................372 show hardware Commands....................372 Environmental Monitoring....................375...
  • Page 12 Configure the System to be a DHCP Client..............401 DHCP Client on a Management Interface..............401 DHCP Client Operation with Other Features.............402 Configure Secure DHCP...................... 403 Option 82...........................403 DHCP Snooping....................... 404 Drop DHCP Packets on Snooped VLANs Only............406 Dynamic ARP Inspection....................407 Configuring Dynamic ARP Inspection.................408 Source Address Validation....................
  • Page 13 Impact on Other Software Features................429 FIP Snooping Restrictions....................429 Configuring FIP Snooping....................430 Displaying FIP Snooping Information.................431 FCoE Transit Configuration Example.................437 16 FIPS Cryptography......................439 Configuration Tasks.......................439 Preparing the System......................440 Enabling FIPS Mode.......................440 Generating Host-Keys......................441 Monitoring FIPS Mode Status....................441 Disabling FIPS Mode......................442 17 Flex Hash and Optimized Boot-Up.................
  • Page 14 Configuration Checks......................461 Sample Configuration and Topology.................461 19 GARP VLAN Registration Protocol (GVRP)..............463 Important Points to Remember..................463 Configure GVRP........................464 Related Configuration Tasks..................465 Enabling GVRP Globally......................465 Enabling GVRP on a Layer 2 Interface................465 Configure GVRP Registration....................466 Configure a GARP Timer...................... 466 20 High Availability (HA)......................
  • Page 15 Viewing IGMP Enabled Interfaces..................483 Selecting an IGMP Version....................484 Viewing IGMP Groups......................484 Enabling IGMP Immediate-Leave..................485 IGMP Snooping........................485 IGMP Snooping Implementation Information............485 Configuring IGMP Snooping..................486 Removing a Group-Port Association................486 Disabling Multicast Flooding..................487 Specifying a Port as Connected to a Multicast Router..........487 Configuring the Switch as Querier................
  • Page 16 Monitoring HiGig Link Bundles................... 529 Guidelines for Monitoring HiGig Link-Bundles ............530 Enabling HiGig Link-Bundle Monitoring..............531 Non Dell-Qualified Transceivers..................531 Splitting QSFP Ports to SFP+ Ports..................532 Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port........533 Configuring wavelength for 10–Gigabit SFP+ optics............ 534 Link Dampening........................535...
  • Page 17 Configuration Tasks for ICMP..................559 Enabling ICMP Unreachable Messages............... 560 25 IPv6 Routing........................561 Protocol Overview......................... 561 Extended Address Space....................562 Stateless Autoconfiguration...................562 IPv6 Headers........................563 IPv6 Header Fields......................563 Extension Header Fields....................565 IPv6 Addressing........................ 566 IPv6 Implementation on the Dell Networking OS............567 Version 9.10(0.0)
  • Page 18 Configuring the LPM Table for IPv6 Extended Prefixes..........569 ICMPv6............................. 570 Path MTU Discovery......................570 IPv6 Neighbor Discovery.......................571 IPv6 Neighbor Discovery of MTU Packets..............572 Configuring the IPv6 Recursive DNS Server............... 572 Secure Shell (SSH) Over an IPv6 Transport...............574 Configuration Tasks for IPv6....................575 Adjusting Your CAM Profile....................
  • Page 19 Monitoring iSCSI Traffic Flows.................... 618 Information Monitored in iSCSI Traffic Flows..............619 Detection and Auto-Configuration for Dell EqualLogic Arrays........620 Configuring Detection and Ports for Dell Compellent Arrays........620 Application of Quality of Service to iSCSI Traffic Flows..........621 28 Link Aggregation Control Protocol (LACP)..............622 Introduction to Dynamic LAGs and LACP................
  • Page 20 mac learning-limit mac-address-sticky..............641 mac learning-limit station-move.................. 641 mac learning-limit no-station-move................641 Learning Limit Violation Actions................... 642 Setting Station Move Violation Actions............... 642 Recovering from Learning Limit and Station Move Violations....... 643 Disabling MAC Address Learning on the System............643 NIC Teaming...........................644 Configure Redundant Pairs....................645 Important Points about Configuring Redundant Pairs..........647...
  • Page 21 Enable Multiple Spanning Tree Globally................705 Adding and Removing Interfaces..................706 Creating Multiple Spanning Tree Instances..............706 Influencing MSTP Root Selection..................707 Interoperate with Non-Dell Bridges.................. 708 Changing the Region Name or Revision................709 Modifying Global Parameters....................709 Modifying the Interface Parameters..................711 Configuring an EdgePort......................
  • Page 22 Flush MAC Addresses after a Topology Change..............713 MSTP Sample Configurations....................713 Router 1 Running-ConfigurationRouter 2 Running-ConfigurationRouter 3 Running-ConfigurationExample Running-Configuration........714 Debugging and Verifying MSTP Configurations...............717 33 Multicast Features......................719 Enabling IP Multicast......................719 Implementation Information....................719 First Packet Forwarding for Lossless Multicast..............720 Multicast Policies........................720 IPv4 Multicast Policies.....................
  • Page 23 RFC-2328 Compliant OSPF Flooding................750 OSPF ACK Packing......................751 Setting OSPF Adjacency with Cisco Routers.............. 751 Configuration Information....................752 Configuration Task List for OSPFv2 (OSPF for IPv4)..........752 Sample Configurations for OSPFv2..................766 Basic OSPFv2 Router Topology..................766 OSPF Area 0 — Te 1/1 and 1/2..................766 OSPF Area 0 —...
  • Page 24 Use PIM-SSM with IGMP Version 2 Hosts................ 802 Configuring PIM-SSM with IGMPv2................802 39 Policy-based Routing (PBR).....................804 Overview..........................804 Implementing Policy-based Routing with Dell Networking OS........806 Configuration Task List for Policy-based Routing............806 PBR Exceptions (Permit)....................810 Sample Configuration......................813 Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface 2/11View Redirect-List GOLD..................
  • Page 25 Upgrading a Port Extender....................829 Auto-Upgrade of the OS Image..................829 Manually Upgrading the OS Image................829 De-provisioning a Port Extender..................831 Troubleshooting a Port Extender..................831 Dual Homing........................... 832 Configuration Terminal Batch Mode................833 Setting up Dual Homing....................833 Upgrading to OS 9.10(0.0)..................... 838 Supported Features.......................
  • Page 26 43 Power over Ethernet (PoE)....................872 Configuring PoE or PoE+..................... 873 Enabling PoE or PoE+ on a Port................... 873 Configuration Tasks for PoE or PoE+................873 Manage Ports using Power Priority and the Power Budget..........874 Determining the Power Priority for a Port..............874 Determining the Affect of a Port on the Power Budget..........
  • Page 27 Setting dot1p Priorities for Incoming Traffic.............. 907 Honoring dot1p Priorities on Ingress Traffic..............908 Configuring Port-Based Rate Policing................ 909 Configuring Port-Based Rate Shaping................ 909 Policy-Based QoS Configurations..................910 Classify Traffic........................910 Create a QoS Policy......................915 Create Policy Maps......................919 DSCP Color Maps........................922 Creating a DSCP Color Map..................
  • Page 28 Implementation Information....................953 Fault Recovery........................953 Setting the RMON Alarm....................954 Configuring an RMON Event..................955 Configuring RMON Collection Statistics..............956 Configuring the RMON Collection History..............956 48 Rapid Spanning Tree Protocol (RSTP)................958 Protocol Overview.........................958 Configuring Rapid Spanning Tree..................958 Related Configuration Tasks..................958 Important Points to Remember..................
  • Page 29 TACACS+ Remote Authentication and Authorization..........998 Command Authorization..................... 1000 Protection from TCP Tiny and Overlapping Fragment Attacks......... 1000 Enabling SCP and SSH......................1000 Using SCP with SSH to Copy a Software Image............1001 Removing the RSA Host Keys and Zeroizing Storage ........... 1002 Configuring When to Re-generate an SSH Key .............
  • Page 30 Provider Backbone Bridging....................1031 51 sFlow...........................1033 Overview..........................1033 Implementation Information..................... 1034 Important Points to Remember.................. 1034 Enabling and Disabling sFlow....................1034 Enabling and Disabling sFlow on an Interface...............1035 sFlow Show Commands.....................1035 Displaying Show sFlow Global..................1035 Displaying Show sFlow on an Interface..............1036 Displaying Show sFlow on a Line Card..............
  • Page 31 Copy a Binary File to the Startup-Configuration............ 1060 Additional MIB Objects to View Copy Statistics............1061 Obtaining a Value for MIB Objects................1061 Manage VLANs using SNMP....................1062 Creating a VLAN......................1062 Assigning a VLAN Alias....................1063 Displaying the Ports in a VLAN..................1063 Add Tagged and Untagged Ports to a VLAN............
  • Page 32 Configuring SupportAssist Using a Configuration Wizard.......... 1093 Configuring SupportAssist Manually................1093 Configuring SupportAssist Activity................... 1095 Configuring SupportAssist Company................1097 Configuring SupportAssist Person................... 1098 Configuring SupportAssist Server..................1099 Viewing SupportAssist Configuration................1099 56 System Time and Date.....................1102 Network Time Protocol.......................1102 Protocol Overview......................1103 Configure the Network Time Protocol..............1104 Enabling NTP........................
  • Page 33 UFD and NIC Teaming......................1124 Important Points to Remember..................1125 Configuring Uplink Failure Detection................1125 Clearing a UFD-Disabled Interface................... 1127 Displaying Uplink Failure Detection..................1128 Sample Configuration: Uplink Failure Detection............1131 60 Virtual LANs (VLANs)......................1133 Default VLAN......................... 1134 Port-Based VLANs........................ 1134 VLANs and Port Tagging..................... 1135 Configuration Task List......................1135 Enabling Null VLAN as the Default VLAN..............1136 Assigning an IP Address to a VLAN................
  • Page 34 Configuring Management VRF..................1157 Configuring a Static Route.................... 1157 Route Leaking VRFs......................1158 Sample VRF Configuration....................1159 Dynamic Route Leaking...................... 1160 Configuring Route Leaking with Filtering..............1160 Configuring Route Leaking without Filtering Criteria..........1162 63 Virtual Link Trunking (VLT).....................1165 Overview..........................1165 VLT on Core Switches....................1166 VLT Terminology........................1167 Important Points to Remember..................1167 Configuration Notes......................
  • Page 35 eVLT Configuration Step Examples................1193 PIM-Sparse Mode Configuration Example..............1195 Verifying a VLT Configuration....................1196 Additional VLT Sample Configurations................1200 Configuring Virtual Link Trunking (VLT Peer 1)Configuring Virtual Link Trunking (VLT Peer 2)Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access Switch)................1200 Troubleshooting VLT......................1202 Reconfiguring Stacked Switches as VLT.................
  • Page 36 Intermediate System to Intermediate System (IS-IS)..........1245 Network Management....................1245 Multicast........................... 1249 Open Shortest Path First (OSPF)................. 1250 Routing Information Protocol (RIP)................1251 MIB Location..........................1251 Version 9.10(0.0)
  • Page 37: About This Guide

    This Configuration guide provides information about how to use and configure the software features supported in the Dell Networking operating system (OS) on a C9010 switch and C1048P port extender. You can configure each feature by entering commands from the C9010 console.
  • Page 38: Related Documents

    Related Documents For more information about the Dell Networking C9000 Series, refer to the following documents: • Dell Networking C9010 Getting Started Guide • Dell Networking C9010 Installation Guide • Dell Networking C1048P Getting Started Guide • Dell Networking C1048P Installation Guide •...
  • Page 39: Configuration Fundamentals

    Differences are noted in each CLI description and related documentation. In Dell Networking OS, after a command is enabled, it is entered into the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration copy the running configuration to another location.
  • Page 40: Cli Modes

    Security chapter. The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
  • Page 41 DHCP DHCP POOL ECMP-GROUP EXTENDED COMMUNITY FRRP INTERFACE GIGABIT ETHERNET 10 GIGABIT ETHERNET 40 GIGABIT ETHERNET INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET NULL PORT-CHANNEL TUNNEL VLAN VRRP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST MAC ACCESS-LIST LINE AUXILLIARY CONSOLE VIRTUAL TERMINAL LLDP LLDP MANAGEMENT INTERFACE...
  • Page 42: Navigating Cli Modes

    Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the following: •...
  • Page 43 CLI Command Mode Prompt Access Command PE 1-Gigabit Ethernet interface (on interface (INTERFACE modes) Dell(conf-if-pegi-0/0/0)# a port extender) Port-channel Interface interface (INTERFACE modes) Dell(conf-if-po-0)# Tunnel Interface interface (INTERFACE modes) Dell(conf-if-tu-0)# VLAN Interface interface (INTERFACE modes) Dell(conf-if-vl-0)# STANDARD ACCESS-LIST ip access-list standard (IP...
  • Page 44 0 TRACE-LIST Dell(conf-trace-acl)# ip trace-list CLASS-MAP Dell(config-class-map)# class-map CONTROL-PLANE Dell(conf-control-cpuqos)# control-plane-cpuqos DCB POLICY Dell(conf-dcb-in)# (for input dcb-input for input policy policy) dcb-output for output policy Dell(conf-dcb-out)# (for output policy) DHCP Dell(config-dhcp)# ip dhcp server DHCP POOL pool (DHCP Mode)
  • Page 45: The Do Command

    Dell Real Time Operating System Software Dell Operating System Version: Dell Application Software Version: E9.9(0.0) Copyright (c) 1999-2015 by Dell Inc. All Rights Reserved. Build Time: Mon Jun 1 15:00:00 2015 Build Path: /build/build03/SW/SRC Dell Networking OS uptime is 15 hour(s), 13 minute(s) System image file is "system://A"...
  • Page 46: Undoing Commands

    3 24-port TE/GE (VG) 4 6-port TE/FG (VG) 2 4-port TE/GE (VG) 208 Ten GigabitEthernet/IEEE 802.3 in10 Forty GigabitEthernet/IEEE 802.3 interface(s) Dell# Dell(conf)#do show running-config interface tengigabitethernet 0/0 interface TenGigabitEthernet 0/0 no ip address shutdown Dell(conf)# Undoing Commands When you enter a command, the command line is added to the running configuration file (running-config).
  • Page 47: Entering And Editing Commands

    Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands.
  • Page 48: Command History

    Deletes all characters from the cursor to the end of the word. Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands.
  • Page 49 NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks. The except keyword displays text that does not match the specified text. The following example shows this command used in combination with the show processes command.
  • Page 50: Multiple Users In Configuration Mode

    % Warning: User "<username>" on line vty0 "10.11.130.2" is in configuration mode If either of these messages appears, Dell Networking recommends coordinating with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes.
  • Page 51: Getting Started

    This chapter describes how you start configuring your operating software. When you power up the chassis, the system performs a power-on self test (POST) and loads the Dell Networking operating software. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
  • Page 52: Serial Console

    Serial Console The RJ-45 network management port is located on the left side of the RPM as you face the chassis. Use a supported RJ-45 cable for a network connection. Figure 1. RJ-45 Console Port RJ-45 Console Port Accessing the Console Port To access the console port, follow these steps: For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9...
  • Page 53: Mounting An Nfs File System

    Table 2. Pin Assignments Between the Console and a DTE Terminal Server Console Port RJ-45 to RJ-45 RJ-45 to RJ-45 RJ-45 to DB-9 Terminal Server Rollover Cable Rollover Cable Adapter Device Signal RJ-45 Pinout RJ-45 Pinout DB-9 Pin Signal Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system.
  • Page 54: Important Points To Remember

    • The usbflash command is supported on the device. Refer to your system’s Release Notes for a list of approved USB vendors. Example of Copying a File to current File System Dell#copy tftp://10.16.127.35/username/dv-maa-C9010-test nfsmount:// Destination file name [dv-maa-sC9010-test]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!.!
  • Page 55: Default Configuration

    Default Configuration Although a version of the Dell Networking OS is pre-loaded on the switch, the system is not configured when you power up the first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
  • Page 56: Configure The Management Port Ip Address

    Configure a username and password. Configure a Username and Password Configure the Management Port IP Address To access the system remotely, assign IP addresses to the management ports. NOTE: Assign an IP address to the management port. Enter INTERFACE mode for the Management port for RPM 0 (RPM 0 is in slot 10). CONFIGURATION mode interface ManagementEthernet 0/0 For RPM 1 (RPM1 in slot 11), configure its Management port:...
  • Page 57: Configuring The Enable Password

    • 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default.
  • Page 58: File Storage

    File Storage The Dell Networking OS can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default, but can be configured to store files elsewhere. To view file system information, use the following command.
  • Page 59: Save The Running-Configuration

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration. The system uses the startup-configuration during boot-up to configure the system. The startup-configuration is stored in the internal flash on the system by default, but it can be saved on a USB flash device or a remote server.
  • Page 60: Configure The Overload Bit For A Startup Scenario

    Scenario For information about setting the router overload bit for a specific period of time after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide.
  • Page 61: Changes In Configuration Files

    Example of the dir Command The output of the dir command also shows the read/write privileges, size (in bytes), and date of modification for each file. Dell# dir Directory of flash: drwx 4096 Jan 01 1980 00:00:00 +00:00 .
  • Page 62: Viewing Command History

    [12/5 10:57:12]: CMD-(CLI):line vty 0 9 Upgrading the Dell Networking OS To upgrade the Dell Networking operating system on the switch, refer to the Release Notes for the software version you want to load. For information about how to verify newly copied or currently running software images, see: •...
  • Page 63: Switch Management

    Switch Management This chapter describes the switch management tasks supported on the switch. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1. Level Description Level 0...
  • Page 64: Moving A Command From Exec Privilege Mode To Exec Mode

    Moving a Command from EXEC Privilege Mode to EXEC Mode To move a command from EXEC Privilege to EXEC mode for a privilege level, use the privilege exec command from CONFIGURATION mode. In the command, specify the privilege level of the user or terminal line and specify all keywords in the command to which you want to allow access.
  • Page 65 VTY 0 allows access to CONFIGURATION mode with the banner command allows access to INTERFACE and LINE modes are allowed with no commands. Dell(conf)#do show run priv privilege exec level 3 capture privilege exec level 3 configure...
  • Page 66: Applying A Privilege Level To A Username

    When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking operating system tracks changes in the system using event and error messages. By default, the operating system logs these messages on: Switch Management...
  • Page 67: Audit And Security Logs

    • the internal buffer • console and terminal lines • any configured syslog servers To disable logging, use the following commands. • Disable all logging except on the console. CONFIGURATION mode no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer •...
  • Page 68 Dell#show logging auditlog May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Switch Management...
  • Page 69: Configuring Logging Format

    Example of the clear logging auditlog Command Dell# clear logging auditlog Configuring Logging Format To display syslog messages in a RFC 3164 or RFC 5424 format, use the logging version [0 | 1} command in CONFIGURATION mode.
  • Page 70 To configure a secure connection from the switch to the syslog server: On the switch, enable the SSH server On the syslog server, create a reverse SSH tunnel from the syslog server to the switch, Dell(conf)#ip ssh server enable using following syntax: ssh -R <remote port>:<syslog server>:<syslog server listen port>...
  • Page 71: Track Login Activity

    Dell(conf)#logging 127.0.0.1 tcp 5140 Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events. When you log in using the console or VTY line, the system displays the last successful login details of the current user and the number of unsuccessful login attempts since your last successful login to the system, and whether the current user’s permissions have changed since the last login.
  • Page 72: Display Login Statistics

    The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics command.
  • Page 73 The following is sample output of the show login statistics unsuccessful-attempts time- period days command. Dell# show login statistics unsuccessful-attempts time-period 15 There were 0 unsuccessful login attempt(s) for user admin in last 15 day(s). The following is sample output of the show login statistics unsuccessful-attempts user login-id command.
  • Page 74: Limit Concurrent Login Sessions

    Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines. You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions.
  • Page 75: Log Messages In The Internal Buffer

    Example of Enabling the System to Clear Existing Sessions The following example enables you to clear your existing login sessions. Dell(config)#login concurrent-session clear-line enable Example of Clearing Existing Sessions When you try to log in, the following message appears with all your existing concurrent sessions, providing an option to close any one of the existing sessions: $ telnet 10.11.178.14...
  • Page 76: Disabling System Logging

    • Send System Messages to a Syslog Server • Change System Logging Settings • Display the Logging Buffer and the Logging Configuration • Configure a UNIX Logging Facility Level • Enable Timestamp on Syslog Messages • Synchronize Log Messages • Audit and Security Logs •...
  • Page 77: Configuring A Unix System As A Syslog Server

    EXEC privilege mode. When RBAC is enabled, the security logs are filtered based on the user roles. Only the security administrator and system administrator can view the security logs. Example of the show logging Command Dell#show logging Syslog logging: enabled Console logging: level debugging...
  • Page 78: Changing System Logging Settings

    Jan 21 02:56:54: %SYSTEM:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Te --More-- To view any changes made, use the show running-config logging command in EXEC privilege mode, as shown in the example for Configure a UNIX Logging Facility Level. Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location.
  • Page 79: Configuring A Unix Logging Facility Level

    (for syslog messages) • user (for user programs) • uucp (UNIX to UNIX copy protocol) Example of the show running-config logging Command To view non-default settings, use the show running-config logging command in EXEC mode. Dell#show running-config logging Switch Management...
  • Page 80: Synchronizing Log Messages

    Dell# Synchronizing Log Messages You can configure the Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
  • Page 81: File Transfer Services

    (VLAN) interfaces. For more information about FTP, refer to RFC 959, File Transfer Protocol. NOTE: To transmit large files, Dell Networking recommends configuring the switch as an FTP server. Configuration Task List for File Transfer Services The configuration tasks for file transfer services are: •...
  • Page 82: Configuring Ftp Server Parameters

    Example of Viewing FTP Configuration Dell#show running ftp ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands.
  • Page 83: Terminal Lines

    Denying and Permitting Access to a Terminal Line Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines. • Layer 3 ACLs deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny traffic.
  • Page 84: Configuring Login Authentication For Terminal Lines

    LINE mode password password Example of Terminal Line Authentication In the following example, VTY lines 0-2 use a single authentication method, line. Dell(conf)#aaa authentication login myvtymethodlist line Dell(conf)#line vty 0 2 Dell(config-line-vty)#login authentication myvtymethodlist Dell(config-line-vty)#password myvtypassword Dell(config-line-vty)#show config...
  • Page 85: Setting Time Out Of Exec Privilege Mode

    Example of Setting the Time Out Period for EXEC Privilege Mode The following example shows how to set the time-out period and how to view the configuration using the show config command from LINE mode. Dell(conf)#line console 0 Dell(config-line-console)#exec-timeout 0 Dell(config-line-console)#show config...
  • Page 86: Lock Configuration Mode

    Enter an IPv4 address in dotted decimal format (A.B.C.D). Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device Access Dell# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'.
  • Page 87: Recovering From A Forgotten Password

    EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Example of Locking CONFIGURATION Mode for Single-User Access Dell(conf)#configuration mode exclusive auto BATMAN(conf)#exit 3d23h35m: %SYSTEM-P:CP %SYS-5-CONFIG_I: Configured from console by console Dell#config ! Locks configuration mode exclusively.
  • Page 88: Ignoring The Startup Configuration And Booting From The Factory-Default Configuration

    Recovering from a Failed Start A switch that does not start correctly might be trying to boot from a corrupted Dell Networking OS image or from a mis-specified location. In this case, you can restart the system and interrupt the boot process to point the system to another boot location.
  • Page 89: Restoring Factory-Default Settings

    After the restore is complete, a switch reloads immediately. The following example shows how the restore factory-defaults command restores a switch to its factory default settings. Dell# restore factory-defaults chassis nvram *********************************************************************** Warning - Restoring factory defaults will delete the existing persistent settings (stacking, fanout, etc.)
  • Page 90: Restoring Factory-Default Boot Environment Variables

    Restoring Factory-Default Boot Environment Variables The Boot line determines the location of the image that is used to boot up the switch after restoring factory- default settings. Ideally, these locations contain valid images, which the switch uses to boot up. When you restore factory-default settings, you can either use a flash boot procedure or a network boot procedure to boot the switch.
  • Page 91: Using Hashes To Verify Software Images Before Installation

    The validation calculates a hash value of the downloaded image file on system’s flash drive, and, optionally, compares it to a Dell Networking published hash for that file. The MD5 or SHA256 hash provides a method of validating that you have downloaded the original software.
  • Page 92 Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file is displayed next to the software image file on the iSupport page. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy command.
  • Page 93: Verifying System Images On C9010 Components

    RPM1 line-card processor: linecard 11 • The rows linecard 0 through linecard 9 list the system images for each line card installed in chassis slots 0 to 9. Dell#show boot system all Current system image information in the system: =============================================== Type...
  • Page 94: Manually Resetting The System Image On A C9010 Component

    You are prompted to enter boot variables by specifying a path (for example, using FTP or TFTP) or system filename for the Dell Networking OS image that you want to load. Enter the component’s boot parameters displayed in the show bootvar output.
  • Page 95: Logging In To The Virtual Console Of A C9010 Component

    The following examples display boot variables and C9010 internal IP addresses for the RPM0 route processor, RPM0 line-card processor, and line card installed in slot 3. BOOT_USER# show bootvar RPM (RP0) ***** Welcome to Dell Networking OS Boot Interface ***** PRIMARY OPERATING SYSTEM BOOT PARAMETERS: Switch Management...
  • Page 96 : 127.10.10.10 username : f10agent password : imagereq BOOT_USER# show bootvar RPM (LP10) ***** Welcome to Dell Networking OS Boot Interface ***** PRIMARY OPERATING SYSTEM BOOT PARAMETERS: ======================================== boot device : ftp file name : force10/rd/tgtimg/runtime/LP.bin Management Etherenet IP address : 127.10.10.113...
  • Page 97 (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server.
  • Page 98 The following figures show how the EAP frames are encapsulated in Ethernet and RADIUS frames. Figure 2. EAP Frames Encapsulated in Ethernet and RADUIS Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant.
  • Page 99: 802.1X

    The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator. • The authentication-server selects the authentication method, verifies the information the supplicant provides, and grants it network access privileges.
  • Page 100 The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests that the supplicant prove that it is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded to the supplicant by the authenticator. The supplicant can negotiate the authentication method, but if it is acceptable, the supplicant provides the Requested Challenge information in an EAP response, which is translated and forwarded to the authentication server as another Access-Request frame.
  • Page 101: Eap Over Radius

    The Type value for EAP messages is 79. Figure 5. EAP Over RADIUS RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.
  • Page 102: Important Points To Remember

    • Configuring MAC addresses for a dot1x Profile • Configuring static MAB and MAB profile • Enabling Critical-VLAN • Configuring Request Identity Re-Transmissions • Forcibly Authorizing or Unauthorizing a Port • Configuring a Quiet Period after a Failed Authentication • Re-Authenticating a Port •...
  • Page 103: Enabling 802.1X

    Enabling 802.1X Enable 802.1X globally. Figure 6. 802.1X Enabled Enable 802.1X globally. CONFIGURATION mode dot1x authentication Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] Enable 802.1X on the supplicant interface only. 802.1X...
  • Page 104 Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. The bold text show that 802.1x has been enabled. By default, ports are not authorized. Dell#show running-config | find dot1x dot1x authentication [output omitted]...
  • Page 105: Configuring Dot1X Profile

    SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize Dell#show int peGigE 255/0/2 peGigE 255/0/2 is up, line protocol is down(802.1x authorization failed) Hardware is DellEth, address is 34:17:eb:00:aa:12 Current address is 34:17:eb:00:aa:12 Pluggable media not present Interface index is 804258823...
  • Page 106: Configuring Mac Addresses For A Do1X Profile

    Example of Configuring and Displaying a dot1x Profile Dell(conf)#dot1x profile test Dell(conf-dot1x-profile)# Dell#show dot1x profile 802.1x profile information ----------------------------- Dot1x Profile test Profile MACs 00:00:00:00:01:11 Configuring MAC addresses for a do1x Profile To configure a list of MAC addresses for a dot1x profile, use the mac command. You can configure 1 to 6 MAC addresses.
  • Page 107: Configuring Critical Vlan

    Example of Static MAB and MAB Profile for an Interface Dell(conf-if-Te-2/1)#dot1x static-mab profile sample Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 21 switchport dot1x static-mab profile sample no shutdown Dell(conf-if-Te 2/1))#show dot1x interface TenGigabitEthernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable Port Control: Auto...
  • Page 108: Configuring Request Identity Re-Transmissions

    Example of Configuring a Critical VLAN for an Interface Dell(conf-if-Te-2/1)#dot1x critical-vlan 300 Dell(conf-if-Te 2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x critical-vlan 300 no shutdown Dell#show dot1x interface tengigabitethernet 2/1 802.1x information on Te 2/1: ------------------------------------------------------ Dot1x Status: Enable Port Control: AUTO...
  • Page 109: Configuring A Quiet Period After A Failed Authentication

    90 seconds and a maximum of 10 times for an unresponsive supplicant • re-transmits an EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-0/0)#dot1x tx-period 90 Dell(conf-if-range-Te-0/0)#dot1x max-eap-req 10 Dell(conf-if-range-Te-0/0)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 2/1 802.1X...
  • Page 110: Forcibly Authorizing Or Unauthorizing A Port

    Example of Placing a Port in Force-Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force-authorized. The bold line shows the new port-control state. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: ----------------------------- Dot1x Status: Enable 802.1X...
  • Page 111: Re-Authenticating A Port

    The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-0/0)#dot1x reauthentication Dell(conf-if-Te-0/0)#dot1x reauthentication interval 7200 Dell(conf-if-Te-0/0)#dot1x reauth-max 10 Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: ----------------------------- Dot1x Status: Enable...
  • Page 112: Configuring Dynamic Vlan Assignment With Port Authentication

    The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard dot1x procedure: The host sends a dot1x packet to the Dell Networking system The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port...
  • Page 113: Guest And Authentication-Fail Vlans

    Dynamic VLAN Assignment with Port Authentication). Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either 802.1X...
  • Page 114: Configuring A Guest Vlan

    INTERFACE mode or using the show dot1x interface command from EXEC Privilege mode. Example of Viewing Configured Authentication The following examples shows you how to view the configured authentication using the show configuration command in Interface mode. Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 21 switchport dot1x guest-vlan 200...
  • Page 115: Configuring An Authentication-Fail Vlan

    INTERFACE mode. Configure the maximum number of authentication attempts by the authenticator using the keyword max-attempts with this command. Example of Configuring Maximum Authentication Attempts Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config interface TenGigabitEthernet 2/1 switchport...
  • Page 116: Configuring Timeouts

    0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 203 Multicasts, 0 Broadcasts, 10760802177 Unicasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 2285 packets, 146240 bytes, 0 underruns 2285 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 1983 Multicasts, 0 Broadcasts, 302 Unicasts 0 throttles, 0 discarded, 0 collisions, 0 wreddrops...
  • Page 117: Multi-Host Authentication

    The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: ----------------------------- Dot1x Status:...
  • Page 118 frames. When a port is authorized, the authenticated supplicant MAC address is associated with the port, and traffic from any other source MACs is dropped. Figure 8. Single-Host Authentication Mode 802.1X...
  • Page 119 When multiple end users are connected to a single authenticator port, single-host mode authentication does not authenticate all end users, and all but one are denied access to the network. For these cases, the Dell Networking OS supports multi-host mode authentication.
  • Page 120: Authentication

    Interface mode. To return to the default single-host authentication mode, enter the no dot1x host-mode command. To verify the currently configured authentication mode, enter the show dot1x interface command. Dell(conf-if-te-2/1)# dot1x host-mode multi-host Dell(conf-if-te-2/1)# do show dot1x interface tengigabitethernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status:...
  • Page 121: Multi-Supplicant Authentication

    Interface mode. To return to the default single-host authentication mode, enter the no dot1x host- mode command. To verify the currently configured authentication mode, enter the show dot1x interface command. Dell(conf-if-te-1/3)# dot1x host-mode multi-auth Dell(conf-if-te-1/3)# do show dot1x interface tengigabitethernet 0103 802.1x information on Te 0/0: ----------------------------- Dot1x Status: Enable 802.1X...
  • Page 122: Mac Authentication Bypass

    Interface mode. By default, the maximum number of multi-supplicant devices is 128. Dell(conf-if-te-2/1)# dot1x max-supplicants 4 MAC Authentication Bypass MAC authentication bypass (MAB) enables you to provide MAC-based security by allowing only known MAC addresses within the network using a RADIUS server.
  • Page 123: Mab In Single-Host And Multi-Host Mode

    their MAC address, and places them into a VLAN different from the VLAN in which unknown devices are placed. For an 802.1X-incapable device, 802.1X times out if the device does not respond to the Request Identity frame. If MAB is enabled, the port is then put into learning state and waits indefinitely until the device sends a packet.
  • Page 124: Configuring Mac Authentication Bypass

    Verify the MAB and 802.1X configuration using the show dot1x interface command from EXEC Privilege mode. The bold text shows that MAB is enabled on the interface. Dell#show dot1x interface Te 0/0 802.1X information on Te 0/0: ---------------------------- Dot1x Status:...
  • Page 125: Dynamic Cos With 802.1X

    Quality of Service (QoS) traffic management to control the level of service for a class in terms of bandwidth and delivery time. For incoming traffic, the Dell Networking OS allows you to set a static priority value on a per-port basis or dynamically set a priority on a per-port basis by leveraging 802.1X.
  • Page 126 If multi-supplicant authentication mode is enabled on a port, you can configure a CoS mapping table for specified MAC addresses in the RADIUS server. Dell Networking OS then maintains a per-MAC CoS table for each port, and marks the priority of all traffic originating from a configured MAC address with the corresponding table value.
  • Page 127: Access Control Lists (Acls)

    Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. • Access control lists (ACLs), Ingress IP and MAC ACLs , and Egress IP and MAC ACLs are supported on the system. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses.
  • Page 128: Ip Access Control Lists (Acls)

    Destination UDP port number For more information about ACL options, refer to the Dell Networking OS Command Reference Guide. For extended ACL, TCP, and UDP filters, you can match criteria on specific or ranges of TCP or UDP ports. For extended ACL TCP filters, you can also match criteria on established TCP sessions.
  • Page 129 Test CAM Usage The test cam-usage command is supported on the C9000 series. This command applies to both IPv4 and IPv6 CAM profiles, but is best used when verifying QoS optimization for IPv6 ACLs.
  • Page 130: User-Configurable Cam Allocation

    User-Configurable CAM Allocation User-configurable content-addressable memory (CAM) allows you to specify the amount of memory space that you want to allocate for ACLs. To allocate ACL CAM, use the cam-acl command in CONFIGURATION mode. For information about how to allocate CAM for ACL VLANs, see Allocating ACL VLAN CAM.
  • Page 131 1 block = 256 entries L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos IpMacAcl Dell(conf)#cam-acl-pe ? default Reset PE CAM ACL entries to default setting l2acl Set L2-ACL entries Dell(conf)#cam-acl-pe l2acl 3 ipv4acl 2 ipv6acl 2 ipv4qos 2 l2qos 1 ipmacacl 2 Access Control Lists (ACLs)
  • Page 132: Allocating Cam For Egress Acls On The Port Extender

    Examples of Allocating CAM for Egress ACLs on the Port Extender The following example displays the current CAM ACL settings for each egress region and configures the egress CAM settings. Dell# show cam-acl-egress-pe -- Port extender Egress Cam ACL -- Access Control Lists (ACLs)
  • Page 133: Implementing Acls

    L2Acl Ipv4Acl Ipv6Acl Dell(conf)#cam-acl-egress-pe l2acl 2 ipv4acl 2 ipv6acl 0 The following example displays the running configuration for the configured CAM ACLs. Dell(conf)#do show running-config | grep cam-acl cam-acl l2acl 3 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman-qos 0...
  • Page 134: Ip Fragment Handling

    By default, all ACL rules have an order of 254. Example of the Keyword to Determine ACL Sequence order Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit Dell(conf)#ip access-list standard acl2 Dell(config-std-nacl)#permit 20.1.1.0/24 order 0...
  • Page 135: Ip Fragments Acl Examples